Cryptographically verifiable identity for every human, agent, and MCP principal in the DEFONEOS estate. Ed25519-signed attestations. BFT witness quorum. Zero external identity provider. Zero US CLOUD Act exposure.
The Sovereign Identity Attestation subsystem establishes who-or-what is acting in the DEFONEOS estate. Every action โ a tool invocation, a BFT vote, a SIGIL emission, a secret access โ carries a signed attestation from a cryptographically identified principal.
There are three principal types:
Every principal holds an Ed25519 keypair. The public key is the principal's identity. The private key never leaves the principal's hardware boundary.
| Principal | Private Key Custody | Public Key Format | Hardware Binding |
|---|---|---|---|
| Human (Nick) | MacBook Secure Enclave | ed25519:5x...k2 | Biometric (Touch ID) |
| Agent (SOV3) | Process memory + MLX runtime | ed25519:9a...p7 | Secure Enclave (Apple) / TPM (Linux) |
| MCP Server | Process memory + admission manifest | ed25519:3h...m4 | TPM where available, sealed keyfile otherwise |
An identity record is a JSON object containing the public key, principal type, ring assignment, registration timestamp, and the BFT witness quorum signature.
Every attestation moves through 5 states. No attestation can act before reaching ACTIVE.
| State | Meaning | Can Act? | Witness Required |
|---|---|---|---|
| PROVISIONED | Key generated, not yet attested | โ | โ |
| PENDING_WITNESS | Awaiting 3 BFT witness signatures | โ | 3/3 standard, 5/5 high-trust |
| ACTIVE | Fully attested, can act in estate | โ | 3/3 witnessed |
| SUSPENDED | Temporarily blocked (e.g., red-line violation) | โ | 3/3 to reinstate |
| REVOKED | Permanently disabled, key on deny-list | โ | 5/5 to re-register |
Every new attestation requires a witness quorum from the 33-agent BFT defense council. The witness count varies by principal sensitivity:
| Principal | Witness Count | Quorum | Use Case |
|---|---|---|---|
| Human owner | 3 of 33 agents | Simple majority (2/3 of witnesses) | Single owner seat, high trust |
| Agent (SOV3 runtime) | 3 of 33 agents | 2/3 of witnesses | Substrate nodes |
| MCP server (Ring0) | 5 of 33 agents | 3/5 of witnesses | Sovereign-critical MCPs |
| MCP server (Ring1) | 3 of 33 agents | 2/3 of witnesses | Defence MCPs |
| MCP server (Ring2) | 3 of 33 agents | 2/3 of witnesses | Civil MCPs |
An attestation is a signed JSON document binding a principal to a specific action and time window.
Every attestation has a 5-minute validity window by default. Critical actions (BFT votes, secret access, escrow release) use 60-second windows. Routine tool invocations use 5-minute windows. Attestations cannot be replayed outside their validity window.
| Endpoint | Method | Purpose | Auth |
|---|---|---|---|
/attest/verify | POST | Verify a single attestation | Ring0 only |
/attest/verify-batch | POST | Verify up to 1000 attestations | Ring0 only |
/attest/revoke | POST | Revoke an attestation (emergency) | Ring0 + 5/5 witness |
/attest/identity/{pubkey} | GET | Fetch identity record | Ring0/1/2 (varies by ring) |
/attest/list | GET | List attestations in time window | Ring0 only |
An attestation is implicitly revoked when its expires_at passes. Principals can also explicitly revoke an attestation via /attest/revoke with a 3-of-3 witness quorum.
On red-line violation or compromise detection, the SIGIL ledger emits a red_line_alert event. All attestations from the affected principal are immediately suspended, the principal's identity record transitions to SUSPENDED, and a 5-minute emergency BFT session is triggered.
If a private key is suspected compromised, the principal generates a new keypair, registers the new identity record with full witness quorum, and old attestations are revoked. Old keys are added to the deny-list and cannot be re-registered without a 5-of-5 BFT supermajority vote.
| Standard | Section | How Attestation Meets It |
|---|---|---|
| UK GDPR | Article 32 | Cryptographic access control + audit trail via SIGIL |
| DPA 2018 | Schedule 1 Part 4 | Non-US identity, no US jurisdiction exposure |
| NCSC CAF | B2 (Identity) | Cryptographic identity for all principals |
| ISO 27001 | A.9 (Access Control) | Signed attestations, ring-based access, time-bound |
| JSP 440 | Chapter 7 | UK-only identity custody, BFT witness quorum |
| EU AI Act | Article 15 (Accuracy) | Verifiable identity prevents impersonation |
| NIST SP 800-63B | IAL3 / AAL3 | Hardware-bound cryptographic authenticator |
| Zero US CLOUD Act | โ | No US-hosted IdP, all keys UK-resident |
| Metric | Value |
|---|---|
| Identities registered | 37 (1 human + 6 agents + 30 MCPs) |
| Active attestations (24h) | 8,427 |
| Witness quorum success rate | 100% (0 failed) |
| Verification latency (p99) | 12ms |
| SIGIL receipts (attestation events) | 3,891 |
| External IdP calls | 0 |
| Revocations (last 30d) | 2 (both standard, 0 emergency) |
| Red-line violations blocked | 1 (correctly suspended) |