d-bis/as4-411
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c24ae925cfdd4a8ad3b91afb690e216026cf73df
as4-411/docs/security/data-classification.md
defiQUG c24ae925cf
Some checks failed
CI / lint (push) Has been cancelled
Details
CI / build (push) Has been cancelled
Details
Initial commit: AS4/411 directory and discovery service for Sankofa Marketplace 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-08 08:44:20 -08:00

2.7 KiB
Raw Blame History

Sensitive Data Classification

Data in the as4-411 directory is classified into tiers. Storage, access control, and encryption must follow these tiers. See ADR-004.

Tiers

Tier Name Examples Storage / access
0 Public BIC, LEI, public BIN range metadata No encryption required; may be shared across tenants where applicable
1 Internal PartyId, endpoint URL, participant name Access-controlled; tenant-scoped; encrypt in transit
2 Confidential MID, TID, contract routing, DTC participant/account IDs Field-level encryption at rest; strict RBAC/ABAC; per-tenant keys preferred
3 Regulated/secrets Tokens, key refs, PII-like attributes Strongest controls; vault refs only; immutable audit; never log in plaintext

Mapping: tables and fields

  • identifiers: value is Tier 0 when type is BIC/LEI/public; Tier 2 when type is mid, tid, dtc.participantId, dtc.accountId, or other contract-scoped IDs. identifier_type and scope are Tier 1.
  • endpoints: address and profile are Tier 1 (internal). If they encode tenant-specific routes, treat as Tier 2 in policy.
  • credentials: Only references (vault_ref, fingerprint)—Tier 3 for the ref; no private material in DB.
  • routing_artifacts: Payload content may include Tier 2 (e.g. BIN table overrides with tenant/MID). Encrypt payload or use per-tenant encryption for Tier 2 content.
  • participants / tenants: Names and IDs are Tier 1; tenant-private participant data is Tier 1 or Tier 2 depending on protocol (see protocol docs).
  • policies / audit_log: Tier 1; audit_log must be immutable and optionally hash-chained.

Enforcement

  • Field-level encryption: Tier 2+ fields must be encrypted at rest (application-level or TDE with per-tenant keys where required). Tier 3: store only references; material in vault/KMS.
  • RBAC/ABAC: Strict role- and attribute-based access; resolution and admin APIs enforce tenant scope and policy. See tenant-model and ADR-003.
  • Audit: All access to Tier 2+ and all mutations must be logged in audit_log; logs must not contain Tier 3 material in plaintext.
  • Allowed storage and access: Document per table in operations runbooks; new fields must be assigned a tier before merge.

Trust model for resolve consumers

Who may call resolve, what they can see, and how to prevent endpoint enumeration are described in trust-model.md.

Reference in New Issue View Git Blame Copy Permalink