Skip to content

CTK: §9 authorization-token vectors; mark §9 reference-backed (0.3.3)#11

Merged
koishore merged 1 commit into
mainfrom
ctk/token-0.3.3
Jun 10, 2026
Merged

CTK: §9 authorization-token vectors; mark §9 reference-backed (0.3.3)#11
koishore merged 1 commit into
mainfrom
ctk/token-0.3.3

Conversation

@koishore

Copy link
Copy Markdown
Member

The reference now implements the §9 authorization-token profile (delego#17, 0.3.3). Per the spec-leads-reference model, §9 becomes reference-backed once the reference reproduces its CTK vectors — which it now does.

Changes

  • ctk/vectors/token.json + ctk/vectors/token_signing_key.pub — verifier (PEP) vectors for §9.1: a valid token, plus alg=none (algorithm confusion), tampered signature, wrong aud, and expired — each marked accept/reject. Wired into conformance.py (skipped on a reference < 0.3.3).
  • spec.md §9 status tag flipped from draft — not yet in referencereference-backed (optional profile), since delego 0.3.3. No normative design text changed — this is the sanctioned §2.1 transition (a clause becomes reference-backed once its CTK vectors reproduce), not an edit to the frozen design.
  • ctk/README.md + CHANGELOG.md updated.

Protocol version unchanged (still 0.3): the token is additive and changes no hashed/signed bytes.

Verification

validate.py and conformance.py both green locally against delego 0.3.3 — including the 5 new token cases. The conformance CI here installs delego@main (now 0.3.3), so it will replay them.

Note for the owner: this touches the frozen spec.md, but only the §9 status tag, not any normative MUST/SHOULD. Flagging explicitly for your call at merge.

…d (0.3.3)

The reference implements the §9 token profile from delego 0.3.3. Adds
ctk/vectors/token.json (+ token_signing_key.pub) — verifier vectors for §9.1:
valid token + alg=none (algorithm confusion), tampered signature, wrong
audience, expired — wired into conformance.py (skipped on reference < 0.3.3).
Flips §9's status tag from 'draft — not yet in reference' to reference-backed;
no normative design text changed. Protocol version unchanged (token is
additive).
@koishore koishore merged commit 82a9090 into main Jun 10, 2026
2 checks passed
@koishore koishore deleted the ctk/token-0.3.3 branch June 10, 2026 21:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant