docs(security): formalize required_for + fallback-authenticator composition#2591
Conversation
…sition `required_for` governs the signature requirement relative to a caller's credential path, not absolutely. Adds explicit rules for: - Unauthenticated callers on required_for ops: reject (unchanged). - Unsigned but bearer/API-key/mTLS-authenticated callers: accept. The fallback is what the verifier advertised as sufficient. - Malformed signatures: still block fallback (downgrade defense, unchanged). - Sellers wanting unconditional signing MUST disable fallback authenticators for the operation — required_for does not override a verifier's own authenticator config. Updates the verifier-checklist preamble, adds a "Composition with fallback authenticators" subsection, and cross-references from the required_for capability definition. No wire/schema changes. Closes #2586.
Schema Link Check ResultsCommit:
|
- Restructure verifier-checklist preamble bullet with explicit THEN +
Oxford comma in credential list (resolves parsing ambiguity on the
three-part conjunction).
- Lift the "unauthenticated" definition into a lead-in paragraph before
the normative bullets so the term scope is unambiguous.
- Add a worked per-caller-flag example ("signing_onboarded" flag on
agents[] entries) so sellers know how to implement strict enforcement
per-tenant without global required_for.
- Rephrase "forces signing" → "rejects bearer-only requests from" to
match what the verifier actually does.
- Rephrase "unsigned unauthenticated callers" (read as typo) to
"callers presenting no credential at all."
- Add one sentence clarifying warn_for semantics unchanged — preempts
the "does warn_for now mean required_for?" question.
No normative change; review feedback on PR #2591.
|
Reviewed against upstream issue #2586 and against adcp-client PR #669's One phrasing nit worth a follow-up commit: Promote the "signing-unconditional" callout. The paragraph currently covers three composition modes in flowing prose. The operative rule for sellers who want enforcement — "configure the fallback authenticator to reject all other credentials" — is the one most likely to be skimmed past on a first read, and it's the rule whose violation turns the whole Not blocking — the information is all present and accurate. Just reorder for skimmability. Migration note for our training agentOur |
Reviewer nit: the operative rule for sellers who want enforcement was buried in flowing prose. Promoted to a Warning admonition with three explicit postures (strict / prefer-signing / advisory) so implementers can't skim past it. No normative change.
Summary
Formalizes how
required_for(9421 signing requirement) composes with bearer/API-key/mTLS fallback authenticators. Clarifies the normative rule that the training-agent migration (#2582) hit head-on:required_forop → reject (unchanged).required_fordoesn't retroactively invalidate the verifier's own authenticator config.required_foris one lever in the auth chain, not an override.What changed
docs/building/implementation/security.mdx:required_forcapability definition: cross-reference and inline clarification.No wire / schema changes. Pure spec clarification.
Test plan
npm run test:unitpassesnpm run typecheckpasses#composition-with-fallback-authenticatorsworks from the two cross-reference sitesCloses #2586.
🤖 Generated with Claude Code