Repository Identity Text

Tags: repo, auth, client

© R.A.Sol

Repository clients use identity text to select request authentication in CLI flags, SDKs, and local route-auth records.

This grammar is repository-service-specific. It is not generic HPPR packet syntax.

Forms

• anyone
• ring1:<name>|<password>
• ring1:<name>|&.<b64a>.H3
• ring2:<group>|&.<b64a>.H3
• ring2:<group>/<user>|<password>
• ring2:/<user>|<password>

Rules:

• split on the first |
• anyone selects the Ring1 anyone identity
• ring1:<name>|<password> derives Ring1 signing material from a password using repository HELLO PHC
• ring1:<name>|&.<b64a>.H3 uses explicit Ring1 signing secret material
• ring2:<group>|&.<b64a>.H3 uses explicit Ring2 signing secret material
• ring2:<group>/<user>|<password> derives a Ring2 member verifier and signing secret locally
• ring2:/<user>|<password> is contextual input only; it resolves the group from request context

Local route-auth records SHOULD store non-contextual explicit identities. Local route-auth records SHOULD store operational signing-secret form rather than raw password form.

Ring1 password derivation is defined in 051. Ring2 adhoc member verifier derivation is defined in 052.