6 Trust Architecture
This chapter covers trust architecture aspects of AMATELUS.
6.1 Responsibility Boundaries
|
Component |
AMATELUS |
Service Provider |
|
Public Key Infrastructure |
Yes |
– |
|
DID generation |
Yes |
– |
|
VC issuance/validation (1-layer) |
Yes |
Policy |
|
ZKP generation/verification |
Yes |
– |
|
Endpoint management |
– |
Yes |
|
Message delivery |
– |
Yes |
|
Authorization decisions |
– |
Yes |
|
Communication security (TLS) |
– |
Yes |
6.2 Trust Origin
Cryptographic trust: Originating from AMATELUS protocol
Operational trust: Originating from service provider (centralized)
Authorization trust: Originating from service provider (centralized)
The separation prevents AMATELUS from assuming responsibilities it cannot scale to manage globally.
6.3 One-Layer Trust Limitation
AMATELUS validates only 1-layer VC chains:
0-layer: Direct issuance from trusted anchor
1-layer: Delegated issuance (trustee validated against anchor)
2+ layers: Explicitly not validated by AMATELUS protocol
This prevents:
Delegation chain attacks
Circular credential verification
Unbounded revocation propagation