HomeGiveaway10% ReferralBuy EDM

Attestor on/of

What this page is about

Attestors are the people and systems whose signatures let a PoV checklist pass. Governance controls who gets in, when they rotate, and how they are suspended or removed—without ever weakening the settlement law (No EMT, no funds · One-Claim · must-fund before shipping · 50% burn). This section explains the rules and the buttons we expose to make it safe and predictable.

Onboarding

  • KYB & suitability: legal entity, UBOs, insurance, scope (e.g., PSI for gloves, temperature OEM for cold-chain).

  • Role & schema fit: exactly which roles (INSPECTOR, TERMINAL/CARRIER, DC/3PL, REGISTRY, SENSOR_OEM) and schemas they’ll sign.

  • Keys & custody: production key material in HSM/MPC; public keys registered; rotation cadence agreed.

  • SLA acceptance: latency/accuracy windows, rotation, penalty bands (and bond if role requires it).

  • Governance sets: activation window and go-live date, SLA targets and reward weights (from the treasury half of fees), bond size (for bonded roles), and revocation authority.

  • On chain: attestor added to the Attestor Registry with ACTIVE keys, role list, schema allowlist, SLA profile, and (if bonded) bond escrow.

Outcome: their signatures start counting at the PoV Gate; Explorer shows them as ACTIVE with SLA metrics.

Rotation & key hygiene

  • Planned rotation: new key is added as PENDING, then promoted to ACTIVE after a timelock; old key moves to RETIRED (still valid for past attestations).

  • Emergency rotation: if compromise is suspected, governance (or the Security Council) marks the old key REVOKED immediately and promotes the standby; Explorer shows the incident banner.

PoV counts only ACTIVE keys for new passes; RETIRED/REVOKED do not count. Historical passes remain valid; only downstream slices can be frozen if later evidence is revoked (see Revocation).

Suspension & offboarding

  • When we suspend: SLA failures above threshold (e.g., persistent latency/accuracy misses), policy violations (e.g., unapproved subcontracting), risk events (e.g., data breach, key compromise).

  • What happens: role status flips to SUSPENDED (or BANNED if severe); keys are REVOKED. New attestations are ignored at the Gate. Existing passes stay valid; if the attestor revokes a counted attestation, PoV freezes only the dependent downstream slices while a corrective pass or replacement is minted. Treasury rewards drop to zero during suspension; bonds (if any) are slashed per policy for fraud.

  • Offboarding: same as suspension, then REMOVED after a cooldown when all open cases are closed; Explorer keeps their history.

Continuity

  • Quorum fallbacks: schemas can define alternate role mixes (e.g., if TERMINAL is down, CARRIER + PORT_COMMUNITY_SYSTEM is acceptable) for a short, governed window.

  • Auto-reroute: ops can re-request attestation from a backup provider via the Registry; the UI shows available alternates.

  • Re-inspection fast lane: for common lanes, governance can pre-approve next-best neutrals (e.g., SGS ↔ Intertek) to cut delay.

Rewards & penalties

  • Rewards: attestors are paid from the treasury half of protocol fees; burns never fund rewards. SLA-weighted rewards: latency, accuracy, uptime.

  • Penalties: SLA misses reduce rewards; repeat → suspension; fraud (forged docs, mismatched hashes, reused seals) → ban + bond slashing.

  • Transparency: Explorer leaderboard shows SLA scores and reward history per role.

Appeals & due process

  • Notice: suspension banner with reason code; Dispute Pack includes evidence.

  • Appeal: time-boxed window (e.g., 7 days) with neutral review (SGS neutral panel/ICC expedited).

  • Outcome: confirm (stay off), reinstate (flip back to ACTIVE), or probation (ACTIVE + tighter SLA + watch list). All changes are public.

What governance can do

  • Add/suspend/ban attestors, rotate keys, set SLA targets & reward weights, set bond sizes, publish fallback quorum templates, and approve alternates.

  • Trigger emergency key revocations and module-scoped pauses (≤72h) with public post-mortems.

  • Cannot bypass PoV/One-Claim or release money without an EMT PASS, skip must-fund before shipping or discount the 50% burn, or rewrite history—everything remains append-only.

API & webhooks

  • POST /v1/attestors (gov): onboard; roles, schemas, keys, SLAs.

  • POST /v1/attestors/{id}/rotate|suspend|ban (gov/sec): status changes.

  • GET /v1/attestors/{id}: roles, keys, SLA metrics, status.

Webhooks:

  • pov.attestor.added · pov.attestor.key_rotated · pov.attestor.suspended · pov.attestor.banned

  • pov.attestation.revoked (flows into Revocation)

Explorer shows a full timeline of status events and the impact scope (which lanes/schemas).

Operator checklist

  • Use only ACTIVE attestors listed in the Registry; check their SLA badge.

  • If a banner shows SUSPENDED/BANNED, expect the Gate to ignore their signatures; pick an approved alternate or schedule re-inspection.

  • When a revocation hits, treat it as a checklist: fix, replace, or variance. Paid slices remain paid; only future ones pause.

  • File the status page with your auditors—governance events are part of the proof trail.

Drawing

Plain recap

Attestor on/off is how we switch verification power on for qualified roles and off when trust breaks—without derailing honest programs. Onboard with keys, roles, and SLAs; rotate safely; suspend quickly with narrow freezes; and pay (or penalize) based on measured performance. The foundations dont move: PoV PASS  EMT  LockedUnlocked EDSD fee 50% burn—or we wait.

PreviousBridgesNextPolicy upgrades

Last updated