From d2548c3c41f57eafcd70e52bff7b43be251ff211 Mon Sep 17 00:00:00 2001 From: Agent IX Date: Tue, 23 Jun 2026 08:57:50 -0700 Subject: [PATCH] feat(lexicon): security/identity concrete-term lexicon (FR-043) 15 auth/identity terms (token, secret, scope, claim, credential, certificate, principal, ...) for the EARS object-aware vague-response check (ADR 0009). Co-Authored-By: Claude Opus 4.8 --- spec_objects_security/manifest.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/spec_objects_security/manifest.yaml b/spec_objects_security/manifest.yaml index bea5444..48e6cfc 100644 --- a/spec_objects_security/manifest.yaml +++ b/spec_objects_security/manifest.yaml @@ -444,3 +444,21 @@ object_types: from: section_body after_heading: Recommendation required: true + +# FR-043: concrete-term lexicon — security / identity / auth objects. +lexicon: + token: {definition: a bearer credential representing identity or grant} + secret: {definition: a confidential value (key, password) kept out of code} + scope: {definition: a named permission boundary on a grant} + claim: {definition: an assertion carried in a token} + permission: {definition: an allowed action on a resource} + credential: {definition: data proving an identity} + certificate: {definition: a signed binding of identity to a public key} + signature: {definition: a cryptographic proof of integrity/origin} + principal: {definition: an authenticated identity (user/service)} + keypair: {definition: a public/private cryptographic key pair} + nonce: {definition: a single-use value preventing replay} + hash: {definition: a fixed-size digest of input} + cipher: {definition: an encryption/decryption algorithm} + audit: {definition: a recorded, tamper-evident event trail} + policy: {definition: a declarative rule governing access or behavior}