Identity & Auth

DSUM 4.0 · Module 04 · T5-RIGID Governance

Surface Management & Identity Framework

Surface Classes

Authority: AC-1 (S. Jason Prohaska)

Classification: T5-RIGID | ENTERPRISE-FINAL

Mode: FAIL-CLOSED · NO PLACEHOLDERS · EVIDENCE REQUIRED

Version: 3.0

Canonical Timestamp: 2026-02-05T18:10:00+01:00

Purpose

This module defines the canonical classification system for all ETHRAEON surfaces (web endpoints, APIs, dashboards, and portals). Every surface must be assigned exactly one class.

Canonical Surface Classes

The following six classes are the only permitted classifications:

2.1 PRIMARY

AttributeValue
Code`PRIMARY`
DescriptionCore production surfaces serving external stakeholders
AudiencePublic, investors, enterprise clients
Availability99.95% SLA
MonitoringRequired (real-time)
Examplesethraeon.ai, socp.ethraeon.ai, demo.ethraeon.ai

2.2 OPERATOR

AttributeValue
Code`OPERATOR`
DescriptionInternal operational consoles for system management
AudienceETHRAEON operators, administrators
Availability99.9% SLA
MonitoringRequired (real-time)
Examplescontrol.ethraeon.ai, admin.ethraeon.ai, ops.ethraeon.ai

2.3 STAKEHOLDER

AttributeValue
Code`STAKEHOLDER`
DescriptionSurfaces for specific stakeholder groups
AudienceInvestors, partners, advisors
Availability99.5% SLA
MonitoringRequired (scheduled)
Examplesinvestor.ethraeon.ai, partner.ethraeon.ai

2.4 REFERENCE

AttributeValue
Code`REFERENCE`
DescriptionDocumentation and reference materials
AudienceDevelopers, integrators, researchers
Availability99% SLA
MonitoringRequired (scheduled)
Examplesdocs.ethraeon.ai, api.ethraeon.ai, wiki.ethraeon.ai

2.5 SANDBOX

AttributeValue
Code`SANDBOX`
DescriptionDevelopment and testing environments
AudienceInternal developers, QA
AvailabilityBest effort
MonitoringOptional
Examplesdev.ethraeon.ai, staging.ethraeon.ai, test.ethraeon.ai

2.6 RETIRED

AttributeValue
Code`RETIRED`
DescriptionDecommissioned surfaces (archived, not serving)
AudienceNone (historical record only)
AvailabilityN/A
MonitoringDisabled
Exampleslegacy.ethraeon.ai, old.ethraeon.ai

Class Assignment Rules

3.1 Mandatory Classification

  • Every surface MUST be assigned exactly one class
  • Unclassified surfaces are INVALID
  • Class assignment requires AC-1 authorization

3.2 Classification Criteria

CriterionPRIMARYOPERATORSTAKEHOLDERREFERENCESANDBOXRETIRED
External AccessYesNoLimitedYesNoNo
Revenue ImpactHighMediumMediumLowNoneNone
Data SensitivityHighCriticalHighLowVariableArchived
Change FrequencyLowMediumLowMediumHighNone

3.3 Prohibited Actions

  • Assigning multiple classes to one surface
  • Creating new class types without canon amendment
  • Operating unclassified surfaces
  • Changing class without evidence trail

Class Transition Protocol

4.1 Valid Transitions

FromToRequirements
SANDBOXPRIMARYFull validation, monitoring enabled
SANDBOXREFERENCEDocumentation review
SANDBOXSTAKEHOLDERAccess control verified
PRIMARYRETIREDDeprecation notice, redirect configured
STAKEHOLDERRETIREDStakeholder notification
REFERENCERETIREDContent archived
AnyOPERATORAC-1 authorization

4.2 Transition Process

1. REQUEST - Document transition rationale

2. AUTHORIZE - Obtain AC-1 approval

3. VALIDATE - Verify target class requirements

4. EXECUTE - Update classification

5. VERIFY - Confirm monitoring state

6. LOG - Record transition in audit trail

Class-Specific Requirements

5.1 PRIMARY Class Requirements

  • [ ] Real-time monitoring enabled
  • [ ] Immutability configured (hash-sealed)
  • [ ] CDN/edge caching configured
  • [ ] SSL/TLS certificate valid
  • [ ] Load balancing configured
  • [ ] Backup strategy documented

5.2 OPERATOR Class Requirements

  • [ ] Authentication required
  • [ ] Authorization matrix defined
  • [ ] Audit logging enabled
  • [ ] VPN/IP restriction configured
  • [ ] Session management active

5.3 STAKEHOLDER Class Requirements

  • [ ] Access control list defined
  • [ ] Authentication required
  • [ ] Content freshness monitored
  • [ ] Communication protocol documented

5.4 REFERENCE Class Requirements

  • [ ] Version control active
  • [ ] Search indexing enabled
  • [ ] Update notification system
  • [ ] API documentation current

5.5 SANDBOX Class Requirements

  • [ ] Isolated from production data
  • [ ] No production credentials
  • [ ] Clearly labeled as non-production
  • [ ] Auto-cleanup policy defined

5.6 RETIRED Class Requirements

  • [ ] Redirect to active surface (if applicable)
  • [ ] Content archived
  • [ ] DNS record retained (tombstone)
  • [ ] Historical record preserved

Validation Schema

6.1 Surface Entry Schema

Source: ETHRAEON ΔSUM 4.0 — Full Compilation (2026-02-22)
Classification: T5-RIGID | ENTERPRISE-FINAL
Authority: AC-1 (S. Jason Prohaska)
← Back to Canon Index