Skip to content

Add FIDES as a data-labelling scheme under schemes/#4

Open
SamMorrowDrums wants to merge 3 commits into
sammorrowdrums/extensions-scaffold-trust-ifc-actionfrom
sammorrowdrums/ifc-fides-scheme
Open

Add FIDES as a data-labelling scheme under schemes/#4
SamMorrowDrums wants to merge 3 commits into
sammorrowdrums/extensions-scaffold-trust-ifc-actionfrom
sammorrowdrums/ifc-fides-scheme

Conversation

@SamMorrowDrums

@SamMorrowDrums SamMorrowDrums commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

FIDES as a data-labelling scheme (not an extension)

This is the third PR in the SEP-1913 split. It adds FIDES as one
data-labelling scheme under a new schemes/ folder, rather than as an
extension or a sibling of the two extensions.

  • schemes/ifc-fides.md — the FIDES information-flow-control label
    (integrity × confidentiality), selected by evidenceRef.type == "ifc.fides.v1" on a trust-annotations annotation. A client that does not
    implement IFC ignores it safely.
  • schemes/README.md — the index for the folder: what a scheme is, FIDES as the
    worked example, and the range of candidate schemes raised in SEP-1913 review
    (data classification, design-pattern controls, ShardGuard, capability tokens,
    cosigning, sequence-shape, attestation), plus the bar a scheme doc must meet.

Why a scheme, not an extension

Information-flow control is one enforcement model among several. Making it an
extension (io.modelcontextprotocol/ifc) would put the FIDES lattice at the
namespace root and foreclose the other models. As a type value behind the open
evidenceRef slot, FIDES is first-class while the slot stays free for the rest.
The schemes/ folder exists to hold those interchangeable approaches.

Stack

Stacked on sammorrowdrums/extensions-scaffold-trust-ifc-action (the base / PR
that adds the scaffolding + trust-annotations). FIDES fills that extension's
evidenceRef slot, so it depends on the base. Merge order: base → this.
Retarget to main once the base merges.

Review continuity

The normative body here is the same text reviewed by @JoannaaKL and @Rul1an on
the original combined PR (their threads are now marked outdated there because the
file moved out of specification/draft/). Their changes are preserved verbatim:
public/private-only confidentiality, the wire-hint vs host-resolved split,
the integrity-total / confidentiality-partial asymmetry, fail-closed on
unresolvable reader sets, and the no-durable-grant rule.

Note: commits in this stack are currently unsigned due to a local signing
agent issue; they can be re-signed on request before merge.

This was referenced Jun 15, 2026
Open
Open
SamMorrowDrums added a commit that referenced this pull request Jun 15, 2026
@SamMorrowDrums
Sync intent-comment record with the live SEP-1913 comment
947c547 
The posted SEP-1913 umbrella comment was updated to match the shipped
structure: two extensions plus a schemes/ folder, with FIDES as one
data-labelling scheme (ifc.fides.v1) rather than an extension/profile.
Bring docs/intent-comment.md back in sync as the source of record and
add the three stacked PR links (#2 base, #3 action-metadata, #4 FIDES
scheme).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Rul1an

Rul1an commented Jun 16, 2026

Copy link
Copy Markdown

The scheme-versus-extension split lands it right: keeping the models behind evidenceRef.type rather than at the namespace root is what preserves the open-type intent, and schemes/ gives the interchangeable approaches a home without any one claiming the wire.

Bar point 4 (a candidate emitter and consumer, validated not asserted) is the load-bearing one, and #5 already supplies it for two of the candidate rows: data-class.v1 covers the public-repo-with-private-subresource classification, and sequence covers re-derivation from the record bytes, both reproducible from examples.json alone under cbor/rfc8949 and jcs/rfc8785. Happy to align their type strings and move them next to schemes/ once the registry settles.

One distinction worth pinning early: #5's policy-decision (a decision record) is close to but not the same as the "tool-call attestation (in-toto / OVERT)" candidate from SEP-2787 (a signed statement about a call). Probably worth deciding whether those are one scheme or two before the type values settle.

SamMorrowDrums added a commit that referenced this pull request Jun 16, 2026
@SamMorrowDrums
Sync intent-comment record with the live SEP-1913 comment
67f84f7 
The posted SEP-1913 umbrella comment was updated to match the shipped
structure: two extensions plus a schemes/ folder, with FIDES as one
data-labelling scheme (ifc.fides.v1) rather than an extension/profile.
Bring docs/intent-comment.md back in sync as the source of record and
add the three stacked PR links (#2 base, #3 action-metadata, #4 FIDES
scheme).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@SamMorrowDrums SamMorrowDrums force-pushed the sammorrowdrums/extensions-scaffold-trust-ifc-action branch from aee8f53 to d0733ef Compare June 16, 2026 08:29
SamMorrowDrums and others added 3 commits June 16, 2026 10:29
@SamMorrowDrums
Add FIDES as a data-labelling scheme under schemes/
41211a8 
Move the FIDES information-flow-control draft out of
specification/draft/ and into schemes/ifc-fides.md, reframed from a
sibling extension into one data-labelling scheme that fills the
trust-annotations evidenceRef slot (type ifc.fides.v1). FIDES is not an
extension and not a peer of the extensions; it is one interchangeable
filler of the slot.

Add schemes/README.md as the index for the folder: it states what a
scheme is, lists FIDES as the worked example, records the range of
candidate schemes raised in SEP-1913 review (data classification,
design-pattern controls, ShardGuard, capability tokens, cosigning,
sequence-shape, attestation), and sets the bar a scheme doc must meet.

The reviewed normative body (label payload, semantics, reader-set
resolution, reference implementation, open questions) is preserved
verbatim from the JoannaaKL / Rul1an review rounds.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@SamMorrowDrums
Add data-class scheme skeleton; separate label-schemes from host arch…
59597f9 
…itectures

- schemes/data-class.md: skeleton for the structured classification taxonomy the
  trust-annotations 'sensitive' boolean deliberately omits (class + regulatory
  scope + org labels), shaped as open questions and attributed to the SEP-1913
  reviewers who pushed for it (JustinCappos, olaservo, Mossaka, krubenok, localden).
- schemes/README.md: list data-class under 'Schemes here'; add verified label-
  scheme candidates (Permissive IFC 2410.03055, AirGapAgent 2405.05175); move
  CaMeL and the design-pattern catalogue into a new 'Not schemes: host
  architectures' section, since they govern host control-flow rather than
  producing a per-result data label.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@SamMorrowDrums
Tie schemes to the 'sensitive' floor: refine it, emit both
daf5177 
- schemes/README.md: note the wire vocabulary (sensitive) is the lowest-common-
  denominator floor and schemes refine it; producers are encouraged to emit both.
- schemes/data-class.md: add an explicit emit-both guideline in graceful
  degradation; correct the changelog date 2026-06-17 -> 2026-06-16.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@SamMorrowDrums SamMorrowDrums force-pushed the sammorrowdrums/ifc-fides-scheme branch from 16d7323 to daf5177 Compare June 16, 2026 08:29
@cayerbe cayerbe mentioned this pull request Jun 18, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SamMorrowDrums @Rul1an