Fractal IAM · production
Last updated 2026-06-04
Authority is rooted on your devices via UCAN delegation chains. The hub coordinates globally but does not custody your root authority. Service-to-service provisioning is authenticated by both a shared channel token and a signed service envelope verified by the Edgework gatekeeper before any credential is minted.
OAuth tokens are encrypted with AES-GCM at rest. Starter credentials are short-lived. Effective capability requires a valid signature, non-revoked lineage, and temporal validity.
Responsible disclosure is welcome. Email security@forkjoin.ai with details and reproduction steps. Please do not exploit issues beyond what is necessary to demonstrate them.