SID-ARCH-01 — Platform Architecture Non-Applicability Register
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | identify |
| Group | Architecture Decision Controls |
Description
Documents deliberate architectural decisions that render certain external framework requirements non-applicable to the SIROS ID platform: (1) Passwordless-only authentication — FIDO2/WebAuthn exclusively; no passwords, OTPs, SMS codes, recovery secrets, or look-up tokens. (2) REST-only API surface — no SOAP or GraphQL endpoints. (3) Web-first delivery model — the wallet frontend is a browser SPA, inherently source-visible, with automatic deployment of latest version; native binary protections (obfuscation, anti-debugging) do not apply.
Framework Requirements
EUDI Security Requirements: WIN-8.4.3-Sec-07, WIN-8.4.3-Sec-08
OWASP ASVS 4.0.3 Level 3: V2.1, V2.4, V2.5, V2.6, V2.7, V2.8, V13.3, V13.4