DRDatumRelaySupplier readiness evidence

Security model

A bounded browser tool, not a trust shortcut.

DatumRelay reduces unnecessary file movement and makes evidence traceable. It does not provide authentication, tenant isolation, cryptographic approval, or a remote audit system.

Current beta line: 1.0.0-beta.xLast updated July 13, 2026

Controls in this release

These are implementation controls, not a certification or guarantee against hostile input.

1

Same-origin runtime

The app, pinned JavaScript packages, and OpenCascade WebAssembly are served as static assets from one origin.

2

Restrictive browser policy

Deployment headers restrict scripts, workers, connections, framing, browser permissions, referrers, and MIME sniffing.

3

Locked dependency graph

The npm lockfile records exact versions and integrity metadata for reproducible installs.

4

Input refusal limits

File size, aggregate size, triangle, vertex, profile, challenge, and filename bounds reduce accidental resource exhaustion.

5

Content checksums

SHA-256 binds a result to exact artifact bytes and canonical decision content so later changes can be detected.

6

Explicit scope states

Unsupported domains remain not covered instead of being silently represented as passed.

Important limitations

A secure operating process must account for each of these boundaries.

No identity or access layer

There is no authentication, authorization, role separation, tenant isolation, administrative control, or remote audit log.

No cryptographic signature verification

Passport structure and evidence metadata can be checked, but the beta does not verify the issuing organization or a digital signature.

Checksums are not approvals

A SHA-256 value can expose changed bytes. It does not establish authorship, authenticity, approval, or non-repudiation.

Exports are plaintext

A ZIP may contain original CAD, drawing, and inspection artifacts. Treat it as a controlled engineering record.

The browser is part of the boundary

Same-origin scripts, extensions, malware, people using an unlocked profile, and endpoint tooling may access local or in-memory data.

CAD parsing carries residual risk

Complex or hostile native/WebAssembly inputs can consume substantial CPU or memory even below declared refusal limits.

Before an external pilot

Pin and verify the releaseRecord the source revision and build environment; run the locked install, test suite, and production build.
Inspect dependency and deployment stateReview advisories, verify response headers, and confirm user files do not appear in the browser network log.
Define the approved environmentUse an organization-controlled device and browser profile with explicit extension and restricted-data rules.
Protect downloaded evidenceSet approved storage, encryption, access, sharing, retention, and deletion controls for JSON and ZIP exports.
Name private incident contactsPut a monitored security route, roles, and stop conditions in the pilot agreement before real partner data is used.

Vulnerability reporting during beta

No public security-reporting address or response-time commitment is published yet. Contracted pilots must use the private route in their pilot agreement. Otherwise, do not publish exploit details or engineering artifacts; ask the project owner for a private contact through the channel that provided this beta.

Security starts with an honest boundary.

Use DatumRelay as a bounded preflight alongside required engineering and supplier approvals.

Review the claims boundary