N
NOXA
On-prem | offline | signed delivery
Request Demo
ProductDeploymentDeployment ProfilesSystem RequirementsPerformance & CapacityOperationsTrust / Product ChainIntegrators
Licensing

Offline licensing lifecycle for on-prem execution.

Licensing behavior is aligned with License Factory contracts, runtime verification, and packager integration.

Trust / Product ChainSecurity / TrustIntegrator View

Official license flow is file-based and offline-ready for on-prem usage.

Current reference schema is version 3, with version 2 compatibility support.

Detached signature artifact (license.sig) is the canonical trust artifact for runtime/packager flows.

Inline license.signature is transitional interoperability-only, not the primary trust source.

Runtime is verify-only: signing stays in internal Factory and Packager tooling.

Renewal reminders run offline with configurable thresholds.

Legacy compatibility paths are migration-only and re-evaluated before 2026-12-31.

Production Target

Canonical trust artifacts used in licensing flows

Factory artifact set: license.json + detached license.sig.
Packager trust set: manifests/product-manifest.json + manifests/product-manifest.sig.
Packager trust set: manifests/bundle-manifest.json + manifests/bundle-manifest.sig.
Packager delivery set: <bundle>.tar.gz + <bundle>.tar.gz.sig + CHECKSUMS.txt.
Compatibility Boundary

Implemented vs migration-only paths

Canonical production target is signed file artifacts (license + manifests + signatures).
Legacy schema/token paths remain migration-only compatibility paths.
Inline license.signature and runtime_signing.kid fields are transitional interoperability mirrors.
Legacy compatibility is explicitly re-evaluated before 2026-12-31.
Lifecycle

Issue, sign, package, verify, renew

Simple process language for stakeholders with repository-accurate behavior.

Step 1
Issue

Factory creates a customer license with validity, entitlements, and key_id metadata.

Step 2
Sign

Factory signs canonical payload and emits detached license.sig.

Step 3
Package

Packager consumes license claims to build signed customer bundle artifacts.

Step 4
Verify

Runtime verifies signatures and coherence locally before full enforcement.

Step 5
Renew

Factory renews with renewal_of lineage and updated validity window.

Renewal

Factory lifecycle views

Views used by internal renewal operations in offline contexts.

expiring-soonactivefutureexpiredrenewedrevoked
Responsibility Split

Each repository keeps one role

NOXA runtime
Verification, enforcement, local reminders, diagnostics, and audit visibility.
Noxa-License-Factory
License issuance, renewal, verification tooling, and key governance.
Noxa-Packager
Signed bundle assembly, manifest generation/signing, and verification workflow.
Runtime verify-only details
Verify detached license.sig over canonical license.json payload (public keys only).
Verify product-manifest and bundle-manifest detached signature envelopes.
Check coherence across license, signed manifests, and runtime edition/artifact claims.
Never generate keys, issue licenses, or sign runtime artifacts (verify-only boundary).

Need an offline licensing operating plan?

Request Licensing WorkshopOperationsDeployment