Security practices (SLTL.global™)

Effective: 2 May 2026 · High-level overview; not an exhaustive control matrix.

The SLTL protocol is an open specification (Apache 2.0) for secure, verifiable digital actions; SLTL Trust (an Alpha91 brand at sltltrust.com) is the sole Trust Authority. The public verify endpoint is at sltl.global. This deployment is the Alpha91 official implementation — a security layer designed to help Operators implement defence-in-depth at the application layer, aligned with widely accepted practices for web authentication and session security. Only verified issuers under SLTL Trust may represent links as SLTL Trusted. Alpha91’s roadmap includes verifying links bearing the SLTL Trusted seal via sltl.global before action. Features and defaults may evolve between versions.

1. Identity & access

  • Passwords stored using strong one-way hashing (bcrypt-style workflows in the kit).
  • Optional two-factor authentication (TOTP) and recovery codes for elevated accounts.
  • Session handling intended to resist trivial fixation and tampering; server-side session invalidation on high-risk events where implemented.

2. Verification & recovery

  • Email verification and sensitive flows may use time-limited one-time codes instead of long-lived magic links, where the product is configured that way.
  • Rate limits and IP-based controls may apply to sensitive endpoints to reduce brute-force and abuse.

3. Monitoring & abuse response

  • Audit logging of security-relevant events for operator review.
  • Optional route / URL probes detection to flag scanner traffic and apply policy (e.g. IP blocks), configurable by the Operator.
  • Strike / blocklist mechanisms on a best-effort basis; effectiveness depends on correct IP visibility (e.g. behind reverse proxies or CDNs).

4. Transport & hosting

SLTL assumes the Operator deploys HTTPS in production, patches the PHP runtime and database, and restricts host and database access. Those layers are outside SLTL’s code but essential to outcomes.

5. What this is not

This page is not a certification (SOC 2, ISO 27001, PCI, etc.), a penetration-test report, or a guarantee of suitability for any regulated sector. It describes intent and common patterns, not a warranty of results.

For liability limits, see the Disclaimer and Terms of use.

← Back to sign in

© 2026 Alpha91 Enterprises Pty Ltd. All rights reserved.
SLTL Trust (an Alpha91 brand) is the sole Trust Authority for the SLTL protocol — operations at sltltrust.com, public verify endpoint at sltl.global. The SLTL protocol is published as an open specification (Apache 2.0) at github.com/malogies/sltl-protocol. This deployment is the Alpha91 official implementation (proprietary).
SLTL Trusted™, SLTL Trust™, Secure Link Trust Layer™, and SLTL.global™ are trademarks of SLTL Trust, an Alpha91 brand; SLTL™ is claimed as a common-law mark; use of trust marks requires explicit authorization — see Trademarks. Alpha91® is a registered trademark of Alpha91 Enterprises Pty Ltd where registered.