SYSNOMINAL|BUILDv2026.01.01|REGIONSELF_HOST

Not Expired ≠ Authorized

Expiry is a fact. Authorization is an outcome.

This note describes a semantic boundary that is easy to blur in production systems.

← Back to Notes

Boundary

ExpirySignal can emit: expired / not expired.

Your system decides what to do with that signal at an enforcement point.

A user being not expired does not imply they are allowed to do anything.

Invariants

  • Not expired ≠ permitted
  • Not expired ≠ authenticated
  • Not expired ≠ paid
  • Not expired ≠ safe

Signals remain facts even when you wish they were enforcement.

Failure modes

  • Clock skew causes “not expired” to read incorrectly
  • Stale reads cause “not expired” to persist after expiry
  • Developers treat “not expired” as an allow-list

Links

© SimpleStates 2026·founder@simple-states.com
Signal-only. Deterministic. Self-hosted.
INDEX
CATALOG
Products
Procurement
SYSTEM
Diagrams
Examples
NOTES
Notes
Essay
LEDGER
Artifact Recovery
Terms
SUPPORT
Support
CONTACT
Contact