generated from coulomb/repo-seed
Workplan sketch out and statehub registration
This commit is contained in:
@@ -0,0 +1,97 @@
|
||||
---
|
||||
id: FLEX-WP-0001
|
||||
type: workplan
|
||||
title: "Repo Intent and Authorization Architecture Baseline"
|
||||
domain: netkingdom
|
||||
status: done
|
||||
owner: flex-auth
|
||||
topic_slug: flex-auth
|
||||
planning_priority: complete
|
||||
planning_order: 10
|
||||
created: "2026-05-04"
|
||||
updated: "2026-05-04"
|
||||
state_hub_workstream_id: "4dbefd19-bb7d-405c-9a50-e7dbd11cf4d9"
|
||||
---
|
||||
|
||||
# FLEX-WP-0001: Repo Intent and Authorization Architecture Baseline
|
||||
|
||||
## Purpose
|
||||
|
||||
Fixate flex-auth as the NetKingdom-side policy-as-code authorization registry
|
||||
and control plane, distinct from key-cape identity and from protected systems
|
||||
such as Markitect.
|
||||
|
||||
## Implementation Summary
|
||||
|
||||
Completed the initial project baseline:
|
||||
|
||||
- `INTENT.md` defines purpose, scope, responsibility boundaries, design
|
||||
principles, core concepts, standalone/delegated modes, first consumer, and
|
||||
non-goals.
|
||||
- `docs/flex-auth-authorization-registry-research.md` captures product and
|
||||
component research across Keycloak Authorization Services, Entra, Topaz,
|
||||
OpenFGA, SpiceDB, OPA/OPAL, Cedar, Cerbos, Casbin, Oso, and related
|
||||
authorization patterns.
|
||||
- `README.md` points newcomers at intent and research.
|
||||
- The repo has been registered in State Hub under the NetKingdom authorization
|
||||
area.
|
||||
|
||||
## P1.1 - Define project intent
|
||||
|
||||
```task
|
||||
id: FLEX-WP-0001-T001
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "5af30b01-ea72-4f87-b74e-a595fd3a5bd7"
|
||||
```
|
||||
|
||||
Define flex-auth as a policy-as-code authorization registry and control plane
|
||||
that can run standalone or coordinate with Topaz, OpenFGA, SpiceDB, OPA, Cedar,
|
||||
Keycloak Authorization Services, Entra/Graph, and directory systems.
|
||||
|
||||
## P1.2 - Define responsibility boundaries
|
||||
|
||||
```task
|
||||
id: FLEX-WP-0001-T002
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "145ec0ec-130a-4209-9028-1ae06e3664e3"
|
||||
```
|
||||
|
||||
Capture boundaries:
|
||||
|
||||
- key-cape/NetKingdom owns identity.
|
||||
- flex-auth owns authorization registry, policy packages, relationships,
|
||||
decision logging, and PDP coordination.
|
||||
- protected systems own enforcement.
|
||||
|
||||
## P1.3 - Capture open-source and enterprise landscape
|
||||
|
||||
```task
|
||||
id: FLEX-WP-0001-T003
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "c52a9e3e-e264-418d-b462-d5a9d6e22b30"
|
||||
```
|
||||
|
||||
Document relevant concepts and lessons from current authorization tools and
|
||||
enterprise IAM patterns.
|
||||
|
||||
## P1.4 - Establish first-consumer architecture
|
||||
|
||||
```task
|
||||
id: FLEX-WP-0001-T004
|
||||
status: done
|
||||
priority: medium
|
||||
state_hub_task_id: "7756c4c5-598a-4894-9352-6e7145cb3522"
|
||||
```
|
||||
|
||||
Use Markitect as the first concrete protected-system consumer while keeping
|
||||
the flex-auth model generic enough for other systems.
|
||||
|
||||
## Exit Criteria
|
||||
|
||||
- Repository purpose is explicit.
|
||||
- Boundaries are clear enough to prevent identity and protected-system logic
|
||||
from creeping into flex-auth.
|
||||
- Initial research informs implementation workplans.
|
||||
Reference in New Issue
Block a user