Complete IDENTITY-WP-0003 corpus backfill and model refinement

Backfill all 23 research source notes with terminology extracts, modeling
assumptions, conflicts, canonical mappings, and references. Refresh terminology
artifacts, refine the conceptual model with explicit scenario paths, reconcile
canon surfaces and open questions, and mark the workplan finished.
This commit is contained in:
2026-06-21 20:22:20 +02:00
parent 790a2f2041
commit 1c1b5c9bc6
32 changed files with 2676 additions and 623 deletions

View File

@@ -1,7 +1,8 @@
# Canonical Glossary
Status: draft. These definitions are initial candidate canon terms. They are
intended to be challenged by source-note backfill and scenario testing.
Status: draft. Updated after IDENTITY-WP-0003 corpus backfill and scenario
review. Definitions remain candidate canon terms until human review promotes
them.
## Actor
@@ -126,8 +127,10 @@ but it is not automatically identical to any of them.
An issuer, security, or administrative namespace used by an identity system.
Candidate status: treat Realm as a Scope specialization unless source analysis
shows it needs a separate canonical role.
After Keycloak and federation source review, Realm remains a **Scope
specialization** for hard identity/admin boundaries (separate user namespaces,
credentials, clients, IdPs). It is not interchangeable with Tenant or
Organization.
## Organization
@@ -228,8 +231,17 @@ another for claims, identifiers, credentials, or decisions.
A scoped, evidenced assertion that two or more identifiers, records, accounts,
profiles, or actors refer to the same target for a stated purpose.
Synonymity assertions may be weak, strong, verified, inferred, revoked,
privacy-limited, or source-specific.
Recommended relation types: `same_as`, `probably_same_as`, `linked_to`,
`represents`, `controls`, `acts_for`.
Recommended strength bands: weak, medium, strong, authoritative.
Synonymity assertions may be verified, inferred, revoked, privacy-limited, or
source-specific. They do not require destructive merging of source records.
Common sources: OIDC iss+sub account binding, SAML persistent NameID mapping,
entity-resolution matches, operator verification, VC cryptographic proof,
schema.org sameAs (weak by default).
## Evidence Source
@@ -244,6 +256,37 @@ assertion.
Examples: proposed, active, suspended, revoked, expired, archived, deleted,
superseded.
Security event streams (SSF/CAEP/RISC) and VC status mechanisms are common
Evidence Sources that trigger lifecycle transitions.
## Assurance Level
Confidence metadata about identity proofing, authentication, or federation
derived from sources such as NIST SP 800-63-4.
Dimensions:
- Identity Assurance Level (IAL): confidence that a subscriber is the claimed person.
- Authenticator Assurance Level (AAL): confidence in authentication mechanism.
- Federation Assurance Level (FAL): confidence in federation assertion protection.
Assurance levels attach to bindings, credentials, and federation relationships;
they do not replace authorization decisions.
## Relationship Tuple
An authorization projection encoding a subject-relation-object fact in engines
such as Zanzibar, OpenFGA, or Ory Keto.
Relationship tuples are not canonical identity roots. They project from actors,
accounts, memberships, and delegations into authorization domains.
## Pseudonymous Identifier
An identifier designed to limit cross-scope correlation, aligned with privacy
patterns such as OIDC pairwise subjects, tenant-local subjects, and GDPR
pseudonymization with separately stored re-identification keys.
## Non-Canonical Convenience Term: User
`User` may be used in prose when quoting or mapping external systems, but it