generated from coulomb/repo-seed
Add user-engine evaluation readiness pack
This commit is contained in:
@@ -0,0 +1,148 @@
|
||||
id: evaluation/user-engine/interface-card-expectations
|
||||
title: User Engine Canon Interface Card Expectations
|
||||
status: candidate
|
||||
consumer: user-engine
|
||||
evaluation_pack: evaluation/user-engine
|
||||
expected_consumer_fields:
|
||||
repo: user-engine
|
||||
domain: user-management
|
||||
intent: Evaluate and later integrate user-management capability against InfoTechCanon.
|
||||
scope:
|
||||
- user identity
|
||||
- accounts
|
||||
- tenants
|
||||
- teams
|
||||
- memberships
|
||||
- roles
|
||||
- access decisions
|
||||
- access reviews
|
||||
- governance evidence
|
||||
purposes:
|
||||
- id: user-engine/user-management-evaluation
|
||||
use_case: Compare user-engine entities and access behavior with InfoTechCanon models and small-saas profile expectations.
|
||||
consumer_need: Clear distinction among identities, actors, principals, subjects, roles, grants, policies, controls, evidence, and lifecycle work.
|
||||
demand_signals:
|
||||
- user-engine will be assessed before integration.
|
||||
- user-engine needs a canon-side conformance question set.
|
||||
expected_canon_surfaces:
|
||||
implemented_profiles:
|
||||
- profile/small-saas
|
||||
consumed_artifacts:
|
||||
- model/organization
|
||||
- model/access-control
|
||||
- model/governance
|
||||
- model/data
|
||||
- model/security
|
||||
- model/task
|
||||
- model/purpose-demand-extension
|
||||
- standard/caring
|
||||
consumed_concepts:
|
||||
- Actor
|
||||
- Subject
|
||||
- Principal
|
||||
- User
|
||||
- Team
|
||||
- Tenant
|
||||
- Organization Role
|
||||
- AccessRole
|
||||
- Permission
|
||||
- Entitlement
|
||||
- ResourceScope
|
||||
- Policy
|
||||
- Control
|
||||
- Evidence
|
||||
- AccessReview
|
||||
- ConsumerPurpose
|
||||
- PurposeFit
|
||||
- EvolutionRequest
|
||||
expected_entities:
|
||||
- id: user
|
||||
canon_anchor: model/organization
|
||||
expectation: Represents a human or service user without collapsing into authenticated principal.
|
||||
- id: account
|
||||
canon_anchor: model/access-control
|
||||
expectation: Represents login or system account bound to a user, actor, or principal.
|
||||
- id: principal
|
||||
canon_anchor: model/access-control
|
||||
expectation: Represents authenticated identity used in an authorization decision.
|
||||
- id: subject
|
||||
canon_anchor: model/access-control
|
||||
expectation: Represents entity evaluated by policy, possibly a user, principal, group, or service account.
|
||||
- id: tenant
|
||||
canon_anchor: model/organization
|
||||
expectation: Represents customer or organization boundary used for membership, data, and access scope.
|
||||
- id: team
|
||||
canon_anchor: model/organization
|
||||
expectation: Represents operational group, not an access role.
|
||||
- id: organization-role
|
||||
canon_anchor: model/organization
|
||||
expectation: Represents responsibility or position.
|
||||
- id: access-role
|
||||
canon_anchor: model/access-control
|
||||
expectation: Represents permission bundle or access capability.
|
||||
- id: policy
|
||||
canon_anchor: model/governance
|
||||
expectation: Governs access or lifecycle behavior.
|
||||
- id: control
|
||||
canon_anchor: model/security
|
||||
expectation: Implements or enforces a policy or objective.
|
||||
- id: evidence
|
||||
canon_anchor: model/observability
|
||||
expectation: Supports review, control, access, or integration claims.
|
||||
expected_edges:
|
||||
- type: member_of
|
||||
source: user
|
||||
target: team
|
||||
expectation: User or actor belongs to team.
|
||||
- type: belongs_to_tenant
|
||||
source: user
|
||||
target: tenant
|
||||
expectation: User or account is scoped to a tenant when applicable.
|
||||
- type: authenticates_as
|
||||
source: account
|
||||
target: principal
|
||||
expectation: Account produces or binds authenticated principal.
|
||||
- type: evaluated_as
|
||||
source: principal
|
||||
target: subject
|
||||
expectation: Principal is evaluated as policy subject.
|
||||
- type: assigned_role
|
||||
source: subject
|
||||
target: access-role
|
||||
expectation: Subject receives access role within explicit scope.
|
||||
- type: scoped_to
|
||||
source: access-role
|
||||
target: tenant
|
||||
expectation: Access role or grant declares resource or tenant scope.
|
||||
- type: governed_by
|
||||
source: access-grant
|
||||
target: policy
|
||||
expectation: Grant traces to policy or rule.
|
||||
- type: implemented_by
|
||||
source: policy
|
||||
target: control
|
||||
expectation: Policy is enforced by a control.
|
||||
- type: evidenced_by
|
||||
source: access-grant
|
||||
target: evidence
|
||||
expectation: Grant, review, or control has evidence.
|
||||
- type: creates_task
|
||||
source: evaluation-gap
|
||||
target: task
|
||||
expectation: Gap creates work only after triage and commitment.
|
||||
evidence_required:
|
||||
- completed Canon Interface Card
|
||||
- entity and edge mapping export
|
||||
- access grant trace
|
||||
- tenant-scoped role or permission example
|
||||
- access review example
|
||||
- policy/control/evidence trace
|
||||
- data object inventory for user-management data
|
||||
- user lifecycle task or request examples
|
||||
- explicit integration gaps and requested evolution
|
||||
validation_expectations:
|
||||
commands:
|
||||
- PYTHONPATH=src python3 -m info_tech_canon validate
|
||||
- PYTHONPATH=src python3 -m info_tech_canon profile validate small-saas
|
||||
known_gaps_allowed: true
|
||||
gap_rule: A gap is acceptable only when recorded with purpose fit state, owner, and proposed disposition.
|
||||
Reference in New Issue
Block a user