generated from coulomb/repo-seed
Add user-engine evaluation readiness pack
This commit is contained in:
135
infospace/evaluations/user-engine/questions.yaml
Normal file
135
infospace/evaluations/user-engine/questions.yaml
Normal file
@@ -0,0 +1,135 @@
|
||||
id: evaluation/user-engine/questions
|
||||
title: User Engine Canon Evaluation Questions
|
||||
status: candidate
|
||||
consumer: user-engine
|
||||
evaluation_pack: evaluation/user-engine
|
||||
question_domains:
|
||||
- id: organization
|
||||
title: Organization
|
||||
canon_anchors:
|
||||
- model/organization
|
||||
- profile/small-saas
|
||||
questions:
|
||||
- id: org-001
|
||||
question: Which user-engine records map to Person, User, Actor, Agent, Team, Tenant, Role, Membership, Assignment, Responsibility, Authority, and Accountability?
|
||||
expected_evidence:
|
||||
- entity mapping table
|
||||
- examples for human users and service users
|
||||
- id: org-002
|
||||
question: How does user-engine distinguish Actor, Subject, and Principal in authentication and authorization contexts?
|
||||
expected_evidence:
|
||||
- concept mapping
|
||||
- access-decision trace
|
||||
- id: org-003
|
||||
question: How are tenant membership, team membership, ownership, and delegated administration represented?
|
||||
expected_evidence:
|
||||
- tenant/team membership export
|
||||
- owner or administrator assignment records
|
||||
- id: access-control
|
||||
title: Access Control
|
||||
canon_anchors:
|
||||
- model/access-control
|
||||
- standard/caring
|
||||
- profile/small-saas
|
||||
questions:
|
||||
- id: ac-001
|
||||
question: Which user-engine concepts map to AccessRole, Permission, Entitlement, ResourceScope, RoleBinding, AuthorizationDecision, and AccessPolicy?
|
||||
expected_evidence:
|
||||
- entity mapping table
|
||||
- role and permission examples
|
||||
- id: ac-002
|
||||
question: Can every privileged access grant identify subject or principal, access role, resource scope, tenant boundary, governing policy, and evidence?
|
||||
expected_evidence:
|
||||
- grant trace
|
||||
- tenant-scoped role binding example
|
||||
- id: ac-003
|
||||
question: How are Organization Role, AccessRole, and CARING canonical role kept distinct?
|
||||
expected_evidence:
|
||||
- distinction notes
|
||||
- CARING role classification examples
|
||||
- id: governance
|
||||
title: Governance
|
||||
canon_anchors:
|
||||
- model/governance
|
||||
- standard/caring
|
||||
questions:
|
||||
- id: gov-001
|
||||
question: Which user-engine records carry policy, control, review, approval, exception, waiver, evidence, and decision semantics?
|
||||
expected_evidence:
|
||||
- governance mapping table
|
||||
- review and approval examples
|
||||
- id: gov-002
|
||||
question: What evidence shows that access grants are reviewed, approved, remediated, or expired?
|
||||
expected_evidence:
|
||||
- access review records
|
||||
- remediation or exception records
|
||||
- id: gov-003
|
||||
question: Who has decision rights for accepting, rejecting, or deferring integration gaps?
|
||||
expected_evidence:
|
||||
- decision authority statement
|
||||
- accountable owner
|
||||
- id: data
|
||||
title: Data
|
||||
canon_anchors:
|
||||
- model/data
|
||||
- profile/small-saas
|
||||
questions:
|
||||
- id: data-001
|
||||
question: Which user-engine data objects contain identity, account, tenant, membership, role, permission, credential, or audit data?
|
||||
expected_evidence:
|
||||
- data object inventory
|
||||
- processing purpose notes
|
||||
- id: data-002
|
||||
question: How are tenant partitioning, retention, residency, lineage, and processing purpose represented for user-management data?
|
||||
expected_evidence:
|
||||
- data boundary description
|
||||
- tenant partition example
|
||||
- id: security
|
||||
title: Security
|
||||
canon_anchors:
|
||||
- model/security
|
||||
- model/access-control
|
||||
- profile/small-saas
|
||||
questions:
|
||||
- id: sec-001
|
||||
question: How does user-engine represent credentials, sessions, privileged access, MFA or equivalent assurance, and secret handling boundaries?
|
||||
expected_evidence:
|
||||
- security concept mapping
|
||||
- privileged access scenario
|
||||
- id: sec-002
|
||||
question: Which incidents, findings, or alerts can be linked to users, principals, tenants, controls, and evidence?
|
||||
expected_evidence:
|
||||
- incident linkage example
|
||||
- finding or alert export
|
||||
- id: task
|
||||
title: Task
|
||||
canon_anchors:
|
||||
- model/task
|
||||
- profile/small-saas
|
||||
questions:
|
||||
- id: task-001
|
||||
question: Which onboarding, access request, review, remediation, deprovisioning, and integration-gap items map to WorkItem, Task, Request, ReviewTask, ApprovalTask, RemediationTask, or ChangeTask?
|
||||
expected_evidence:
|
||||
- lifecycle task examples
|
||||
- task state mapping
|
||||
- id: task-002
|
||||
question: How does user-engine distinguish captured requests from committed implementation or remediation tasks?
|
||||
expected_evidence:
|
||||
- task commitment mapping
|
||||
- backlog or issue examples
|
||||
- id: purposes
|
||||
title: PURPOSES
|
||||
canon_anchors:
|
||||
- model/purpose-demand-extension
|
||||
- pattern/intent-scope-purposes
|
||||
questions:
|
||||
- id: pur-001
|
||||
question: What consumer intent, scope, purposes, use cases, demand signals, and consumer needs does user-engine declare for canon integration?
|
||||
expected_evidence:
|
||||
- completed Canon Interface Card
|
||||
- consumer purpose statement
|
||||
- id: pur-002
|
||||
question: Which purpose fit state applies to user-engine now, and which gaps create scope pressure or evolution requests for InfoTechCanon?
|
||||
expected_evidence:
|
||||
- purpose fit review
|
||||
- requested evolution list
|
||||
Reference in New Issue
Block a user