generated from coulomb/repo-seed
Add user-engine evaluation readiness pack
This commit is contained in:
58
infospace/evaluations/user-engine/small-saas-alignment.yaml
Normal file
58
infospace/evaluations/user-engine/small-saas-alignment.yaml
Normal file
@@ -0,0 +1,58 @@
|
||||
id: evaluation/user-engine/small-saas-alignment
|
||||
title: User Engine Small SaaS Alignment Lens
|
||||
status: candidate
|
||||
consumer: user-engine
|
||||
evaluation_pack: evaluation/user-engine
|
||||
profile: profile/small-saas
|
||||
alignment_goal: Use small-saas as the concrete tenant-aware SaaS lens for user-management evaluation.
|
||||
profile_requirements:
|
||||
- required_concept: tenant
|
||||
small_saas_artifacts:
|
||||
- small-saas/tenant/acme
|
||||
- small-saas/tenant/globex
|
||||
user_engine_expectation: User-engine can represent tenant boundaries and bind users, accounts, roles, and evidence to them.
|
||||
- required_concept: user
|
||||
small_saas_artifacts:
|
||||
- small-saas/user/ada-admin
|
||||
user_engine_expectation: User-engine can map users separately from accounts, principals, subjects, and access grants.
|
||||
- required_concept: team
|
||||
small_saas_artifacts:
|
||||
- small-saas/team/platform
|
||||
user_engine_expectation: User-engine can represent team membership without treating teams as permission bundles.
|
||||
- required_concept: policy
|
||||
small_saas_artifacts:
|
||||
- small-saas/policy/tenant-isolation
|
||||
user_engine_expectation: User-engine access behavior can trace to governing policy.
|
||||
- required_concept: control
|
||||
small_saas_artifacts:
|
||||
- small-saas/control/namespace-per-tenant
|
||||
user_engine_expectation: User-engine can show which controls enforce tenant isolation or access boundaries.
|
||||
- required_concept: evidence
|
||||
small_saas_artifacts:
|
||||
- small-saas/evidence/access-review-2026-05
|
||||
user_engine_expectation: User-engine can provide or link evidence for access reviews and privileged grants.
|
||||
- required_concept: task
|
||||
small_saas_artifacts:
|
||||
- small-saas/task/onboard-tenant
|
||||
user_engine_expectation: User-engine can identify onboarding, access request, review, remediation, and deprovisioning work.
|
||||
- required_concept: incident
|
||||
small_saas_artifacts:
|
||||
- small-saas/incident/cross-tenant-access-attempt
|
||||
user_engine_expectation: User-engine can link access incidents or findings to users, principals, tenants, controls, and evidence.
|
||||
conformance_questions:
|
||||
- Can Ada Admin's tenant-admin grant for Acme be represented with user, subject, principal, role, tenant scope, policy, and evidence?
|
||||
- Can Globex remain isolated from Ada Admin unless an explicit grant, scope, and evidence record exists?
|
||||
- Can tenant isolation policy connect to control evidence and review records?
|
||||
- Can onboarding a tenant create trackable work without implying that every request is already committed?
|
||||
- Can any integration gap become an EvolutionRequest instead of an undocumented scope change?
|
||||
pass_conditions:
|
||||
- All required small-saas user-management artifacts have matching user-engine entities or explicit gaps.
|
||||
- Access grants carry tenant scope, role, governing policy, and evidence.
|
||||
- User, team, tenant, organization role, access role, subject, and principal are not collapsed into one concept.
|
||||
- Evidence gaps are explicit and produce review or remediation work.
|
||||
- PURPOSES fields identify current purpose fit and requested evolution.
|
||||
failure_conditions:
|
||||
- User-engine cannot distinguish organization roles from access roles.
|
||||
- User-engine cannot trace privileged access to tenant scope and evidence.
|
||||
- User-engine treats consumer demand as automatic producer scope.
|
||||
- User-engine cannot produce a mapping export or completed interface card.
|
||||
Reference in New Issue
Block a user