Add CARING Kubernetes RBAC benchmark

2026-05-23 06:53:30 +02:00
parent 3f510855ef
commit fb3ac750d5
32 changed files with 1688 additions and 79 deletions
--- a/README.md
+++ b/README.md
@@ -99,3 +99,11 @@ current scope, future scope, consumer purposes, review decisions, evidence,
 source observations, utility relationships, scope freshness, and SCOPE.md as an
 interface profile. The pack is intended to seed the consumer-side repo-scoping
 workplan while keeping proposed canon extensions reviewable.
+
+## Benchmarks
+
+CARING benchmark assets live under `infospace/standards/caring/benchmarks/`.
+The first benchmark is `kubernetes-rbac`, which maps Kubernetes RBAC native
+constructs into CARING descriptors and records canon pressure around native
+roles, effective access, derived workload capabilities, induced secret exposure,
+and the rule that a Namespace is not automatically a tenant boundary.