generated from coulomb/repo-seed
Add CARING Kubernetes RBAC benchmark
This commit is contained in:
@@ -0,0 +1,30 @@
|
||||
---
|
||||
id: benchmark/caring/kubernetes-rbac/readme
|
||||
title: CARING Kubernetes RBAC Benchmark Workspace
|
||||
status: candidate
|
||||
created_by_workplan: ITC-WP-0010
|
||||
---
|
||||
|
||||
# CARING Kubernetes RBAC Benchmark
|
||||
|
||||
This workspace analyzes Kubernetes RBAC as a CARING benchmark, not as a
|
||||
shortcut profile. It is designed to stress access-governance orthogonality
|
||||
across Access Control, Organization, Governance, Security, Landscape,
|
||||
DevSecOps, Network, Observability, Task, and Tagging.
|
||||
|
||||
The benchmark keeps Kubernetes native constructs separate from CARING meaning:
|
||||
|
||||
- `Role` and `ClusterRole` are rule bundles or capability profiles, not
|
||||
automatically CARING canonical roles.
|
||||
- `RoleBinding` and `ClusterRoleBinding` are grants or assignments.
|
||||
- `ServiceAccount` is a service subject and a workload identity anchor.
|
||||
- `Namespace` is a useful scope signal, but it is not automatically a tenant
|
||||
boundary.
|
||||
|
||||
Indexed benchmark artifacts:
|
||||
|
||||
- `benchmark.yaml`
|
||||
- `native-concepts.yaml`
|
||||
- `caring-mapping.yaml`
|
||||
- `access-descriptors.yaml`
|
||||
- `findings-and-canon-pressure.yaml`
|
||||
Reference in New Issue
Block a user