id: small-saas kind: profile profile: small-saas title: Small SaaS System Profile scope: A compact tenant-aware SaaS service with users, teams, data, access, deployment, governance evidence, and incident handling. status: proof conformance_level: profile-proof assumptions: - The SaaS product has a single service boundary and two example tenants. - Tenants are separated by namespace and data partitioning claims. - User management is represented through users, teams, access grants, policies, controls, and evidence. - Runtime concerns are represented by one production deployment. required_standards: - kernel/itc-core - model/landscape - model/organization - model/governance - model/task - model/access-control - model/security - model/data - model/devsecops - model/network - model/observability - standard/tagging - standard/caring required_concepts: service: status: required model: model/landscape system: status: required model: model/landscape tenant: status: required model: model/organization user: status: required model: model/organization team: status: required model: model/organization dataset: status: required model: model/data deployment: status: required model: model/devsecops task: status: required model: model/task policy: status: required model: model/governance control: status: required model: model/security evidence: status: required model: model/observability incident: status: required model: model/security optional_concepts: billing-plan: status: optional model: model/data notification: status: optional model: model/observability out_of_scope: - multi-region disaster recovery - tenant-managed encryption keys - marketplace billing integrations artifact_ids: - profile/small-saas - small-saas/service/billing-portal - small-saas/system/billing-system - small-saas/tenant/acme - small-saas/tenant/globex - small-saas/user/ada-admin - small-saas/team/platform - small-saas/dataset/subscription-ledger - small-saas/deployment/production - small-saas/task/onboard-tenant - small-saas/policy/tenant-isolation - small-saas/control/namespace-per-tenant - small-saas/evidence/access-review-2026-05 - small-saas/incident/cross-tenant-access-attempt validation_rules: required_artifact_kinds: - service - system - tenant - user - team - dataset - deployment - task - policy - control - evidence - incident service_ownership: required tenant_namespace_separation: required user_management_trace: required access_control_trace: required governance_evidence: required demo_commands: - PYTHONPATH=src python3 -m info_tech_canon profile inspect small-saas - PYTHONPATH=src python3 -m info_tech_canon profile validate small-saas - PYTHONPATH=src python3 -m info_tech_canon profile graph small-saas