id: review-kit/alignment/model-selection-guide title: Canon Model And Standard Selection Guide status: candidate created_by_workplan: ITC-WP-0011 selection_principle: Select the smallest canon surface set that explains the repository's producer scope, consumer purposes, current evidence, and intended alignment work. surfaces: - id: model/purpose-demand-extension use_when: - The review must distinguish producer intent, current scope, consumer purposes, demand signals, scope pressure, or evolution requests. review_questions: - What does the producer intend to provide? - What purposes do consumers bring? - Which gaps are future-scope requests rather than current defects? - id: pattern/intent-scope-purposes use_when: - INTENT, SCOPE, and PURPOSES boundaries are unclear or mixed in repository documentation. review_questions: - Which statements are intent, which are current scope, and which are consumer demand? - id: model/access-control use_when: - The repository defines users, principals, roles, permissions, policies, grants, authentication, authorization, or access reviews. review_questions: - Which subjects and principals exist? - Which grants, entitlements, roles, or decisions are explicit? - id: model/organization use_when: - The repository includes teams, tenants, organizations, responsibility, accountability, ownership, or actor relationships. review_questions: - Which organization roles are business responsibility rather than access roles? - Which actors belong to which organization or tenant context? - id: model/governance use_when: - The repository includes policy, controls, approvals, evidence, review decisions, exceptions, risks, or standards conformance. review_questions: - Which claims are approved, proposed, rejected, or under review? - What evidence supports each governance claim? - id: model/security use_when: - The repository manages threats, vulnerabilities, incidents, exposure, privilege escalation, secrets, or mitigations. review_questions: - Which mappings create security findings? - Which exposures require controls or review? - id: model/data use_when: - The repository handles datasets, information assets, classifications, retention, privacy, lineage, or data access. review_questions: - What data is governed or exposed? - Which data classifications affect access or purpose fit? - id: model/landscape use_when: - The repository describes systems, services, runtimes, platforms, dependencies, environments, or deployment topology. review_questions: - What systems and runtime resources does the repo own or affect? - What is observed runtime state versus design-time declaration? - id: model/devsecops use_when: - The repository contains build, deployment, CI/CD, GitOps, supply chain, release, or platform automation. review_questions: - Which automation changes runtime state? - Which identities and artifacts flow through delivery pipelines? - id: model/network use_when: - The repository includes reachability, ingress, egress, segmentation, service mesh, network policies, or exposure paths. review_questions: - What network boundary or exposure is claimed? - Which claims need runtime or policy evidence? - id: model/observability use_when: - The repository includes logs, metrics, traces, audit evidence, alerts, telemetry, or operational review. review_questions: - Which observations support evidence? - Which signals prove or disprove access, scope, or runtime claims? - id: model/task use_when: - Findings need to become remediation, review, refactor, migration, validation, or follow-up work. review_questions: - Which tasks belong in the consumer repo? - Which tasks belong in the canon repo? - id: standard/tagging use_when: - The repository uses labels, tags, taxonomy, classification, source roles, attributes, status, or mapping categories. review_questions: - Which tags are native labels versus canon classifications? - Which source roles and evidence categories are needed? - id: standard/caring use_when: - Access governance needs orthogonal analysis across subject, organization relation, role, scope, plane, capability, exposure, condition, lifecycle, and restriction. review_questions: - What is declared access versus effective access? - Which native roles are actually capability profiles or assignments? - id: profile/small-saas use_when: - The repository resembles a tenant-aware SaaS service or needs a small practical proof profile. review_questions: - Which small-saas artifacts are present or missing? - Which tenant, policy, control, evidence, and task structures should be aligned? - id: benchmark/caring/kubernetes-rbac use_when: - The repository includes Kubernetes RBAC, service accounts, namespaces, workload identity, secrets, or cluster access. review_questions: - Are namespaces being treated as tenant boundaries without evidence? - Which workload permissions create derived or induced access? selection_outputs: - selected_surface_id - reason_selected - expected_review_questions - required_evidence - likely_workplan_type