coulomb/info-tech-canon
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
info-tech-canon/workplans/ITC-WP-0010-caring-kubernetes-rbac-benchmark.md

2.7 KiB
Raw Permalink Blame History

id, type, title, domain, repo, status, priority, created, updated, depends_on_workplans, state_hub_workstream_id
id type title domain repo status priority created updated depends_on_workplans state_hub_workstream_id
ITC-WP-0010 workplan CARING Kubernetes RBAC Benchmark canon info-tech-canon finished medium 2026-05-23 2026-05-23
ITC-WP-0003
ITC-WP-0005
b64f0fc9-8668-4c02-8247-67a41660bdeb

ITC-WP-0010 - CARING Kubernetes RBAC Benchmark

Goal

Create a distinct benchmark workplan for analyzing Kubernetes RBAC through CARING and the wider InfoTechCanon kernel.

Intent

This is deliberately separate from the small SaaS proof. The benchmark is more ambitious and should stress orthogonality across Access Control, Organization, Governance, Security, Network, DevSecOps, Observability, Task, and Tagging.

Tasks

T01 - Benchmark workspace

id: ITC-WP-0010-T01
status: done
priority: high
state_hub_task_id: "9ad31e13-7dc2-469c-b539-d3375a16c5f4"
  • Create infospace/standards/caring/benchmarks/kubernetes-rbac/.
  • Define source corpus, cases, expected outputs, and review criteria.

T02 - RBAC assimilation

id: ITC-WP-0010-T02
status: done
priority: high
state_hub_task_id: "180d7ccf-7daa-4f4c-a92a-641ef5d7b442"
  • Map Kubernetes Role, ClusterRole, RoleBinding, ClusterRoleBinding, ServiceAccount, Namespace, verbs, resources, and scopes.
  • Preserve the warning that Namespace is not automatically a tenant boundary.

T03 - CARING access descriptors

id: ITC-WP-0010-T03
status: done
priority: high
state_hub_task_id: "4ffd6643-a7ab-487c-a09a-0fcaf0115c83"
  • Express benchmark cases as CARING access descriptors.
  • Distinguish declared access, effective access, derived capability, and induced access.

T04 - Findings and canon pressure

id: ITC-WP-0010-T04
status: done
priority: medium
state_hub_task_id: "52632a4c-6e03-4212-ad6b-0cbb7b3a6e42"
  • Produce gaps, conflicts, mappings, and proposed canon changes.
  • Feed stable findings back into models and standards through explicit tasks.

Acceptance

  • Kubernetes RBAC is analyzed as a benchmark, not as a shortcut profile.
  • CARING descriptor shape is tested with practical examples.
  • Benchmark findings produce explicit canon change proposals.

Implementation Notes

  • Created infospace/standards/caring/benchmarks/kubernetes-rbac/ as a distinct benchmark workspace.
  • Added benchmark workspace, native concept map, CARING mapping, descriptor set, and findings/canon-pressure artifacts.
  • Registered all benchmark artifacts in the artifact index and retrieval generation flow.
  • Added structural validation for the benchmark corpus, Kubernetes RBAC native concept coverage, namespace tenant-boundary warning, CARING descriptor classes, and findings/proposals.
  • Regenerated agent briefs, indexes, tree views, and validation output.
Reference in New Issue View Git Blame Copy Permalink