Files
info-tech-canon/workplans/ITC-WP-0010-caring-kubernetes-rbac-benchmark.md

1.9 KiB

id, type, title, repo, status, priority, created, updated, depends_on_workplans
id type title repo status priority created updated depends_on_workplans
ITC-WP-0010 workplan CARING Kubernetes RBAC Benchmark info-tech-canon planned medium 2026-05-23 2026-05-23
ITC-WP-0003
ITC-WP-0005

ITC-WP-0010 - CARING Kubernetes RBAC Benchmark

Goal

Create a distinct benchmark workplan for analyzing Kubernetes RBAC through CARING and the wider InfoTechCanon kernel.

Intent

This is deliberately separate from the small SaaS proof. The benchmark is more ambitious and should stress orthogonality across Access Control, Organization, Governance, Security, Network, DevSecOps, Observability, Task, and Tagging.

Tasks

T01 - Benchmark workspace

id: ITC-WP-0010-T01
status: planned
priority: high
  • Create infospace/standards/caring/benchmarks/kubernetes-rbac/.
  • Define source corpus, cases, expected outputs, and review criteria.

T02 - RBAC assimilation

id: ITC-WP-0010-T02
status: planned
priority: high
  • Map Kubernetes Role, ClusterRole, RoleBinding, ClusterRoleBinding, ServiceAccount, Namespace, verbs, resources, and scopes.
  • Preserve the warning that Namespace is not automatically a tenant boundary.

T03 - CARING access descriptors

id: ITC-WP-0010-T03
status: planned
priority: high
  • Express benchmark cases as CARING access descriptors.
  • Distinguish declared access, effective access, derived capability, and induced access.

T04 - Findings and canon pressure

id: ITC-WP-0010-T04
status: planned
priority: medium
  • Produce gaps, conflicts, mappings, and proposed canon changes.
  • Feed stable findings back into models and standards through explicit tasks.

Acceptance

  • Kubernetes RBAC is analyzed as a benchmark, not as a shortcut profile.
  • CARING descriptor shape is tested with practical examples.
  • Benchmark findings produce explicit canon change proposals.