generated from coulomb/repo-seed
1.9 KiB
1.9 KiB
id, type, title, repo, status, priority, created, updated, depends_on_workplans
| id | type | title | repo | status | priority | created | updated | depends_on_workplans | ||
|---|---|---|---|---|---|---|---|---|---|---|
| ITC-WP-0010 | workplan | CARING Kubernetes RBAC Benchmark | info-tech-canon | planned | medium | 2026-05-23 | 2026-05-23 |
|
ITC-WP-0010 - CARING Kubernetes RBAC Benchmark
Goal
Create a distinct benchmark workplan for analyzing Kubernetes RBAC through CARING and the wider InfoTechCanon kernel.
Intent
This is deliberately separate from the small SaaS proof. The benchmark is more ambitious and should stress orthogonality across Access Control, Organization, Governance, Security, Network, DevSecOps, Observability, Task, and Tagging.
Tasks
T01 - Benchmark workspace
id: ITC-WP-0010-T01
status: planned
priority: high
- Create
infospace/standards/caring/benchmarks/kubernetes-rbac/. - Define source corpus, cases, expected outputs, and review criteria.
T02 - RBAC assimilation
id: ITC-WP-0010-T02
status: planned
priority: high
- Map Kubernetes Role, ClusterRole, RoleBinding, ClusterRoleBinding, ServiceAccount, Namespace, verbs, resources, and scopes.
- Preserve the warning that Namespace is not automatically a tenant boundary.
T03 - CARING access descriptors
id: ITC-WP-0010-T03
status: planned
priority: high
- Express benchmark cases as CARING access descriptors.
- Distinguish declared access, effective access, derived capability, and induced access.
T04 - Findings and canon pressure
id: ITC-WP-0010-T04
status: planned
priority: medium
- Produce gaps, conflicts, mappings, and proposed canon changes.
- Feed stable findings back into models and standards through explicit tasks.
Acceptance
- Kubernetes RBAC is analyzed as a benchmark, not as a shortcut profile.
- CARING descriptor shape is tested with practical examples.
- Benchmark findings produce explicit canon change proposals.