generated from coulomb/repo-seed
87 lines
2.2 KiB
Markdown
87 lines
2.2 KiB
Markdown
---
|
|
id: ITC-WP-0010
|
|
type: workplan
|
|
title: "CARING Kubernetes RBAC Benchmark"
|
|
domain: canon
|
|
repo: info-tech-canon
|
|
status: proposed
|
|
priority: medium
|
|
created: "2026-05-23"
|
|
updated: "2026-05-23"
|
|
depends_on_workplans:
|
|
- ITC-WP-0003
|
|
- ITC-WP-0005
|
|
state_hub_workstream_id: "b64f0fc9-8668-4c02-8247-67a41660bdeb"
|
|
---
|
|
|
|
# ITC-WP-0010 - CARING Kubernetes RBAC Benchmark
|
|
|
|
## Goal
|
|
|
|
Create a distinct benchmark workplan for analyzing Kubernetes RBAC through
|
|
CARING and the wider InfoTechCanon kernel.
|
|
|
|
## Intent
|
|
|
|
This is deliberately separate from the small SaaS proof. The benchmark is more
|
|
ambitious and should stress orthogonality across Access Control, Organization,
|
|
Governance, Security, Network, DevSecOps, Observability, Task, and Tagging.
|
|
|
|
## Tasks
|
|
|
|
### T01 - Benchmark workspace
|
|
|
|
```task
|
|
id: ITC-WP-0010-T01
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "9ad31e13-7dc2-469c-b539-d3375a16c5f4"
|
|
```
|
|
|
|
- Create `infospace/standards/caring/benchmarks/kubernetes-rbac/`.
|
|
- Define source corpus, cases, expected outputs, and review criteria.
|
|
|
|
### T02 - RBAC assimilation
|
|
|
|
```task
|
|
id: ITC-WP-0010-T02
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "180d7ccf-7daa-4f4c-a92a-641ef5d7b442"
|
|
```
|
|
|
|
- Map Kubernetes Role, ClusterRole, RoleBinding, ClusterRoleBinding,
|
|
ServiceAccount, Namespace, verbs, resources, and scopes.
|
|
- Preserve the warning that Namespace is not automatically a tenant boundary.
|
|
|
|
### T03 - CARING access descriptors
|
|
|
|
```task
|
|
id: ITC-WP-0010-T03
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "4ffd6643-a7ab-487c-a09a-0fcaf0115c83"
|
|
```
|
|
|
|
- Express benchmark cases as CARING access descriptors.
|
|
- Distinguish declared access, effective access, derived capability, and
|
|
induced access.
|
|
|
|
### T04 - Findings and canon pressure
|
|
|
|
```task
|
|
id: ITC-WP-0010-T04
|
|
status: todo
|
|
priority: medium
|
|
state_hub_task_id: "52632a4c-6e03-4212-ad6b-0cbb7b3a6e42"
|
|
```
|
|
|
|
- Produce gaps, conflicts, mappings, and proposed canon changes.
|
|
- Feed stable findings back into models and standards through explicit tasks.
|
|
|
|
## Acceptance
|
|
|
|
- Kubernetes RBAC is analyzed as a benchmark, not as a shortcut profile.
|
|
- CARING descriptor shape is tested with practical examples.
|
|
- Benchmark findings produce explicit canon change proposals.
|