generated from coulomb/repo-seed
1424 lines
54 KiB
YAML
1424 lines
54 KiB
YAML
artifacts:
|
|
- id: source/initial-exploration.md
|
|
path: genesis/InitialExploration.md
|
|
kind: source
|
|
title: Initial Exploration
|
|
provenance:
|
|
source_path: infospaces/patterns-of-it-securita-architecture/genesis/InitialExploration.md
|
|
source_section: Task-Prompt and Exploration-Result
|
|
relationships:
|
|
- type: seeds
|
|
target: entity/security-capability-catalog.md
|
|
- type: seeds
|
|
target: entity/security-architecture-pattern-catalog.md
|
|
- type: seeds
|
|
target: entity/security-readiness-levels.md
|
|
- type: seeds
|
|
target: relation/netkingdom-ownership-map.md
|
|
- type: seeds
|
|
target: entity/pattern-central-identity-provider.md
|
|
- type: seeds
|
|
target: entity/pattern-identity-broker.md
|
|
- type: seeds
|
|
target: entity/pattern-tenant-membership-boundary.md
|
|
- type: seeds
|
|
target: entity/pattern-role-composition.md
|
|
- type: seeds
|
|
target: entity/pattern-policy-decision-point-policy-enforcement-point.md
|
|
- type: seeds
|
|
target: entity/pattern-time-boxed-privilege-elevation.md
|
|
- type: seeds
|
|
target: entity/pattern-break-glass-access.md
|
|
- type: seeds
|
|
target: entity/pattern-human-agent-identity-split.md
|
|
- type: seeds
|
|
target: entity/pattern-namespace-per-tenant.md
|
|
- type: seeds
|
|
target: entity/pattern-cluster-per-tenant.md
|
|
- type: seeds
|
|
target: entity/pattern-cell-based-architecture.md
|
|
- type: seeds
|
|
target: entity/pattern-shared-control-plane-isolated-data-plane.md
|
|
- type: seeds
|
|
target: entity/pattern-tenant-context-propagation.md
|
|
- type: seeds
|
|
target: entity/pattern-tenant-data-partitioning.md
|
|
- type: seeds
|
|
target: entity/pattern-secure-cluster-baseline.md
|
|
- type: seeds
|
|
target: entity/pattern-policy-as-code-admission-control.md
|
|
- type: seeds
|
|
target: entity/pattern-pod-security-baseline-restricted.md
|
|
- type: seeds
|
|
target: entity/pattern-network-default-deny.md
|
|
- type: seeds
|
|
target: entity/pattern-signed-image-admission.md
|
|
- type: seeds
|
|
target: entity/pattern-gitops-with-guardrails.md
|
|
- type: seeds
|
|
target: entity/pattern-runtime-threat-detection.md
|
|
- type: seeds
|
|
target: entity/pattern-external-secrets-operator.md
|
|
- type: seeds
|
|
target: entity/pattern-sealed-secret-encrypted-git-secret.md
|
|
- type: seeds
|
|
target: entity/pattern-short-lived-credentials.md
|
|
- type: seeds
|
|
target: entity/pattern-key-per-tenant.md
|
|
- type: seeds
|
|
target: entity/pattern-certificate-automation.md
|
|
- type: seeds
|
|
target: entity/pattern-api-gateway-as-security-boundary.md
|
|
- type: seeds
|
|
target: entity/pattern-backend-for-frontend.md
|
|
- type: seeds
|
|
target: entity/pattern-object-level-authorization-check.md
|
|
- type: seeds
|
|
target: entity/pattern-schema-first-api-security.md
|
|
- type: seeds
|
|
target: entity/pattern-idempotent-command-api.md
|
|
- type: seeds
|
|
target: entity/pattern-secure-file-upload-pipeline.md
|
|
- type: seeds
|
|
target: entity/pattern-protected-main-branch.md
|
|
- type: seeds
|
|
target: entity/pattern-dependency-update-bot.md
|
|
- type: seeds
|
|
target: entity/pattern-sbom-per-release.md
|
|
- type: seeds
|
|
target: entity/pattern-slsa-build-provenance.md
|
|
- type: seeds
|
|
target: entity/pattern-signed-container-images.md
|
|
- type: seeds
|
|
target: entity/pattern-quarantined-build-runner.md
|
|
- type: seeds
|
|
target: entity/pattern-security-event-taxonomy.md
|
|
- type: seeds
|
|
target: entity/pattern-central-audit-ledger.md
|
|
- type: seeds
|
|
target: entity/pattern-tenant-audit-log-view.md
|
|
- type: seeds
|
|
target: entity/pattern-incident-runbook-library.md
|
|
- type: seeds
|
|
target: entity/pattern-kill-switch-tenant-freeze.md
|
|
- type: seeds
|
|
target: entity/pattern-token-revocation-sweep.md
|
|
|
|
- id: source/netkingdom-object-storage-sts-credential-vending.md
|
|
path: artifacts/sources/netkingdom-object-storage-sts-credential-vending.md
|
|
kind: source
|
|
title: NetKingdom Object Storage STS Credential Vending
|
|
provenance:
|
|
source_path: /home/worsch/net-kingdom/docs/object-storage-sts-credential-vending.md
|
|
source_section: full document
|
|
relationships:
|
|
- type: defines
|
|
target: entity/pattern-sts-credential-vending.md
|
|
- type: defines
|
|
target: entity/capability-object-storage-access.md
|
|
- type: supports
|
|
target: relation/sts-credential-vending-relationship-map.md
|
|
|
|
- id: source/netkingdom-platform-identity-security-architecture.md
|
|
path: artifacts/sources/netkingdom-platform-identity-security-architecture.md
|
|
kind: source
|
|
title: NetKingdom Platform Identity And Security Architecture
|
|
provenance:
|
|
source_path: /home/worsch/net-kingdom/docs/platform-identity-security-architecture.md
|
|
source_section: Secret And Credential Path; flex-auth And Topaz Implications
|
|
relationships:
|
|
- type: constrains
|
|
target: entity/pattern-sts-credential-vending.md
|
|
- type: constrains
|
|
target: entity/capability-object-storage-access.md
|
|
- type: supports
|
|
target: relation/netkingdom-ownership-map.md
|
|
|
|
- id: source/netkingdom-adr-0008-object-storage-sts.md
|
|
path: artifacts/sources/netkingdom-adr-0008-object-storage-sts.md
|
|
kind: source
|
|
title: ADR-0008 Object Storage STS Credential Vending Boundary
|
|
provenance:
|
|
source_path: /home/worsch/net-kingdom/docs/adr/ADR-0008-object-storage-sts-credential-vending.md
|
|
source_section: Decision
|
|
relationships:
|
|
- type: decides
|
|
target: entity/pattern-sts-credential-vending.md
|
|
- type: constrains
|
|
target: relation/sts-credential-vending-relationship-map.md
|
|
|
|
- id: source/railiance-openbao-platform-secrets-service.md
|
|
path: artifacts/sources/railiance-openbao-platform-secrets-service.md
|
|
kind: source
|
|
title: Railiance OpenBao Platform Secrets Service
|
|
provenance:
|
|
source_path: /home/worsch/railiance-platform/docs/openbao.md
|
|
source_section: Artifact-Store Object Storage Handoff
|
|
relationships:
|
|
- type: supports
|
|
target: entity/pattern-sts-credential-vending.md
|
|
- type: supports
|
|
target: entity/capability-object-storage-access.md
|
|
- type: constrains
|
|
target: relation/sts-credential-vending-relationship-map.md
|
|
|
|
- id: entity/security-capability-catalog.md
|
|
path: artifacts/entities/security-capability-catalog.md
|
|
kind: entity
|
|
title: Security Capability Catalog
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Security capability catalog
|
|
relationships:
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
- type: includes
|
|
target: entity/capability-object-storage-access.md
|
|
|
|
- id: entity/security-architecture-pattern-catalog.md
|
|
path: artifacts/entities/security-architecture-pattern-catalog.md
|
|
kind: entity
|
|
title: Security Architecture Pattern Catalog
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Security architecture and solution pattern catalog
|
|
relationships:
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
- type: includes
|
|
target: entity/pattern-sts-credential-vending.md
|
|
- type: includes
|
|
target: entity/pattern-workload-identity.md
|
|
- type: includes
|
|
target: entity/pattern-secret-zero-avoidance.md
|
|
- type: includes
|
|
target: entity/pattern-dynamic-secrets.md
|
|
- type: includes
|
|
target: entity/pattern-short-lived-ssh-certificates.md
|
|
- type: includes
|
|
target: entity/pattern-delegated-authorization.md
|
|
- type: includes
|
|
target: entity/pattern-tenant-isolation.md
|
|
- type: includes
|
|
target: entity/pattern-policy-as-code-admission.md
|
|
- type: includes
|
|
target: entity/pattern-supply-chain-provenance.md
|
|
- type: includes
|
|
target: entity/pattern-central-identity-provider.md
|
|
- type: includes
|
|
target: entity/pattern-identity-broker.md
|
|
- type: includes
|
|
target: entity/pattern-tenant-membership-boundary.md
|
|
- type: includes
|
|
target: entity/pattern-role-composition.md
|
|
- type: includes
|
|
target: entity/pattern-policy-decision-point-policy-enforcement-point.md
|
|
- type: includes
|
|
target: entity/pattern-time-boxed-privilege-elevation.md
|
|
- type: includes
|
|
target: entity/pattern-break-glass-access.md
|
|
- type: includes
|
|
target: entity/pattern-human-agent-identity-split.md
|
|
- type: includes
|
|
target: entity/pattern-namespace-per-tenant.md
|
|
- type: includes
|
|
target: entity/pattern-cluster-per-tenant.md
|
|
- type: includes
|
|
target: entity/pattern-cell-based-architecture.md
|
|
- type: includes
|
|
target: entity/pattern-shared-control-plane-isolated-data-plane.md
|
|
- type: includes
|
|
target: entity/pattern-tenant-context-propagation.md
|
|
- type: includes
|
|
target: entity/pattern-tenant-data-partitioning.md
|
|
- type: includes
|
|
target: entity/pattern-secure-cluster-baseline.md
|
|
- type: includes
|
|
target: entity/pattern-policy-as-code-admission-control.md
|
|
- type: includes
|
|
target: entity/pattern-pod-security-baseline-restricted.md
|
|
- type: includes
|
|
target: entity/pattern-network-default-deny.md
|
|
- type: includes
|
|
target: entity/pattern-signed-image-admission.md
|
|
- type: includes
|
|
target: entity/pattern-gitops-with-guardrails.md
|
|
- type: includes
|
|
target: entity/pattern-runtime-threat-detection.md
|
|
- type: includes
|
|
target: entity/pattern-external-secrets-operator.md
|
|
- type: includes
|
|
target: entity/pattern-sealed-secret-encrypted-git-secret.md
|
|
- type: includes
|
|
target: entity/pattern-short-lived-credentials.md
|
|
- type: includes
|
|
target: entity/pattern-key-per-tenant.md
|
|
- type: includes
|
|
target: entity/pattern-certificate-automation.md
|
|
- type: includes
|
|
target: entity/pattern-api-gateway-as-security-boundary.md
|
|
- type: includes
|
|
target: entity/pattern-backend-for-frontend.md
|
|
- type: includes
|
|
target: entity/pattern-object-level-authorization-check.md
|
|
- type: includes
|
|
target: entity/pattern-schema-first-api-security.md
|
|
- type: includes
|
|
target: entity/pattern-idempotent-command-api.md
|
|
- type: includes
|
|
target: entity/pattern-secure-file-upload-pipeline.md
|
|
- type: includes
|
|
target: entity/pattern-protected-main-branch.md
|
|
- type: includes
|
|
target: entity/pattern-dependency-update-bot.md
|
|
- type: includes
|
|
target: entity/pattern-sbom-per-release.md
|
|
- type: includes
|
|
target: entity/pattern-slsa-build-provenance.md
|
|
- type: includes
|
|
target: entity/pattern-signed-container-images.md
|
|
- type: includes
|
|
target: entity/pattern-quarantined-build-runner.md
|
|
- type: includes
|
|
target: entity/pattern-security-event-taxonomy.md
|
|
- type: includes
|
|
target: entity/pattern-central-audit-ledger.md
|
|
- type: includes
|
|
target: entity/pattern-tenant-audit-log-view.md
|
|
- type: includes
|
|
target: entity/pattern-incident-runbook-library.md
|
|
- type: includes
|
|
target: entity/pattern-kill-switch-tenant-freeze.md
|
|
- type: includes
|
|
target: entity/pattern-token-revocation-sweep.md
|
|
|
|
- id: entity/security-readiness-levels.md
|
|
path: artifacts/entities/security-readiness-levels.md
|
|
kind: entity
|
|
title: Security Readiness Levels
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Readiness levels
|
|
relationships: []
|
|
|
|
- id: relation/netkingdom-ownership-map.md
|
|
path: artifacts/relations/netkingdom-ownership-map.md
|
|
kind: relation
|
|
title: NetKingdom Ownership Map
|
|
provenance:
|
|
source_path: workplans/NK-WP-0010-genesis-security-pattern-completion.md
|
|
source_section: T09 - Refresh Relationships, Indexes, And Reports
|
|
relationships:
|
|
- type: maps
|
|
target: entity/security-capability-catalog.md
|
|
- type: maps
|
|
target: entity/security-architecture-pattern-catalog.md
|
|
- type: maps
|
|
target: entity/capability-object-storage-access.md
|
|
- type: maps
|
|
target: entity/pattern-sts-credential-vending.md
|
|
- type: maps
|
|
target: entity/pattern-workload-identity.md
|
|
- type: maps
|
|
target: entity/pattern-secret-zero-avoidance.md
|
|
- type: maps
|
|
target: entity/pattern-dynamic-secrets.md
|
|
- type: maps
|
|
target: entity/pattern-short-lived-ssh-certificates.md
|
|
- type: maps
|
|
target: entity/pattern-delegated-authorization.md
|
|
- type: maps
|
|
target: entity/pattern-tenant-isolation.md
|
|
- type: maps
|
|
target: entity/pattern-policy-as-code-admission.md
|
|
- type: maps
|
|
target: entity/pattern-supply-chain-provenance.md
|
|
- type: maps
|
|
target: entity/pattern-central-identity-provider.md
|
|
- type: maps
|
|
target: entity/pattern-identity-broker.md
|
|
- type: maps
|
|
target: entity/pattern-tenant-membership-boundary.md
|
|
- type: maps
|
|
target: entity/pattern-role-composition.md
|
|
- type: maps
|
|
target: entity/pattern-policy-decision-point-policy-enforcement-point.md
|
|
- type: maps
|
|
target: entity/pattern-time-boxed-privilege-elevation.md
|
|
- type: maps
|
|
target: entity/pattern-break-glass-access.md
|
|
- type: maps
|
|
target: entity/pattern-human-agent-identity-split.md
|
|
- type: maps
|
|
target: entity/pattern-namespace-per-tenant.md
|
|
- type: maps
|
|
target: entity/pattern-cluster-per-tenant.md
|
|
- type: maps
|
|
target: entity/pattern-cell-based-architecture.md
|
|
- type: maps
|
|
target: entity/pattern-shared-control-plane-isolated-data-plane.md
|
|
- type: maps
|
|
target: entity/pattern-tenant-context-propagation.md
|
|
- type: maps
|
|
target: entity/pattern-tenant-data-partitioning.md
|
|
- type: maps
|
|
target: entity/pattern-secure-cluster-baseline.md
|
|
- type: maps
|
|
target: entity/pattern-policy-as-code-admission-control.md
|
|
- type: maps
|
|
target: entity/pattern-pod-security-baseline-restricted.md
|
|
- type: maps
|
|
target: entity/pattern-network-default-deny.md
|
|
- type: maps
|
|
target: entity/pattern-signed-image-admission.md
|
|
- type: maps
|
|
target: entity/pattern-gitops-with-guardrails.md
|
|
- type: maps
|
|
target: entity/pattern-runtime-threat-detection.md
|
|
- type: maps
|
|
target: entity/pattern-external-secrets-operator.md
|
|
- type: maps
|
|
target: entity/pattern-sealed-secret-encrypted-git-secret.md
|
|
- type: maps
|
|
target: entity/pattern-short-lived-credentials.md
|
|
- type: maps
|
|
target: entity/pattern-key-per-tenant.md
|
|
- type: maps
|
|
target: entity/pattern-certificate-automation.md
|
|
- type: maps
|
|
target: entity/pattern-api-gateway-as-security-boundary.md
|
|
- type: maps
|
|
target: entity/pattern-backend-for-frontend.md
|
|
- type: maps
|
|
target: entity/pattern-object-level-authorization-check.md
|
|
- type: maps
|
|
target: entity/pattern-schema-first-api-security.md
|
|
- type: maps
|
|
target: entity/pattern-idempotent-command-api.md
|
|
- type: maps
|
|
target: entity/pattern-secure-file-upload-pipeline.md
|
|
- type: maps
|
|
target: entity/pattern-protected-main-branch.md
|
|
- type: maps
|
|
target: entity/pattern-dependency-update-bot.md
|
|
- type: maps
|
|
target: entity/pattern-sbom-per-release.md
|
|
- type: maps
|
|
target: entity/pattern-slsa-build-provenance.md
|
|
- type: maps
|
|
target: entity/pattern-signed-container-images.md
|
|
- type: maps
|
|
target: entity/pattern-quarantined-build-runner.md
|
|
- type: maps
|
|
target: entity/pattern-security-event-taxonomy.md
|
|
- type: maps
|
|
target: entity/pattern-central-audit-ledger.md
|
|
- type: maps
|
|
target: entity/pattern-tenant-audit-log-view.md
|
|
- type: maps
|
|
target: entity/pattern-incident-runbook-library.md
|
|
- type: maps
|
|
target: entity/pattern-kill-switch-tenant-freeze.md
|
|
- type: maps
|
|
target: entity/pattern-token-revocation-sweep.md
|
|
|
|
- id: entity/capability-object-storage-access.md
|
|
path: artifacts/entities/capability-object-storage-access.md
|
|
kind: entity
|
|
title: Object Storage Access Capability
|
|
provenance:
|
|
source_path: /home/worsch/net-kingdom/docs/object-storage-sts-credential-vending.md
|
|
source_section: Purpose; Ownership Boundary; Consumer Guidance
|
|
relationships:
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-sts-credential-vending.md
|
|
path: artifacts/entities/pattern-sts-credential-vending.md
|
|
kind: pattern
|
|
title: STS Credential Vending Pattern
|
|
provenance:
|
|
source_path: /home/worsch/net-kingdom/docs/object-storage-sts-credential-vending.md
|
|
source_section: Core Flow; Backend Assessment; OpenBao Role
|
|
relationships:
|
|
- type: implements
|
|
target: entity/capability-object-storage-access.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-workload-identity.md
|
|
path: artifacts/entities/pattern-workload-identity.md
|
|
kind: pattern
|
|
title: Workload Identity Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Service identities; Workload secret injection; Tenant Context Propagation
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-secret-zero-avoidance.md
|
|
path: artifacts/entities/pattern-secret-zero-avoidance.md
|
|
kind: pattern
|
|
title: Secret Zero Avoidance Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Central secrets management; Sealed Secret / Encrypted Git Secret; Break-glass Access
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-dynamic-secrets.md
|
|
path: artifacts/entities/pattern-dynamic-secrets.md
|
|
kind: pattern
|
|
title: Dynamic Secrets Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Secret rotation; Workload secret injection; Short-lived Credentials
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-short-lived-ssh-certificates.md
|
|
path: artifacts/entities/pattern-short-lived-ssh-certificates.md
|
|
kind: pattern
|
|
title: Short-Lived SSH Certificates Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Privileged access management; Time-boxed Privilege Elevation; Human/Agent Identity Split
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-delegated-authorization.md
|
|
path: artifacts/entities/pattern-delegated-authorization.md
|
|
kind: pattern
|
|
title: Delegated Authorization Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Policy Decision Point / Policy Enforcement Point; Tenant-scoped authorization; API authorization
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-tenant-isolation.md
|
|
path: artifacts/entities/pattern-tenant-isolation.md
|
|
kind: pattern
|
|
title: Tenant Isolation Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Tenant isolation capability group; Tenant isolation patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-policy-as-code-admission.md
|
|
path: artifacts/entities/pattern-policy-as-code-admission.md
|
|
kind: pattern
|
|
title: Policy-as-Code Admission Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Policy-as-Code Admission Control; Kubernetes and platform patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-supply-chain-provenance.md
|
|
path: artifacts/entities/pattern-supply-chain-provenance.md
|
|
kind: pattern
|
|
title: Supply-Chain Provenance Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Software supply chain security; Supply-chain patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-central-identity-provider.md
|
|
path: artifacts/entities/pattern-central-identity-provider.md
|
|
kind: pattern
|
|
title: Central Identity Provider Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Identity and access patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-identity-broker.md
|
|
path: artifacts/entities/pattern-identity-broker.md
|
|
kind: pattern
|
|
title: Identity Broker Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Identity and access patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-tenant-membership-boundary.md
|
|
path: artifacts/entities/pattern-tenant-membership-boundary.md
|
|
kind: pattern
|
|
title: Tenant Membership Boundary Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Identity and access patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-role-composition.md
|
|
path: artifacts/entities/pattern-role-composition.md
|
|
kind: pattern
|
|
title: Role Composition Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Identity and access patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-policy-decision-point-policy-enforcement-point.md
|
|
path: artifacts/entities/pattern-policy-decision-point-policy-enforcement-point.md
|
|
kind: pattern
|
|
title: Policy Decision Point / Policy Enforcement Point Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Identity and access patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-time-boxed-privilege-elevation.md
|
|
path: artifacts/entities/pattern-time-boxed-privilege-elevation.md
|
|
kind: pattern
|
|
title: Time-boxed Privilege Elevation Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Identity and access patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-break-glass-access.md
|
|
path: artifacts/entities/pattern-break-glass-access.md
|
|
kind: pattern
|
|
title: Break-glass Access Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Identity and access patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-human-agent-identity-split.md
|
|
path: artifacts/entities/pattern-human-agent-identity-split.md
|
|
kind: pattern
|
|
title: Human/Agent Identity Split Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Identity and access patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-namespace-per-tenant.md
|
|
path: artifacts/entities/pattern-namespace-per-tenant.md
|
|
kind: pattern
|
|
title: Namespace-per-Tenant Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Tenant isolation patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-cluster-per-tenant.md
|
|
path: artifacts/entities/pattern-cluster-per-tenant.md
|
|
kind: pattern
|
|
title: Cluster-per-Tenant Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Tenant isolation patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-cell-based-architecture.md
|
|
path: artifacts/entities/pattern-cell-based-architecture.md
|
|
kind: pattern
|
|
title: Cell-based Architecture Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Tenant isolation patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-shared-control-plane-isolated-data-plane.md
|
|
path: artifacts/entities/pattern-shared-control-plane-isolated-data-plane.md
|
|
kind: pattern
|
|
title: Shared Control Plane, Isolated Data Plane Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Tenant isolation patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-tenant-context-propagation.md
|
|
path: artifacts/entities/pattern-tenant-context-propagation.md
|
|
kind: pattern
|
|
title: Tenant Context Propagation Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Tenant isolation patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-tenant-data-partitioning.md
|
|
path: artifacts/entities/pattern-tenant-data-partitioning.md
|
|
kind: pattern
|
|
title: Tenant Data Partitioning Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Tenant isolation patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-secure-cluster-baseline.md
|
|
path: artifacts/entities/pattern-secure-cluster-baseline.md
|
|
kind: pattern
|
|
title: Secure Cluster Baseline Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Kubernetes and platform patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-policy-as-code-admission-control.md
|
|
path: artifacts/entities/pattern-policy-as-code-admission-control.md
|
|
kind: pattern
|
|
title: Policy-as-Code Admission Control Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Kubernetes and platform patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-pod-security-baseline-restricted.md
|
|
path: artifacts/entities/pattern-pod-security-baseline-restricted.md
|
|
kind: pattern
|
|
title: Pod Security Baseline/Restricted Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Kubernetes and platform patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-network-default-deny.md
|
|
path: artifacts/entities/pattern-network-default-deny.md
|
|
kind: pattern
|
|
title: Network Default Deny Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Kubernetes and platform patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-signed-image-admission.md
|
|
path: artifacts/entities/pattern-signed-image-admission.md
|
|
kind: pattern
|
|
title: Signed Image Admission Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Kubernetes and platform patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-gitops-with-guardrails.md
|
|
path: artifacts/entities/pattern-gitops-with-guardrails.md
|
|
kind: pattern
|
|
title: GitOps with Guardrails Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Kubernetes and platform patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-runtime-threat-detection.md
|
|
path: artifacts/entities/pattern-runtime-threat-detection.md
|
|
kind: pattern
|
|
title: Runtime Threat Detection Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Kubernetes and platform patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-external-secrets-operator.md
|
|
path: artifacts/entities/pattern-external-secrets-operator.md
|
|
kind: pattern
|
|
title: External Secrets Operator Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Secrets and cryptography patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-sealed-secret-encrypted-git-secret.md
|
|
path: artifacts/entities/pattern-sealed-secret-encrypted-git-secret.md
|
|
kind: pattern
|
|
title: Sealed Secret / Encrypted Git Secret Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Secrets and cryptography patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-short-lived-credentials.md
|
|
path: artifacts/entities/pattern-short-lived-credentials.md
|
|
kind: pattern
|
|
title: Short-lived Credentials Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Secrets and cryptography patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-key-per-tenant.md
|
|
path: artifacts/entities/pattern-key-per-tenant.md
|
|
kind: pattern
|
|
title: Key-per-Tenant Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Secrets and cryptography patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-certificate-automation.md
|
|
path: artifacts/entities/pattern-certificate-automation.md
|
|
kind: pattern
|
|
title: Certificate Automation Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Secrets and cryptography patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-api-gateway-as-security-boundary.md
|
|
path: artifacts/entities/pattern-api-gateway-as-security-boundary.md
|
|
kind: pattern
|
|
title: API Gateway as Security Boundary Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Application/API patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-backend-for-frontend.md
|
|
path: artifacts/entities/pattern-backend-for-frontend.md
|
|
kind: pattern
|
|
title: Backend-for-Frontend Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Application/API patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-object-level-authorization-check.md
|
|
path: artifacts/entities/pattern-object-level-authorization-check.md
|
|
kind: pattern
|
|
title: Object-Level Authorization Check Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Application/API patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-schema-first-api-security.md
|
|
path: artifacts/entities/pattern-schema-first-api-security.md
|
|
kind: pattern
|
|
title: Schema-First API Security Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Application/API patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-idempotent-command-api.md
|
|
path: artifacts/entities/pattern-idempotent-command-api.md
|
|
kind: pattern
|
|
title: Idempotent Command API Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Application/API patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-secure-file-upload-pipeline.md
|
|
path: artifacts/entities/pattern-secure-file-upload-pipeline.md
|
|
kind: pattern
|
|
title: Secure File Upload Pipeline Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Application/API patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-protected-main-branch.md
|
|
path: artifacts/entities/pattern-protected-main-branch.md
|
|
kind: pattern
|
|
title: Protected Main Branch Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Supply-chain patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-dependency-update-bot.md
|
|
path: artifacts/entities/pattern-dependency-update-bot.md
|
|
kind: pattern
|
|
title: Dependency Update Bot Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Supply-chain patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-sbom-per-release.md
|
|
path: artifacts/entities/pattern-sbom-per-release.md
|
|
kind: pattern
|
|
title: SBOM-per-Release Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Supply-chain patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-slsa-build-provenance.md
|
|
path: artifacts/entities/pattern-slsa-build-provenance.md
|
|
kind: pattern
|
|
title: SLSA Build Provenance Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Supply-chain patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-signed-container-images.md
|
|
path: artifacts/entities/pattern-signed-container-images.md
|
|
kind: pattern
|
|
title: Signed Container Images Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Supply-chain patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-quarantined-build-runner.md
|
|
path: artifacts/entities/pattern-quarantined-build-runner.md
|
|
kind: pattern
|
|
title: Quarantined Build Runner Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Supply-chain patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-security-event-taxonomy.md
|
|
path: artifacts/entities/pattern-security-event-taxonomy.md
|
|
kind: pattern
|
|
title: Security Event Taxonomy Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Detection and response patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-central-audit-ledger.md
|
|
path: artifacts/entities/pattern-central-audit-ledger.md
|
|
kind: pattern
|
|
title: Central Audit Ledger Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Detection and response patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-tenant-audit-log-view.md
|
|
path: artifacts/entities/pattern-tenant-audit-log-view.md
|
|
kind: pattern
|
|
title: Tenant Audit Log View Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Detection and response patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-incident-runbook-library.md
|
|
path: artifacts/entities/pattern-incident-runbook-library.md
|
|
kind: pattern
|
|
title: Incident Runbook Library Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Detection and response patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-kill-switch-tenant-freeze.md
|
|
path: artifacts/entities/pattern-kill-switch-tenant-freeze.md
|
|
kind: pattern
|
|
title: Kill Switch / Tenant Freeze Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Detection and response patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: entity/pattern-token-revocation-sweep.md
|
|
path: artifacts/entities/pattern-token-revocation-sweep.md
|
|
kind: pattern
|
|
title: Token Revocation Sweep Pattern
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Detection and response patterns
|
|
relationships:
|
|
- type: implements
|
|
target: entity/security-capability-catalog.md
|
|
- type: uses_readiness
|
|
target: entity/security-readiness-levels.md
|
|
|
|
- id: relation/sts-credential-vending-relationship-map.md
|
|
path: artifacts/relations/sts-credential-vending-relationship-map.md
|
|
kind: relation
|
|
title: STS Credential Vending Relationship Map
|
|
provenance:
|
|
source_path: /home/worsch/net-kingdom/docs/object-storage-sts-credential-vending.md
|
|
source_section: Ownership Boundary; Core Flow; OpenBao Role
|
|
relationships:
|
|
- type: maps
|
|
target: entity/pattern-sts-credential-vending.md
|
|
- type: maps
|
|
target: entity/capability-object-storage-access.md
|
|
|
|
- id: generated/sts-credential-vending-extraction.md
|
|
path: artifacts/generated/sts-credential-vending-extraction.md
|
|
kind: generated
|
|
title: STS Credential Vending Extraction
|
|
provenance:
|
|
source_path: /home/worsch/net-kingdom/docs/object-storage-sts-credential-vending.md
|
|
source_section: full document
|
|
relationships:
|
|
- type: extracts
|
|
target: source/netkingdom-object-storage-sts-credential-vending.md
|
|
- type: extracts
|
|
target: source/railiance-openbao-platform-secrets-service.md
|
|
- type: supports
|
|
target: entity/pattern-sts-credential-vending.md
|
|
- type: supports
|
|
target: generated/security-pattern-index.md
|
|
|
|
- id: generated/research-pattern-normalization.md
|
|
path: artifacts/generated/research-pattern-normalization.md
|
|
kind: generated
|
|
title: Research Pattern Normalization
|
|
provenance:
|
|
source_path: genesis/InitialExploration.md
|
|
source_section: Initial pattern set
|
|
relationships:
|
|
- type: extracts
|
|
target: source/initial-exploration.md
|
|
- type: supports
|
|
target: entity/security-architecture-pattern-catalog.md
|
|
- type: supports
|
|
target: generated/pattern-admission-review.md
|
|
|
|
- id: generated/security-pattern-index.md
|
|
path: artifacts/generated/security-pattern-index.md
|
|
kind: generated
|
|
title: Security Pattern Index And Maturity Matrix
|
|
provenance:
|
|
source_path: workplans/NK-WP-0010-genesis-security-pattern-completion.md
|
|
source_section: T09 - Refresh Relationships, Indexes, And Reports
|
|
relationships:
|
|
- type: summarizes
|
|
target: entity/security-capability-catalog.md
|
|
- type: summarizes
|
|
target: entity/security-architecture-pattern-catalog.md
|
|
- type: summarizes
|
|
target: entity/capability-object-storage-access.md
|
|
- type: summarizes
|
|
target: generated/research-pattern-normalization.md
|
|
- type: summarizes
|
|
target: entity/pattern-sts-credential-vending.md
|
|
- type: summarizes
|
|
target: entity/pattern-workload-identity.md
|
|
- type: summarizes
|
|
target: entity/pattern-secret-zero-avoidance.md
|
|
- type: summarizes
|
|
target: entity/pattern-dynamic-secrets.md
|
|
- type: summarizes
|
|
target: entity/pattern-short-lived-ssh-certificates.md
|
|
- type: summarizes
|
|
target: entity/pattern-delegated-authorization.md
|
|
- type: summarizes
|
|
target: entity/pattern-tenant-isolation.md
|
|
- type: summarizes
|
|
target: entity/pattern-policy-as-code-admission.md
|
|
- type: summarizes
|
|
target: entity/pattern-supply-chain-provenance.md
|
|
- type: summarizes
|
|
target: entity/pattern-central-identity-provider.md
|
|
- type: summarizes
|
|
target: entity/pattern-identity-broker.md
|
|
- type: summarizes
|
|
target: entity/pattern-tenant-membership-boundary.md
|
|
- type: summarizes
|
|
target: entity/pattern-role-composition.md
|
|
- type: summarizes
|
|
target: entity/pattern-policy-decision-point-policy-enforcement-point.md
|
|
- type: summarizes
|
|
target: entity/pattern-time-boxed-privilege-elevation.md
|
|
- type: summarizes
|
|
target: entity/pattern-break-glass-access.md
|
|
- type: summarizes
|
|
target: entity/pattern-human-agent-identity-split.md
|
|
- type: summarizes
|
|
target: entity/pattern-namespace-per-tenant.md
|
|
- type: summarizes
|
|
target: entity/pattern-cluster-per-tenant.md
|
|
- type: summarizes
|
|
target: entity/pattern-cell-based-architecture.md
|
|
- type: summarizes
|
|
target: entity/pattern-shared-control-plane-isolated-data-plane.md
|
|
- type: summarizes
|
|
target: entity/pattern-tenant-context-propagation.md
|
|
- type: summarizes
|
|
target: entity/pattern-tenant-data-partitioning.md
|
|
- type: summarizes
|
|
target: entity/pattern-secure-cluster-baseline.md
|
|
- type: summarizes
|
|
target: entity/pattern-policy-as-code-admission-control.md
|
|
- type: summarizes
|
|
target: entity/pattern-pod-security-baseline-restricted.md
|
|
- type: summarizes
|
|
target: entity/pattern-network-default-deny.md
|
|
- type: summarizes
|
|
target: entity/pattern-signed-image-admission.md
|
|
- type: summarizes
|
|
target: entity/pattern-gitops-with-guardrails.md
|
|
- type: summarizes
|
|
target: entity/pattern-runtime-threat-detection.md
|
|
- type: summarizes
|
|
target: entity/pattern-external-secrets-operator.md
|
|
- type: summarizes
|
|
target: entity/pattern-sealed-secret-encrypted-git-secret.md
|
|
- type: summarizes
|
|
target: entity/pattern-short-lived-credentials.md
|
|
- type: summarizes
|
|
target: entity/pattern-key-per-tenant.md
|
|
- type: summarizes
|
|
target: entity/pattern-certificate-automation.md
|
|
- type: summarizes
|
|
target: entity/pattern-api-gateway-as-security-boundary.md
|
|
- type: summarizes
|
|
target: entity/pattern-backend-for-frontend.md
|
|
- type: summarizes
|
|
target: entity/pattern-object-level-authorization-check.md
|
|
- type: summarizes
|
|
target: entity/pattern-schema-first-api-security.md
|
|
- type: summarizes
|
|
target: entity/pattern-idempotent-command-api.md
|
|
- type: summarizes
|
|
target: entity/pattern-secure-file-upload-pipeline.md
|
|
- type: summarizes
|
|
target: entity/pattern-protected-main-branch.md
|
|
- type: summarizes
|
|
target: entity/pattern-dependency-update-bot.md
|
|
- type: summarizes
|
|
target: entity/pattern-sbom-per-release.md
|
|
- type: summarizes
|
|
target: entity/pattern-slsa-build-provenance.md
|
|
- type: summarizes
|
|
target: entity/pattern-signed-container-images.md
|
|
- type: summarizes
|
|
target: entity/pattern-quarantined-build-runner.md
|
|
- type: summarizes
|
|
target: entity/pattern-security-event-taxonomy.md
|
|
- type: summarizes
|
|
target: entity/pattern-central-audit-ledger.md
|
|
- type: summarizes
|
|
target: entity/pattern-tenant-audit-log-view.md
|
|
- type: summarizes
|
|
target: entity/pattern-incident-runbook-library.md
|
|
- type: summarizes
|
|
target: entity/pattern-kill-switch-tenant-freeze.md
|
|
- type: summarizes
|
|
target: entity/pattern-token-revocation-sweep.md
|
|
|
|
- id: generated/pattern-admission-review.md
|
|
path: artifacts/generated/pattern-admission-review.md
|
|
kind: generated
|
|
title: Pattern Admission And Review Criteria
|
|
provenance:
|
|
source_path: workplans/NK-WP-0010-genesis-security-pattern-completion.md
|
|
source_section: T09 - Refresh Relationships, Indexes, And Reports
|
|
relationships:
|
|
- type: governs
|
|
target: entity/security-architecture-pattern-catalog.md
|
|
- type: governs
|
|
target: entity/pattern-sts-credential-vending.md
|
|
- type: governs
|
|
target: entity/pattern-workload-identity.md
|
|
- type: governs
|
|
target: entity/pattern-secret-zero-avoidance.md
|
|
- type: governs
|
|
target: entity/pattern-dynamic-secrets.md
|
|
- type: governs
|
|
target: entity/pattern-short-lived-ssh-certificates.md
|
|
- type: governs
|
|
target: entity/pattern-delegated-authorization.md
|
|
- type: governs
|
|
target: entity/pattern-tenant-isolation.md
|
|
- type: governs
|
|
target: entity/pattern-policy-as-code-admission.md
|
|
- type: governs
|
|
target: entity/pattern-supply-chain-provenance.md
|
|
- type: governs
|
|
target: entity/pattern-central-identity-provider.md
|
|
- type: governs
|
|
target: entity/pattern-identity-broker.md
|
|
- type: governs
|
|
target: entity/pattern-tenant-membership-boundary.md
|
|
- type: governs
|
|
target: entity/pattern-role-composition.md
|
|
- type: governs
|
|
target: entity/pattern-policy-decision-point-policy-enforcement-point.md
|
|
- type: governs
|
|
target: entity/pattern-time-boxed-privilege-elevation.md
|
|
- type: governs
|
|
target: entity/pattern-break-glass-access.md
|
|
- type: governs
|
|
target: entity/pattern-human-agent-identity-split.md
|
|
- type: governs
|
|
target: entity/pattern-namespace-per-tenant.md
|
|
- type: governs
|
|
target: entity/pattern-cluster-per-tenant.md
|
|
- type: governs
|
|
target: entity/pattern-cell-based-architecture.md
|
|
- type: governs
|
|
target: entity/pattern-shared-control-plane-isolated-data-plane.md
|
|
- type: governs
|
|
target: entity/pattern-tenant-context-propagation.md
|
|
- type: governs
|
|
target: entity/pattern-tenant-data-partitioning.md
|
|
- type: governs
|
|
target: entity/pattern-secure-cluster-baseline.md
|
|
- type: governs
|
|
target: entity/pattern-policy-as-code-admission-control.md
|
|
- type: governs
|
|
target: entity/pattern-pod-security-baseline-restricted.md
|
|
- type: governs
|
|
target: entity/pattern-network-default-deny.md
|
|
- type: governs
|
|
target: entity/pattern-signed-image-admission.md
|
|
- type: governs
|
|
target: entity/pattern-gitops-with-guardrails.md
|
|
- type: governs
|
|
target: entity/pattern-runtime-threat-detection.md
|
|
- type: governs
|
|
target: entity/pattern-external-secrets-operator.md
|
|
- type: governs
|
|
target: entity/pattern-sealed-secret-encrypted-git-secret.md
|
|
- type: governs
|
|
target: entity/pattern-short-lived-credentials.md
|
|
- type: governs
|
|
target: entity/pattern-key-per-tenant.md
|
|
- type: governs
|
|
target: entity/pattern-certificate-automation.md
|
|
- type: governs
|
|
target: entity/pattern-api-gateway-as-security-boundary.md
|
|
- type: governs
|
|
target: entity/pattern-backend-for-frontend.md
|
|
- type: governs
|
|
target: entity/pattern-object-level-authorization-check.md
|
|
- type: governs
|
|
target: entity/pattern-schema-first-api-security.md
|
|
- type: governs
|
|
target: entity/pattern-idempotent-command-api.md
|
|
- type: governs
|
|
target: entity/pattern-secure-file-upload-pipeline.md
|
|
- type: governs
|
|
target: entity/pattern-protected-main-branch.md
|
|
- type: governs
|
|
target: entity/pattern-dependency-update-bot.md
|
|
- type: governs
|
|
target: entity/pattern-sbom-per-release.md
|
|
- type: governs
|
|
target: entity/pattern-slsa-build-provenance.md
|
|
- type: governs
|
|
target: entity/pattern-signed-container-images.md
|
|
- type: governs
|
|
target: entity/pattern-quarantined-build-runner.md
|
|
- type: governs
|
|
target: entity/pattern-security-event-taxonomy.md
|
|
- type: governs
|
|
target: entity/pattern-central-audit-ledger.md
|
|
- type: governs
|
|
target: entity/pattern-tenant-audit-log-view.md
|
|
- type: governs
|
|
target: entity/pattern-incident-runbook-library.md
|
|
- type: governs
|
|
target: entity/pattern-kill-switch-tenant-freeze.md
|
|
- type: governs
|
|
target: entity/pattern-token-revocation-sweep.md
|
|
|
|
- id: report/initial-security-pattern-report.md
|
|
path: reports/initial-security-pattern-report.md
|
|
kind: report
|
|
title: Initial Security Pattern Infospace Report
|
|
provenance:
|
|
source_path: workplans/NK-WP-0010-genesis-security-pattern-completion.md
|
|
source_section: Acceptance Criteria
|
|
relationships:
|
|
- type: reports_on
|
|
target: generated/security-pattern-index.md
|
|
- type: reports_on
|
|
target: generated/pattern-admission-review.md
|
|
- type: reports_on
|
|
target: generated/research-pattern-normalization.md
|