generated from coulomb/repo-seed
Reference IAM Profile v0.2
Some checks failed
Build and Publish Container Image / build-and-push (push) Has been cancelled
Some checks failed
Build and Publish Container Image / build-and-push (push) Has been cancelled
This commit is contained in:
@@ -224,9 +224,13 @@ The lightweight stack shall be considered valid production infrastructure where
|
||||
|
||||
---
|
||||
|
||||
## 8. NetKingdom IAM Profile v0.1
|
||||
## 8. NetKingdom IAM Profile
|
||||
|
||||
This section defines the initial minimum profile to be supported.
|
||||
This section defines the initial minimum profile supported by the KeyCape v0.1
|
||||
specification. The canonical NetKingdom profile has since moved to
|
||||
`net-kingdom/canon/standards/iam-profile_v0.2.md`; KeyCape conformance should
|
||||
be measured against that profile and the executable suite in
|
||||
`net-kingdom/tools/iam-profile-conformance/`.
|
||||
|
||||
## 8.1 Supported authentication model
|
||||
|
||||
@@ -282,11 +286,15 @@ Initial standard claims may include:
|
||||
* `email` if present
|
||||
* `name` if present
|
||||
|
||||
Optional NetKingdom-specific claims may include:
|
||||
NetKingdom profile v0.2 requires these normalized claims before applications
|
||||
or flex-auth consume a token:
|
||||
|
||||
* groups
|
||||
* roles
|
||||
* tenant or environment markers if explicitly defined
|
||||
* `tenant`
|
||||
* `principal_type`
|
||||
* `groups`
|
||||
* `roles`
|
||||
* `scope` or `scp`
|
||||
* `assurance`
|
||||
|
||||
Claim names, types, and semantics must be fixed by the profile and validated in tests.
|
||||
|
||||
@@ -786,9 +794,11 @@ Canonical fixtures conform if they pass canonical model and LDAP schema validati
|
||||
|
||||
The following implementation artifacts should be created next:
|
||||
|
||||
### 21.1 NetKingdom IAM Profile v0.1
|
||||
### 21.1 NetKingdom IAM Profile
|
||||
|
||||
A more formal profile document with endpoint-by-endpoint detail.
|
||||
A formal canonical profile document now exists in net-kingdom as
|
||||
`canon/standards/iam-profile_v0.2.md`, with endpoint-by-endpoint detail,
|
||||
tenant/principal/assurance claims, and executable conformance checks.
|
||||
|
||||
### 21.2 Canonical identity model schema
|
||||
|
||||
|
||||
Reference in New Issue
Block a user