generated from coulomb/repo-seed
Refinement of flex-auth boundry and delegation
This commit is contained in:
@@ -371,6 +371,15 @@ The product survey, Keycloak/Entra analysis, and boundary recommendation now
|
|||||||
live in the sibling `flex-auth` repo:
|
live in the sibling `flex-auth` repo:
|
||||||
`flex-auth/docs/flex-auth-authorization-registry-research.md`.
|
`flex-auth/docs/flex-auth-authorization-registry-research.md`.
|
||||||
|
|
||||||
|
Implementation follow-up is tracked there:
|
||||||
|
|
||||||
|
- `FLEX-WP-0002`: standalone policy-as-code core and check APIs.
|
||||||
|
- `FLEX-WP-0003`: flex-auth service-side Markitect consumer integration.
|
||||||
|
- `FLEX-WP-0004`: delegated PDP and directory adapters.
|
||||||
|
|
||||||
|
Markitect should not implement a live flex-auth service client until
|
||||||
|
`FLEX-WP-0003` stabilizes the resource-registration and check/batch_check API.
|
||||||
|
|
||||||
## Sources
|
## Sources
|
||||||
|
|
||||||
- OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
|
- OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
|
||||||
|
|||||||
@@ -278,3 +278,18 @@ This workplan should be picked up before using Markitect context caches for
|
|||||||
production agent memory in enterprise settings. It does not need to block local
|
production agent memory in enterprise settings. It does not need to block local
|
||||||
research on `MKTT-WP-0008`, but it should gate production deployment of
|
research on `MKTT-WP-0008`, but it should gate production deployment of
|
||||||
reactivatable cross-document context packages.
|
reactivatable cross-document context packages.
|
||||||
|
|
||||||
|
Follow-up implementation now belongs primarily in the sibling `flex-auth`
|
||||||
|
repo:
|
||||||
|
|
||||||
|
- `FLEX-WP-0002` implements the standalone policy-as-code core, resource
|
||||||
|
registry, check APIs, explanations, and local decision logs.
|
||||||
|
- `FLEX-WP-0003` implements the flex-auth service-side Markitect consumer
|
||||||
|
integration.
|
||||||
|
- `FLEX-WP-0004` implements delegated PDP and directory adapters.
|
||||||
|
|
||||||
|
Markitect should add a live `FlexAuthPolicyAdapter` only after flex-auth has a
|
||||||
|
stable check/batch_check/resource-registration API. Until then, Markitect's
|
||||||
|
side is intentionally limited to local deterministic fixtures, resource
|
||||||
|
manifests, request/decision contracts, CLI inspection, workflow declarations,
|
||||||
|
and enforcement boundaries.
|
||||||
|
|||||||
Reference in New Issue
Block a user