generated from coulomb/repo-seed
Frame NetKingdom as capability-driven turn-key IT-sec framework
Make the lightweight->expanded decision explicitly capability-driven (not scale-driven) and capture the turn-key, capability-selectable framework ambition. - arch doc: add capability-driven rationale to the identity-mode choice; add a "Capability Progression (Start Small -> Enterprise)" ladder (C0 bootstrap -> C6 self-optimizing), including the C2a/C2b 2FA split (Authelia built-in vs privacyIDEA); answer the lightweight/expanded open question as capability-driven - INTENT.md: recast Progressive Expansion as capability-driven with a no-structural-breaks guarantee; add capability-selection + turn-key orchestration to the mission and identity Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
34
INTENT.md
34
INTENT.md
@@ -57,6 +57,10 @@ This means:
|
||||
* Security is **continuously adapting**, not periodically configured
|
||||
* Identity, access, and secrets form a **coherent control loop**
|
||||
* The system can **start small (bootstrap)** and grow into **enterprise-grade security**
|
||||
* You **select the capabilities you need**, and NetKingdom **places and
|
||||
orchestrates** the right components to **turn-key readiness** — bringing
|
||||
an IT landscape up safely and iteratively, like building a house to
|
||||
handover condition
|
||||
* Security decisions become **observable, testable, and evolvable**
|
||||
|
||||
---
|
||||
@@ -97,18 +101,24 @@ No hidden black boxes at the foundation.
|
||||
|
||||
---
|
||||
|
||||
### 4. Progressive Expansion
|
||||
### 4. Progressive, Capability-Driven Expansion
|
||||
|
||||
Security evolves in stages:
|
||||
Security evolves by **adding capabilities**, not by rebuilding. The path
|
||||
runs from bootstrap identity, through lightweight SSO and 2FA, runtime
|
||||
secrets and fine-grained authorization, up to enterprise federation SSO —
|
||||
but each step is taken **because a capability is needed, never because of
|
||||
user count**. Footprint and cost follow the capability choice; they do not
|
||||
drive it.
|
||||
|
||||
1. **Bootstrap (local identity)**
|
||||
2. **Lightweight mode**
|
||||
3. **Expanded enterprise mode**
|
||||
Each tier must:
|
||||
|
||||
Each stage must:
|
||||
* **be usable on its own** — you get value at every tier, not only at the top
|
||||
* **transition without structural breaks** — because every tier targets
|
||||
the same IAM Profile contract, adding 2FA, secrets, authorization, or
|
||||
federation *extends* the system rather than replacing it
|
||||
|
||||
* be usable on its own
|
||||
* smoothly transition into the next
|
||||
> The concrete capability ladder (C0–C6) lives in
|
||||
> `docs/platform-identity-security-architecture.md` → *Capability Progression*.
|
||||
|
||||
---
|
||||
|
||||
@@ -141,9 +151,17 @@ NetKingdom is:
|
||||
* a **security control core**
|
||||
* a **reference architecture**
|
||||
* a **bootstrap path from zero → production-grade security**
|
||||
* a **capability-selectable, turn-key orchestrator** for identity,
|
||||
authentication, and authorization — it places the right components and
|
||||
brings them to ready-to-run state, then grows tier by tier
|
||||
* a **contract layer for identity and trust**
|
||||
* a **foundation for agent-aware security systems**
|
||||
|
||||
This is the larger ambition: an **IT-security framework that builds IT
|
||||
landscapes safely and iteratively from scratch** — you choose how far up
|
||||
the capability ladder you need to go, and the system gets you there
|
||||
without structural breaks.
|
||||
|
||||
---
|
||||
|
||||
## What This Is Not
|
||||
|
||||
Reference in New Issue
Block a user