Complete user-engine boundary contracts

This commit is contained in:
2026-05-22 22:26:36 +02:00
parent 69c57f8af5
commit 97423c6110
4 changed files with 365 additions and 11 deletions

View File

@@ -24,6 +24,9 @@ NetKingdom is a self-optimizing security platform for Kubernetes-based IT infras
canonical spec: `canon/standards/iam-profile_v0.2.md`)
- SSO/MFA Platform: Keycloak with LDAP/Entra federation, enterprise identity (NK-WP-0001)
- Local Identity: file-based user store + minimal OIDC server for bootstrap phase (NK-WP-0002)
- User Engine Boundary Contract: source-of-truth, membership,
application-onboarding, projection, authorization, and audit contracts for
`user-engine` integration (`canon/standards/user-engine-boundary-contract_v0.1.md`)
- Security bootstrapping: credential management, SOPS/age integration, OpenBao runtime secret authority
- Architectural decisions (DECISIONS.md): identity source, secrets, GitOps, bootstrap user store
@@ -117,3 +120,5 @@ keywords: [bootstrap, local-identity, oidc, minimal, dev, sandbox]
- Start with: `wiki/` (specifications and decisions), `DECISIONS.md` (key architectural choices D1D5)
- Key files / directories: `sso-mfa/` (NK-WP-0001 active workplan), `local-identity/` (NK-WP-0002), `workplans/`
- Entry points: `workplans/NK-WP-0001-sso-mfa-platform.md` and `NK-WP-0002-local-identity.md` for current work
- User-domain boundary contract:
`canon/standards/user-engine-boundary-contract_v0.1.md`