Implement NK-WP-0012 IAM profile specification

This commit is contained in:
2026-05-22 14:35:31 +02:00
parent 48cd174b00
commit c3f721397a
12 changed files with 1649 additions and 39 deletions

View File

@@ -20,7 +20,8 @@ NetKingdom is a self-optimizing security platform for Kubernetes-based IT infras
## In Scope
- NetKingdom IAM Profile specification (versioned OIDC/PKCE contract)
- NetKingdom IAM Profile specification (versioned OIDC/PKCE contract;
canonical spec: `canon/standards/iam-profile_v0.2.md`)
- SSO/MFA Platform: Keycloak with LDAP/Entra federation, enterprise identity (NK-WP-0001)
- Local Identity: file-based user store + minimal OIDC server for bootstrap phase (NK-WP-0002)
- Security bootstrapping: credential management, SOPS/age integration, OpenBao runtime secret authority
@@ -91,7 +92,7 @@ NetKingdom is a self-optimizing security platform for Kubernetes-based IT infras
```capability
type: security
title: NetKingdom IAM Profile specification
description: Versioned OIDC/PKCE contract that all NetKingdom applications target — defines discovery, authorization, token, JWKS, and userinfo endpoints plus claim normalization.
description: Versioned OIDC/PKCE contract that all NetKingdom applications target — canonical v0.2 defines discovery, PKCE, token, JWKS, tenant, principal-type, assurance, and flex-auth claim inputs.
keywords: [iam, oidc, pkce, profile, specification, identity, authentication]
```