Split user-engine implementation planning

This commit is contained in:
2026-05-22 19:50:12 +02:00
parent 6892dfd758
commit c8e2b142db
9 changed files with 254 additions and 47 deletions

View File

@@ -39,6 +39,10 @@ identified the main risk: duplicate truth across IAM providers, user-engine,
flex-auth, application registrations, OIDC clients, protected systems, and
profile projections.
NetKingdom keeps this workplan because it owns cross-repo boundary and
orchestration guidance. Implementation work now lives in the `user-engine`
repository as `USER-WP-0001` through `USER-WP-0006`.
## Scope
In scope:
@@ -50,10 +54,12 @@ In scope:
- authorization performance model;
- audit correlation contract;
- user-engine repo preparation artifacts.
- NetKingdom/user-engine interface guidance.
Out of scope:
- implementing user-engine production code;
- implementing user-engine production code, which belongs in the user-engine
repository workplans;
- implementing UI repos;
- implementing SCIM or enterprise federation adapters;
- changing the NetKingdom IAM Profile.
@@ -73,6 +79,9 @@ groups, roles, memberships, tenants, applications, OIDC clients,
flex-auth protected systems, catalog namespaces, profile values,
effective-profile projections, audit records, and events.
Initial guidance lives in `docs/user-engine-interface-guidance.md` and should
be hardened into versioned contracts as implementation feedback arrives.
```task
id: NK-WP-0014-T2
status: todo
@@ -143,6 +152,8 @@ NetKingdom documents per ADR-0010.
- The first implementation slice can start without unresolved ownership of
memberships, applications, projections, authorization checks, or audit
correlation.
- user-engine repo-local workplans carry implementation tasks, while
NetKingdom retains only boundary, orchestration, and responsibility-map work.
- NetKingdom responsibility-map updates are either applied or explicitly
deferred until user-engine becomes a shared platform service.