---
id: capability.identity.subject-resolution
name: Identity Subject Resolution
summary: Resolve who or what is acting in a context by mapping principals, accounts, actors, and identifiers to a stable subject model.
owner: identity-canon
status: draft
domain: helix_forge
tags:
  - identity
  - subject
  - architecture

maturity:
  discovery:
    current: D3
    target: D5
    confidence: medium
    rationale: >
      Subject/principal terminology is explored in identity-canon conflict maps
      and conceptual model, but dedicated use-case grounding is incomplete.
  availability:
    current: A0
    target: A4
    confidence: low
    rationale: >
      Canon and research artifacts exist; no standalone resolver service or SDK
      is registered yet.

external_evidence:
  completeness:
    level: C1
    name: Fragmentary
    confidence: low
    basis: scope_vs_intent_and_consumer_expectations
    satisfied_expectations:
      - overloaded subject and principal terms are mapped as candidates
    broken_expectations:
      - no runtime resolver artifact
      - canonical subject model not finalized across all actor types
    out_of_scope_expectations:
      - authentication protocol implementation
      - credential storage
  reliability:
    level: R0
    confidence: low
    basis: consumer_quality_signals
    known_reliability_risks:
      - draft terminology may change during source-note backfill

discovery:
  intent: >
    Give planners and implementers a consistent subject concept for authorization,
    feature control, tenancy, and agent workflows without collapsing product-specific
    identity models.
  includes:
    - subject vs principal vs account distinctions
    - actor type modeling
    - identifier resolution concepts
  excludes:
    - authentication execution
    - credential issuance
    - directory provisioning
  assumptions:
    - vocabulary canonicalization supports but does not replace subject resolution
  use_cases:
    - UC-RS-004
  research_memos:
    - identity-canon/terminology/TerminologyConflictMap.md
    - identity-canon/model/ConceptualModel.md

availability:
  current_level: A0
  target_level: A4
  current_artifacts:
    - identity-canon/model/ConceptualModel.md
    - identity-canon/canon/CanonicalGlossary.md
  target_artifacts:
    - identity-canon/packages/subject-resolution-sdk
  consumption_modes:
    - informational

relations:
  depends_on:
    - capability.identity.vocabulary-canonicalize
  supports:
    - capability.feature-control.evaluate
    - capability.statehub.workstream-coordinate
  related_to: []

evidence:
  documentation:
    - identity-canon/canon/CanonicalGlossary.md
    - identity-canon/scenarios/ScenarioTests.md
  tests: []
  consumer_feedback: []
  bug_reports: []
  incidents: []

consumer_guidance:
  recommended_for:
    - architecture planning where subject/principal/account terms overlap
  not_recommended_for:
    - runtime authentication or token validation
    - treating draft canon as finalized resolver behavior
  known_limitations:
    - resolver artifacts are not yet available
---

# Identity Subject Resolution

## Overview

Subject resolution defines how actors and identifiers map to a stable subject
concept for downstream capabilities such as feature evaluation and coordination.
Today this capability is planning-heavy (D3/A0).