generated from coulomb/repo-seed
tegwick
0dbef6d1a3
Align INTENT.md with delivered layout, add CapabilityRegistryConcept guide, extend schema with promotion_history, ship reuse-surface validate/query/export CLI, register three more helix_forge capabilities, and refresh SCOPE and gap analysis to reflect A3 tooling and D5/A3/C4/R2 self-assessment.
115 lines
3.3 KiB
Markdown
115 lines
3.3 KiB
Markdown
---
|
|
id: capability.identity.subject-resolution
|
|
name: Identity Subject Resolution
|
|
summary: Resolve who or what is acting in a context by mapping principals, accounts, actors, and identifiers to a stable subject model.
|
|
owner: identity-canon
|
|
status: draft
|
|
domain: helix_forge
|
|
tags:
|
|
- identity
|
|
- subject
|
|
- architecture
|
|
|
|
maturity:
|
|
discovery:
|
|
current: D3
|
|
target: D5
|
|
confidence: medium
|
|
rationale: >
|
|
Subject/principal terminology is explored in identity-canon conflict maps
|
|
and conceptual model, but dedicated use-case grounding is incomplete.
|
|
availability:
|
|
current: A0
|
|
target: A4
|
|
confidence: low
|
|
rationale: >
|
|
Canon and research artifacts exist; no standalone resolver service or SDK
|
|
is registered yet.
|
|
|
|
external_evidence:
|
|
completeness:
|
|
level: C1
|
|
name: Fragmentary
|
|
confidence: low
|
|
basis: scope_vs_intent_and_consumer_expectations
|
|
satisfied_expectations:
|
|
- overloaded subject and principal terms are mapped as candidates
|
|
broken_expectations:
|
|
- no runtime resolver artifact
|
|
- canonical subject model not finalized across all actor types
|
|
out_of_scope_expectations:
|
|
- authentication protocol implementation
|
|
- credential storage
|
|
reliability:
|
|
level: R0
|
|
confidence: low
|
|
basis: consumer_quality_signals
|
|
known_reliability_risks:
|
|
- draft terminology may change during source-note backfill
|
|
|
|
discovery:
|
|
intent: >
|
|
Give planners and implementers a consistent subject concept for authorization,
|
|
feature control, tenancy, and agent workflows without collapsing product-specific
|
|
identity models.
|
|
includes:
|
|
- subject vs principal vs account distinctions
|
|
- actor type modeling
|
|
- identifier resolution concepts
|
|
excludes:
|
|
- authentication execution
|
|
- credential issuance
|
|
- directory provisioning
|
|
assumptions:
|
|
- vocabulary canonicalization supports but does not replace subject resolution
|
|
use_cases:
|
|
- UC-RS-004
|
|
research_memos:
|
|
- identity-canon/terminology/TerminologyConflictMap.md
|
|
- identity-canon/model/ConceptualModel.md
|
|
|
|
availability:
|
|
current_level: A0
|
|
target_level: A4
|
|
current_artifacts:
|
|
- identity-canon/model/ConceptualModel.md
|
|
- identity-canon/canon/CanonicalGlossary.md
|
|
target_artifacts:
|
|
- identity-canon/packages/subject-resolution-sdk
|
|
consumption_modes:
|
|
- informational
|
|
|
|
relations:
|
|
depends_on:
|
|
- capability.identity.vocabulary-canonicalize
|
|
supports:
|
|
- capability.feature-control.evaluate
|
|
- capability.statehub.workstream-coordinate
|
|
related_to: []
|
|
|
|
evidence:
|
|
documentation:
|
|
- identity-canon/canon/CanonicalGlossary.md
|
|
- identity-canon/scenarios/ScenarioTests.md
|
|
tests: []
|
|
consumer_feedback: []
|
|
bug_reports: []
|
|
incidents: []
|
|
|
|
consumer_guidance:
|
|
recommended_for:
|
|
- architecture planning where subject/principal/account terms overlap
|
|
not_recommended_for:
|
|
- runtime authentication or token validation
|
|
- treating draft canon as finalized resolver behavior
|
|
known_limitations:
|
|
- resolver artifacts are not yet available
|
|
---
|
|
|
|
# Identity Subject Resolution
|
|
|
|
## Overview
|
|
|
|
Subject resolution defines how actors and identifiers map to a stable subject
|
|
concept for downstream capabilities such as feature evaluation and coordination.
|
|
Today this capability is planning-heavy (D3/A0). |