generated from coulomb/repo-seed
Implement durable store contract and registration roadmap
This commit is contained in:
@@ -0,0 +1,118 @@
|
||||
---
|
||||
id: USER-WP-0012
|
||||
type: workplan
|
||||
title: "Hats, Realms, Services, Assets, And Access Profiles"
|
||||
domain: netkingdom
|
||||
repo: user-engine
|
||||
status: proposed
|
||||
owner: codex
|
||||
topic_slug: netkingdom
|
||||
planning_priority: high
|
||||
planning_order: 12
|
||||
created: "2026-06-15"
|
||||
updated: "2026-06-15"
|
||||
depends_on:
|
||||
- USER-WP-0010
|
||||
state_hub_workstream_id: "f3cf0d30-eb6b-4734-a0a3-5a755d4cf150"
|
||||
---
|
||||
|
||||
# USER-WP-0012 - Hats, Realms, Services, Assets, And Access Profiles
|
||||
|
||||
## Goal
|
||||
|
||||
Model how users and groups wear different hats across NetKingdom realms,
|
||||
services, and assets. Provide access-control facts, profile layers, and
|
||||
claims-enrichment context that authorization systems and service runtimes can
|
||||
consume without moving final policy decisions into user-engine.
|
||||
|
||||
## Scope Direction
|
||||
|
||||
user-engine owns the identity-domain representation of hats, memberships,
|
||||
access profiles, and active context. Authorization engines own policy decisions
|
||||
and protected services own runtime enforcement.
|
||||
|
||||
## Non-Goals
|
||||
|
||||
- Do not implement the final ACL enforcement engine.
|
||||
- Do not define every service-specific permission in user-engine.
|
||||
- Do not bypass the authorization port.
|
||||
- Do not make browser/UI state the source of truth for active access context.
|
||||
|
||||
## Tasks
|
||||
|
||||
```task
|
||||
id: USER-WP-0012-T1
|
||||
status: todo
|
||||
priority: high
|
||||
state_hub_task_id: "b86f0072-e666-479b-9b90-96d4015bbfa0"
|
||||
```
|
||||
|
||||
Define realm, service area, asset scope, access profile, group, and hat
|
||||
vocabulary. Map each concept to current user-engine membership, profile, and
|
||||
canon reference patterns.
|
||||
|
||||
```task
|
||||
id: USER-WP-0012-T2
|
||||
status: todo
|
||||
priority: high
|
||||
state_hub_task_id: "66117083-8e85-44e1-9a76-cfd10dd24d23"
|
||||
```
|
||||
|
||||
Add hat selection and active context models. A user should be able to choose an
|
||||
active hat for a tenant, realm, service, or asset context when allowed.
|
||||
|
||||
```task
|
||||
id: USER-WP-0012-T3
|
||||
status: todo
|
||||
priority: high
|
||||
state_hub_task_id: "1dffda4c-f979-480e-9d6d-12ec9576780d"
|
||||
```
|
||||
|
||||
Implement access profile templates that combine memberships, factor assurance
|
||||
requirements, profile defaults, and claims projection rules.
|
||||
|
||||
```task
|
||||
id: USER-WP-0012-T4
|
||||
status: todo
|
||||
priority: high
|
||||
state_hub_task_id: "b07494fe-f301-49e2-8ea8-267a4c5219ee"
|
||||
```
|
||||
|
||||
Extend `identity_context` and claims-enrichment projections with active hat,
|
||||
realm, service, asset, group, access profile, and evidence references.
|
||||
|
||||
```task
|
||||
id: USER-WP-0012-T5
|
||||
status: todo
|
||||
priority: medium
|
||||
state_hub_task_id: "c78e10c4-b245-4a83-a75d-4b46a6073fd2"
|
||||
```
|
||||
|
||||
Add ports for exporting access-control facts to authorization engines or ACL
|
||||
systems while preserving source-of-truth boundaries.
|
||||
|
||||
```task
|
||||
id: USER-WP-0012-T6
|
||||
status: todo
|
||||
priority: medium
|
||||
state_hub_task_id: "f9f32165-3a12-424e-a370-bb2ab8348c21"
|
||||
```
|
||||
|
||||
Add tests for hat selection, cross-tenant denial, missing factor assurance,
|
||||
group-derived access, service-specific projection, and redacted diagnostics.
|
||||
|
||||
## Acceptance Criteria
|
||||
|
||||
- Users can have multiple hats without collapsing them into one account state.
|
||||
- Active hat context is explicit in identity context and projections.
|
||||
- Access profile facts can be exported to authorization systems.
|
||||
- Missing tenant, realm, service, asset, factor, or approval context fails
|
||||
closed.
|
||||
- Final policy and ACL enforcement remain outside user-engine.
|
||||
|
||||
## Expected Outputs
|
||||
|
||||
- Hat and access profile domain model.
|
||||
- Active context service facade.
|
||||
- Identity-context and claims projection updates.
|
||||
- Access-control fact export tests.
|
||||
Reference in New Issue
Block a user