generated from coulomb/repo-seed
Implement durable store contract and registration roadmap
This commit is contained in:
@@ -0,0 +1,121 @@
|
||||
---
|
||||
id: USER-WP-0015
|
||||
type: workplan
|
||||
title: "Registration Scenario And Security Conformance"
|
||||
domain: netkingdom
|
||||
repo: user-engine
|
||||
status: proposed
|
||||
owner: codex
|
||||
topic_slug: netkingdom
|
||||
planning_priority: medium
|
||||
planning_order: 15
|
||||
created: "2026-06-15"
|
||||
updated: "2026-06-15"
|
||||
depends_on:
|
||||
- USER-WP-0010
|
||||
- USER-WP-0011
|
||||
- USER-WP-0012
|
||||
- USER-WP-0013
|
||||
- USER-WP-0014
|
||||
state_hub_workstream_id: "4f21e1c9-ad27-4ac9-888f-8f78c6abfb3b"
|
||||
---
|
||||
|
||||
# USER-WP-0015 - Registration Scenario And Security Conformance
|
||||
|
||||
## Goal
|
||||
|
||||
Prove the full NetKingdom registration and onboarding model through executable
|
||||
scenarios, security negative paths, redaction checks, adapter conformance, and
|
||||
operability diagnostics.
|
||||
|
||||
## Scope Direction
|
||||
|
||||
This workplan turns the registration roadmap into a testable contract. It
|
||||
should cover both headless APIs and the optional UI surface where present.
|
||||
|
||||
## Non-Goals
|
||||
|
||||
- Do not add new product surface unless a test exposes a missing contract.
|
||||
- Do not assert provider-specific IAM, eID, SMS, email, or authorization engine
|
||||
internals.
|
||||
- Do not require production infrastructure for local conformance tests.
|
||||
|
||||
## Tasks
|
||||
|
||||
```task
|
||||
id: USER-WP-0015-T1
|
||||
status: todo
|
||||
priority: high
|
||||
state_hub_task_id: "5ca0a269-559d-4138-b702-9984a411f2ed"
|
||||
```
|
||||
|
||||
Define the registration scenario matrix: self-registration, prepared account
|
||||
claim, privileged role requiring approval, eID-backed assurance, family invite,
|
||||
tenant admin invite, group access, and denied cross-tenant claim.
|
||||
|
||||
```task
|
||||
id: USER-WP-0015-T2
|
||||
status: todo
|
||||
priority: high
|
||||
state_hub_task_id: "6ee492b1-923f-4aa0-8e17-b69f522c4898"
|
||||
```
|
||||
|
||||
Add end-to-end headless tests covering registration through identity context,
|
||||
claims enrichment, active hat selection, and onboarding event emission.
|
||||
|
||||
```task
|
||||
id: USER-WP-0015-T3
|
||||
status: todo
|
||||
priority: high
|
||||
state_hub_task_id: "b813a88f-ced6-40ce-9a25-d1c666fb73c9"
|
||||
```
|
||||
|
||||
Add security negative tests for weak factor evidence, duplicate identity links,
|
||||
prepared-account hijack attempts, expired claims, missing tenant context,
|
||||
privileged role escalation, and stale approvals.
|
||||
|
||||
```task
|
||||
id: USER-WP-0015-T4
|
||||
status: todo
|
||||
priority: medium
|
||||
state_hub_task_id: "5a03ac1a-1f8e-455b-8f75-691e8bdda286"
|
||||
```
|
||||
|
||||
Add redaction and diagnostics tests for factor values, profile sensitivity,
|
||||
prepared-account metadata, active hat context, and access-profile evidence.
|
||||
|
||||
```task
|
||||
id: USER-WP-0015-T5
|
||||
status: todo
|
||||
priority: medium
|
||||
state_hub_task_id: "fcf32b4d-d050-4989-bb05-844e0d13e548"
|
||||
```
|
||||
|
||||
Add adapter conformance tests for factor verification, authorization checks,
|
||||
access fact export, onboarding handoff, audit export, outbox replay, and
|
||||
durable store behavior.
|
||||
|
||||
```task
|
||||
id: USER-WP-0015-T6
|
||||
status: todo
|
||||
priority: medium
|
||||
state_hub_task_id: "a7850784-3b86-453f-bbc7-1d53d0813f82"
|
||||
```
|
||||
|
||||
Add UI flow tests once USER-WP-0014 exists: registration happy path, resume,
|
||||
prepared rights review, hat selection, admin preparation, and blocked journey.
|
||||
|
||||
## Acceptance Criteria
|
||||
|
||||
- The main registration and onboarding journeys are executable as tests.
|
||||
- Security negative paths fail closed and leave audit evidence.
|
||||
- Sensitive factor and profile data is redacted from diagnostics and UI output.
|
||||
- Adapter contracts are testable without production infrastructure.
|
||||
- The registration UI, if implemented, is covered by workflow-level tests.
|
||||
|
||||
## Expected Outputs
|
||||
|
||||
- Registration scenario matrix.
|
||||
- Headless and UI conformance tests.
|
||||
- Security negative-path test suite.
|
||||
- Adapter conformance harness for registration dependencies.
|
||||
Reference in New Issue
Block a user