coulomb/user-engine
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement identity canon alignment

Browse Source
This commit is contained in:
Bernd Worsch
2026-06-05 16:04:43 +02:00
parent fe446711de
commit c6d211f472
15 changed files with 1008 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
docs/interfaces/netkingdom-integration.md
View File

@@ -23,6 +23,9 @@ See also the cross-repo assessment in the net-kingdom repo:
| `MembershipFactExporter` | outbound | Export user-engine-owned membership facts as read models for authorization systems. |
| `EventOutbox` | outbound | Publish durable lifecycle/profile/catalog/membership events after commit. |
| `AuditWriter` | local/outbound | Persist local audit and provide redacted summaries for platform audit sinks. |
| `EvidenceReferenceExporter` | outbound | Export local audit/review material as identity-canon evidence references without owning the platform audit system. |
| `PolicyControlReferenceResolver` | outbound | Resolve policy, control, review, exception, or waiver references for identity-domain traces. |
| `LifecycleTaskSink` | outbound | Create or link lifecycle, review, remediation, or integration-gap work in a task system. |
| `SecretProvider` | inbound | Load runtime secrets through environment/local config in standalone mode and scoped secret providers in platform mode. |
## Source-Of-Truth Rules
@@ -33,6 +36,11 @@ See also the cross-repo assessment in the net-kingdom repo:
- Identity providers are the source of truth for authentication-time subject,
issuer, assurance, coarse role, and group claims.
- Authorization systems decide whether an actor may perform an action.
- Governance, security, and authorization systems own policy, control, review,
exception, and waiver definitions. user-engine can reference them in identity
context traces.
- Task systems own lifecycle work queues. user-engine can create or link
identity-domain work through an explicit task sink.
- Event sinks and audit stores consume user-engine events; they do not become
profile stores.
@@ -64,6 +72,41 @@ context:
The domain layer should depend on this port, not on a concrete authorization
client.
## Identity Context Shape
Every domain-facing identity context should be reducible to:
```yaml
actor:
issuer: string
subject: string
tenant: string
principal_type: human | service | agent
user:
user_id: string
account:
account_id: string
status: string
identity_links:
- issuer: string
subject: string
tenant: string
application_id: string | null
memberships:
- scope_type: string
scope_id: string
kind: string
canon_refs:
entities: object
relationships: object
grant_like_refs: object
evidence_refs: object
gaps: [string]
```
The context is a facade over NetKingdom IAM and security infrastructure. It
does not issue tokens, decide authorization policy, or own credentials.
## Projection Types
- `self_service`: current-user view and allowed mutations.