3.3 KiB
id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, created, updated, depends_on, state_hub_workstream_id
| id | type | title | domain | repo | status | owner | topic_slug | planning_priority | planning_order | created | updated | depends_on | state_hub_workstream_id | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| USER-WP-0012 | workplan | Hats, Realms, Services, Assets, And Access Profiles | netkingdom | user-engine | proposed | codex | netkingdom | high | 12 | 2026-06-15 | 2026-06-15 |
|
f3cf0d30-eb6b-4734-a0a3-5a755d4cf150 |
USER-WP-0012 - Hats, Realms, Services, Assets, And Access Profiles
Goal
Model how users and groups wear different hats across NetKingdom realms, services, and assets. Provide access-control facts, profile layers, and claims-enrichment context that authorization systems and service runtimes can consume without moving final policy decisions into user-engine.
Scope Direction
user-engine owns the identity-domain representation of hats, memberships, access profiles, and active context. Authorization engines own policy decisions and protected services own runtime enforcement.
Non-Goals
- Do not implement the final ACL enforcement engine.
- Do not define every service-specific permission in user-engine.
- Do not bypass the authorization port.
- Do not make browser/UI state the source of truth for active access context.
Tasks
id: USER-WP-0012-T1
status: todo
priority: high
state_hub_task_id: "b86f0072-e666-479b-9b90-96d4015bbfa0"
Define realm, service area, asset scope, access profile, group, and hat vocabulary. Map each concept to current user-engine membership, profile, and canon reference patterns.
id: USER-WP-0012-T2
status: todo
priority: high
state_hub_task_id: "66117083-8e85-44e1-9a76-cfd10dd24d23"
Add hat selection and active context models. A user should be able to choose an active hat for a tenant, realm, service, or asset context when allowed.
id: USER-WP-0012-T3
status: todo
priority: high
state_hub_task_id: "1dffda4c-f979-480e-9d6d-12ec9576780d"
Implement access profile templates that combine memberships, factor assurance requirements, profile defaults, and claims projection rules.
id: USER-WP-0012-T4
status: todo
priority: high
state_hub_task_id: "b07494fe-f301-49e2-8ea8-267a4c5219ee"
Extend identity_context and claims-enrichment projections with active hat,
realm, service, asset, group, access profile, and evidence references.
id: USER-WP-0012-T5
status: todo
priority: medium
state_hub_task_id: "c78e10c4-b245-4a83-a75d-4b46a6073fd2"
Add ports for exporting access-control facts to authorization engines or ACL systems while preserving source-of-truth boundaries.
id: USER-WP-0012-T6
status: todo
priority: medium
state_hub_task_id: "f9f32165-3a12-424e-a370-bb2ab8348c21"
Add tests for hat selection, cross-tenant denial, missing factor assurance, group-derived access, service-specific projection, and redacted diagnostics.
Acceptance Criteria
- Users can have multiple hats without collapsing them into one account state.
- Active hat context is explicit in identity context and projections.
- Access profile facts can be exported to authorization systems.
- Missing tenant, realm, service, asset, factor, or approval context fails closed.
- Final policy and ACL enforcement remain outside user-engine.
Expected Outputs
- Hat and access profile domain model.
- Active context service facade.
- Identity-context and claims projection updates.
- Access-control fact export tests.