generated from coulomb/repo-seed
119 lines
3.3 KiB
Markdown
119 lines
3.3 KiB
Markdown
---
|
|
id: USER-WP-0012
|
|
type: workplan
|
|
title: "Hats, Realms, Services, Assets, And Access Profiles"
|
|
domain: netkingdom
|
|
repo: user-engine
|
|
status: proposed
|
|
owner: codex
|
|
topic_slug: netkingdom
|
|
planning_priority: high
|
|
planning_order: 12
|
|
created: "2026-06-15"
|
|
updated: "2026-06-15"
|
|
depends_on:
|
|
- USER-WP-0010
|
|
state_hub_workstream_id: "f3cf0d30-eb6b-4734-a0a3-5a755d4cf150"
|
|
---
|
|
|
|
# USER-WP-0012 - Hats, Realms, Services, Assets, And Access Profiles
|
|
|
|
## Goal
|
|
|
|
Model how users and groups wear different hats across NetKingdom realms,
|
|
services, and assets. Provide access-control facts, profile layers, and
|
|
claims-enrichment context that authorization systems and service runtimes can
|
|
consume without moving final policy decisions into user-engine.
|
|
|
|
## Scope Direction
|
|
|
|
user-engine owns the identity-domain representation of hats, memberships,
|
|
access profiles, and active context. Authorization engines own policy decisions
|
|
and protected services own runtime enforcement.
|
|
|
|
## Non-Goals
|
|
|
|
- Do not implement the final ACL enforcement engine.
|
|
- Do not define every service-specific permission in user-engine.
|
|
- Do not bypass the authorization port.
|
|
- Do not make browser/UI state the source of truth for active access context.
|
|
|
|
## Tasks
|
|
|
|
```task
|
|
id: USER-WP-0012-T1
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "b86f0072-e666-479b-9b90-96d4015bbfa0"
|
|
```
|
|
|
|
Define realm, service area, asset scope, access profile, group, and hat
|
|
vocabulary. Map each concept to current user-engine membership, profile, and
|
|
canon reference patterns.
|
|
|
|
```task
|
|
id: USER-WP-0012-T2
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "66117083-8e85-44e1-9a76-cfd10dd24d23"
|
|
```
|
|
|
|
Add hat selection and active context models. A user should be able to choose an
|
|
active hat for a tenant, realm, service, or asset context when allowed.
|
|
|
|
```task
|
|
id: USER-WP-0012-T3
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "1dffda4c-f979-480e-9d6d-12ec9576780d"
|
|
```
|
|
|
|
Implement access profile templates that combine memberships, factor assurance
|
|
requirements, profile defaults, and claims projection rules.
|
|
|
|
```task
|
|
id: USER-WP-0012-T4
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "b07494fe-f301-49e2-8ea8-267a4c5219ee"
|
|
```
|
|
|
|
Extend `identity_context` and claims-enrichment projections with active hat,
|
|
realm, service, asset, group, access profile, and evidence references.
|
|
|
|
```task
|
|
id: USER-WP-0012-T5
|
|
status: todo
|
|
priority: medium
|
|
state_hub_task_id: "c78e10c4-b245-4a83-a75d-4b46a6073fd2"
|
|
```
|
|
|
|
Add ports for exporting access-control facts to authorization engines or ACL
|
|
systems while preserving source-of-truth boundaries.
|
|
|
|
```task
|
|
id: USER-WP-0012-T6
|
|
status: todo
|
|
priority: medium
|
|
state_hub_task_id: "f9f32165-3a12-424e-a370-bb2ab8348c21"
|
|
```
|
|
|
|
Add tests for hat selection, cross-tenant denial, missing factor assurance,
|
|
group-derived access, service-specific projection, and redacted diagnostics.
|
|
|
|
## Acceptance Criteria
|
|
|
|
- Users can have multiple hats without collapsing them into one account state.
|
|
- Active hat context is explicit in identity context and projections.
|
|
- Access profile facts can be exported to authorization systems.
|
|
- Missing tenant, realm, service, asset, factor, or approval context fails
|
|
closed.
|
|
- Final policy and ACL enforcement remain outside user-engine.
|
|
|
|
## Expected Outputs
|
|
|
|
- Hat and access profile domain model.
|
|
- Active context service facade.
|
|
- Identity-context and claims projection updates.
|
|
- Access-control fact export tests.
|