3.4 KiB
id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, created, updated, depends_on, state_hub_workstream_id
| id | type | title | domain | repo | status | owner | topic_slug | planning_priority | planning_order | created | updated | depends_on | state_hub_workstream_id | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| USER-WP-0015 | workplan | Registration Scenario And Security Conformance | netkingdom | user-engine | proposed | codex | netkingdom | medium | 15 | 2026-06-15 | 2026-06-15 |
|
4f21e1c9-ad27-4ac9-888f-8f78c6abfb3b |
USER-WP-0015 - Registration Scenario And Security Conformance
Goal
Prove the full NetKingdom registration and onboarding model through executable scenarios, security negative paths, redaction checks, adapter conformance, and operability diagnostics.
Scope Direction
This workplan turns the registration roadmap into a testable contract. It should cover both headless APIs and the optional UI surface where present.
Non-Goals
- Do not add new product surface unless a test exposes a missing contract.
- Do not assert provider-specific IAM, eID, SMS, email, or authorization engine internals.
- Do not require production infrastructure for local conformance tests.
Tasks
id: USER-WP-0015-T1
status: todo
priority: high
state_hub_task_id: "5ca0a269-559d-4138-b702-9984a411f2ed"
Define the registration scenario matrix: self-registration, prepared account claim, privileged role requiring approval, eID-backed assurance, family invite, tenant admin invite, group access, and denied cross-tenant claim.
id: USER-WP-0015-T2
status: todo
priority: high
state_hub_task_id: "6ee492b1-923f-4aa0-8e17-b69f522c4898"
Add end-to-end headless tests covering registration through identity context, claims enrichment, active hat selection, and onboarding event emission.
id: USER-WP-0015-T3
status: todo
priority: high
state_hub_task_id: "b813a88f-ced6-40ce-9a25-d1c666fb73c9"
Add security negative tests for weak factor evidence, duplicate identity links, prepared-account hijack attempts, expired claims, missing tenant context, privileged role escalation, and stale approvals.
id: USER-WP-0015-T4
status: todo
priority: medium
state_hub_task_id: "5a03ac1a-1f8e-455b-8f75-691e8bdda286"
Add redaction and diagnostics tests for factor values, profile sensitivity, prepared-account metadata, active hat context, and access-profile evidence.
id: USER-WP-0015-T5
status: todo
priority: medium
state_hub_task_id: "fcf32b4d-d050-4989-bb05-844e0d13e548"
Add adapter conformance tests for factor verification, authorization checks, access fact export, onboarding handoff, audit export, outbox replay, and durable store behavior.
id: USER-WP-0015-T6
status: todo
priority: medium
state_hub_task_id: "a7850784-3b86-453f-bbc7-1d53d0813f82"
Add UI flow tests once USER-WP-0014 exists: registration happy path, resume, prepared rights review, hat selection, admin preparation, and blocked journey.
Acceptance Criteria
- The main registration and onboarding journeys are executable as tests.
- Security negative paths fail closed and leave audit evidence.
- Sensitive factor and profile data is redacted from diagnostics and UI output.
- Adapter contracts are testable without production infrastructure.
- The registration UI, if implemented, is covered by workflow-level tests.
Expected Outputs
- Registration scenario matrix.
- Headless and UI conformance tests.
- Security negative-path test suite.
- Adapter conformance harness for registration dependencies.