generated from coulomb/repo-seed
48 lines
1.4 KiB
Markdown
48 lines
1.4 KiB
Markdown
# SCOPE
|
|
|
|
## One-Liner
|
|
|
|
Headless user-domain and profile engine for accounts, identity links,
|
|
preferences, memberships, application catalogs, projections, audit, and
|
|
events.
|
|
|
|
## In Scope
|
|
|
|
- user and account records;
|
|
- account lifecycle state;
|
|
- external identity links;
|
|
- global, tenant, application, and membership profile values;
|
|
- preference values;
|
|
- tenant, application, team, and scope memberships;
|
|
- application registry for profile consumers;
|
|
- customization catalog registry and validation;
|
|
- effective profile resolution;
|
|
- projection APIs for self-service, admin, application runtime, audit, and
|
|
agent contexts;
|
|
- audit records and lifecycle/profile-change events;
|
|
- local standalone development mode;
|
|
- integration ports for identity claims, authorization checks, events, and
|
|
runtime secrets.
|
|
|
|
## Out Of Scope
|
|
|
|
- login and authentication flows;
|
|
- password, passkey, session, and MFA lifecycle;
|
|
- OIDC/SAML token issuance;
|
|
- final authorization policy decisions;
|
|
- runtime secret custody;
|
|
- UI implementation;
|
|
- full SCIM server or enterprise directory replacement in the initial product.
|
|
|
|
## Boundary Rule
|
|
|
|
user-engine owns user-domain facts and projections. Other systems may provide
|
|
identity, authorization, deployment, event transport, or UI surfaces, but they
|
|
must integrate through explicit interfaces rather than becoming hidden sources
|
|
of profile truth.
|
|
|
|
## Current Planning
|
|
|
|
Implementation work is tracked in `workplans/USER-WP-0001` through
|
|
`USER-WP-0006`.
|