| capability.identity.user-engine |
Headless Multi-Tenant User Engine |
Headless, multi-application, multi-tenant user management engine covering registration, identity/factor models, entitlement claims, hats/realms/services/assets access profiles, and onboarding journeys. |
user-engine |
draft |
communication |
| identity |
| user-management |
| multi-tenant |
|
| discovery |
availability |
| current |
target |
confidence |
rationale |
| D4 |
D5 |
high |
Unusually large documentation set for its size: docs/development.md, configuration.md, contracts.md, canon-mapping.md, canon-interface-card.yaml, family-dataspace-onboarding.md, registration-identity-and-factor-model.md, prepared-accounts-and-entitlement-claims.md, hats-realms-services-assets-access-profiles.md, onboarding-journeys-and-welcome-protocols.md, and more — scope and contracts are thoroughly documented. |
|
| current |
target |
confidence |
rationale |
| A1 |
A3 |
medium |
Python package with `make test`; no packaged distribution or hosted service confirmed in this sweep. |
|
|
| completeness |
reliability |
| level |
confidence |
basis |
satisfied_expectations |
broken_expectations |
out_of_scope_expectations |
| C2 |
low |
scope_vs_intent_and_consumer_expectations |
| registration/identity/factor model documented |
| entitlement claims and access-profile model (hats/realms/services/assets) documented |
| canon mapping and interface card present |
|
|
|
|
| level |
confidence |
basis |
known_reliability_risks |
| R0 |
low |
consumer_quality_signals |
| breadth of documented scope not independently verified against implementation completeness in this sweep |
|
|
|
| intent |
includes |
excludes |
assumptions |
use_cases |
research_memos |
| Provide a headless, multi-application, multi-tenant user-management engine covering the full registration-to-entitlement lifecycle, reusable across NetKingdom-family applications. |
| multi-tenant registration and identity/factor model |
| entitlement claims and hats/realms/services/assets access profiles |
| onboarding journeys and welcome protocols |
|
| IAM/OIDC protocol implementation itself (see key-cape, net-kingdom) |
|
|
|
|
|
| current_level |
target_level |
current_artifacts |
target_artifacts |
consumption_modes |
| A1 |
A3 |
| Python package (`user-engine`) |
|
|
|
|
| depends_on |
supports |
related_to |
|
|
|
|
|
| documentation |
tests |
consumer_feedback |
bug_reports |
incidents |
| docs/contracts.md |
| docs/registration-identity-and-factor-model.md |
| docs/canon-mapping.md |
|
|
|
|
|
|
| recommended_for |
not_recommended_for |
known_limitations |
| multi-tenant applications needing a headless user/identity/entitlement engine |
|
| needs for the IAM/OIDC protocol layer itself (see key-cape/net-kingdom) |
|
| large documented scope; implementation completeness not independently verified in this sweep |
|
|
|