generated from coulomb/repo-seed
Honest first-pass maturity vector grounded in README/docs/tests present in this repo; no invented evidence. Flagged for human review before publish. See reuse-surface history/2026-07-06-coverage-classification.md. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
124 lines
4.6 KiB
Markdown
124 lines
4.6 KiB
Markdown
---
|
|
id: capability.identity.user-engine
|
|
name: Headless Multi-Tenant User Engine
|
|
summary: Headless, multi-application, multi-tenant user management engine covering registration, identity/factor
|
|
models, entitlement claims, hats/realms/services/assets access profiles, and onboarding journeys.
|
|
owner: user-engine
|
|
status: draft
|
|
domain: communication
|
|
tags:
|
|
- identity
|
|
- user-management
|
|
- multi-tenant
|
|
maturity:
|
|
discovery:
|
|
current: D4
|
|
target: D5
|
|
confidence: high
|
|
rationale: 'Unusually large documentation set for its size: docs/development.md, configuration.md,
|
|
contracts.md, canon-mapping.md, canon-interface-card.yaml, family-dataspace-onboarding.md, registration-identity-and-factor-model.md,
|
|
prepared-accounts-and-entitlement-claims.md, hats-realms-services-assets-access-profiles.md, onboarding-journeys-and-welcome-protocols.md,
|
|
and more — scope and contracts are thoroughly documented.'
|
|
availability:
|
|
current: A1
|
|
target: A3
|
|
confidence: medium
|
|
rationale: Python package with `make test`; no packaged distribution or hosted service confirmed in
|
|
this sweep.
|
|
external_evidence:
|
|
completeness:
|
|
level: C2
|
|
confidence: low
|
|
basis: scope_vs_intent_and_consumer_expectations
|
|
satisfied_expectations:
|
|
- registration/identity/factor model documented
|
|
- entitlement claims and access-profile model (hats/realms/services/assets) documented
|
|
- canon mapping and interface card present
|
|
broken_expectations: []
|
|
out_of_scope_expectations: []
|
|
reliability:
|
|
level: R0
|
|
confidence: low
|
|
basis: consumer_quality_signals
|
|
known_reliability_risks:
|
|
- breadth of documented scope not independently verified against implementation completeness in this
|
|
sweep
|
|
discovery:
|
|
intent: Provide a headless, multi-application, multi-tenant user-management engine covering the full
|
|
registration-to-entitlement lifecycle, reusable across NetKingdom-family applications.
|
|
includes:
|
|
- multi-tenant registration and identity/factor model
|
|
- entitlement claims and hats/realms/services/assets access profiles
|
|
- onboarding journeys and welcome protocols
|
|
excludes:
|
|
- IAM/OIDC protocol implementation itself (see key-cape, net-kingdom)
|
|
assumptions: []
|
|
use_cases: []
|
|
research_memos: []
|
|
availability:
|
|
current_level: A1
|
|
target_level: A3
|
|
current_artifacts:
|
|
- Python package (`user-engine`)
|
|
target_artifacts: []
|
|
consumption_modes:
|
|
- library import
|
|
relations:
|
|
depends_on: []
|
|
supports: []
|
|
related_to: []
|
|
evidence:
|
|
documentation:
|
|
- docs/contracts.md
|
|
- docs/registration-identity-and-factor-model.md
|
|
- docs/canon-mapping.md
|
|
tests:
|
|
- tests/
|
|
consumer_feedback: []
|
|
bug_reports: []
|
|
incidents: []
|
|
consumer_guidance:
|
|
recommended_for:
|
|
- multi-tenant applications needing a headless user/identity/entitlement engine
|
|
not_recommended_for:
|
|
- needs for the IAM/OIDC protocol layer itself (see key-cape/net-kingdom)
|
|
known_limitations:
|
|
- large documented scope; implementation completeness not independently verified in this sweep
|
|
promotion_history: []
|
|
---
|
|
|
|
# Headless Multi-Tenant User Engine
|
|
|
|
## Overview
|
|
|
|
`user-engine` is a headless, multi-application, multi-tenant user-management engine: registration, identity/factor models, prepared accounts and entitlement claims, hats/realms/services/assets access profiles, and onboarding journeys, documented in unusual depth for its size.
|
|
|
|
## Assessment notes
|
|
|
|
### Discovery
|
|
|
|
Unusually large documentation set for its size: docs/development.md, configuration.md, contracts.md, canon-mapping.md, canon-interface-card.yaml, family-dataspace-onboarding.md, registration-identity-and-factor-model.md, prepared-accounts-and-entitlement-claims.md, hats-realms-services-assets-access-profiles.md, onboarding-journeys-and-welcome-protocols.md, and more — scope and contracts are thoroughly documented.
|
|
|
|
### Availability
|
|
|
|
Python package with `make test`; no packaged distribution or hosted service confirmed in this sweep.
|
|
|
|
### Completeness
|
|
|
|
First-pass honest assessment from the REUSE-WP-0017 coverage campaign
|
|
(reuse-surface). No external consumer feedback exists yet; levels reflect
|
|
scope-vs-intent documentation quality, not internal code quality.
|
|
|
|
### Reliability
|
|
|
|
No production consumer telemetry exists yet; reliability level is
|
|
intentionally conservative pending REUSE-WP-0019 reuse-telemetry evidence.
|
|
|
|
## Promotion checklist
|
|
|
|
- [x] ID follows `capability.<domain>.<name>` pattern
|
|
- [x] Maturity enums match `specs/CapabilityMaturityStandard.md`
|
|
- [x] `external_evidence` is populated separately from `maturity`
|
|
- [ ] Relations reference valid capability IDs (none yet)
|
|
- [x] Index entry added in `registry/indexes/capabilities.yaml`
|