docs consolidation work
This commit is contained in:
StellaOps Bot
@@ -48,3 +48,23 @@ Authority is the platform OIDC/OAuth2 control plane that mints short-lived, send
|
||||
- **Epic 2 – Policy Engine & Editor:** supply policy evaluation/principal scopes and short-lived tokens for evaluator workflows.
|
||||
- **Epic 4 – Policy Studio:** integrate approval/promotion signatures and policy registry access controls.
|
||||
- **Epic 14 – Identity & Tenancy:** deliver tenant isolation, RBAC hierarchies, and governance tooling for authentication.
|
||||
|
||||
## Implementation Status
|
||||
|
||||
**Epic Milestones:**
|
||||
- Epic 1 (AOC enforcement) – Complete: OpTok scopes, guardrails, AOC role templates, and scope policies operational
|
||||
- Epic 2 (Policy Engine & Editor) – Complete: DPoP validation and mTLS sender-constraint flows operational
|
||||
- Epic 4 (Policy Studio) – Complete: pack signing policies, approval RBAC, CLI CI token scopes, audit logging
|
||||
- Epic 14 (Identity & Tenancy) – In progress: tenancy contract published, sovereign crypto provider integration ongoing
|
||||
- Future (Attestation support) – Not started: DSSE predicate types and verification helpers pending upstream dependencies
|
||||
|
||||
**Key Technical Decisions:**
|
||||
- DPoP validation on token grants with cnf.jkt inheritance for interactive tokens
|
||||
- Refresh grants enforce original client cert with x5t#S256 metadata persistence
|
||||
- Sealed-mode CI gating refuses tokens when sealed install lacks confirmation
|
||||
- Tenant-scope contract published for cross-module coordination
|
||||
|
||||
**Risks & Mitigations:**
|
||||
- Sovereign crypto keystore migration in progress, key-loading path updates required
|
||||
- DSSE predicate schema draft pending coordination with Signer guild
|
||||
- Provenance harness dependency for verification helpers
|
||||
|
||||
Reference in New Issue
Block a user