stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
7b01c7d6acd233c1fdfac71cad09fd266be6bfc9
git.stella-ops.org/docs/implplan/archived/updates/2025-11-09-authority-ldap-plugin.md
master 7b01c7d6ac
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Add comprehensive product advisories for improved scanner functionality 
- Introduced a blueprint for explainable quiet alerts, detailing phases for SBOM, VEX readiness, and attestations.
- Developed a roadmap for deterministic diff-aware rescans, enhancing scanner speed and efficiency.
- Implemented a hash-based SBOM layer cache to optimize container scans by reusing previous results.
- Created a multi-runtime reachability corpus to validate function-level reachability across various programming languages.
- Proposed a stable SBOM model using SPDX 3.0.1 for persistence and CycloneDX 1.6 for interchange.
- Established a validation plan for quiet scans, focusing on provenance and CI integration.
- Documented guidelines for the Findings Ledger module, outlining roles, execution rules, and testing protocols.
2025-11-17 00:09:26 +02:00

1.2 KiB
Raw Blame History

2025-11-09 — Authority LDAP Plug-in Readiness (PLG7.IMPL-005)

Summary

  • Added a dedicated LDAP quick-reference section to the Authority plug-in developer guide covering mutual TLS requirements, DN→role regex mappings, Mongo-backed claim caching, and the client-provisioning audit mirror.
  • Refreshed the sample manifest at etc/authority.plugins/ldap.yaml so operators see cache-enabled defaults, placeholder usage for regex mappings, and audit-mirror notes that match the implementation.
  • Documented that Offline Kits now ship the LDAP plug-in binaries plus the curated manifest, enabling air-gapped installs to drop the assets directly into plugins/authority/**.
  • Logged the shipment in release notes so Security/Docs guilds can reference the change and testers can align their smoke runs.

Impact

  • Documentation now tells operators exactly how to enable mutual TLS, configure regex mappings, and size caches/audit mirrors before turning the plug-in on.
  • Offline Kit consumers understand that LDAP plug-in artefacts are part of the bundle and no longer have to copy manifests manually across environments.
  • Sprint 100 tracker reflects PLG7.IMPL-005 as DONE, unblocking Authority/Docs sign-off for the LDAP plug-in workstream.