Draft capability entry (reuse-surface REUSE-WP-0017-T04, cohort 2)
Honest first-pass maturity vector grounded in README/docs/tests present in this repo; no invented evidence. Flagged for human review before publish. See reuse-surface history/2026-07-06-coverage-classification.md. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
This commit is contained in:
parent
ec706da304
commit
326f7d1f07
2 changed files with 144 additions and 2 deletions
125
registry/capabilities/capability.iam.key-cape.md
Normal file
125
registry/capabilities/capability.iam.key-cape.md
Normal file
|
|
@ -0,0 +1,125 @@
|
|||
---
|
||||
id: capability.iam.key-cape
|
||||
name: KeyCape Lightweight IAM (NetKingdom Profile)
|
||||
summary: Lightweight-mode implementation of the NetKingdom IAM Profile (versioned OIDC/PKCE contract),
|
||||
orchestrating Authelia, LLDAP, and privacyIDEA so applications integrate against the profile, not against
|
||||
implementation internals.
|
||||
owner: key-cape
|
||||
status: draft
|
||||
domain: infotech
|
||||
tags:
|
||||
- iam
|
||||
- oidc
|
||||
- netkingdom
|
||||
- security
|
||||
maturity:
|
||||
discovery:
|
||||
current: D4
|
||||
target: D5
|
||||
confidence: high
|
||||
rationale: README documents a versioned canonical contract (net-kingdom canon/standards/iam-profile_v0.2.md),
|
||||
explicit lightweight-vs-expanded (Keycloak) migration story, and a completed implementation status
|
||||
(all 23 workplan tasks, 21 green test packages).
|
||||
availability:
|
||||
current: A2
|
||||
target: A3
|
||||
confidence: high
|
||||
rationale: README states 'Implementation complete (v0.1)'; has both `.gitea/workflows/` and `.forgejo/workflows/`
|
||||
CI already in place — ahead of most siblings on the Forgejo transition.
|
||||
external_evidence:
|
||||
completeness:
|
||||
level: C2
|
||||
confidence: low
|
||||
basis: scope_vs_intent_and_consumer_expectations
|
||||
satisfied_expectations:
|
||||
- full v0.1 implementation per its own workplan (23/23 tasks)
|
||||
- 21 test packages, all green
|
||||
- documented lightweight-to-expanded (Keycloak) migration path
|
||||
broken_expectations: []
|
||||
out_of_scope_expectations: []
|
||||
reliability:
|
||||
level: R1
|
||||
confidence: low
|
||||
basis: consumer_quality_signals
|
||||
known_reliability_risks:
|
||||
- maturity claims rely on the repo's own workplan completion record, not independently re-verified
|
||||
in this sweep
|
||||
discovery:
|
||||
intent: Let applications integrate against a versioned IAM profile contract rather than against Keycape
|
||||
internals, so migrating from lightweight (Authelia/LLDAP/privacyIDEA) to expanded (Keycloak) mode
|
||||
is a tested operation, not a rewrite.
|
||||
includes:
|
||||
- NetKingdom IAM Profile v0.2 lightweight-mode orchestration (Authelia, LLDAP, privacyIDEA)
|
||||
- profile-contract conformance
|
||||
excludes:
|
||||
- expanded-mode (Keycloak) implementation itself (separate deployment target for the same profile)
|
||||
assumptions: []
|
||||
use_cases: []
|
||||
research_memos: []
|
||||
availability:
|
||||
current_level: A2
|
||||
target_level: A3
|
||||
current_artifacts:
|
||||
- deployable lightweight-mode IAM stack
|
||||
target_artifacts: []
|
||||
consumption_modes:
|
||||
- service (self-hosted deployment)
|
||||
relations:
|
||||
depends_on: []
|
||||
supports: []
|
||||
related_to: []
|
||||
evidence:
|
||||
documentation:
|
||||
- README.md
|
||||
- workplans/KEY-WP-0001-keycape-implementation.md
|
||||
tests:
|
||||
- .gitea/workflows/
|
||||
- .forgejo/workflows/
|
||||
consumer_feedback: []
|
||||
bug_reports: []
|
||||
incidents: []
|
||||
consumer_guidance:
|
||||
recommended_for:
|
||||
- NetKingdom deployments wanting a lightweight, self-hosted IAM profile implementation with a tested
|
||||
migration path to Keycloak
|
||||
not_recommended_for:
|
||||
- deployments already committed to expanded/Keycloak mode
|
||||
known_limitations:
|
||||
- v0.1 completion claim not independently re-verified during this coverage sweep
|
||||
promotion_history: []
|
||||
---
|
||||
|
||||
# KeyCape Lightweight IAM (NetKingdom Profile)
|
||||
|
||||
## Overview
|
||||
|
||||
KeyCape is the lightweight IAM component of NetKingdom, implementing the versioned NetKingdom IAM Profile (OIDC/PKCE) by orchestrating Authelia, LLDAP, and privacyIDEA — the same profile Keycloak implements in expanded-mode deployments, so migration is a tested operation rather than a rewrite.
|
||||
|
||||
## Assessment notes
|
||||
|
||||
### Discovery
|
||||
|
||||
README documents a versioned canonical contract (net-kingdom canon/standards/iam-profile_v0.2.md), explicit lightweight-vs-expanded (Keycloak) migration story, and a completed implementation status (all 23 workplan tasks, 21 green test packages).
|
||||
|
||||
### Availability
|
||||
|
||||
README states 'Implementation complete (v0.1)'; has both `.gitea/workflows/` and `.forgejo/workflows/` CI already in place — ahead of most siblings on the Forgejo transition.
|
||||
|
||||
### Completeness
|
||||
|
||||
First-pass honest assessment from the REUSE-WP-0017 coverage campaign
|
||||
(reuse-surface). No external consumer feedback exists yet; levels reflect
|
||||
scope-vs-intent documentation quality, not internal code quality.
|
||||
|
||||
### Reliability
|
||||
|
||||
No production consumer telemetry exists yet; reliability level is
|
||||
intentionally conservative pending REUSE-WP-0019 reuse-telemetry evidence.
|
||||
|
||||
## Promotion checklist
|
||||
|
||||
- [x] ID follows `capability.<domain>.<name>` pattern
|
||||
- [x] Maturity enums match `specs/CapabilityMaturityStandard.md`
|
||||
- [x] `external_evidence` is populated separately from `maturity`
|
||||
- [ ] Relations reference valid capability IDs (none yet)
|
||||
- [x] Index entry added in `registry/indexes/capabilities.yaml`
|
||||
Loading…
Add table
Add a link
Reference in a new issue