Skip to main content

Auth & Identity

Auth & Identity notes cover the provider-agnostic AuthContext seam, local Keycloak profile, OIDC claim validation, SCIM/enrollment identity contracts, the runtime-lite agent enrollment foundation, and the console activation stream.

Current notes:

  • OIDC/AuthContext + Keycloak local profile
  • Agent enrollment runtime-lite
  • SCIM provisioning runtime
  • SCIM connection setup UI
  • Console activation stream
  • Keycloak AWS dev Helm workload
  • Authenticated Swagger UI

Contract-designed Phase 1 identity work:

  • Agent enrollment and mTLS identity contracts
  • SCIM 2.0 provisioning contracts

Planned Phase 1 identity work includes Entra/Okta SCIM adapters, standards- shaped SCIM compatibility aliases, CA runtime, and enforced agent mTLS.