Implementation plan — Authority

Current objectives

  • Maintain deterministic behaviour and offline parity across releases.
  • Keep documentation, telemetry, and runbooks aligned with the latest sprint outcomes.

Workstreams

  • Backlog grooming: reconcile open stories in …/…/TASKS.md with this module’s roadmap.
  • Implementation: collaborate with service owners to land feature work defined in SPRINTS/EPIC docs.
  • Validation: extend tests/fixtures to preserve determinism and provenance requirements.

Epic milestones

  • Epic 1 – AOC enforcement: deliver OpTok scopes, guardrails, and AOC verifier hooks for ingestion services.
  • Epic 2 – Policy Engine & Editor: support policy evaluator flows (device-code, client credentials, scope sandboxing).
  • Epic 4 – Policy Studio: provide registry/promotion signing, approvals, and fresh-auth prompts.
  • Epic 14 – Identity & Tenancy: implement tenant isolation, RBAC hierarchies, audit trails, and PoE integration.
  • Track additional work (DOCS-SEC-62-001, AUTH-POLICY-20-001/002) in …/…/TASKS.md and src/Authority/**/TASKS.md.

Coordination

  • Review ./AGENTS.md before picking up new work.
  • Sync with cross-cutting teams noted in /docs/implplan/SPRINT_*.md.
  • Update this plan whenever scope, dependencies, or guardrails change.