d-bis/as4-411
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
as4-411/docs/adr/003-policy-engine-abac.md
defiQUG c24ae925cf
Some checks failed
CI / lint (push) Has been cancelled
Details
CI / build (push) Has been cancelled
Details
Initial commit: AS4/411 directory and discovery service for Sankofa Marketplace 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-08 08:44:20 -08:00

849 B
Raw Permalink Blame History

ADR-003: Policy Engine Model (ABAC)

Status

Accepted.

Context

Resolution must respect tenant scope and allow/deny rules using an attribute-based model.

Decision

Model

  • Policies are stored per tenant with rule_json (ABAC attributes), effect (allow/deny), and priority.
  • Tenant is enforced by restricting resolution to that tenant when request.tenant is set.

MVP Rule Shape

  • Deny: rule_json.participantId or rule_json.participantIds — exclude those participants.
  • Allow (restrictive): if any allow policy exists, rule_json.participantId/participantIds — only include those participants.

Ordering

  • Deny applied first; then allow restriction. Policies loaded by tenant and ordered by priority.

Consequences

  • Simple allow/deny by participant supported; ABAC can be extended via rule_json and filter logic.
Reference in New Issue View Git Blame Copy Permalink