Skip to content

Improve RBAC activation context evidence gates#1355

Open
MAUROCERON wants to merge 1 commit into
UnitOneAI:mainfrom
MAUROCERON:improve/rbac-activation-context-1327
Open

Improve RBAC activation context evidence gates#1355
MAUROCERON wants to merge 1 commit into
UnitOneAI:mainfrom
MAUROCERON:improve/rbac-activation-context-1327

Conversation

@MAUROCERON

@MAUROCERON MAUROCERON commented Jun 6, 2026

Copy link
Copy Markdown

Summary

  • Implements [REVIEW] rbac-design: add temporary elevation and activation-context evidence gates #1327.
  • Adds temporary elevation and activation-context evidence gates to rbac-design.
  • Requires reviewers to distinguish assignment eligibility, activation event,
    active-session DSoD, token/session lifetime, and break-glass post-use review.
  • Adds edge-case fixtures for short-lived approved activation, long-lived JIT
    without approval, DSoD checked only at assignment time, cached tokens outliving
    deactivation, and break-glass without post-use review.

Validation

  • Checked Markdown fence balance for the edited skill and new fixture.
  • Verified official NIST, Microsoft Entra PIM, and AWS IAM Identity Center reference URLs return HTTP 200.
  • Scanned the changed public files for private payment/contact strings.

Bounty

  • I have read and agree to the CONTRIBUTING.md bounty terms.
  • Preferred payment method can be provided privately after maintainer acceptance.

@MAUROCERON MAUROCERON mentioned this pull request Jun 6, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MAUROCERON