Skip to content

Add RBAC ABAC freshness gates#2588

Open
Errordog2 wants to merge 1 commit into
UnitOneAI:mainfrom
Errordog2:improve/rbac-abac-attribute-pdp-freshness
Open

Add RBAC ABAC freshness gates#2588
Errordog2 wants to merge 1 commit into
UnitOneAI:mainfrom
Errordog2:improve/rbac-abac-attribute-pdp-freshness

Conversation

@Errordog2

@Errordog2 Errordog2 commented Jun 14, 2026

Copy link
Copy Markdown

Summary

  • add ABAC attribute provenance and freshness gates for authoritative source, trust tier, owner, max age, token-derived status, and server-side rehydration
  • add PDP/PIP failure-mode checks for fail-closed sensitive actions, bounded last-known-good caches, cache invalidation, and attribute conflict precedence
  • extend the output format with attribute evidence, PDP/PIP resilience, policy version, attribute age/source, and decision auditability fields

Addresses #2550.

Validation

  • git diff --check
  • Markdown fence balance check
  • targeted marker check for RBAC-ATTR gates, PDP/PIP failure modes, attribute evidence matrix, decision auditability, and v1.0.1

@Errordog2 Errordog2 requested a review from kamalsrini as a code owner June 14, 2026 19:17
@Errordog2 Errordog2 mentioned this pull request Jun 14, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kamalsrini kamalsrini Awaiting requested review from kamalsrini kamalsrini is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Errordog2