30 lines
849 B
Plaintext
30 lines
849 B
Plaintext
---
|
|
description: Identity, authorization, and auditability
|
|
alwaysApply: true
|
|
---
|
|
|
|
Auth, permissions, and audit requirements.
|
|
|
|
## Identity and access
|
|
- Authentication is passwordless-first.
|
|
- Prefer support for:
|
|
- magic links
|
|
- OIDC
|
|
- passkeys
|
|
- Roles and permissions are core architecture concerns and must not be deferred casually.
|
|
|
|
## Authorization
|
|
- Never assume all authenticated users have broad access.
|
|
- Design authorization around role-aware and context-aware access rules.
|
|
- Support evolving permission models without hard-coding simplistic assumptions.
|
|
|
|
## Auditability
|
|
- Important actions must be auditable.
|
|
- This includes at minimum:
|
|
- deletions
|
|
- updates to sensitive records
|
|
- role/permission changes
|
|
- financial changes
|
|
- document-related changes where relevant
|
|
- Preserve historical traceability wherever practical.
|