Cephalon.Identity
เนื้อหานี้ยังไม่ได้แปลเป็นภาษาไทย แสดงเป็นภาษาอังกฤษแทน
Maturity:
M1· Ownership: mixed:cephalon-manageddefault metadata-driven evaluator, runtime surface, catalog projection, diagnostics +application-managedidentity scheme and principal flow · Family:audit-and-identity· See audit, matrix.
Cephalon.Identity is the host-agnostic identity and authorization companion package for Cephalon.
What it owns
Section titled “What it owns”- registers a default metadata-driven
IAuthorizationEvaluatorwhenIdentityAccessis active, while letting hosts opt out throughEngine:Identity:EnableDefaultEvaluatorwhen they want to supply their own evaluator - keeps
RBAC,ABAC, and policy-evaluation behavior out of hosts so consumer apps can stay low ceremony - projects the active identity runtime answer through the
identity-authorizationtechnology surface, which can be disabled explicitly throughEngine:Identity:EnableRuntimeSurface - contributes a dedicated diagnostics convention so
/engine/diagnosticscan advertise stable identity event ids - keeps ASP.NET Core
ClaimsPrincipal, auth schemes, and endpoint-policy mapping out of the host-agnostic pack
Main surfaces
Section titled “Main surfaces”Configuration/IdentityRuntimeOptions.csPolicies/IdentityPolicyMetadataKeys.csRegistration/IdentityEngineBuilderExtensions.csServices/MetadataDrivenAuthorizationEvaluator.csServices/IdentityAuthorizationRuntimeSurfaceContributor.cs
How it fits
Section titled “How it fits”This package is the first honest runtime slice of the phase-8 identity story. Cephalon.Abstractions already carries the host-agnostic authorization contracts, and Cephalon.Engine already exposes authorization-policy catalogs plus config-driven identity selection through the resolved app profile. Cephalon.Identity now turns those contracts into a reusable runtime baseline without forcing ASP.NET Core-specific principal or scheme semantics into the core.
The built-in evaluator is intentionally declarative and conservative. It understands low-ceremony metadata conventions for role checks, owner checks, tenant-boundary checks, and subject/resource/context attribute matching, but it does not pretend to be a full authentication stack or a product-specific policy engine. That keeps the current slice truthful while still giving consumer apps a meaningful ready-to-use baseline that reduces repeated authorization wiring and lets project code focus on business rules.
The next step after this package is broader adapter follow-through on top of the shipped Cephalon.Identity.AspNetCore baseline. That now covers minimal APIs and controller actions while keeping ClaimsPrincipal, auth schemes, and endpoint-policy wiring out of the host-agnostic core, and the next iterations should deepen host/runtime truth instead of pushing ASP.NET Core concerns back into Cephalon.Abstractions.