23 lines
873 B
Markdown
23 lines
873 B
Markdown
# Identity Provider Boundaries
|
|
|
|
## Ownership
|
|
|
|
- `IUserDataProvider`: user aggregate persistence provider boundary.
|
|
- `IRoleDataProvider`: role aggregate persistence provider boundary.
|
|
- `IPermissionDataProvider`: permission aggregate provider boundary.
|
|
- `IModuleDataProvider`: module aggregate provider boundary.
|
|
- `ITenantDataProvider`: tenant aggregate provider boundary.
|
|
- `IIdentityRepository`: DAL composition boundary for policy, token, and permission-set reads.
|
|
- `IIdentityDalGrpcContractAdapter`: gRPC translation boundary for DAL contracts.
|
|
|
|
## Rules
|
|
|
|
- Providers isolate datastore-specific behavior.
|
|
- Provider boundaries remain internal to Thalos DAL.
|
|
- DAL interfaces expose only transport-neutral contracts and read ports.
|
|
- Identity abstractions remain Thalos-owned.
|
|
- Runtime provider routes currently support:
|
|
- `InternalJwt`
|
|
- `AzureAd`
|
|
- `Google`
|