-
Notifications
You must be signed in to change notification settings - Fork 0
Enterprise Live Identity Validation
Huzefaaa2 edited this page Jul 3, 2026
·
1 revision
CAVRA R2.1 now includes a public-safe live identity validation packet for proving real IdP and SCIM evidence without publishing secrets.
| Check | Required proof |
|---|---|
oidc_token_validation |
Issuer, audience, expiry, not-before, JWKS key, and RS256 signature validation passed. |
rbac_group_mapping |
Enterprise groups map to CISO, security operator, platform security, model owner, auditor, and break-glass roles. |
abac_runtime_scope |
Tenant, workspace, repository, environment, model owner, and data classification attributes are present. |
scim_group_sync |
SCIM group and role synchronization completed. |
scim_deprovisioning |
Deprovisioning evidence meets the 60 minute SLA. |
break_glass_audit |
CAB role, reason, external reference, short TTL, and audit event are retained. |
audit_evidence_retention |
Public-safe identity evidence references are retained. |
python3 scripts/validate_enterprise_live_identity_packet.py \
--packet .cavra/identity/enterprise-live-identity-validation.json \
--output dist/enterprise-live-identity-validation-result.jsonThe final packet must return:
{
"ready_for_live_enterprise_identity": true,
"status": "ready",
"blocker_count": 0
}The sample at examples/identity/enterprise-live-identity-validation.sample.json is shape-only and stays blocked until environment.validation_mode is set to live with real redacted evidence.
Detailed repo documentation: Enterprise Live Identity Validation.
CAVRA Field Compass
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
Textbook home: Before the Agent Acts |
Development archive: development and testing artifacts |
Source repository: github.com/Huzefaaa2/cavra
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Technology Stack
- Unified Enterprise Roadmap
- Conclusion