Core entities
- Workspace: billing and governance boundary.
- Project: runtime boundary inside a workspace.
- User: global identity principal.
- Session: authenticated device or browser state.
- Membership: role bindings at workspace and project levels.
Session model
- Sessions are scoped and traceable.
- Refresh token rotation protects long-lived sessions.
- Membership or policy changes can invalidate stale sessions.
Role model
- Roles are evaluated in workspace and project context.
- Token claims carry only the context needed to resolve runtime access.
- Access decisions should be made server-side per request.
Invalidation triggers
- Membership role changed
- Membership removed
- Security posture change, such as forced logout
- Workspace or project deactivated
Audit implications
Identity lifecycle events should be logged with actor and context:
- who changed what
- where in the workspace/project graph
- when
Related docs
- Workspaces and projects:
/docs/concepts/tenant-project - OAuth/OIDC security:
/docs/reference/oauth-oidc-security - Incident communication:
/docs/reference/incident-comms