chore: non-normative edits for embedded PDP reference architecture#15
Open
chore: non-normative edits for embedded PDP reference architecture#15
Conversation
RFC-005 v1.1: - §4.2: Implementation note clarifying bundle-based PDP internals are valid - §6.3: Note distinguishing bundle-level caching from decision-level caching - Appendix B: Reference PDP architecture (OPA embed, PIP-to-OPA mapping, bundle structure, staleness behavior, starter policies) — non-normative RFC-001: - §6: Co-located PDP deployment note — non-normative All changes are informational. No normative requirements modified.
Resolve the deployment-specific placeholder in Appendix B §B.4. EM-GUARD allows on stale bundle with BUNDLE_STALE telemetry warning, consistent with its deny-on-DENY contract. EM-STRICT remains the fail-closed option. Added rationale paragraph.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Non-normative RFC edits supporting the embedded PDP reference architecture. All changes are informational — no normative requirements modified.
RFC-005 v1.1 Changes
§4.2 Implementation Note
Clarifies that bundle-based PDP internals (e.g., OPA policy bundles loaded from a co-located bundle server) are a valid implementation detail, invisible to the PEP at the wire contract level.
§6.3 Bundle vs Decision Caching
Distinguishes decision-level caching (storing a specific evaluation result) from bundle-level caching (evaluating fresh decisions against cached policy data). Both are valid. Bundle-level caching does not violate the temporal bounds in §6.3 because each evaluation produces a new decision.
Appendix B: Reference PDP Architecture (Non-Normative)
Documents the reference PDP shipped with capiscio-server:
PDPClientinterface)inputdocument)Changelog
Added v1.1 entry.
RFC-001 Change
§6 Co-Located PDP Note
Non-normative note that embedding the PDP within the PEP process is a valid deployment variant, with a cross-reference to RFC-005 Appendix B.
Related
internal-docs/engineering/embedded-pdp-implementation-guide.md