Identity Service — AI Integration
Status: populated
Owner: TBD
Last updated: 2026-04-17
Companion: Service Template · ai-gateway-service
1. Summary
identity-service does not make direct LLM calls today. It is a security-sensitive service and every AI-assisted flow is brokered through ai-gateway-service. Only two narrow AI-adjacent capabilities are planned, both behind ports and both disabled by default.
2. Planned AI touch points
| Capability | Purpose | Call pattern | Status | HITL? |
|---|
| Adaptive-MFA risk scoring (slice S4) | Compute risk score from login signals (device, geo, behaviour) to decide MFA step-up | Internal — RiskScorer port; adapter may call ai-gateway-service /api/v1/completions with structured JSON prompt | Design only | Yes — admin reviewable override log |
| Break-glass narrative summarisation (slice S4) | Summarise emergency-access session narrative for audit review | Post-hoc — event consumer job posts to ai-gateway-service; stores summary in audit-service | Design only | Yes — auditor attestation |
Neither capability processes raw PHI; inputs are structured metadata.
3. Prompt templates (placeholders)
| Template code | Owner | Location | Moderation |
|---|
IDENT_RISK_SCORE_v1 | identity + SRE | ai-gateway-service/prompts/identity/ | category=security; refusal events → identity.ai.refused.v1 (proposed) |
IDENT_BREAKGLASS_SUMMARY_v1 | identity + compliance | same | category=audit; PHI scrubbing enforced by ai-gateway-service |
4. Guardrails
| Control | Rule |
|---|
| Data minimisation | No passwords, TOTP seeds, WebAuthn public keys, biometric fingerprints ever sent to AI provider. Only categorical risk features (device class, geo cluster, failure streak). |
| Moderation | All prompts tagged security-sensitive; ai-gateway-service enforces provider-side safety filters and logs refusals. |
| HITL | Score-based MFA step-up is advisory to policy logic; the human-facing action (step-up challenge) is deterministic. Break-glass summaries require auditor sign-off before archival closes. |
| Auditability | Every AI-derived score persisted with decisionTraceId, feature vector hash, model name + version, and timestamp. |
| Disable switch | IDENTITY_AI_RISK_ENABLED env flag; off in M0–M3 unless explicit opt-in. |
5. Decision log
| Date | Decision |
|---|
| 2026-04-17 | Keep identity-service AI-free in S0/S1. Reconsider in S4. No direct LLM calls from identity-service code path. |