Identity Service — Service Readiness
Status: populated
Owner: TBD
Last updated: 2026-04-18
Companion: Service Template · DEPLOYMENT_TOPOLOGY · TESTING_STRATEGY
1. Readiness gate checklist
A service is production-ready only when ALL gates below are green. Status is reviewed at each milestone boundary.
1.1 Documentation gates
| Gate | Requirement | Status |
|---|
| DOC-01 | All 17 canonical docs complete (no stubs) | In progress |
| DOC-02 | SERVICE_OVERVIEW.md reviewed by tech lead | Not started |
| DOC-03 | API_CONTRACTS.md reviewed by API guild | Not started |
| DOC-04 | SECURITY_MODEL.md reviewed by security team | Not started |
1.2 Code quality gates
| Gate | Requirement | Target milestone |
|---|
| CODE-01 | ESLint: zero errors; domain import-restriction passes | M0 |
| CODE-02 | TypeScript: strict mode, zero errors | M0 |
| CODE-03 | Unit test coverage ≥ 80% statements + lines | M0 |
| CODE-04 | Integration tests passing: tenant-isolation, outbox, inbox | M0 |
| CODE-05 | Contract tests passing: Pact consumer tests green | M1 |
| CODE-06 | Event schema conformance tests green vs schema registry | M1 |
1.3 Security gates
| Gate | Requirement | Target milestone |
|---|
| SEC-01 | No hardcoded secrets in source; Snyk scan clean | M0 |
| SEC-02 | OWASP dependency scan — zero critical CVEs | M0 |
| SEC-03 | Penetration test on auth endpoints completed | M2 |
| SEC-04 | GDPR data-flow review signed off by DPO | M2 |
| SEC-05 | HIPAA Security Rule analogue checklist complete | M2 |
| SEC-06 | Keycloak realm security review (OIDC/SAML) | M2 |
1.4 Observability gates
| Gate | Requirement | Target milestone |
|---|
| OBS-01 | OpenTelemetry traces visible in Grafana Tempo (staging) | M0 |
| OBS-02 | Prometheus metrics scraped; dashboards deployed | M1 |
| OBS-03 | SLO burn rate alerts configured (login p99, error rate) | M1 |
| OBS-04 | Runbooks linked in alert annotations | M1 |
| OBS-05 | On-call rotation assigned for identity alerts | M1 |
1.5 Deployment gates
| Gate | Requirement | Target milestone |
|---|
| DEP-01 | Kubernetes manifests reviewed and committed | M0 |
| DEP-02 | HPA and PDB configured (minAvailable=2) | M0 |
| DEP-03 | Canary deploy completed: 5% / 30 min in staging | M1 |
| DEP-04 | Rollback verified (< 2 min) in staging | M1 |
| DEP-05 | Multi-AZ pod anti-affinity confirmed in staging | M1 |
1.6 Data / migration gates
| Gate | Requirement | Target milestone |
|---|
| MIG-01 | Database schema migrations applied idempotently | M0 |
| MIG-02 | Legacy user data migrated and verified for pilot tenant | M1 |
| MIG-03 | Legacy license assignments migrated and resolver output validated | M1 |
| MIG-04 | Dual-publish event aliases stable for 2 weeks | M2 |
2. Readiness level targets
| Level | Description | Target |
|---|
| L2 | Core auth flows, licensing catalogue, manual failover | M0 |
| L3 | MFA, OIDC broker, SLO tracking, contract tests, event schema gate | M1 |
| L4 | SAML, adaptive MFA, chaos-tested broker failover, full HIPAA/GDPR sign-off | M3 |
3. Sign-off record
| Milestone | Tech lead | SRE | Security | Date |
|---|
| M0 | — | — | — | TBD |
| M1 | — | — | — | TBD |
| M3 | — | — | — | TBD |