axess-identity 0.2.0

Identity primitives for the axess workspace: typed identifiers (TenantId, UserId, DeviceId, SessionId, EventId; all `FooId(Uuid)` newtypes via the `define_id!` macro) plus the principal abstraction (unified `Principal` enum with `Human` + `Workload` variants, SPIFFE-shaped `WorkloadId` / `TrustDomain` / `Issuer`, and the async `PrincipalResolver` trait + `CliResolver` impl). Foundation crate, deliberately small: depends only on `axess-rng` (for the DST-injectable `SecureRng` trait), `uuid`, and `thiserror`. No tokio, no axum, no Cedar; axess-core layers session integration plus Cedar entity emission on top of these primitives. See `docs/workload-identity/README.md` for the broader design.
Documentation

axess-identity

Version Status License

crates.io · docs.rs · GitHub

Identity primitives for the Axess workspace.

Foundation crate, deliberately small: depends only on axess-rng (for the DST-injectable SecureRng trait), uuid, and thiserror. No tokio, no axum, no Cedar; axess-core layers session integration + Cedar entity emission on top of these primitives.

What's in here

  • Typed identifiers; TenantId, UserId, DeviceId, SessionId, EventId. All FooId(Uuid) newtypes via the define_id! macro, with optional serde / rkyv / sqlx derives gated by features on the umbrella axess-core crate.
  • Principal abstraction; unified Principal { Human, Workload } enum + the SPIFFE-shaped WorkloadId / TrustDomain / Issuer types, plus the async PrincipalResolver trait every inbound auth surface implements. See docs/workload-identity/README.md for the design rationale.

Usage

use axess_identity::{TenantId, UserId, define_id};

let tenant = TenantId::new();              // fresh v4 UUID
let user = UserId::new();
let parsed: TenantId = "0193...".parse()?; // FromStr from hyphenated string

// Adopters can mint their own ID types:
define_id!(InvoiceId);

Licence

Dual-licensed under MIT and Apache-2.0.