List view

• M6: CSL abstracts Identity SDK behind ports (Hub + Optimize shim)

  Due by August 25, 2026

  •0/3 issues closed
  0% complete3 open0 closed

• M12: Management Identity decommissioned from Optimize

  Optimize no longer depends on Management Identity for OIDC token issuance or user/role storage. The library owns IdP integration end to end for Optimize.

  Due by December 17, 2026

  •0/2 issues closed
  0% complete2 open0 closed

• M11: Management Identity decommissioned from Hub

  Target: 8.11. Hub no longer depends on Management Identity for OIDC token issuance or user/role storage. The library owns IdP integration end to end for Hub.

  Due by December 17, 2026

  •0/11 issues closed
  0% complete11 open0 closed

• M10: Optimize authorization migrated from Management Identity to CSL

  Authorization checks for Optimize endpoints are evaluated through the library, using the same AuthorizationService and scope resolution as OC and Hub.

  Due by November 24, 2026

  •0/3 issues closed
  0% complete3 open0 closed

• M9: Admin UI/pages exists in Optimize

  Optimize mounts the library-supplied admin pages and manages identity and authorization configuration through them.

  Due by November 24, 2026

  •0/1 issues closed
  0% complete1 open0 closed

• M8: Hub authorization migrated from Management Identity to CSL

  Authorization checks for Hub endpoints are evaluated through the library, using the same AuthorizationService and scope resolution as OC.

  Due by October 27, 2026

  •0/6 issues closed
  0% complete6 open0 closed

• M7: Admin UI/pages exists in Hub

  Hub mounts the library-supplied admin pages and manages identity and authorization configuration through them.

  Due by October 27, 2026

  •0/1 issues closed
  0% complete1 open0 closed

• M3: Authentication in Optimize is provided by CSL

  Optimize adopts a new library-owned stateless JWT-cookie webapp chain, generic over its three deployment modes (CCSM, CCSaaS, Auth0). Optimize's deployment-specific Spring Security adapters are deleted; IdP behaviour plugs in via SPIs. Optimize's end-user authentication behaviour is unchanged.

  Due by June 30, 2026

  •0/6 issues closed
  0% complete6 open0 closed

• M2: Authentication in Hub is provided by CSL

  Hub adopts the library-owned authentication filter chain via @Import and host-supplied SPI implementations. Hub's end-user authentication behaviour is unchanged.

  Due by June 30, 2026

  •5/30 issues closed
  16% complete25 open5 closed

• M5: Authorization in OC engine layer is provided by CSL

  Authorization checks for OC engine-layer operations (process/decision commands) are evaluated through the library. OC's engine-side authorization code is deleted.

  Due by July 28, 2026

  •4/5 issues closed
  80% complete1 open4 closed

• M4: Authorization in OC search layer is provided by CSL

  Authorization checks for OC search-layer endpoints (resource queries, list/read operations) are evaluated through the library. OC's search-side authorization code is deleted.

  Due by July 28, 2026

  •9/12 issues closed
  75% complete3 open9 closed

• M1: Authentication in OC is provided by CSL

  The library owns the Spring Security filter chain for authentication. OC consumes the library chain via @Import and host-supplied SPI implementations. OC's end-user authentication behaviour is unchanged.

  Due by June 30, 2026

  •26/30 issues closed
  86% complete4 open26 closed