Identity and access readiness
Governed execution stays blocked until identity, tenant, role, and patient-context boundaries are explicit.
SCRIMED can expose deny-by-default workflow endpoints today, but production execution requires approved authentication, authorization, tenant isolation, service identity, consent, break-glass, audit linkage, and regional identity controls.
Active replacement
deny-by-default-governed-execution
Deny-by-default governed execution endpoints remain the active replacement until production identity provider, tenant isolation, role permissions, patient-context authorization, service authentication, consent, break-glass, audit linkage, and regional identity decisions are approved.
01Governed execution must not accept authenticated execution requests until identity and access readiness is approved.
02No executable workflow should trust a user, tenant, service, patient context, or delegated role until these controls are approved.
decision-required
Production identity provider
Security architecture
Select the production identity provider, login policy, MFA posture, account lifecycle, and enterprise SSO support for clinical and operational users.decision-required
Tenant and organization boundary
Platform architecture
Define organization, tenant, workspace, facility, department, environment, and customer isolation rules before any executable workflow accepts requests.decision-required
Role and permission model
Security
Approve least-privilege roles, permission scopes, reviewer authority, admin boundaries, and service-specific execution permissions.decision-required
Patient-context authorization
Clinical governance
Define how patient context, care-team relationship, encounter scope, consent, and purpose-of-use are validated before clinical workflow execution.decision-required
Service-to-service authentication
Platform security
Define service identities, signed requests, token audience checks, rotation cadence, and connector-to-workflow trust boundaries.decision-required
Session and token lifecycle
Security
Approve session duration, refresh behavior, revocation, device trust, inactivity handling, and emergency account lockout.decision-required
Consent and delegation
Privacy
Define patient consent, caregiver delegation, staff delegation, proxy access, and opt-in rules for patient-facing or FaithCore-aligned surfaces.decision-required
Break-glass access
Trust operations
Define emergency access workflow, justification capture, elevated-session expiration, retrospective review, and alerting.defined
Audit linkage
Trust infrastructure
Denied governed execution attempts already return metadata-only evidence headers that can link future identity decisions to workflow, guard, and body-handling state without capturing request bodies.decision-required
Regional identity compliance
Global compliance
Map identity, access review, session, audit, and data-residency expectations for the United States, UAE, Saudi Arabia, Kuwait, Nigeria, Kenya, Rwanda, Ghana, and Europe.