AccessControlSequence
Orchestrates complex, multi-step authorization workflows where access decisions require sequential evaluation of multiple policies, conditions, and approvals in a specific order. This entity represents authorization chains that cannot be evaluated in parallel - each step depends on the outcome of previous steps, creating sophisticated decision trees. For example, accessing classified documents might require: first checking security clearance, then verifying need-to-know, then checking time-window restrictions, then obtaining supervisor approval, and finally logging the access attempt. Each step in the sequence can have different evaluation criteria, different fallback behaviors, and different side effects. The sequence supports branching logic where different paths are taken based on intermediate results, loops for retry scenarios, and rollback capabilities if later steps fail. It enables progressive authorization where initial steps grant partial access and subsequent steps unlock additional capabilities. The entity tracks sequence execution state, allowing long-running authorization processes that span multiple user sessions or require human intervention. Sequences can be templated for common scenarios (onboarding workflow, privileged access elevation), dynamically generated based on risk assessment, or manually configured for special cases. This sequential processing is essential for implementing complex compliance requirements, multi-party approval processes, and adaptive security protocols that adjust based on accumulating evidence of legitimacy or risk.
Properties
| Property | Type | Mode | Description | Required |
|---|---|---|---|---|
| sequenceId | uuid | stored | Unique identifier for this sequence | Required |
| sequenceName | string | stored | Human-readable name for the sequence Example: | Required |
| description | string | stored | Explanation of the sequence purpose Example: | Optional |
| sequenceType | string | enum | Category of sequence Values: | Required |
| steps | string | stored | JSON array of sequence steps in order Example: | Required |
| currentStep | integer | stored | Currently executing step | Optional |
| executionState | string | enum | Current state of sequence execution Values: | Optional |
| flowControl | string | stored | JSON flow control logic Example: | Optional |
| branchingLogic | string | stored | JSON branching conditions between steps Example: | Optional |
| variables | string | stored | JSON variables passed between steps Example: | Optional |
| stepResults | string | stored | JSON results from each completed step | Optional |
| timeConstraints | string | stored | JSON time limits for sequence and steps Example: | Optional |
| rollbackStrategy | string | enum | How to handle rollbacks Values: | Optional |
| rollbackActions | string | stored | JSON actions to perform on rollback | Optional |
| parallelSteps | string | stored | JSON array of steps that can run in parallel Example: | Optional |
| requiredApprovals | integer | stored | Minimum approvals needed to proceed | Optional |
| collectedApprovals | string | stored | JSON array of approvals gathered | Optional |
| contextId | uuid | stored | Access context this sequence relates to | Optional |
| userId | uuid | stored | User this sequence is executing for | Required |
| resourceId | string | stored | Resource being accessed | Optional |
| startedAt | DateTime | stored | When sequence execution began | Optional |
| completedAt | DateTime | stored | When sequence finished | Optional |
| pausedAt | DateTime | stored | When sequence was paused | Optional |
| expiresAt | DateTime | stored | When sequence expires if not completed | Optional |
| finalOutcome | string | enum | Final result of sequence Values: | Optional |
| auditTrail | string | stored | JSON detailed execution history | Optional |
| errorDetails | string | stored | JSON error information if failed | Optional |
| isTemplate | boolean | stored | Whether this is a reusable template | Optional |
| templateId | uuid | stored | Template this was created from | Optional |
| metadata | object | stored | Additional sequence configuration | Optional |
Examples
Example 1
{
"@type": "AccessControlSequence",
"sequenceId": "seq_classified_001",
"sequenceName": "Classified Document Access Workflow",
"description": "Multi-step verification and approval process for accessing classified documents",
"sequenceType": "authorization",
"steps": "[{\"step\":1,\"type\":\"policy_check\",\"target\":\"security_clearance_policy\",\"required\":true},{\"step\":2,\"type\":\"condition_check\",\"target\":\"need_to_know_verification\",\"required\":true},{\"step\":3,\"type\":\"approval\",\"target\":\"classification_authority\",\"timeout\":1800},{\"step\":4,\"type\":\"mfa_challenge\",\"target\":\"user\",\"required\":true},{\"step\":5,\"type\":\"audit_log\",\"target\":\"security_audit_system\",\"required\":true}]",
"currentStep": 3,
"executionState": "paused",
"flowControl": "{\"on_step_failure\":\"deny_and_alert\",\"on_timeout\":\"escalate_to_security\",\"max_duration\":3600,\"retry_enabled\":false}",
"branchingLogic": "{\"step_1\":{\"pass\":\"continue\",\"fail\":\"terminate\"},\"step_3\":{\"approved\":\"continue\",\"denied\":\"terminate\",\"escalated\":\"goto_step_3a\"}}",
"variables": "{\"clearance_level\":3,\"classification_level\":\"secret\",\"risk_score\":45}",
"stepResults": "[{\"step\":1,\"result\":\"pass\",\"details\":{\"clearance_valid\":true,\"level\":\"secret\"}},{\"step\":2,\"result\":\"pass\",\"details\":{\"need_to_know\":\"verified\",\"project\":\"PROJECT_ALPHA\"}}]",
"timeConstraints": "{\"total_timeout\":3600,\"step_timeouts\":{\"3\":1800,\"4\":300}}",
"rollbackStrategy": "full",
"requiredApprovals": 2,
"collectedApprovals": "[{\"approver\":\"security_officer_001\",\"timestamp\":\"2024-03-15T14:00:00Z\",\"decision\":\"approved\"}]",
"userId": "user_analyst_001",
"resourceId": "doc_classified_report_2024",
"startedAt": "2024-03-15T13:45:00Z",
"pausedAt": "2024-03-15T14:00:00Z",
"expiresAt": "2024-03-15T14:45:00Z",
"auditTrail": "[{\"timestamp\":\"2024-03-15T13:45:00Z\",\"event\":\"sequence_started\"},{\"timestamp\":\"2024-03-15T13:45:05Z\",\"event\":\"step_1_completed\",\"result\":\"pass\"}]",
"metadata": {
"classification": "secret",
"compliance_framework": "NIST_800-53"
}
}Example 2
{
"@type": "AccessControlSequence",
"sequenceId": "seq_emergency_002",
"sequenceName": "Emergency Access Escalation",
"description": "Rapid escalation sequence for emergency production access",
"sequenceType": "escalation",
"steps": "[{\"step\":1,\"type\":\"identity_verification\",\"target\":\"mfa_system\"},{\"step\":2,\"type\":\"automated_risk_check\",\"target\":\"risk_engine\"},{\"step\":3,\"type\":\"notification\",\"target\":\"on_call_team\"},{\"step\":4,\"type\":\"temporary_grant\",\"target\":\"permission_system\"}]",
"currentStep": 4,
"executionState": "completed",
"flowControl": "{\"on_step_failure\":\"continue_with_logging\",\"emergency_mode\":true,\"skip_optional\":true}",
"variables": "{\"incident_id\":\"INC-2024-789\",\"risk_accepted\":true,\"duration_minutes\":60}",
"stepResults": "[{\"step\":1,\"result\":\"pass\"},{\"step\":2,\"result\":\"warning\",\"risk_score\":78},{\"step\":3,\"result\":\"pass\"},{\"step\":4,\"result\":\"pass\",\"permissions_granted\":[\"prod_read\",\"logs_access\"]}]",
"rollbackStrategy": "compensating",
"rollbackActions": "[{\"action\":\"revoke_permissions\",\"delay\":3600},{\"action\":\"comprehensive_audit\"}]",
"userId": "user_sre_002",
"startedAt": "2024-03-15T02:00:00Z",
"completedAt": "2024-03-15T02:02:00Z",
"finalOutcome": "granted",
"metadata": {
"incident_priority": "P1",
"bypass_reason": "critical_outage"
}
}