Status: IN
OpenShift identity management forms a complete chain from authentication through session management to authorization: OAuth providers create User/Identity objects that map to sessions (OAuthAccessToken lifecycle with active revocation), which are then evaluated against dual authorization systems (OpenShift auth + K8s RBAC) — revoking a session invalidates all authorization decisions for that identity.
depth-2 identity-to-authorization covers the static mapping; depth-1 session lifecycle adds the temporal dimension — combining reveals that authorization is not just identity-based but session-scoped, and revocation propagates through the entire chain
Depends on (SL): identity-to-authorization-governance-chain, oauth-session-lifecycle-management