Compartmentalization

Compartmentalization isolates the privileges of one or more groups into a context that must be manually activated.

The privileges of compartmentalized groups are removed from the user's default context.

Compartment {
    Name      :sequence
    Roles     :list{natural}
    Challenge :list{## CHALLENGE_ID ##}
}

Groups

A group may be marked as compartmentalized by the administrator, isolating it from the default context and preventing it from being grouped with other roles.

Escalation

To access compartmentalized privileges, a user must perform an escalation action and complete all associated authentication challenges.

Configuration

Authentication

Administrators may specify managed authentication methods, such as assigned keys, as mandatory challenges for escalation in compartmentalized groups.

Personal Compartments

Users may define compartments for any groups not compartmentalized by the administrator.

User Interface

The user interface should implement an accessible menu—ideally via persistent options button—for escalating and deescalating roles and compartments.

Note that roles are limited to the scope of the domain in which they are defined; however, compartments are subject to the user and may contain roles of multiple domains.