Auth broker

ContractPlane.ai identity and registration

Registration is the start of governance. The app creates the governed customer account, workspace, principal, role binding, entitlement bundle, and downstream chat provisioning state.

ContractPlane.ai is the identity broker. Registration creates the workspace, principal, role binding, entitlements, and downstream chat provisioning state.

Authority boundary

Node owns operational truth. Drupal owns backoffice flow.

ContractPlane.ai writes customer, workspace, principal, role, and entitlement state.
Drupal reviews approvals and admin workflow but never becomes the runtime master.
Chat trusts ContractPlane.ai SSO and consumes scoped grants downstream.
`did:web:discover.duadp.org` stays the canonical trust anchor.