Skip to content

USER-ID-1 v1: user identity resolution specification#54

Draft
JarbasAl wants to merge 10 commits into
devfrom
spec/user-id
Draft

USER-ID-1 v1: user identity resolution specification#54
JarbasAl wants to merge 10 commits into
devfrom
spec/user-id

Conversation

@JarbasAl

@JarbasAl JarbasAl commented May 28, 2026

Copy link
Copy Markdown
Member

Closes #53

What this PR adds

spec/user-id/ovos-user-id-1.md — new specification for user identity resolution and authentication levels at the bus protocol layer.

Companion edit: ovos-session-1.md — seven new fields added to the §2.1 field registry.

Spec summary

Skills read session.user_id and session.auth_level from the message they receive on dispatch — no query round-trip, no race condition. The recognition plugin (transformer chain, standalone service, or bridge injection) populates the fields before the utterance enters the pipeline.

Four enrolled signals → four opaque session IDs:

  • voice_id — voice-print match (audio transformer, pre-STT)
  • face_id — face-print match (out-of-band camera plugin; site_id selects camera)
  • name_id — self-declaration match ("I am Alice"; utterance transformer, post-STT)
  • passphrase_id — secret-phrase match (utterance transformer, post-STT)

auth_level 0–5: anonymous → configured default → self-declared → single biometric → multi biometric → explicit credential.

Identity persists within a session — once established, auth_level carries forward without re-recognition; skills can prompt for an upgrade via CONVERSE-1 response_mode.

Layer-2 bridges may inject all fields directly (e.g. authenticated chat interface, single-user satellite terminal via default_user_id).

Files changed

File Change
spec/user-id/ovos-user-id-1.md New spec (~400 lines including non-normative examples)
ovos-session-1.md +7 rows in §2.1 field registry

Related

JarbasAl and others added 7 commits May 28, 2026 10:33
@JarbasAl @claude
USER-ID-1 v1: user identity resolution specification
1b77128 
Claims session.user_id field (SESSION-1 §2.1).
Defines three signal categories (voice transformer, utterance transformer,
out-of-band visual) and the metadata transformer as the sole injection point.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@JarbasAl @claude
USER-ID-1: add per-signal fields and auth_level
7d7254e 
speaker_id, face_id, passphrase_id: opaque strings per signal type.
auth_level 0-3: guest → single passive → multi passive → explicit.
§7 gives skill guidance: auth_level gates sensitive operations.
SESSION-1 field registry updated with all five new fields.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@JarbasAl @claude
USER-ID-1: four enrollment signals, auth_level 0-5, Layer-2 injection
35f519e 
- voice_id / face_id / name_id / passphrase_id: opaque enrollment record IDs
- speaker_id renamed to voice_id (matches enrollment terminology)
- name_id added for self-declaration ("I am Alice") signal
- auth_level 0-5: anonymous → default → claimed → single biometric →
  multi biometric → explicit credential
- §5: recognition plugin resolves user_id however it wants
- §6: Layer-2 bridge may inject all fields directly per BRIDGE-1
- SESSION-1 field registry updated

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@JarbasAl @claude
USER-ID-1: add non-normative intent handler examples (§8.1)
7f6be7a 
Five patterns: anonymous, identity-required, auth_level gate,
explicit-credential, signal-specific check. Plus bridge-injected
identity satellite scenario.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@JarbasAl @claude
USER-ID-1: site_id for camera selection, liveness detection note (§4.2)
9f3c6f4 
site_id SHOULD select the camera for the originating physical location.
Face recognition SHOULD employ liveness detection (blink prompts, texture
analysis, depth sensing) to prevent photo/replay spoofing; implementations
that cannot verify liveness SHOULD reflect this in auth_level.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@JarbasAl @claude
USER-ID-1: review pass — consistency, gaps, simplification
135419e 
- Add default_user_id field (§2, §6) for configured-default identity;
  SESSION-1 field registry updated
- §3: clarify per-signal fields MAY be set at level 0 (attempted, unresolved)
- §4.2: move liveness technique list to non-normative note; drop
  corroborating-evidence SHOULD (was in tension with level table)
- §4.3: clarify name_id stays absent when no match or no enrollment
- §5: renumber; add §5.1 identity persistence across utterances (SHOULD
  preserve unless contrary evidence); add §5.2 re-auth via CONVERSE-1
  response_mode
- §6: merge paragraphs; define default_user_id semantics
- §7: collapse to two bullets
- §8.1 examples: fix bridge example (auth_level 1, default_user_id set,
  no name_id); add response_mode note to passphrase example; trim prose
- §9: fix "ensure all fields present" → "write only fields resolved";
  drop vacuous MAY section
- See also: add SESSION-2, CONVERSE-1

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@JarbasAl @claude
USER-ID-1: fix §5 prose consistency with conformance section
c40d760 
"the fields are present" → "the fields it has resolved are present"
— matches §9 wording and removes implication that all fields must be set.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented May 28, 2026
edited
Loading

Copy link
Copy Markdown

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 14cbd902-a5d2-4f36-b13b-172dc190a455

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch spec/user-id

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

This was referenced May 28, 2026
Open
Open
JarbasAl and others added 3 commits May 28, 2026 21:10
@JarbasAl @claude
USER-ID-1: move spec/user-id/ovos-user-id-1.md → user-id-1.md
d212cdc 
Move to repo root and drop ovos- prefix, consistent with all other specs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@JarbasAl
Merge remote-tracking branch 'origin/dev' into spec/user-id
7bdbc5a
@JarbasAl @claude
docs: add USER-ID-1 to README spec table and CHANGELOG
2c41f3c 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@JarbasAl JarbasAl mentioned this pull request Jun 10, 2026
Open
@JarbasAl

JarbasAl commented Jun 10, 2026

Copy link
Copy Markdown
Member Author

Merge-ready (MERGEABLE, dev merged in). Template conformance: header present, RFC-2119 boilerplate present, sections numbered 1–9, See also section. Fixed: USER-ID-1 was absent from README spec table and CHANGELOG — both added. Cross-references to OVOS-SESSION-1, OVOS-TRANSFORM-1, OVOS-BRIDGE-1 are forward-pointing specs (correct for an in-review spec). Note: after #55 merges, GLOSSARY.md in this branch will need ovos-intent-*.md links updated.

@JarbasAl JarbasAl mentioned this pull request Jun 10, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

USER-ID-1: user identity resolution and authentication level specification

1 participant

@JarbasAl