USER-ID-1 v1: user identity resolution specification#54
Draft
JarbasAl wants to merge 8 commits into
Draft
Conversation
Claims session.user_id field (SESSION-1 §2.1). Defines three signal categories (voice transformer, utterance transformer, out-of-band visual) and the metadata transformer as the sole injection point. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
speaker_id, face_id, passphrase_id: opaque strings per signal type. auth_level 0-3: guest → single passive → multi passive → explicit. §7 gives skill guidance: auth_level gates sensitive operations. SESSION-1 field registry updated with all five new fields. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- voice_id / face_id / name_id / passphrase_id: opaque enrollment record IDs
- speaker_id renamed to voice_id (matches enrollment terminology)
- name_id added for self-declaration ("I am Alice") signal
- auth_level 0-5: anonymous → default → claimed → single biometric →
multi biometric → explicit credential
- §5: recognition plugin resolves user_id however it wants
- §6: Layer-2 bridge may inject all fields directly per BRIDGE-1
- SESSION-1 field registry updated
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Five patterns: anonymous, identity-required, auth_level gate, explicit-credential, signal-specific check. Plus bridge-injected identity satellite scenario. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
site_id SHOULD select the camera for the originating physical location. Face recognition SHOULD employ liveness detection (blink prompts, texture analysis, depth sensing) to prevent photo/replay spoofing; implementations that cannot verify liveness SHOULD reflect this in auth_level. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add default_user_id field (§2, §6) for configured-default identity; SESSION-1 field registry updated - §3: clarify per-signal fields MAY be set at level 0 (attempted, unresolved) - §4.2: move liveness technique list to non-normative note; drop corroborating-evidence SHOULD (was in tension with level table) - §4.3: clarify name_id stays absent when no match or no enrollment - §5: renumber; add §5.1 identity persistence across utterances (SHOULD preserve unless contrary evidence); add §5.2 re-auth via CONVERSE-1 response_mode - §6: merge paragraphs; define default_user_id semantics - §7: collapse to two bullets - §8.1 examples: fix bridge example (auth_level 1, default_user_id set, no name_id); add response_mode note to passphrase example; trim prose - §9: fix "ensure all fields present" → "write only fields resolved"; drop vacuous MAY section - See also: add SESSION-2, CONVERSE-1 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
"the fields are present" → "the fields it has resolved are present" — matches §9 wording and removes implication that all fields must be set. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This was referenced May 28, 2026
Move to repo root and drop ovos- prefix, consistent with all other specs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #53
What this PR adds
spec/user-id/ovos-user-id-1.md— new specification for user identity resolution and authentication levels at the bus protocol layer.Companion edit:
ovos-session-1.md— seven new fields added to the §2.1 field registry.Spec summary
Skills read
session.user_idandsession.auth_levelfrom the message they receive on dispatch — no query round-trip, no race condition. The recognition plugin (transformer chain, standalone service, or bridge injection) populates the fields before the utterance enters the pipeline.Four enrolled signals → four opaque session IDs:
voice_id— voice-print match (audio transformer, pre-STT)face_id— face-print match (out-of-band camera plugin;site_idselects camera)name_id— self-declaration match ("I am Alice"; utterance transformer, post-STT)passphrase_id— secret-phrase match (utterance transformer, post-STT)auth_level0–5: anonymous → configured default → self-declared → single biometric → multi biometric → explicit credential.Identity persists within a session — once established,
auth_levelcarries forward without re-recognition; skills can prompt for an upgrade via CONVERSE-1response_mode.Layer-2 bridges may inject all fields directly (e.g. authenticated chat interface, single-user satellite terminal via
default_user_id).Files changed
spec/user-id/ovos-user-id-1.mdovos-session-1.mdRelated