TenantAtlas/specs/406-provider-policy-domain-public-taxonomy/data-model.md

Data Model: Provider & Policy Domain Public Taxonomy

This feature has no persisted data model. The entities below are website content structures used to render a public taxonomy route. They must remain static/page-local content unless a later spec explicitly introduces runtime provider capability truth.

Taxonomy Page

Represents: The localized public page or substantial platform-page section explaining providers, policy domains, status labels, future-provider direction, buyer meaning, and CTA destinations.

Fields:

• locale: de or en
• pageTitle: localized metadata title
• metaDescription: localized metadata description
• heroEyebrow: short positioning label
• heroTitle: main H1
• heroSubtitle: body copy stating Microsoft 365 first, Intune as first strong domain, and future extensibility without live-support overclaiming
• primaryCta: optional CTA with real destination
• secondaryCta: optional CTA with real destination
• statusLegend: list of Public Status Labels
• domainMatrix: list of Policy Domain Rows
• futureProviders: list of Future Provider Rows
• buyerCards: list of Buyer Meaning Cards

Validation rules:

• pageTitle and metaDescription must not claim Google/AWS/Okta live support.
• CTA destinations must be real routes, real anchors, or real contact destinations.
• The page must contain status legend, Microsoft 365 domain matrix, future-provider section, and buyer-facing section.
• The page must not contain href="#".

Public Status Label

Represents: A website-only status label used to distinguish current focus, planned direction, architecture direction, unavailable areas, and non-claims.

Fields:

• key: stable content key such as current-focus, planned-domain, architecture-direction, not-currently-available, or not-claimed
• label: localized visible label
• description: localized explanation of what the label means

Validation rules:

• Must include exactly the five public meanings required by the spec, with localized labels.
• Must be visible on the taxonomy surface.
• Must not be reused as runtime product state, provider capability state, or persisted status.

State transitions: None. These are static public labels. Any future change from planned to current requires repo/product truth verification during implementation or a later spec.

Policy Domain Row

Represents: One Microsoft 365 policy/governance domain presented to buyers.

Fields:

• domain: visible domain name
• provider: visible provider or provider family
• statusKey: reference to Public Status Label
• governanceValue: buyer-facing reason this domain matters
• tenantialHelpsWith: short description of Tenantial's role
• claimBoundary: explicit limit on what is and is not claimed

Required rows:

• Intune / Endpoint Policies
• Entra / Identity & Access
• Conditional Access & Sign-in Controls
• SharePoint / OneDrive Sharing
• Enterprise Apps & Service Principals
• Security Posture Evidence
• Provider Permissions & Readiness
• Review Packs & Governance Evidence

Validation rules:

• Every row must include all fields.
• Intune / Endpoint Policies may be current-focus only if repo/product truth supports it.
• Unverified Microsoft-adjacent domains default to planned-domain.
• Security Posture Evidence must be framed as evidence/signal coverage, not remediation ownership.
• Provider Permissions & Readiness must be framed as provider-specific requirements, not universal platform truth.
• Claim boundaries must avoid unsupported automation, restore, or provider-support claims.

State transitions: None in this feature. Status wording can change only when implementation verifies current product truth or a later spec updates public claim status.

Future Provider Row

Represents: One non-Microsoft provider or provider family discussed as future architecture direction.

Fields:

• provider: visible provider or provider family name
• statusKey: normally architecture-direction
• safeWording: cautious statement that avoids live availability claims
• claimBoundary: explicit statement that no current support is claimed unless verified

Required rows:

• Google Workspace / Google Cloud
• AWS
• Okta / Identity Providers
• Other SaaS Policy Systems

Validation rules:

• Default status is architecture-direction.
• Must not use official logos, fake badges, or partner-like visuals.
• Must not use supported, available today, works with, or equivalent live-support language unless verified.

State transitions: None in this feature.

Buyer Meaning Card

Represents: A buyer-oriented explanation of what the taxonomy means for MSPs and enterprise IT.

Fields:

• title: short buyer-facing label
• content: localized explanation

Required cards:

• Start concrete
• Scale governance
• Avoid tool sprawl
• Stay honest

Validation rules:

• Must describe buyer value, not internal architecture.
• Must not duplicate the full taxonomy matrix.
• Must not introduce unsupported provider or compliance claims.

Navigation Link

Represents: A public website link to the taxonomy route from homepage, platform page, nav, or footer.

Fields:

• label: localized visible link label
• href: localized route or anchor
• placement: homepage, platform page, navigation, footer, or CTA

Validation rules:

• href must resolve to a real page, real section, or real contact destination.
• No placeholder links.
• Navigation/footer placement must follow existing website IA conventions and avoid top-level clutter.

Metadata Contract

Represents: The taxonomy page title and description.

Fields:

• title
• description
• canonicalPath

Validation rules:

• Must mention policy domains/provider direction safely.
• May mention Microsoft 365, Intune, Entra, Conditional Access, SharePoint, Enterprise Apps, and future provider direction.
• Must not claim Google Workspace support, AWS support, Okta support, multi-cloud support, or universal policy governance.