Entity Classification — Identity vs Permission-Grouping (Cross-System)
How SecurityV0 decides whether a thing is an identity (principal), a permission grouping (role / permission_set), a permission, or a resource — by behavior, not by the word a vendor uses. Includes the litmus test and a cross-system mapping table (AWS, Entra ID, ServiceNow, GitHub, Kubernetes). Read this whenever a type label looks wrong.