Identity and its Schema

An Identity in this system acts as a central point for managing access and permissions. It's more than just a name or ID; it's a representation that is expanded through relationships with credentials, specific actions, resources, and memberships in sets. This allows the system to control what an entity can do and access based on its identity.

How Identity Expands Through Relationships

The diagram shows how an Identity is linked to various other entities, expanding its scope and defining its capabilities:

• Entitlement_Assignment: This link connects an Identity to a set of entitlements, specifying what actions the Identity is allowed to perform.
• Set_of_Actions: Actions represent specific operations or functions within the system (e.g., "Read", "Write", "Delete").
• Set_of_Resources: Resources are the objects or data the Identity can interact with (e.g., files, databases).

Expansion and Contextualization of Identity

The diagram shows how an Identity is expanded and contextualized through its relationships with other entities:

1. Represented by "The_Identified":
   • This entity provides the concrete details about the actual entity being represented. It could be a person, a machine, or any other subject.
   • Attributes:
     • ID (int): Unique ID of the Identified entity.
     • Name (string): The name or label of the Identified entity.
     • Type (string): Specifies the type of entity (e.g., "Person", "Machine").
2. Assigned "Credential":
   • Credentials are used to authenticate the Identity.  
   • Attributes:
     • ID (int): Unique ID of the Credential.
     • PU (string): Likely the Primary User or Principal User associated with the Credential.
     • Type (string): Specifies the type of Credential (e.g., "Smart Card", "API Key").  
     • Value (string): The actual credential value (e.g., the key itself).
3. Part of a "Set_of_Identities":
   • This suggests that Identities can be grouped or organized. This could be for roles, permissions, or organizational purposes.
4. Assigned to "Service_Item":
   • This connection indicates that an Identity is associated with or has access to a specific service item.

🏢 Organisational Unit

• It’s the starting point or top-level container.
• It has one:
  • Scope
  • Context
  • Universe of Rights

🎯 Scope

• Tells where and how entitlements apply.
• Covers:
  • One or more Sets of Resources
  • Refines application of Entitlements

🌌 Universe of Rights

• Defines the entitlements space available to the organization.
• Has:
  • One Set of Entitlements
  • That set contains multiple Entitlements

🧾 Set of Entitlements

• A collection of Entitlements (permissions).
• Has:
  • One or more Entitlements
  • One or more Entitlement Assignments (who gets what)

🛡️ Entitlement

• Represents a specific permission or right.
• Applies to:
  • One or more Sets of Resources
  • One or more Sets of Actions

📦 Set of Resources

• Group of things you can access.
• Each Set contains:
  • One or more Resources
    • Which can be: Accounts or Other

🛠️ Set of Actions

• Describes what actions are allowed.
• Each Action:
  • Is defined for one or more Service Items

🎟️ Entitlement Assignment

• Says who gets what entitlements
• Assigned to:
  • One or more Set of Identities

🧍 Set of Identities

• Group of people/systems.
• Contains:
  • One or more Identities

🧑‍💻 Identity

• Represents a Human or Machine
• Can be assigned:
  • One or more Credentials

🪪 Credential

• Methods of authentication
  • Examples: Smart Card, RSA Token, API Certificate
• Assigned to:
  • One or more Service Items