Identity

An identity is who an actor is, consisting of attributes that uniquely identify them. Identities have at least one mechanism for the actor to verify who they are, called authentication.

We use the Oauth2 protocol for authentication, provided by our primary identify provider Keycloak. User login/logout flows are handled via the Identity Service.

Identity Contexts (User Profiles)

The scope of identity is purely authentication across one or many apps on the system, either as a real-person user or a service account.

The context of a user is provided by the service that the user interacts with, not with the Identity Provider. The identity is the statement of facts about the user, whereas it's up to the service to derive meaning (i.e. context) of what that identity means in relation to the business domain.

All non-identity information is stored on a service-provided user profile which is not in part of the identity.

Identity Contexts (User Profiles)​

Identity Contexts (User Profiles)