10Duke Identity Management Graph API

Here are some objects that you’re likely to interact with on the graph most frequently using the 10Duke Identity Management Graph API.

This is by no means an exhaustive list and you can of course create new objects on the graph, but it’s meant to give you an idea of the core objects on the graph and the possible relations between them.

Identity model:

  • EmailAndPassword: Stores the credentials for authenticating a user with an email address and password

  • Membership: A relation describing the membership of a Profile in a ProfileGroup

  • Organization: Describes an organization, typically a company whose employees use the system

  • Person: Describes a real person who may or may not act in the system using a Profile

  • Profile: Describes a person acting in the system

  • ProfileGroup: Describes a group having Profile members

  • Property: Holds additional key-value properties that can be attached to objects such as Profile and Organization

  • (Organization)ContactInformation: Aggregates contact information details (email, postal address, telephone number, and web address) for a Profile or an Organization

  • (Organization)EmailAddress: An email address for contacting a person represented by a Profile or for contacting an Organization

  • (Organization)PostalAddress: A postal address for contacting a person represented by a Profile or for contacting an Organization

  • (Organization)TelephoneNumber: A telephone number for contacting a person represented by a Profile or for contacting an Organization

  • (Organization)WebAddress: A web address, such as a home page or corporate site, for contacting a person represented by a Profile or for contacting an Organization

  • TechnicalActor: Describes another technical system acting in the system

  • Partnership: A relation describing a partnership between two organizations

Security model:

  • ConsumerPermission: A permission stored by an external system, enforced by the external system

  • ConsumerRole: A role that is used for granting ConsumerPermissions to users using an external system

  • Grants: A relation describing permissions granted by a role (Role, Organization, ProfileGroupRole, or ConsumerRole)

  • OrganizationRole: A role used for granting permissions to resources owned by an Organization

  • Permission: An abstract name describing a permission that can be granted to a user

  • ProfileGroupRole: A role used for granting permissions to resources owned by a ProfileGroup

  • Role: A role used for granting system-wide permissions

This diagram shows example Graph objects and object relationships:

10Duke Identity Management Graph API, example Graph objects and object relationships