Continual IAM

Continual’s Identity and Access Management (IAM) framework presents a group of fairly common concepts.

Identities

Identity

An Identity represents a user, whether human or machine. An Identity may be a member of zero or more Group instances.

Identity Database

The IdentityDb interface provides read-only access to a database of identities including lookup by authentication common techniques such as username/password auth, API key auth (via HMAC signing), and JWT tokens.

Identity Manager

The IdentityManager interface extends the IdentityDb to allow the management of identities, including creation, deletion, aliasing, and API key management. This interface can also manage an email roundtrip password reset process.

Access Management

Access Database

The AccessDb interface provides the ability to load Group records as well as AccessControlList instances by controlled Resource. The interface also provides an access check to determine if a given Identity may peform a requested Operation on a given Resource.

Access Manager

The AccessManager interface extends the AccessDb with management methods for Group instances.