Continual IAM
Continual’s Identity and Access Management (IAM) framework presents a group of fairly common concepts.
Identities
Identity
An Identity
represents a user, whether human or machine. An Identity
may be a member of zero or more Group
instances.
Identity Database
The IdentityDb
interface provides read-only access to a database of identities including lookup by authentication common techniques such as username/password auth, API key auth (via HMAC signing), and JWT tokens.
Identity Manager
The IdentityManager
interface extends the IdentityDb
to allow the management of identities, including creation, deletion, aliasing, and API key management. This interface can also manage an email roundtrip password reset process.
Access Management
Access Database
The AccessDb
interface provides the ability to load Group
records as well as AccessControlList
instances by controlled Resource
. The interface also provides an access check to determine if a given Identity
may peform a requested Operation
on a given Resource
.
Access Manager
The AccessManager
interface extends the AccessDb
with management methods for Group
instances.