Figure DI.01 - Digital Identity overview

A DigitalIdentity enables identification / authentification of Party or Resource in order to allow Party or Resource to use their permission.<br/>The DigitalIdentity needs an ID, a status and a valid period during which the DigitalIdentity can be used.<br/>A PartyDigitalIdentity enables identification / authentication of a unique Party or many PartyRoles.<br/>A PartyDigitalIdentity identifying only PartyRoles might be used for permissions delegated.<br/>Or a PartyDigitalIdentity may identify a Party but only for a subset of the PartyRoles he plays. For example, it can be used to have a PartyDigitalIdentity carrying all professional PartyRoles delegated by the employer and another one carrying all PartyRoles played personally.<br/>A ResourceDigitalIdentity enables identification / authentication of a unique Resource.<br/>Thanks to the ResourceRoles played by a Resource, it will be granted by the permissions carried by each ResourceRole.<br/>The ResourceDigitalIdentity helps controlling Machine to Machine activities.<br/>At least one Credential is needed for a DigitalIdentity. A Credential enables identification / authentification.<br/>One or many ContactMedium might be defined for each Credential to be used for reset.<br/>The role attribute specifies the type of use such as "for first step of password reset", "for password reset confirmation" or "for password reset information“<br/>The Credential needs an ID, a status and a valid period during which the Credential can be used.In addition, the Credential carries a trustLevel specifying the Credential reliability level. According to the level some permissions might be available or not. For example, with a low level of trust, a customer won’t have the right to buy something.<br/>A DigitalIdentity might be seen as an Avatar. The Avatar is used to welcome when connecting.<br/>The Avatar might be represented by an Attachment such as a picture.<br/>The Avatar might contain a name and a nick name used to welcome when connecting.<br/>