Identity Glossary¶
Why This Exists¶
This glossary defines Identity Domain terms with precise meanings.
Owner¶
The owner is the Chief Product Officer and Enterprise Architect.
Business Value¶
Shared language helps product, architecture, engineering, security, and operations teams implement identity consistently.
Terms¶
| Term | Definition |
|---|---|
| Authentication Identity | Login or federated identity used to authenticate a user. |
| User Account | Identity-owned account representing a person in Algosure. |
| Organization Membership | Access relationship between a user and an OrganizationId tenant boundary. |
| Invitation | Time-limited request for a user to join an organization or role. |
| Role | Named bundle of permissions. |
| Permission | Specific allowed action against a resource or scope. |
| Role Assignment | Grant of a role to a user, membership, or service identity. |
| Permission Assignment | Direct grant of a permission where policy allows. |
| Access Policy | Rule used to evaluate authorization. |
| Authorization Decision | Allow, deny, challenge, or error result from access evaluation. |
| Session | Authenticated access state for a user. |
| API Key | Scoped programmatic credential for integrations or service access. |
| MFA | Multi-factor authentication used to strengthen account security. |
| Tenant Isolation | Enforcement that actors can access only authorized OrganizationId-scoped resources. |
| OrganizationId | Organization-owned identifier used by Identity as tenant boundary reference. |
| Entitlement Signal | Billing-owned access signal used by Identity in authorization decisions. |
| Keycloak | Possible future identity technology integration, not the Identity Domain model. |
Boundary Notes¶
Identity terms describe authentication and authorization. Organization profile facts, billing subscription facts, notification delivery state, analytics reporting views, and operational procurement records remain defined in their owning domains.