Soffid brings its own data model that is stored on a relational database, acting as a identity information meta repository. The most important object types stored in the database are:
- Users. Identify people that is using the information system.
- Organization structure. identifies the business units or work groups to manage. It’s used to be managed using a hierarchical view. Despite a user is always bound to a main business unit, it can be assign to more than one at the same time.
- Repositories are each on of the systems where information about the users is going to be stored. It uses to be an Active Directory or an LDAP server.
- Accounts are the names a user is known by on each repository. Despite account names use to match user names, they can be different due to technical or legacy reasons.
- Information systems are observed from information owner perspective. Despite an information system can be also a repository, a repository uses to identify users for several information systems.
- Roles are the different access levels foreseen for an application system. Soffid does not differs identity management roles from information system roles (also known as entitlements), as long as Soffid is considered as an information system itself.
- Authorizations are the set of roles that are granted to a user or account. Authorizations can be done either directly to a user of indirectly to a group or another role
In order to manage other kind of identities, in a step towards “internet of things”, Soffid allows to identify and model other, more technical, objects, just like:
- Communication networks
- Network devices
- Print services
- Shared folders
One key aspect of the data model is the password management model. Soffid stores the accounts passwords using a non reversible cryptographic algorithm that can be used to check them, avoiding a hacker could decrypt them. Along the current password, Soffid stores old passwords and the policy requirements the password must match.
Additional, the data model can be easily extended using to different techniques. From console, the administrator can easily define new attributes for identities. By the other side, now object types and behavior can be modeled in Java and uploaded to the console as an addon. Depending of the requirements, this attributes can be queried and/or modified by administrators and users.