...
An entity is a "thing" of interest to the institution, distinguishable from other entities of its type. Entities of most interest for an identity registry are typically "actors", making things happen i.e. things that initiate actions in online systems. The most common type of entity is a person, hence identity registries are often called person registries. Other common "actor" entities are processes, applications, computers, and organizations. An entity is represented in the identity registry by a record called an entry that contains structured information about the entity. Some of the data describes the entity; this is identity data. Other data, such as entry create time or access control data, is registry metadata. A data element that is designed to distinguish entities in a set is called an identifier. An entry typically contains several kinds of identifiers, as well as other identity data about the entity. A key goal of a registry, typically, is to ensure, as much as possible, that each entity is represented by exactly one registry entry. Each entry in a registry has a type, and each type has a schema. Different types may be handled by different registries, or a single registry may deal with several types.
Registry-managed identifiers
In addition to managing entity data sourced from various business processes, identity registries typically are source systems (i.e., are authoritative) for some data, in particular institutional identifiers. A common registry-managed identifier is a registry ID (also called unique ID, or UUID) that is an opaque non-reusable identifier serving as an institutional "key" for the entity. Another common registry-managed identifier is a network ID (also called NetID or username) that is used by end-users for login and other services such as email.
Registration, matching, reconciliation
Registration (also known as enrollment) is the process of creating a new identity registry entry. Identity data may come into a registry from source systems (which are typically also registries in a sense), or interactively via human entry processes. A person who engages in registering entries is called a registration agent. In support of the goal of one entry per entity, it is necessary for the registration process to determine whether a set of identity data coming into the registry refers to an existing entry, or represents a new entity, hence requiring the creation of a new entry. The process of distinguishing new from existing is called matching. The matching process may rely on many different data elements, and may involve human decision-making in addition to automated processing. The process of adding or modifying identity data in an entry based on incoming data is called reconciliation.
...
It may be found that due to a failure of matching in the registration process more than one registry entity exists for an entity. In this case two or more entries must be merged. Similarly, it may be found that an entry contains a mix of information from different entities. In this case the entry must be split into two or more entries. Merging and splitting are typically administrative processes; in the case of person entries they the processes may involve the affected people.
Entry metadata
create/mod dates, sources, assurance
Identity information distribution
Identifiers
...
Affiliations,
...
lifecycle
Many different institutional processes bring entity information into a registry. In addition to the entity's type (person, e.g.), the registration process and the information in the entry will typically reflect the nature of the process that brought the entry in. For example, the entry for a person who is a student will likely have a different input process and hold different information from that of a person who is an employee (a person may be both, of course). The different relationships that affect entry data and maintenance are called affiliations. The policies and procedures that codify how an entry is managed over time are called lifecycles of the various affiliations or other business processes. In addition to ...
Contact / profile information
...