However, what do the services/applications consider to be the attributes that define user/businesses unique identity? From a technology standpoint, I see identity products to be broadly classified into 3 pillars based on their feature offerings/solutions:
User/Entitlement provisioning, Password/Profile management, Self-service Access/Roles catalog management
2) Access Management
Single sign-on, Authorization, Authentication
3) Identity Platform Services
Policy Compliance and Enforcement, Security Stores, Replication, Synchronization
Policy Compliance and Enforcement, Security Stores, Replication, Synchronization
Mapping these core identity functions/features into the enterprise application architecture space is quite challenging. In reality, our understanding of a business entity (person/tenant/business) identity is built upon an incomplete set of attributes that the application/service architecture deems sufficient to differentiate one entity from another. But this attribute set is generally far from complete and a wide range of perceptions exist regarding what is considered acceptable to uniquely define an entity's identity in the application/service domain. Application architecture must accept a level of risk and be willing to offer service on the basis that a business/user's identity definition is "good enough" for the purpose of which the application/service is going to use it.
Here is my attempt at capturing the high-level identity touch points that matter to the application-architecture design across the enterprise technology domain.