Files
identity-canon/canon/CanonicalGlossary.md
tegwick 3ccf841095 Resolve Customer Account question; add commercial subscription research
Record B2B SaaS subscriber tenancy and Stripe billing source notes. Resolve
the Customer Account open question: reject it as canonical, add Commercial
Record and Commercial Relationship to the Record and relationship layers, and
document Subscriber as a convenience term only.
2026-06-21 20:35:36 +02:00

10 KiB

Canonical Glossary

Status: draft. Updated after IDENTITY-WP-0003 corpus backfill and scenario review. Definitions remain candidate canon terms until human review promotes them.

Actor

An entity that can participate in relationships, hold or control accounts, be represented by another actor, or be projected into downstream systems.

Includes: natural persons, organizations, communities, families, service accounts, bots, and AI agents.

Excludes: raw identifiers, credentials, claims, and profiles unless they are being represented as records about an actor.

Natural Person

A human being. A natural person may have many accounts, profiles, identifiers, credentials, personas, and relationships.

Excludes: account records, social profiles, legal entities, and artificial agents.

Artificial Agent

A non-human actor that performs actions under software, automation, or delegated control.

Includes: bots, service agents, workloads, and AI agents.

Collective Actor

An actor composed of or associated with multiple actors.

Includes: organizations, communities, families, households, groups, and teams when they can participate in relationships or be represented.

Account

An operational record in a scope that enables access, login, administration, or system participation.

Includes: human login accounts and service accounts.

Excludes: natural persons, billing accounts, profiles, credentials, and authorization principals unless a source uses account in that narrower context.

Service Account

An account intended for software, workload, bot, or automation access rather than ordinary human interactive use.

Identity Record

A record that describes, binds, or organizes information about an actor within a source or scope.

Identity Record is deliberately narrower than bare identity; it is a record, not selfhood, not proof material, and not necessarily a login account.

Identifier

A value or reference used to distinguish or refer to something within a scope.

Examples: username, email address, LDAP DN, OIDC subject, SAML NameID, DID, employee number, external source ID.

Scoped Identifier

An identifier whose meaning is intentionally limited to a relying party, sector, tenant, realm, application, namespace, or other scope.

Credential

Evidence or secret material used to prove control, entitlement, or a claim.

Examples: password, passkey, certificate, hardware token, verifiable credential, recovery code, signed assertion.

Claim

A statement made by an issuer or source about an actor, account, identifier, relationship, or attribute.

Authenticated Subject

The protocol-level representation of an entity after an issuer or identity provider identifies it for a relying party.

Examples: OIDC subject, SAML subject.

Authorization Principal

The entity considered by an authorization system when evaluating whether an action is allowed.

Profile

A presentation or attribute surface for an actor or account in a scope.

Examples: public social profile, local application profile, directory profile.

Persona

A deliberate contextual presentation of an actor, often used to separate roles, audiences, privacy boundaries, or pseudonymous participation.

Scope

A boundary within which identifiers, meanings, relationships, accounts, policies, or lifecycle states are valid.

Examples: tenant, realm, relying party, namespace, application, community, authorization domain.

Tenant

An administrative or isolation scope for a system, service, platform, or application.

A tenant may be associated with an organization, customer, vendor, or community, but it is not automatically identical to any of them.

Realm

An issuer, security, or administrative namespace used by an identity system.

After Keycloak and federation source review, Realm remains a Scope specialization for hard identity/admin boundaries (separate user namespaces, credentials, clients, IdPs). It is not interchangeable with Tenant or Organization.

Organization

A collective actor with operational, social, administrative, or structural continuity.

Excludes: tenant, customer, and legal entity unless those meanings are modeled as separate relationships or specializations.

An organization or other actor recognized by a legal system.

Customer

A commercial role played by an actor (usually an Organization, sometimes a Natural Person for individual subscriptions) that consumes services from a vendor.

Customer is a relationship role, not a record type and not interchangeable with Tenant, Organization, Account, or Commercial Record.

Vendor

A commercial role played by an actor (usually an Organization) that provides services to customer actors.

Vendor is a relationship role, not a tenant, realm, or organization synonym.

Commercial Relationship

A typed relationship connecting a vendor actor to a customer actor for a commercial or subscription purpose within a stated scope.

May reference a Commercial Record for billing state. Does not imply membership, authorization, or identity equivalence.

Commercial Record

A record in a billing, CRM, or commerce system that tracks payment methods, subscriptions, invoices, contracts, or commercial contact details for an actor or tenant.

Examples: Stripe Customer, Salesforce Account, subscription billing profile.

Commercial Record is in the Record layer. It is not an Account (login), not an Organization actor, and not a Customer Account. Link it to Actor, Tenant, or Scope via Identifier binding or Commercial Relationship.

Community

A collective actor formed around participation, affiliation, identity, interest, moderation, or social interaction.

Family Or Household

A collective actor or relationship network involving family, guardian, dependent, household, or care relationships.

This concept is privacy-sensitive and may have legal implications outside the canon's scope.

Group

A named collection of actors or accounts in a scope.

Group membership may have authorization implications, but a group is not the same concept as a role, community, team, or organization.

Role

A named capability bundle, responsibility, or relationship label within a scope.

Roles may be assigned through memberships or relationships, but role is not identical to group.

Relationship

A typed, scoped assertion connecting one actor, account, identifier, group, or other model element to another.

Recommended fields: source, target, type, scope, evidence, issuer or source, confidence when relevant, lifecycle state, and authorization implications.

Membership Relationship

A relationship indicating that an actor or account belongs to, participates in, or is accepted by a collective actor or scope.

Affiliation Relationship

A relationship indicating association without necessarily implying membership, control, employment, or authorization.

Following Relationship

A directed social relationship where one actor subscribes to, follows, or observes another actor or profile.

Representation Relationship

A relationship where one actor acts or speaks on behalf of another actor within a scope.

Delegation Relationship

A relationship where one actor grants bounded authority to another actor.

Administration Relationship

A relationship where one actor has management authority over accounts, relationships, policies, or configuration in a scope.

Trust Relationship

A relationship where one actor, issuer, verifier, system, or scope relies on another for claims, identifiers, credentials, or decisions.

Synonymity Assertion

A scoped, evidenced assertion that two or more identifiers, records, accounts, profiles, or actors refer to the same target for a stated purpose.

Recommended relation types: same_as, probably_same_as, linked_to, represents, controls, acts_for.

Recommended strength bands: weak, medium, strong, authoritative.

Synonymity assertions may be verified, inferred, revoked, privacy-limited, or source-specific. They do not require destructive merging of source records.

Common sources: OIDC iss+sub account binding, SAML persistent NameID mapping, entity-resolution matches, operator verification, VC cryptographic proof, schema.org sameAs (weak by default).

Evidence Source

A source, document, event, issuer, import, observation, or verification process supporting a claim, relationship, or synonymity assertion.

Lifecycle State

The current state of a record, account, relationship, credential, claim, or assertion.

Examples: proposed, active, suspended, revoked, expired, archived, deleted, superseded.

Security event streams (SSF/CAEP/RISC) and VC status mechanisms are common Evidence Sources that trigger lifecycle transitions.

Assurance Level

Confidence metadata about identity proofing, authentication, or federation derived from sources such as NIST SP 800-63-4.

Dimensions:

  • Identity Assurance Level (IAL): confidence that a subscriber is the claimed person.
  • Authenticator Assurance Level (AAL): confidence in authentication mechanism.
  • Federation Assurance Level (FAL): confidence in federation assertion protection.

Assurance levels attach to bindings, credentials, and federation relationships; they do not replace authorization decisions.

Relationship Tuple

An authorization projection encoding a subject-relation-object fact in engines such as Zanzibar, OpenFGA, or Ory Keto.

Relationship tuples are not canonical identity roots. They project from actors, accounts, memberships, and delegations into authorization domains.

Pseudonymous Identifier

An identifier designed to limit cross-scope correlation, aligned with privacy patterns such as OIDC pairwise subjects, tenant-local subjects, and GDPR pseudonymization with separately stored re-identification keys.

Non-Canonical Convenience Term: User

User may be used in prose when quoting or mapping external systems, but it should not be a canonical root concept. Resolve it to a specific canonical concept before using it in model definitions.

Non-Canonical Convenience Term: Subscriber

Subscriber (common in Auth0 B2B SaaS documentation) usually means the organization or party holding a subscription and tenant. Resolve to Organization

  • Customer Relationship role + Tenant Scope, or to Natural Person + Tenant for individual subscriptions. Do not model as Customer Account or Account.

Non-Canonical Convenience Term: Customer Account

Do not use Customer Account as a canonical term. Resolve by layer:

  • login/access → Account;
  • subscribing company → Organization + Customer Relationship role;
  • billing/CRM record → Commercial Record;
  • isolation boundary → Tenant.