...
Core Identity – single entity per human or IoT
Person — core identity can be the owner of other person objects
OrgRoIe — Business Role always assigned in conjunction with an Organizational Location
OrgZone — Organizational Location / Business Context always assigned in conjunction with a Business Role
Polyarchical RBAC — Business Roles and Locations are both hierarchical trees. People are assigned to one or more Business Roles each for a specific Location/Context. This polyarchy dramatically reduces the number of roles and eliminates role bloat
Company — people belong to companies via their Business Role and Location assignments
Personas — person core identity can be linked to multiple sub-person objects which are the professional identities — i.e. have the business information attached
...
AccountStore – represents a directory or user store
ProtectedApplicationResource – represents an application
Account – user or HR record in an external directory/application
Group – group or application role in an external directory/application
GroupAccount – membership of user records in groups in external directories/applications
...