work in progress
Description
Account service offers operations to manage a CollectionSpace account. To securely access the CollectionSpace services, an account for a user is required in the system. An account is associated with an identity. The identity could either reside in [collectionspace:CollectionSpace Identity Provider (CSIP)] which is the default identity provider or a foreign identity provider such as CalNet or an OpenID provider.
In release 0.4 only CSIP is supported
Key Concepts
Relationships
Following describes the relationship between an Account, a Person and a User in the [default identity provider].
An account is associated with at least one Person in CollectionSpace. An account is always associated with one user identity. This identity could reside in the default identity provider or a foreign identity provider. An account might optionally manage an identity if the identity is stored in the realm managed by the default identity provider.
Assumptions
- In a multi-tenant SaaS deployment of CollectionSpace, it is assumed that account service is consumed by users with privileges to manage accounts for a tenant.
- Tenant context (id) is never available to the account service consumer nor is required to be provided by the consumer.
Assumptions for managing account with identity managed by [CollectionSpace Identity Provider]
Issues
- The Person Service is the System of Record (SOR), or authoritative data source, for personIds.
- The SOR for systemIds is TBD.
References
- [collectionspace:Authentication Service Description and Assumptions]
- [collectionspace:CollectionSpace Identity Provider (CSIP)]
- [Design notes for multi-tenancy in CollectionSpace]