Profile Management Service
The Profile Management Service is one of the four security services of the SensorSA. Together with the Identity Management and Authentication Service and the underlying information model it allows the separation of (user) profiles and identities. The Profile Management Service is responsible for the management of profiles (create, update, delete), and their associations to certain identities. The identities themselves are stored and managed in instances of the Identity Management and Authentication Service.
The clear separation of identity management (Identity Management Interface) and profile management (Profile Management Service) enables the distributed and independent management of access rights. One user (a single profile) may have several identities and thus different access rights in disparate systems or networks.
A profile is composed of several profile attributes and is bound to one or more identities. The profile attributes correspond to the properties of a user profile (name, organisation, email etc.) and follow a certain schema (for example LDAP). SANY defines a common federated user profile with a set of default properties that are common across all authentication domains (systems, networks and organisation). Since different instances of the Profile Management Service may support different types of user profiles, it is possible to develop application specific user profiles. Those application specific user profiles have to include the attributes of the federated profile, if security enabled cross application interaction is required.
