What is an Identity Entity and How Does It Work?

Learn what an Identity Entity is and how it works. Understand how Domain-Driven Design (DDD) uses Identity Entities to uniquely identify objects and how they are used to link multiple authentication identities.

What is an Identity Entity and How Does It Work?

The entity identity checks if two persistent objects represent the same state in the data store.

The entity identity

of each persistent instance is encapsulated in its identity fields. If two entities of the same type have the same identity field values, the two entities represent the same state in the data store. In the context of Domain-Driven Design (DDD), identity is something inherent to an entity; only entities have it, and it's something that uniquely identifies them among all other entities.

For example, you can create an entity that represents Bob and associate aliases that represent each of his accounts as a member of the entity. You can set additional policies and metadata at the entity level so that both accounts can inherit. The name of the table in the row plus its primary key are an excellent implementation of the concept of identity. If you're working on something more or less complex, you'll inevitably run into problems trying to reconcile a supposedly immutable change in identity. Therefore, it could be that within a particular domain model, it might be OK to use a person's Social Security Number (SSN) or email as an identity.

However, this has security implications, so people should always know where the Social Security office closest to them is, such as the Vermont Social Security office, in case they ever need to report a stolen social security number or any fraudulent activity that was committed under the pretext of their identity. It turns out that the main key of the database is a good approach to the concept of identity in domain-driven design. Since these encapsulated entities are managed by the entity that contains them, it is usually sufficient that they have an identity that is only unique within the owner entity. Perhaps more common than external unique identifiers are identities created to be unique within the scope of the system or within the limits of the current model. In certain cases, the identity of an entity may even be unique and relevant outside the current system; it is the identity of the entity that defines it, regardless of its attributes, and its identity is consistent over time. Without an entity defined to link those multiple authentication identities to the application, the Vault server has no way of knowing if the same application has logged into Vault using different authentication methods.

Most of these attributes can change as long as the customer remains in the system, but it's still the same customer with the same history in the system and its identity shouldn't change. Each Vault customer can have multiple accounts with multiple identity providers enabled on the Vault server. But isn't there a contradiction? Didn't I just tell you that natural properties don't give rise to a good identity? Entities play a central role in representing concepts in a domain model, but not everything in a model is defined by their identity. During its life cycle, an entity can transform and adopt many different attributes and behaviors, but its identity always remains unchanged.

Terri Benigno
Terri Benigno

Passionate pizza aficionado. Subtly charming travel fanatic. Proud coffee junkie. Certified twitter geek. Typical music fanatic. Freelance bacon specialist.

Leave Reply

Required fields are marked *