Feature: Consent Enforcement
How to define customized consents, specify consent workflows, and register user consents.
The Scaled Access Relationship-based Access Control (ReBAC) feature allows the customer to set up a system of delegated administration with which users can self-manage their relationships to digital assets.
Relationships are the basic unit that link users and assets into a network. This network can be represented in a graph as a collection of “nodes” and “edges”. Each node is a digital representation of one user or asset and each edge represents a relationship between the two adjacent nodes. These relationships can by nature be bi-directional, e.g. John and Jane are siblings, or uni-directional, e.g. John is the owner of Buddy, a dog. Therefore, a direction is defined for each of the relationships in the system.
When users share an asset in real-life (i.e. they “have a relationship” with the asset), they can also share its corresponding digital resource. The resulting digital network can then be used to:
Creating and maintaining this type of network can be done centrally by the customer’s back office or can be self-managed by the users in the network. The latter allows for a fast and scalable system to manage relationships (and thus the access to protected resources). Scaled Access offers help with this so-called ReBAC by providing an API-based system to:
All Personally identifiable information (PII) is persistently stored in the Identity Management user repository only. The ReBAC API does not persistently store any PII. Even though PII can temporarily occur in volatile memory, it is not kept in any database nor log of the ReBAC API.