Identity
Type: Domain
Schema: identity
Tables: 5
Primary source: documents/doc-26-identity-credentials-architecture.md
Decisions: 12, 13, 14, 15, 26, 29, 30, 31, 32, 33, 36, 37, 38, 42, 43, 44, 45
Purpose
The identity module answers the foundational question of the data model: "Who is this actor, and how do they authenticate?" It establishes the two-entity separation between authentication identity (users, synchronized from Keycloak) and legal/business identity (persons, owned entirely by the application layer), provides the credential infrastructure for programmatic access, and governs the full identity lifecycle from invitation through anonymization or merge. Every other module in the system depends on the stable person_id anchor that this module provides; the identity module itself depends on no other module.
Tables
| Table | Purpose |
|---|---|
users |
Authentication identity synchronized from Keycloak. Local cache of OIDC subject, login activity, and display preferences. |
persons |
Human being as a business and legal entity. Holds legal name, address, tax ID, cooperative membership context, and GDPR lifecycle state. |
personal_access_tokens |
Programmatic credentials for persons. Hash-and-prefix pattern. Scopes narrow the person's effective permissions. |
retention_holds |
Legal retention obligations on person PII. Gates the anonymization protocol with field-level granularity. |
person_merges |
Duplicate person resolution tracking. Records provenance of FK repointing operations. |
Quick Links
- Model Reference -- DDL and table descriptions
- Architecture -- Deep-dive documentation
- Module Companion -- Decisions and open issues
- Interfaces -- Cross-module dependencies