Segmented Ownership
Organisation
An organisation (tenant, project in some other systems) is a span of control, of permissions, of users.
Organisation
An organisation (tenant, project in some other systems) is a span of control, of permissions, of users. Each organisation has:
- Identity Issuers (for authentication)
- Administrative users (sysgroups)
- Billing
For sophisticated use cases, an Organisation can have sub-organisations. This allows delegating control or segregating use cases.
Organisations can share users (e.g. the same user id can exist in multiple), but they will have unique permissions.
Each organisation has a set of authentication audit records, indicating who has created an Identity Token (authenticated), from where, when, etc.
Audit records may also be forwarded to external webhooks. This might include a 3rd-party SIEM or logging system.
