[{"data":1,"prerenderedAt":37},["ShallowReactive",2],{"arch-deep-/architecture/engines/identity":3},{"id":4,"title":5,"body":6,"category":23,"deepPage":24,"description":25,"extension":26,"layer":27,"meta":28,"navigation":29,"path":24,"relatedFlows":30,"replaces":31,"seo":34,"stem":35,"__hash__":36},"architecture/architecture/engines/identity.md","Identity engine",{"type":7,"value":8,"toc":19},"minimark",[9,13,16],[10,11,12],"p",{},"The identity engine holds the canonical record of every person the building interacts with. There is one representation of a resident — not one in the access system, one in the property management system, one in the resident app, and one on a clipboard at the front desk. The same is true for staff, contractors, and recurring guests. Identity reconciliation is not an end-of-quarter cleanup task; it is the engine's continuous job.",[10,14,15],{},"Authentication is multi-modal. Residents prove identity through the resident app's device-bound credential; guests through a scoped, time-bound link; staff through the building's identity provider; contractors through service-account credentials issued against an active work order. The engine evaluates the strength of the proof against the action being requested — opening the lobby door requires less assurance than authorizing a withdrawal from the building's operations account.",[10,17,18],{},"The identity engine is what makes portability work. A resident who moves between buildings under the same operator carries their identity with them, with credentials that re-scope on arrival. A staff member promoted to a multi-building role inherits the access pattern her new role requires without manual provisioning. The engine is the single source the orchestration, permissions, and payment engines consult before acting.",{"title":20,"searchDepth":21,"depth":21,"links":22},"",2,[],"engine","/architecture/engines/identity","The single representation of every person the building knows about — residents, guests, staff, contractors — and how they prove who they are.","md","4",{},true,null,[32,33],"duplicate-identity-records-across-vendors","manual-credential-issuance",{"title":5,"description":25},"architecture/engines/identity","L2GsrWuVrnVbPxS8gUc3zKldBvKtnQniAGe2ZwJwJ4Q",1779718756836]