Account and Users management

An Account is central to all DECE-defined entities. Each Account is associated with one Rights Locker and a set of Users.

The conventional model for an Account is a family living under the same roof, but in fact an Account’s Users may be unrelated and geographically dispersed.

The maximum allowed active User count is 6. Non-active users are not considered when calculating the total number of users within an Account.

Data Types


Element Attribute Definition Value Card.
Account dece:Account-type
AccountID Unique identifier for an Account. dece:EntityID-type 0..1
DisplayName Display name for the Account
Country dece:Country
RightsLockerID Reference to the Account’s Rights Locker. xs:anyURI 0..1
UserList Users associated with the Account. dece:UserList-type 0..1
ResourceStatus Status of the Account resource dece:ElementStatus-type 0..1


Element Definition Value Card.
UserReference The unique identifier of the User. dece:EntityID-type 0..n
User The User element. dece:User-type 0..n


Element Attribute Definition Value Card.
UserID The Coordinator-specified or Node- specified User identifier, which SHALL be unique among the Node and the Coordinator. dece:EntityID-type 0..1
UserClass The class of the User.
Name GivenName and Surname If GivenName is set as DCOORD_TEST_INDICATOR, then the user account may be removed by Coordinator. dece:PersonName-type
DisplayImage Contact information which includes the definion of the Users Country, which may be required depending on requirements defined in [DGeo]. UserContactInfo-type
Languages Languages used by User dece:Languages-type
Credentials The Security Tokens used by the User to authenticate to the Coordinator dece: UserCredentials-type
ResourceStatus Indicates the status of the User resource. dece: ElementStatus-type 0..1


Element Attribute Definition Value Card.
UserReference A reference to a User dece:EntityID-type


Account De-Identification Process

An Account which has been in status deleted, forcedeleted, or mergedeleted for a period of DCOORD_DEIDENTIFY_ACCOUNT_THRESHOLD or longer shall be modified to have all personally identifiable information removed from the Account and from all Users in the Account. The following adjustment is made to the Account:

//Account/DisplayName shall be changed to DCOORD_DEIDENTIFIED. The //Account/ResourceStatus/Current value shall be changed to de-identified. In addition to the account resource being de-identified, all users under the account will be de-identified per “User De-Identification Process” in Users APIs.

User De-Identification Process

A user account which has been in status deleted, forcedeleted, or mergedeleted for a period of DCOORD_DEIDENTIFY_USER_THRESHOLD or longer shall be modified to have all personally identifiable information removed from the user account. The following adjustments are made to the User resource:

The Coordinator shall reserve portions of the namespaces for Accounts, Usernames, and User email addresses as indicators of test Accounts. An Account, Username, or User email address which begins with DCOORD_TEST_INDICATOR may result in an Account, and all related data, being physically removed by the Coordinator. The criteria for removal are:

  1. Account DisplayName begins with DCOORD_TEST_INDICATOR
  2. Username begins with DCOORD_TEST_INDICATOR
  3. User email address begins with DCOORD_TEST_INDICATOR

An Account, and all related data may be removed by the Coordinator if the combination of (1) together with either of (2) or (3) applies to that Account.

A Coordinator batch process will run regularly to remove these accounts.

Nodes that create test Accounts and Users but wish to ensure the Coordinator does not delete them may use the DCOORD_TEST_PRESERVE_INDICATOR prefix for the DisplayName of the Account.


Account Management

User Management

Security Token Management

Available Permissions

Name Description
AccountUserCreate Create a new account and its first full access user
AccountGet Retrieve account details including a user list
AccountUpdate Update account details
AccountDelete Delete an account
AccountMerge Merge an account libraries and close the source account
UserCreate Create a new user in an existing account
UserGet Retrieve user details
UserUpdate Update user details
UserDelete Delete a user from an account
SecurityTokenExchangeCredentials Exchange user credentials for a security token URI ref AssertionID
SecurityTokenURIRefAssertionID Exchange URI ref AssertionID for a SAML security token
SecurityTokenURIRefExchange Retrieve a URI ref AssertionID to replace existing SAML security token