An Account is central to all DECE-defined entities. Each Account is associated with one Rights Locker and a set of Users.
The conventional model for an Account is a family living under the same roof, but in fact an Account’s Users may be unrelated and geographically dispersed.
The maximum allowed active User count is 6. Non-active users are not considered when calculating the total number of users within an Account.
| Element | Attribute | Definition | Value | Card. |
|---|---|---|---|---|
| Account | dece:Account-type |
|||
| AccountID | Unique identifier for an Account. | dece:EntityID-type |
0..1 | |
| DisplayName | Display name for the Account | |||
| Country | dece:Country |
|||
| RightsLockerID | Reference to the Account’s Rights Locker. | xs:anyURI |
0..1 | |
| UserList | Users associated with the Account. | dece:UserList-type |
0..1 | |
| ResourceStatus | Status of the Account resource | dece:ElementStatus-type |
0..1 |
| Element | Definition | Value | Card. |
|---|---|---|---|
| UserList-type | |||
| UserReference | The unique identifier of the User. | dece:EntityID-type |
0..n |
| User | The User element. | dece:User-type |
0..n |
| Element | Attribute | Definition | Value | Card. |
|---|---|---|---|---|
| User | ||||
| UserID | The Coordinator-specified or Node- specified User identifier, which SHALL be unique among the Node and the Coordinator. | dece:EntityID-type |
0..1 | |
| UserClass | The class of the User. | |||
| Name | GivenName and Surname If GivenName is set as DCOORD_TEST_INDICATOR, then the user account may be removed by Coordinator. | dece:PersonName-type |
||
| DisplayImage | Contact information which includes the definion of the Users Country, which may be required depending on requirements defined in [DGeo]. | UserContactInfo-type |
||
| Languages | Languages used by User | dece:Languages-type |
||
| Credentials | The Security Tokens used by the User to authenticate to the Coordinator | dece: UserCredentials-type |
||
| ResourceStatus | Indicates the status of the User resource. | dece: ElementStatus-type |
0..1 |
| Element | Attribute | Definition | Value | Card. |
|---|---|---|---|---|
| UserReference | A reference to a User | dece:EntityID-type |
An Account which has been in status deleted, forcedeleted, or mergedeleted for a period of DCOORD_DEIDENTIFY_ACCOUNT_THRESHOLD or longer shall be modified to have all personally identifiable information removed from the Account and from all Users in the Account. The following adjustment is made to the Account:
//Account/DisplayName shall be changed to DCOORD_DEIDENTIFIED. The //Account/ResourceStatus/Current value shall be changed to de-identified. In addition to the account resource being de-identified, all users under the account will be de-identified per “User De-Identification Process” in Users APIs.
A user account which has been in status deleted, forcedeleted, or mergedeleted for a period of DCOORD_DEIDENTIFY_USER_THRESHOLD or longer shall be modified to have all personally identifiable information removed from the user account. The following adjustments are made to the User resource:
//User/GivenName shall be changed to DCOORD_DEIDENTIFIED//User/SurName shall be changed to DCOORD_DEIDENTIFIEDDCOORD_DEIDENTIFIED//User/ResourceStatus/Current/value shall be changed to deidentifiedDCOORD_DEIDENTIFIEDThe Coordinator shall reserve portions of the namespaces for Accounts, Usernames, and User email addresses as indicators of test Accounts. An Account, Username, or User email address which begins with DCOORD_TEST_INDICATOR may result in an Account, and all related data, being physically removed by the Coordinator. The criteria for removal are:
DCOORD_TEST_INDICATORDCOORD_TEST_INDICATORDCOORD_TEST_INDICATORAn Account, and all related data may be removed by the Coordinator if the combination of (1) together with either of (2) or (3) applies to that Account.
A Coordinator batch process will run regularly to remove these accounts.
Nodes that create test Accounts and Users but wish to ensure the Coordinator does not delete them may use the DCOORD_TEST_PRESERVE_INDICATOR prefix for the DisplayName of the Account.
| Name | Description |
|---|---|
| AccountUserCreate | Create a new account and its first full access user |
| AccountGet | Retrieve account details including a user list |
| AccountUpdate | Update account details |
| AccountDelete | Delete an account |
| AccountMerge | Merge an account libraries and close the source account |
| UserCreate | Create a new user in an existing account |
| UserGet | Retrieve user details |
| UserUpdate | Update user details |
| UserDelete | Delete a user from an account |
| SecurityTokenExchangeCredentials | Exchange user credentials for a security token URI ref AssertionID |
| SecurityTokenURIRefAssertionID | Exchange URI ref AssertionID for a SAML security token |
| SecurityTokenURIRefExchange | Retrieve a URI ref AssertionID to replace existing SAML security token |