Overview

The Identity Service is a supporting domain service within the Capstone PAS responsible for managing customer identity information across the platform. It provides a unified identity layer that supports multi-tenant configurations, certificate-based trust management, and regulatory compliance.

Architecture

• Event Sourcing: Identity state changes are persisted as events
• CQRS: Separate read and write models for optimized queries
• Multi-Tenant: Supports tenant-scoped identity records
• Certificate-Based Trust: Attribute updates require certificates with sufficient trust levels

Capabilities

Global Identity Management

• Create canonical customer identities with Global Customer ID (GCID)
• Update identity attributes (name, email, mobile, address, DOB, gender)
• Enforce certificate trust levels for updates
• Look up identities by issued identity (ID number, passport)

Unverified Identity Handling

• Create unverified identities during onboarding
• Update unverified identity details
• Support tenant-specific identity storage

Customer Profile Management

• Create and update notification preferences (SMS, email)
• Manage collection account preferences
• Support multiple collection accounts per customer

Data Subject Tracking

• Create data subject records for compliance
• Track consent and data processing activities

SDK

The Identity Service provides a Java SDK for direct DynamoDB access:

IdentitySdk sdk = IdentitySdk.builder()
    .dynamoDbClient(DynamoDbClient.create())
    .config(IdentitySdkConfig.builder()
        .tenantedIdentityTable("UNVERIFIED_IDENTITY_TABLE")
        .globalIdentityTable("GLOBAL_IDENTITY_TABLE")
        .customerProfileTable("CUSTOMER_PROFILE_TABLE")
        .globalIdentityGuardTable("GLOBAL_IDENTITY_GUARD_TABLE")
        .build())
    .build();

sdk.globalIdentities().getByIssuedIdentity("ID", "1234567890", "ZA");

Event Flow

Command -> Aggregate -> Domain Event -> Event Store -> Projection
                                     -> Kinesis -> Downstream Services