The User Database (DUD) is the central place for user account information, and permission management. Each user have so called Dream ID which is used in all services which are connected to the Dream UserDB.
Dream UserDB provides 3rd party services means to identify, authenticate and authorize users in the Dream platform.
From a user identity sense there are two sides in the system. The Identity Provider, or IdP which acts as a source of user identity. And the Service Provider, or SP. This terminology comes from SAML and Shibboleth world.
Each user in the system has one centrally managed identity. Identity is attached to user profile.
User has access to her profile and identity always from everywhere. This is achieved by adding Dream Widget to all services. Dream Widget is always part of the UI in all services and it is provided by the Dream UserDB.
In the example UI the Dream Widget is in the top left corner and it opens from the left side of the screen. It always covers the actual service where it is integrated.
The Dream UserDB provides 3rd party services the way to identify, authenticate and authorize users in the Dream platform.
Each service can register service specific permissions to the Dream UserDB. These permissions are then provided to the service when user logs in to the system.
Services see only the users they are allowed to see. This is handled by Dream UserDB. Organisation can select which services are used. It is also the responsibility of the service to check if the user should have access to the service or not and what actions the user can do inside the service.
The service can use the data provided back in authentication requests as attributes. Or the service can request access to the Dream UserDB API to query data directly from the database.
User provisioning should be automatic when the user logs in to the service for the first time. It is each services responsibility to handle this the way the service sees best.