An account is a continuing relationship to an organisation or a service.
Accounts usually operate under an agreement that defines the obligations and entitlements of each party in the relationship.
The purpose of accounts is to provide continuity and consistency of services.
Because accounts manage the exchange of value, and frequently involve payment, they are usually governed by laws, regulations and statutes; either directly or implicitly. For this reason record-keeping in an important function of account provision.
Creating accounts is a longstanding business practice that predates digital identity services.
In most IT departments the business function of accounts tends to be overlooked and an account is a predominantly application, system or service-specific mechanism for access control.
Contemporary identity management is computer-account centric. In operational environments identities and accounts are often used as metonyms and synecdoches of each other . Confusion of identities and accounts isn’t a problem for managing help desks or designing access protocols. However, the differences should be well understood when designing platforms for delivering identity services in organisations
Accounts are complex business products that include identification, entitlements, and cohort memberships. Digital identity is a simpler information construct.
The production of digital identity precedes the production of accounts. It not possible to produce an account without an identity. It is possible to produce and identity without producing any accounts.
Distinguishing between the production of accounts and identities allows for a more modular and flexible production design. This is especially the case for organisations that need to explicitly define and manage many different kinds of relationships with their constituents.
Services and resources delivered by information system will continue to use the account metaphor to manage access controls. To avoid confusion when designing management and production system it is advisable to:
- stipulate the different kinds of accounts such as system accounts, and business accounts, and,
- avoid using the term account to refer to single sign-on credentials bound to an organisation’s security domain.