One of the most powerful concepts within OpenIDM, is the ability to create arbitrary managed objects on the fly, with hooks that can be triggered at various points of that managed objects life cycle. A common use of managed objects is to separate logic, policy and operational control over a type of users. However managed objects need not be just users, commonly they are devices, but they can also be used to manage relationship logic too - similar to how graph databases store relationship data separate to the entity being managed. For example, think of the basic relationship between a parent and child (read this article I wrote on basic parent and child relationships) . That article looked into the basic aspect of storing relationship data within the managed object itself - basically a pointer to some other object managed in OpenIDM. That in itself is powerful, but doesn't always cover more complex many-to-many style relationships. The above picture illustrates the concept of ex
Recipes for Digital Identity & Security