May 9, 2017

Entities and Security: identity matters

This article is an excerpt of topics discussed in the book Secure by Design that I'm currently writing together with Dan Bergh-Johnsson and Daniel Deogun.


Each part of your domain model has certain characteristics and a certain meaning. Entities are one type of model object with distinct properties. What makes an entity special is that:
  • It has an identity that defines it and makes it distinguishable from others.
  • It has an identity which is consistent during its lifecycle.
  • It can contain other objects, such as other entities or value objects.
  • It’s responsible for the coordination of operations on the objects it owns.
What this means is that if we need to know if two entities are the same, we look at their identities instead of their attributes. It’s the identity of the entity that defines it, regardless of its attributes, and the identity’s consistent over time.