Resource Identity

HexaEight Resource Identity Tokens are the core of the HexaEight Authentication system, providing a unique identity for machines, devices, and systems. They can also be assigned to any processes, functions, or objects that have the capability to securely store a password and use HexaEight encryption libraries. These tokens are essential for authenticating and authorizing various entities, such as users, machines, and devices.

It's important to understand the various types of Resource identity tokens that can be generated.

Resource Identity Token Types

There are two types of Resource Identity Tokens that can be generated by HexaEight Platform.

  • Domain Resource
    • The first type is a Domain Resource Identity Token, which is usually linked to a domain name, such as "mydomain.com". To create this type of token, you must have permission to add TXT records to the domain.
    • A domain resource token is generated to assign an identity to a machine, host, or program that is accessible remotely through protocols such as https, ssh, or ftp. This token must be associated with a domain to establish ownership.
%%{init: { 'theme': 'forest' } }%% graph LR Users -->|access-over-https | app1.mydomain.com Users -->|access-over-ftps | sftp.mydomain.com Users -->|access-live-camera-feed-over-http | camera.mydomain.com
  • Generic Resource
    • A Generic Resource Identity Token can be assigned to any object, machine, robot or device.
    • A generic resource identity is unable to directly communicate with users or other resources, unless those users or resources are physically able to communicate with it.
%%{init: { 'theme': 'forest' } }%% graph LR Robot -->|physically scans a QR Code to enter the | Magnetic-Door-With-Generic-Identity Users -->|physically scans a QR Code to enter the| Magnetic-Door-With-Generic-Identity
%%{init: { 'theme': 'forest' } }%% graph LR Users -->|use Generic Resource Identity Tokens which impersonates the user after logging into a | Browser-Application

To proceed further, it's important to understand the following points after learning about the different resource types

  • User - A Typical user can be the owner for many resources
%%{init: { 'theme': 'forest' } }%% graph LR User-O -->|Owns Resource| Laptop User-O -->|Owns Resource| Car User-O -->|Owns Resource| Drone User-O -->|Owns Resource| Domain-usero.com
  • Resource - A Resource can be controlled by many authorized users.
    • In the below example, User-O who is the owner for a domain usero.com has 3 employees managing his domain usero.com
%%{init: { 'theme': 'forest' } }%% graph LR User-A -->|Manages | Domain-usero.com User-B -->|Manages| Domain-usero.com User-C -->|Manages | Domain-usero.com

Finally, any user can serve as a Resource Owner who desires to manage multiple resources or as an end user who wishes to authenticate across different resources. In either case, both types of users will utilize the HexaEight Authenticator Mobile App to create

  • EMail Identity Tokens associated with any of their EMail Address
  • Domain Resource Identity Tokens to manage domain resources
  • Generic Resource Identity Tokens used for authentication or to manage generic resources