# Identity Types

To continue learning about the HexaEight Platform's authentication system, it's important to understand the various types of Resource identity tokens that can be generated.

There are two types of Resource Identity Tokens that can be generated by HexaEight Platform.

  • Domain Resource
  1. The first type is a Domain Resource Identity Token, which is usually linked to a domain name, such as "mydomain.com". To create this type of token, you must have permission to add TXT records to the domain.

  2. A domain resource token is generated to assign an identity to a machine, host, or program that is accessible remotely through protocols such as https, ssh, or ftp. This token must be associated with a domain to establish ownership.

%%{init: { 'theme': 'forest' } }%%
graph LR
    Users -->|access-over-https  | app1.mydomain.com
    Users -->|access-over-ftps  | sftp.mydomain.com
    Users -->|access-live-camera-feed-over-http  | camera.mydomain.com
  • Generic Resource
  1. A Generic Resource Identity Token can be assigned to any object, machine, robot or device.

  2. However, a generic resource identity is unable to directly communicate with users or other resources, unless those users or resources are physically able to communicate with it.

%%{init: { 'theme': 'forest' } }%%
graph LR
    Robot -->|physically scans a QR Code to enter the | Magnetic-Door-With-Generic-Identity
    Users -->|physically scans a QR Code to enter the| Magnetic-Door-With-Generic-Identity
%%{init: { 'theme': 'forest' } }%%
graph LR
    Users -->|use Generic Resource Identity Tokens which impersonates the user after logging into a | Browser-Application

To proceed further, it's important to understand the following points after learning about the different resource types

A Typical user can be the owner for many resources

%%{init: { 'theme': 'forest' } }%%
graph LR
    User-O -->|Owns Resource| Laptop
    User-O -->|Owns Resource| Car
    User-O -->|Owns Resource| Drone
    User-O -->|Owns Resource| Domain-usero.com

A Resource can be controlled by many authorized users. In the below example, User-O who is the owner for a domain usero.com has 3 employees managing his domain usero.com

%%{init: { 'theme': 'forest' } }%%
graph LR
    User-A -->|Manages  | Domain-usero.com
    User-B -->|Manages| Domain-usero.com
    User-C -->|Manages | Domain-usero.com

Finally, any user can serve as a Resource Owner who desires to manage multiple resources or as an end user who wishes to authenticate across different resources. In either case, both types of users will utilize the HexaEight Authenticator Mobile App to create

  • EMail Identity Tokens associated with any of their EMail Address
  • Domain Resource Identity Tokens to manage domain resources
  • Generic Resource Identity Tokens used for authentication or to manage generic resources