{"id":51229247,"url":"https://github.com/mergi72/identitymapper","last_synced_at":"2026-06-28T15:00:15.171Z","repository":{"id":367934195,"uuid":"1282475974","full_name":"mergi72/IdentityMapper","owner":"mergi72","description":"Reference implementation of the Invariant Mapping Pattern for the identity domain.","archived":false,"fork":false,"pushed_at":"2026-06-28T10:51:36.000Z","size":142,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-28T11:15:43.086Z","etag":null,"topics":["abstarct","architecture","authentication","design-pattern","domain-driven-design","domain-model","identity","mapping","provider"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mergi72.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-27T20:28:32.000Z","updated_at":"2026-06-28T10:51:27.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mergi72/IdentityMapper","commit_stats":null,"previous_names":["mergi72/identitymapper"],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/mergi72/IdentityMapper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mergi72%2FIdentityMapper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mergi72%2FIdentityMapper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mergi72%2FIdentityMapper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mergi72%2FIdentityMapper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mergi72","download_url":"https://codeload.github.com/mergi72/IdentityMapper/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mergi72%2FIdentityMapper/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34892547,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-28T02:00:05.809Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abstarct","architecture","authentication","design-pattern","domain-driven-design","domain-model","identity","mapping","provider"],"created_at":"2026-06-28T15:00:14.407Z","updated_at":"2026-06-28T15:00:15.165Z","avatar_url":"https://github.com/mergi72.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IdentityMapper\n\n[![CI](https://github.com/mergi72/IdentityMapper/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/mergi72/IdentityMapper/actions/workflows/ci.yml)\n[![Release](https://img.shields.io/github/v/release/mergi72/IdentityMapper)](https://github.com/mergi72/IdentityMapper/releases)\n[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)\n[![Python](https://img.shields.io/badge/python-3.11%2B-blue.svg)](pyproject.toml)\n\nIdentityMapper is the reference implementation of the Invariant Mapping Pattern\nfor the identity domain.\n\n## Project Status\n\nIdentityMapper is a reference architecture under active development.\n\nThe core architecture has been validated against multiple identity models. The\nprovider capability contract is tested across all included providers.\n\n## The IdentityMapper Rule\n\nImplementations are never mapped to each other.\n\nEvery implementation maps only to the domain invariant.\n\n## The Mapper Rule\n\nMappers never contain business logic.\n\nTheir only responsibility is translating implementation models into domain\nmodels.\n\nA mapper does not validate, authenticate, authorize, persist, or decide.\n\nA mapper is deterministic. The same input always produces the same domain\nmodel.\n\nIdentityMapper defines the identity domain model and the capabilities required\nto authenticate an identity. It does not perform authentication itself.\n\n## Core Idea\n\nExternal systems, protocols, products, and APIs have their own implementation\nmodels. A mapper translates one implementation model into a stable domain model.\nBusiness logic works with the domain invariant, not with the implementation.\n\nThe Invariant Mapping Pattern is:\n\n```text\nImplementation\n       |\n       v\nMapper\n       |\n       v\nDomain Invariant\n       |\n       v\nCapabilities\n```\n\nThe pattern can be summarized as:\n\n1. Find the domain invariant.\n2. Define the minimal domain contract.\n3. Map every implementation to the invariant.\n4. Business logic depends only on the invariant.\n5. Capabilities extend the invariant.\n6. Implementations never communicate directly.\n\n## Quick Example\n\n```text\nIdentification\n--------------\nidentifier\n\nCredential\n----------\ncredential\n\n        |\n        v\n\nAuthenticate\n    |\n    +-- ResolveIdentity\n    |\n    +-- VerifyCredential\n\n        |\n        v\n\nIdentity\n```\n\n`Identification` is not `Identity`. Identification selects a candidate.\nCredential verifies the candidate. Only successful authentication produces an\n`Identity`.\n\n## Documentation\n\nThe implementation details are intentionally kept out of this README.\n\n- [Documentation index](docs/index.md)\n- [Architecture](docs/architecture.md)\n- [Architecture verification](docs/architecture-verification.md)\n- [Capability protocol](docs/capability-protocol.md)\n- [Host](docs/host.md)\n- [Host service](docs/host-service.md)\n- [Reduction matrix](docs/reduction-matrix.md)\n- [Reduction template](docs/reduction-template.md)\n- [Provider footprint](docs/provider-footprint.md)\n- [Domain concepts](docs/domain/index.md)\n- [Capabilities](docs/capabilities/index.md)\n- [Provider notes](docs/providers/index.md)\n- [Changelog](CHANGELOG.md)\n\n## Repository Structure\n\n```text\nsrc/identity_mapper/\n  domain.py\n  capabilities.py\n  capability_protocol.py\n  mapper.py\n  matrix.py\n  providers/\n    basic/\n      matrix.json\n    ldap/\n      matrix.json\n    oauth/\n      matrix.json\n    ...\n\nsrc/identity_mapper_service/\n  app.py\n  registry.py\n  responses.py\n  schemas.py\n  service.py\n\nconfig/\n  config.json\n\ndocs/\n  architecture.md\n  provider-footprint.md\n  host.md\n  host-service.md\n  reduction-matrix.md\n  reduction-template.md\n  architecture-verification.md\n  domain/\n  capabilities/\n  providers/\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmergi72%2Fidentitymapper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmergi72%2Fidentitymapper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmergi72%2Fidentitymapper/lists"}