Cohesive Systems logoCOHESIVE SYSTEMS

Building Blocks

Cohesive.Identity

Cohesive Identity icon

Cohesive.Identity defines product identity semantics before binding them to an authentication provider, HTTP middleware, storage engine, or process runtime.

Authentication proves who a caller is. Cohesive.Identity describes what that actor means inside the product: principal, scope, grants, capabilities, effective scope selection, and placement semantics.

Why It Exists

Identity logic often fragments across JWT parsing, route handlers, tenant lookup code, service membership checks, generated clients, and repository partition rules.

Cohesive.Identity treats those decisions as one semantic model. External identity providers still authenticate credentials; Cohesive resolves local product meaning.

Core Model

The model centers on:

  • PrincipalRef: the actor known to the product, such as a user, service account, system account, or anonymous caller.
  • ScopeRef: the semantic boundary where access and placement are interpreted, such as a tenant, workspace, organization, region, environment, or domain.
  • IdentityScopeGrant: a connection between a principal, a scope, and product-level capability identifiers.
  • IdentityContext: the operation-level identity state, including actor, grants, and effective scope selection.

Scope-Aware Systems

The same model works for single-tenant products, multi-tenant SaaS, enterprise workspaces, and system jobs.

It can represent default scopes, explicit scope selection from headers or route values, multi-scope operations, service accounts, delegated work, async workflow initiators, and parent-child scope relationships.

API And Storage

Cohesive.Api operations can declare scope policy metadata: where a scope comes from, whether one or many scopes are allowed, and how access should be checked.

Cohesive.Storage can use scope metadata for placement, partition key resolution, scoped point reads, scoped writes, and system jobs without duplicating tenant logic in every repository.

Semantic Boundary

Cohesive.Identity keeps authentication, authorization, API routing, storage placement, presentation actions, and workflow execution connected through one product-owned identity context.