Introduction

The primary purpose of identity management systems is to manage data belonging to users; it is common practice in such systems to define as well entities called roles that helps in defining and enforcing security policies. In addition to this, Syncope explicitly represents the fact that users can be assigned to roles by mean of memberships.

...

When saying "data", Syncope refers to a collection of so-called attributes.

This means that Syncope will manage User attributes, Role attributes and Membership attributes.

Attribute

An attribute is a (key,values) pair where

...

The type of values that can be assigned to each attribute is defined by schemas.

Schema

An attribute schema describes the values that attributes with that schema will held:

...

This means that Syncope will manage schemas, derived schemas and virtual schemas for users, roles and memberships.

Schema Mapping

If Syncope was only able to define schemas and manage attributes for its internal storage, there would have been little to profit from by deploying an IdM solution.

...