miaa PrivateGroups offers a rich API to implement delegated administration, access control for identity-of-things and eco-system management.

Sharing Access

The miaa PrivateGroups API enables self-administration of access to assets and the relations of people with assets. Such asset can be an appliance, a device, a subscription, a VIP lounge, a confidential report, a sensitive operation, an animal, an event, or an identity-of-things.

We use the ‘carnet’ as the digital representation of the asset. The carnet can initially be provisioned from a back-end system, such as an ERP or purpose-built application. Its further administration is done by the end-users, for example using the miaa Self-service App.

While end-users share an asset in real-life, miaa PrivateGroups allows them to share its corresponding carnet. For example, they can:

  • share the maintenance role for an appliance, and connect appliance owners with professionals such as the vendor, the store and the technicians
  • share the monitoring role of internet-of-things, and connect building owners with professionals such as the vendor, the technicians and the alarm centre
  • share the function to upload sensitive data and obtain confidential reports
  • share subscriptions between the payer and family members, such as magazines, video streams, music and other paid content
  • share subscriptions between the buyer and team members, such as reading restricted information, performing sensitive uploads, producing confidential reports and other delicate operations
  • share a caring role for animals, plants, vehicles or buildings, and connect the owner with caretakers
  • share an employment relationship between the HR manager and the employees and subcontractors
  • share a loyalty scheme between the card owner and the family members, and shops
  • share membership to a club or association, and connect members.

This way, miaa PrivateGroups has proven to enable you to actively manage your ecosystem in a granular and relevant way. The carnet represents the identity of your core assets. It becomes the digital glue between users, representing their real-life relationships.

Please refer to EcosystemAppliance registration and Sharing access for typical use cases.

Delegated administration

The key to success of large scale web platforms is self-service for the user. The miaa PrivateGroups API extends the self-service capabilities of an Identity Management platform by enabling users to self-administer their own communities: a team, a household or an association in relation to your core business.

Communities are defined around identity-of-things (‘assets’), such as a household subscription, an appliance, a pet or a loyalty card. Such implicit communities are made explicit and maintainable by miaa PrivateGroups.

Users can invite another user by declaring a relation of that user with the asset: ‘is owner of’, ‘is technician of’, ‘is seller of’, etc.

Users can accept the invitation and become member of the implied community around the asset. For users which have not been registered yet, a provisional account is created for them that they will activate as soon as they accept the invitation. Users can of course also reject the relation if they find it inappropriate. Users can also request to join a community by declaring a relation with the asset. The owner can then approve or reject the relation.

Driving user engagement

The miaa PrivateGroups API allows a source of e-mail addresses to be used to invite people to register with a full user profile.

miaa PrivateGroups produces a clickable, secure and verifiable token that embeds an instruction for the user to activate his provisional account. This so-called RequestToken is tailored for your use case(s). For example:

  • preregistration-as-a-service: set up a campaign and stimulate people who have been recorded by an e-mail harvesting platform to register with a full profile. E-mail harvesting may use old newsletter subscriptions, contest participation, conference attendance lists, e-commerce transaction logs, etc.
  • encourage people who were invited by a colleague or family member to register with a full profile when
  • ask people to confirm a change of e-mail address before making it definitive
  • ask people to confirm a second (professional) e-mail address before using it for granting access
  • ask people to confirm their subscription before granting access to premium content
  • etc.