Identity Model involves the representation of User, Attributes, Roles, Groups etc. These are stored in a data store such as DB or LDAP.
Requirements have been gathered by Deltaspike team. https://cwiki.apache.org/confluence/display/DeltaSpike/Security+Module+Drafts
An implementation is available via PicketLink IDM module.https://github.com/picketlink/picketlink-idm
PicketLink IDM Module provides a JPA based view of the model.
An alternative LDAP binding needs to be developed.