Data Model
Traveler Identity Service is the system of record for the cluster. Consuming applications (enrollment products, Smart Corridor, eGate, external integrations) reference the same Traveler, Document, Journey, and Encounter entities — no application-specific identity model.
The traveler representation is biometric-agnostic at the interface level: entities reference biometric records, they do not embed biometric processing logic. See Biometrics via Traveler Identity Service for the matching contract.
Draft of a Model
Traveler
├── Biographic (1:1)
├── Demographics (1:1)
├── Applicant / EnrollmentProfile (0:1 or 1:N — domain decision)
├── Document (0:N)
│ ├── Authenticity (0:1)
│ └── DocumentBiometricModalities (0:N)
├── Encounter (0:N)
│ └── EncounterEvent (0:N)
├── Journey (0:N)
│ ├── JourneySourceSnapshot (1:N)
│ └── JourneyRisk (0:N)
├── TravelerRisk (0:N)
└── CapturedBiometricModalities (0:N)
The four root entities developers will most often work with each have their own page. Risk and modality sub-entities are referenced where relevant; their detailed schemas will be published as those capabilities ship.
Entities
- Traveler — definitive identity entity, root of the model
- Document — official travel or identity documents linked to a traveler
- Journey — planned or actual movement on a transport instance, with its
JourneySourceSnapshotaudit lineage - Encounter — recorded interaction session at a border touchpoint, with its
EncounterEventatomic steps
Standards Alignment
The model adopts the field semantics of established border-control identity standards so integrators familiar with them can map directly:
- Primary — EES (Entry/Exit System), ETIAS, ICAO Doc 9303
- Secondary — VIS (Visa Information System), SIS II (Schengen Information System), eu-LISA interoperability framework
Field optionality reflects the minimum required for system integration. Individual deployments may enforce stricter requirements via configuration.
Domain separation
Border Control owns operational identity for border processes — the Traveler (operational identity used in border processes) and the Encounter (a time-bound snapshot of a traveler interaction, e.g. enrollment or crossing). These must not be conflated with the identity and enrollment concepts of adjacent civil-identity domains: an external enrollment snapshot and an Encounter are conceptually similar time-based records but belong to different domains and must not be directly mapped.
See also
- Traveler Identity Service architecture overview — services that own and persist these entities
- Journey — Source contribution matrix — per-field source authority for Journey
- Traveler Management Module — operator interface that visualizes these entities
- Biometrics via Traveler Identity Service — how biometric references attach to Document and CapturedBiometricModalities