Not sure this is the appropriate forum but I haven't seen a better one.
Agreed. And you chose wisely given that Identity Services is super obscure and I’m one of the few people familiar with it (-:
The last time anyone asked me about Identity Services, it was pretty much this question. I dug into it and came to a soft conclusion  that the local identity authority does not generate update events )-:
The Apple code that I looked at as part of that investigation uses the various notifications in
<notify_keys.h>to determine when to refresh it’s view of the user list.
ps If I were in your shoes I’d skip Identity Services and go straight to Open Directory, and specifically the Objective-C API in the Open Directory framework. Identity Services (and the related Objective-C API, Collaboration Services) is just a thin wrapper around OD. It was cool back in the day, when OD had the most horrible API you’ve ever seen , but these days OD has a nice, high-level API, which pretty much obviates the need for Identity Services.
Share and Enjoy
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
 I couldn’t get it to work. I looked at the implementation and, AFAICT, it couldn’t possibly work. I never got a definitive answer from the engineer who owns this code as to what’s what.
 If you want to be scared, look at Directory Services framework!
Thanks for the answer.
I will have a look at the OD framework as the APIs seems to be available on 10.8 and later.
I 've been using the Directory Services framework so far because I needed to support OS X 10.5. As long as I can stop using it, I'm happy.
I suppose it is worth to file a bug report regarding the Identity Services documentation to request that the documentation mentions it does not work as advertised when it comes to monitoring.