Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
PDS Client 2.0
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}} The PDS Client provides a high level interface for apps that wish to read and write attributes in the Personal Data Store 2.0. The PDS Client is packaged as either a C++ or Java code library or as a separate operating system process (e.g. on Windows it is a Windows Service).
Functionality
- Maintains (and syncs to the PDS and other clients) the user’s permissions–the decisions that the user has make as to who (what app or relying party) has access to what attributes. For example, the first time a new app/RP asks for a certain set of attributes, the PDS Client will trigger the PDS Dashboard to present the policy decision to the user. The next time this same request happens, the PDS Client remembers the grant and usually doesn’t have to bother the user about it this time.
- Maintains a local copy of some or all of the person’s personal data stored in the remote PDS
- Maintains an OAuth WRAP access token that it gets by authenticating itself to an external authentication service. It passes this token along in XDI messages to the remote PDS service.
- Can be configured to encrypt attribute values before they are sent over the wire (e.g. in XDI messages) to the remote PDS
- Contains a local Security Token Service (STS) that allows it to create and sign SAML (for example) tokens for self-asserted attributes.
- Contains an STS client to support remote IdP/STSes managed by external parties (e.g. to support managed i-cards).
- Performs cross-context schema mapping.
Schema Mapping
The PDS Client 2.0 can map attributes to and from a context-specific schema (aka vocabulary, ontology, data model, etc.) into the Persona Data Model 2.0. It is also true that if a custom Context Provider is developed that CP can also do its own mapping. Both cases are shown below:
In the above diagram, the "app" is a browser extension, but any local app could easily have been shown instead. The concept is the same.
Architecture
The PDS Client 2.0 package is shown in light blue:
It consists of the following C++ components:
- Components 2.0#Permissioning - work not yet started. This component manages and persists the user's permissioning decisions for r-cards.
- Components 2.0#PAUL - Personal Agent Utility Layer (PAUL) - the higher level logic of the PDS Client 2.0
- Components 2.0#Persona Data Provider - An API for the Persona Data Model 2.0
- Components 2.0#STS Client - planned. Need to split out from http://wiki.eclipse.org/Org.eclipse.higgins.iss
- Components 2.0#IPC Lib - planned.
- Components 2.0#Auth Client
- Components 2.0#IdAS Client_C.2B.2B - communicates with Personal Data Store 2.0
- Components 2.0#IdAS API - does this exist?