Skip to main content
Jump to: navigation, search

Difference between revisions of "Persona Data Model 2.0"

(M-Card)
m
 
Line 1: Line 1:
 
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
 
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
[[Image:Higgins_logo_76Wx100H.jpg|right]]
 
  
Within the [[RPPS Package]] are components that persist data objects on behalf of the user. These include user account data, the users set of cards, and other data. Some components use IdAS to persist their data. Others manage their own local data stores "above" IdAS. An attempt to document all of these different kinds of objects and stores would be a major project. Instead of looking backward, this page describes a new, updated data model that we call [[Persona Data Model]].  
+
A data model for people and their relationships with other people and businesses. Builds on [[Higgins Data Model 2.0]].
  
=== Version ===
+
== Person entities, attributes, links and contexts  ==
  
During the Higgins 1.1 development project we will be working on ''defining'' the [[Persona Data Model]]. We will not be able to ''implement'' the new model in time for Higgins 1.1, but work will continue thereafter.
+
A natural, human person is represented as a graph of <code>p:Person</code> [[Entity|entities]] (nodes, or vertices) interconnected by links (edges). Each node represents a different facet of the user (person). Each of these facets is held in a separate (graph) container called a [[Context]] shown below as a round cornered rectangle.  
  
=== Approach ===
+
Each Person entity node is a set of attributes and values. These attributes may be ''simple'' literals (e.g. the user's first name) or they may be other entities (which we call ''complex'' attributes). These latter attributes are shown in diagrams as links to other entity nodes.
  
The [[Persona Data Model]] defines the patterns and kinds of objects that exist in a running instance of the [[I-Card Service]]. The [[Persona Data Model]] can be expressed in the still more general [[Context Data Model 1.1]] and that is exactly what this document does. It describes one model in terms of the other. It is assumed here that the reader is familiar with CDM 1.1. All objects in the persona model are CDM 1.1 [[Entity | Entities]], and in this document we use the terms object, resource and [[Entity]] and even sometimes node, interchangeably.
+
Typically each node in the person graph is located in its own context. The root node lies in a special context (for each user) called the ''root'' context.  
  
=== Implementation ===
+
[[Image:Root 2.0.128.png|center]]
  
Since this document is about design, not implementation we make a short implementation note here before we move on. We expect that when it comes time to implement the new Persona model that a decision will be made that the [[I-Card Service]], the [[RPPS Package]] components, etc. store all data objects in IdAS. IdAS would thus become the "data layer" in the traditional tiered model.
+
All of the Person entities can be reached by traversing links of the following kinds, (although other links may also exist (e.g. <code>foaf:knows</code>, etc.):
  
== Introduction ==
+
;<code>h:correlation</code>: A link from an entity representing person A to (i) an entity that also represents person A or (ii) to an interstitial Proxy whose <code>p:resource</code> link points to an entity that also represents person A
 +
;<code>h:relation</code>: A link from an entity representing person A to (i) an entity that represents a person other than person A or (ii) to an interstitial Proxy whose <code>p:resource</code> link points to an entity that represents a person other than person A
 +
;<code>h:indeterminate</code>: A link from an entity representing person A to (i) an entity that represents a person that may or may not represent person A or (ii) to an interstitial Proxy whose <code>p:resource</code> link points to an entity that represents a person that may or may not represent person A
 +
;<code>proxy:resource</code>: A link from a Proxy to an entity in another context.
  
The [[Persona Data Model]] is a model of the user's data. These data are accessed over the net via the [[I-Card Service]] and/or the [[CardSync Service]]. If these two services are co-resident, both share the same set of user data objects. We begin by introducing the classes defined by PDM.
+
== Vocabularies ==
  
=== Personas and the Persona Graph ===
+
=== Vocabularies for Describing People ===
 +
Contexts describe their contents (i.e. person entity attributes) using in the [[Persona vocabulary]] which in turn imports the following well known vocabularies (aka ontologies):
 +
* [[VCard vocabulary usage]]
 +
* [[GeoLocation vocabulary usage]]
 +
* [[FOAF vocabulary usage]]
  
The user's data is represented by a graph of [[Persona]]s. A [[Persona]] is a class of Entity that describes some aspect of the user. Personas can have a large number of attributes, or hardly any. All [[Persona]] entities MUST have a persona:personaLabel attribute.
+
...and the following Higgins-defined vocabularies:
 +
* [[Context vocabulary]]
 +
* [[Proxy vocabulary]]
 +
* [[Higgins Data Model 2.0]]
  
In the Persona model the user's data consists of a DAG of [[Persona]]s all interconnected by higgins:correlation [[Attribute]] links. ''Note: The [[Persona]] nodes in this graph may have links to other non-[[Persona]] [[Entity]] nodes using some other kind of link (other than higgins:correlation) these links are ''not'' considered part of the user's Persona Graph.''
+
Not imported by the [[Persona vocabulary]] but recommended where relevant to the developer's problem space:
 +
* [[OpenSocial2 vocabulary]] - additional social Person attributes, Messages, Organization etc.
 +
* [[SchemaOrg vocabulary]] - additional attributes for Person, Organization, Place, Event
 +
* [[Payment vocabulary]] - credit cards, products purchased, etc.
 +
* [[Interest vocabulary]] - general interests - subclasses of online-behavior:InterestTopic
 +
* [[I-Card vocabulary]] - OASIS IMI InfoCard cards
 +
* [[Places vocabulary]] - a database of cities, regions, countries
  
The Persona Graph is a physically distributed graph of Persona Entity nodes. As you recall from CDM each Entity is stored in [[Context]] and these Contexts may be physically located anywhere on the net.
+
=== Supporting Vocabularies ===
  
Here's an example graph:
+
The following vocabularies are used to support the PDS application itself:
  
[[Image:Alice-persona-graph.png|center]]
+
* [[Flat Persona vocabulary]] - a flattened, simplified subset useful for querying persona.owl-based data stores
 +
* [[Template vocabulary]] - for describing ''template'' contexts that are instantiated as ''regular'' contexts. Also uses these vocabularies:
 +
** [[View-builder vocabulary]] - for describing how to hierarchically organize the contents of a context for presentation (e.g. in a UI)
 +
** [[App-data vocabulary]] - for describing active, JavaScript content that is either stored in a template or fetched from an external service
 +
** [[Mapping vocabulary]] - a set of rules used to map between persona.owl and vocabularies used by external sites and services
 +
* [[Template-meta vocabulary]] - metadata about connection templates; used to create a registry of templates
 +
* [[Event vocabulary]] - for describing attribute changed and attribute disclosure events
  
There are three nodes in the Persona graph. The "p:Persona" class entity is ''not'' considered a part of the ''persona'' graph because the link to it is not higgins:correlation.
+
== Proxies ==
  
The semantics of the higgins:correlation links (aka complex-valued attributes, or entity-valued attributes) are important to understand. The "higgins:" prefix tells you that this attribute is defined in higgins.owl (aka HOWL) and is thus a concept defined in the [[Context Data Model 1.1]]. Nevertheless, we remind the reader here of the basic idea. The overall domain of CDM is identity. In the digital realm, rather than a monolithic object, it is most useful to model identity as a set of linked, multiple partial identities each of which holds a set of attributes. As you can hopefully see, this is exactly what a Persona graph is.  
+
A Proxy is an object that contains a link (proxy:resource) to an entity (usually a Person) in another context. A proxy allows lazy loading (e.g. by user interfaces) of the entity to which it points. The UI code can rapidly load cards and display them visually. Loading of the resource's context can be delayed and/or happen in a background process.
  
In the diagram above several attributes are held on the "meta" Paul node, and comparatively on the Home and Work personas to which it is linked. The diagram was simplified for illustration purposes. In reality there would be far more attributes on the lower Personas than on the root Persona.
+
To simplify diagrams of the persona data model we can hide card/proxies by using the following shorthands:
  
=== User Profile ===
+
[[Image:Pdm proxy 2.0.108B.png|center]]
  
From the point of view of these services each user is a separate account, and the user (through the agency of their selector) must authenticate to each of these services in order to access their data. We call these accounts User Profiles. Each user has one User Profile. This User Profile is a [[Persona]] node, and is the "root" of the Person Graph.  
+
For details about proxies see [[Proxy vocabulary]].
  
Each User Profile holds account information that includes things like the username of the user, perhaps an email address for password reset, and the authentication materials necessary to authenticate the user (via their selector agent).
+
== Context Issuer/Authority and Access Control ==
 +
As we've described above, contexts contain person entities each of which is comprised of a set of attributes. Each context has an ''issuer'' attribute that indicates whom is authoritative over the entire contents of the context. If the user is named as the ''issuer'' of the context then the access control policy allows the user to edit and update the entire contents of the context as they see fit. Contexts for which the user is the issuer are physically located within the PDS--the ADS to be precise). The access control policy is contained within a special ''control'' context associated with each (regular) context. For more information about control contexts see the section below on supporting contexts.
  
The User Profile Entity is always stored in a [[Context]] over which the user is authoritative. This Context is called the ''root'' Context and is typically co-resident with the [[I-Card Service]] or nearby, but in any case within the same trust domain.
+
== Connection Context Pairs ==
  
The attributes of the User Profile are in many cases sensitive information. Beyond the scalar attributes, the User Profile points to all of the other partial identities that a person may have, including, perhaps a person's Second Life avatar, or their identities in contexts where they wish to remain pseudonymous (e.g. an eBay seller, etc.).
+
A connection is a relationship between the PDS user and an external site/business or a friend's account on their PDS. There are two sides to these relationships, but not in the usual sense of things. One side is the face that the user wishes to present to the other party. The other side is what the other party says about the person. Each "side" is represented as a p:Person entity. Each p:Person entity lives in its own ''connection'' context. Since both p:Person entities are about the same person, the two person entities are interconnected with h:correlation links.  
  
=== Reusable vs. Context-specific Personas ===
+
We refer to one of these ''connection'' contexts as the ''definer'' and the other as ''participant''. In every relationship one party is defining the ground rules for the relationship, and the other is consenting to play within these rules. In a person-to-business relationship the user plays the role of participant, and the business plays the role of definer. In a person-to-person relationship the user could play either role.
  
In the Persona data model all nodes are of class [[Persona]]. In the diagram above you might be led to believe that personas are only used for modeling broad reuseable roles (e.g Alice at Home vs. Alice at Work) that can be use across MULTIPLE contexts. For example Alice might interact with many websites using his Work persona role. The Persona nodes also model Context-specific partial identities. For example, Alice may have a fairly rich set of attributes that describe her pseudonymous identity as an eBay seller. This partial identity is still called a Persona. In some ways the "Home" and "Work" personas above are "reusable" Personas, whereas the eBay seller persona is a context specific persona. The data model, in a sense, doesn't care. All of these are Persona instances.
+
The definer-created template that governs the connection relationship identifies which attributes the definer provide (i.e. is authoritative over) v.s. which attributes it requests from the participant (i.e. the participant is authoritative over). However, the actor playing the definer role writes to the definer context and the actor playing the participant role writes to the participant context. As a consequence, any given attribute (whether definer-authoritative or participant-authoritative) may be written either context; or both.
  
=== Card ===
+
If the user is playing the role of participant, the identifier of the person entity in the participant context is "<contextid>#me" by convention (see the Naming Conventions section below for more details). The id of the person entity in the definer context is a ''globally'' unique identifier of the form "<contextid>#localentityid" where localentityid is usually a URI-friendly normalization of the user's username on the external system.
  
Before we introduce the Card classes, please remember that in CDM multiple inheritance is allowed: any single entity may be a member of multiple classes simultaneously. In this section we leverage this characteristic.  
+
At this point an example might be helpful. Let's take the example of a relationship between the user and the New York Times:
  
First we define an abstract class called [[Card]]. This captures the common attributes across the four sub-classes defined below. These common attributes include:
+
[[Image:Connection contexts 2.0.107b.png|center]]
* cardId - a unique identifier for the card
+
* image - an image bitmap for the background of the card when it is displayed
+
* ... and several others.
+
  
These four sub-classes of [[Card]] are defined:
+
The attributes of the person entity in the ''participant'' context are the set of statements that Alice makes about herself in the context of their relationship with the NYTimes. It is the face or persona that she wishes to present to that business. Examples might include her, first name, last name, email address, home delivery address, etc. Alice can make these statements by directly editing them in the ''participant'' context using her PDS client. However, she could also express the same intent by interacting with the NYTimes website directly. If she did so the NYTimes agent would write the updated values of these attributes into the ''definer'' context.
* p-card (as in CardSpace)
+
* m-card (as in CardSpace)
+
* relationship p-card
+
* relationship m-card
+
  
Any [[Persona]]-class entity may be one of the four classes of cards, perhaps in addition to also being an instance of yet other classes.
+
The attributes of the Person entity in the ''definer'' context are the set of statements that the NTimes wishes to make about Alice in the context of that user's relationship with the NYTimes. Examples might include Alice's subscriber id. These two Person entities are bi-directionally linked with h:correlation links.
  
==== P-Card ====
+
The access control policy of the participant context allows Alice to read and write attributes, and the NYTimes to read them. The access control policy of the ''definer'' context allows Alice to read attributes, and the NYTimes to read and write them.
  
The attributes that define a Persona [[P-Card]] are taken directly from the OASIS IMI specification. An example p-card is shown here:
+
In the user interface (in the Higgins portal) these twin contexts are integrated together and displayed as a single semi-editable view. We discuss attribute integration further in a separate section below.
  
[[Image:Example-pcard.png|center]]
+
=== Attribute Integration ===
  
To keep the example simple only a few representative attributes are shown. These attributes are defined by IMI and define the card-as-container:
+
Both the definer and the participant contexts contain p:Person entities with a set of attributes. These two attribute sets are not necessarily disjoint (i.e. there may be N>1 attributes that are common to both p:Persons). The integration algorithm is as follows:
* p:cardId - an attribute of an IMI personal card. This is an attribute of all [[Card]]s.
+
* For attributes that exist only on one or the other (but not both) of the two interlinked persons, take their values from whichever person entity they are found.
* p:hashSalt - another attribute of an IMI personal card. This is an attribute of all [[Card]]s.
+
* For attributes that exist on both persons, take the values from the person whose containing context's modified date-time is more recent.  
* p:pinDigest - another IMI attribute of an IMI personal card. This attribute is only part of [[P-Card]]s.
+
  
By contrast, these attributes would be considered the claim types of the IMI card:
+
Let's examine this algorithm using an example of Alice's connection to the NYTimes website. The parameters of this connection were defined by NYTimes, specifically, by a NYTimes-minted ConnectionTemplate. The relationship involves two disjoint sets of attributes: the set of attributes for which the definer is authoritative, and the set for which the participant is authoritative. In this example Alice is authoritative over three: her first name, last name, and email address. The NYTimes is authoritative over one: Alice's subscriber id.
* icf:age-18-or-over - this attribute type is being used as a claim as defined by the ICF Claim Catalog
+
* p:eyeColor - this attribute type is being used as a claim. This attribute type is defined by the Persona Data Model and is thus a "private" claim type from the point of view of the ICF and the Information Card ecosystem.
+
* foaf:family_name - an attribute defined by the FOAF vocabulary
+
* foaf:gender = male - another FOAF attribute
+
  
==== M-Card ====
+
Alice plays the role of participant. Alice's PDS's connection viewer/editor reads attributes from both contexts, integrates them according to the algorithm above, and displays a UI showing these all four of these attributes. Since Alice is authoritative over first name, last name and email address, these are displayed using editable UI widgets. Since the NYTimes is authoritative over her subscriber id, this is displayed in a non-editable widget. If Alice updates any values of any of the three editable attributes, these updated values are written into the participant context (and the context's 'modified' timestamp is updated). As described in the next paragraph, the definer context may contain updated values for none, some or all of the attributes over which Alice is authoritative. Thus these attributes may ultimately exist in both contexts. Per the integration algorithm, the UI takes the values of the common attributes from the most recently updated context. If the definer context has been more recently updated, then it reads these Alice-authoritative attributes from the definer context and writes them into the participant context.
  
An IMI managed card while having some attributes in common with p-cards (e.g. cardImage, cardId, etc.) also has some m-card-specific attributes.
+
The NYTimes plays the role of definer. We ignore here the technical details (e.g. network protocols, and/or APIs.) of how this data connection works, and just look at the attribute integration logic. The NTYimes has read/write access to the definer context and read access to the participant context. It can also read the modified date-time values of each. The NYTimes is authoritative over the subscriber id value and under no circumstance (either with the PDS or on the NYTimes site) can Alice update or change this value. The NYTimes writes the value of the subscriber id value into the definer context. However, for the other three attributes over which Alice is authoritative, Alice may update their values on the NYTimes site. If she does, the NYTimes writes the updated values of these 3 attributes into the definer context (and its modified value is updated).
  
This is an attribute of all [[Card]]s.
+
== Website Facade Connections ==
  
==See Also==
+
Until the day when businesses natively support bi-directional data connection APIs and open protocols (e.g. perhaps things built on top of OpenID Connect, etc.) we can create a connection another way. The Higgins PDS project includes an optional browser extension (aka HBX) that can fill attributes from the PDS to the site, and scrape data from the web pages of the site into the user's PDS.
* [[Context Data Model 1.1]]
+
 
 +
The data model to implement this involves only one half of the participant/definer context pair described in the previous section. In this case we instantiate a single participant context of a special kind called a WebsiteFacade. The template for this website facade includes scripts, mapping rules and sometimes custom JavaScript to allow the HBX to read/write attributes from/to the site and update them in the user's ADS account. In addition to being editable using the PDS web client UI, the HBX can execute JavaScript that edits it. See [[Website Facade Connection Example]] for more details.
 +
 
 +
== Supporting Contexts  ==
 +
 
 +
Each regular context (e.g. each of the contexts shown above) has the following links:
 +
 
 +
*0..1 ctxt:template
 +
*0..1 h:control
 +
*1..1 h:vocabulary
 +
 
 +
[[Image:Supporting 2.0.117.png|center]]
 +
 
 +
=== Template Context ===
 +
 
 +
A template context acts as a template for a (non-template) context. It contains information common to all instances instantiated from it. Each non-template context may have up to one associated template context (pointed to by p:template attribute).
 +
 
 +
''ConnectorTemplates'' are templates that describe and govern the relationship between a user and an external party such as a business or a friends's PDS. A ConnectorTemplate describes:
 +
* The set of attributes that each "end" of the relationship (e.g. participant vs. definer) agree to provide
 +
* Vocabulary/schema mapping rules to transform the "other" party's attributes into and out of the persona data model
 +
* In the case of connections to websites (as opposed to web services or other PDSes) it may include scripts (e.g. JavaScript) to read/write to/from the site
 +
* ''Future'': a legal contract (agred to by both parties) that governs how each party's attributes may be used.
 +
 
 +
For more information about templates see [[Template vocabulary]].
 +
 
 +
''AppTemplates'' are templates for instantiated applets (PDS add-ons) that have read (and potentially write) access to a specific set of attributes within the PDS.
 +
 
 +
=== Control Context  ===
 +
 
 +
Each regular context is associated with one "control" context (linked to by h:control). A control context is associated with one regular context. The control context contains meta information including:
 +
 
 +
*date-time when the regular context was created and modified
 +
*access control lists:
 +
**list of parties (currently PDS account ids) that may read the regular context
 +
**list of parties that may write the regular context
 +
**list of parties that may append to the regular context
 +
 
 +
=== Vocabulary Context  ===
 +
 
 +
Each regular context has an h:vocabulary link to a context holding the vocabulary it uses to describe its contents. Multiple regular contexts may the same vocabulary context. The value of this link is usually a reference to the context holding persona.owl (see [[Persona vocabulary]]).
 +
 
 +
== Social Graphs  ==
 +
 
 +
=== h:relation ===
 +
 
 +
[[Higgins Data Model 2.0|HDM]] defines a <code>h:relation</code> complex attribute that is used in PDM to link one <code>Person</code> node to another where each <code>Person</code> node represents a different person. No symmetry is implied in this thus the statement (A <code>h:relation</code> B) is akin to saying person A "knows of" person B.
 +
 
 +
Shown below are two social graph examples. One uses <code>foaf:knows</code> links and and (unrelated to this) shows each node in its own context. The other uses <code>h:relation</code> links and (unrelated) shows all person nodes in a single context. In the Work context we see that the user knows three colleagues but doesn't know how they know one another. In the Home &amp; Family context we see that the user knows two people and that everyone knows one another. The <code>foaf:knows</code> links are shown in both directions although logically this is redundant since <code>foaf:knows</code> is what is a called a symmetric relation.
 +
 
 +
Entities that represent the user are shown in purple. Nodes representing a person other than the user are shown in red.
 +
 
 +
[[Image:Social 2.0.107.png|center]]
 +
 
 +
=== foaf:knows ===
 +
 
 +
To indicate that a person A "knows" person B where some level of reciprocated interaction between the parties is implied, we use foaf:knows.
 +
 
 +
Since foaf:knows is a broader concept than h:relation, foaf:knows is not a sub-attribute of h:relation. Thus if we had the statement "A h:relation B" then we might later add a second statement "A foaf:knows B" to add the stronger, broader (and symmetric) concept of "knowing."
 +
 
 +
=== h:indeterminate ===
 +
 
 +
HDM also defines <code>h:indeterminate</code> link attribute on node A to indicates that its value(s) may or may not represent the same thing as is represented by A.
 +
 
 +
=== Implementation Note ===
 +
 
 +
Consumers of the HDM may traverse <code>h:relation</code>, <code>h:correlation</code> and <code>h:indeterminate</code> attribute links and (despite ignoring all other links) traverse the entire graph of <code>Person</code> nodes.
 +
 
 +
== Inbox Context ==
 +
In order to bootstrap sharing, each PDS user has an inbox context that is globally append-able. This allows users to append invites to other users. See the [[Data Sharing With Alice And Bob]] scenario.
 +
 
 +
== Naming Conventions ==
 +
 
 +
=== Context Naming ===
 +
 
 +
==== User Context Naming ====
 +
 
 +
User contexts inside an ADS are are named according to the following pattern:
 +
 
 +
  <code>http://<servername>/<username>/<context-name></code>
 +
 
 +
If the context is part of a connection context pair then the ''context-name'' uniquely identifies the "other" party in the connection. If the other party is a website then ''context-name'' is the domain name of the site (e.g. "staples.com").
 +
 
 +
Examples wherein servername (PDS/ADS operator) is my.azigo.com:
 +
 
 +
  <code>http://my.azigo.com/ptrevithick/awp</code> - anonymous web profile
 +
  <code>http://my.azigo.com/ptrevithick/staples.com</code> - paul's profile at staples.com
 +
  <code>http://my.azigo.com/ptrevithick/browsing</code> - browsing history
 +
 
 +
==== Reserved Usernames ====
 +
 
 +
Any username with 4 or less characters is reserved. Examples of reserved usernames:
 +
* sys
 +
* root
 +
* blog
 +
 
 +
If the username is 4 or less characters this is the id of a system context (see next section)
 +
 
 +
==== System Context Naming ====
 +
 
 +
  <code>http://<servername>/<reserved-username>/<meta-type>/<context-name></code>
 +
 
 +
The <meta-type> may be one of these values:
 +
* template
 +
* ontology
 +
* data
 +
 
 +
Example
 +
 
 +
  <code>http://my.azigo.com/sys/template/awp</code> - the template for a user's regular "awp" context
 +
  <code>http://my.azigo.com/sys/ontology/tracker-catalog</code>
 +
  <code>http://my.azigo.com/sys/data/trackers</code>
 +
 
 +
=== Entity Naming ===
 +
The entity representing the user in most contexts has a local name of "me".
 +
 
 +
Example:
 +
  If the contextId is http://my.azigo.com/ptrevithick/awp and the local entityId is "me" then
 +
  the fully qualified entityId is:
 +
  http://my.azigo.com/ptrevithick/awp#me
 +
 
 +
== Examples ==
 +
 
 +
Imagine a root context containing a p:Person entity locally named "me". This root node could have h:correlation links pointing to the root "me" entities in two contexts, a web profile context, and a alice-staples context.
 +
 
 +
The web profile context might look like this:
 +
 
 +
[[Image:Webprofile.png|center]]
 +
 
 +
== Attribute Metadata ==
 +
 
 +
To construct a data-driven presentation of the contents of contexts whose data is described using the Persona data model, metadata about the attributes within context are needed. See [[View-builder vocabulary#Cascading_Metadata]] for a discussion of where these metadata attributes are stored (i.e. which context) and how metadata attributes are evaluated when mapping rules are involved.
 +
 
 +
For a given attribute, '''A''', the following metadata attributes (as described in [[Higgins Data Model 2.0#Attribute_Definitions]] (with the exception of ''categories'' which are not used in PDM 2.0)) comprise '''A''''s definition:
 +
 
 +
; UI widget label : This is stored in an internationalized string value of the skos:prefLabel metadata attribute. An example of a UI label might be the string "Zipcode" for the person's postal-code attribute.
 +
; Example value : The example value is the value of the skos:example attribute. For example "name@domain.com" might be an example of an email value.
 +
; Hover/Tooltip text : The string description of the attribute is the value of the skos:description attribute.
 +
; Type : The type of an attribute is the value of the rdf:type attribute
 +
; Allowed values: The allowed values of an attribute is defined by the value of its rdfs:range metadata attribute. An rdfs:range may be an XML schema datatype such as xsd:nonNegativeInteger or it may be object valued in which the value of the rdfs:range attribute is the name of an entity class. If this class is a subclass of p:DiscreteRange, then the allowed values are the rdfs:label values of all instances/members of the class.
 +
; Cardinality : The min..max (inclusive) cardinality of an attribute is specified using owl:minCardinality and owl:maxCardinality. These two meta attributes are properties of a specific class of entity that is the domain of the attribute, not the attribute's own definition. In other words cardinality is expressed within the context of a class/set of individuals.
 +
; Syntax restrictions : We follow the latest OWL2 convensions. The value of the rdfs:range attribute may be rdfs:Datatypes augmented with owl:withRestrictions that include XML Schema facets (e.g. rdf:langRange xsd:length xsd:maxExclusive xsd:maxInclusive xsd:maxLength xsd:minExclusive xsd:minInclusive xsd:minLength xsd:pattern ) as described [http://www.w3.org/TR/owl2-rdf-based-semantics/#Facet_Names here].
 +
 
 +
We have recently introduced a convention that the context id of metadata attribute M must be the same as the context id of A. If the currie form of A is ''ctxt:attname'' then the currie form of '''M''' must have a prefix (i.e. namespace) of ''ctxt''. For example if the attribute is ''fp:postalCode'' then metadata statements about ''fp:postalCode'' must be in the [[Flat Persona vocabulary]] context (fp being a prefix for this vocabulary) along with the definition of ''fp:postalCode'' itself. See also [[View-builder vocabulary]].
 +
 
 +
== Open Issues ==
 +
# To support connector contexts for which a WebsiteFacade is used for the definer side along with its associated JavaScript, it may be useful to add a "date-time-modified" timestamp to every context. This would allow sync operations via a set of N WebsiteFacade JavaScript programs to be decoupled from (and asynchronous to) real-time edit operations by the user. A more sophisticated approach would involve caching as a set of commands (transactions) the changes made to any context and allowing other contexts (well, their associated JavaScript) to subscribe to these transactions.
 +
 
 +
[[Category:Higgins 2]]

Latest revision as of 12:00, 15 August 2014

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

A data model for people and their relationships with other people and businesses. Builds on Higgins Data Model 2.0.

Person entities, attributes, links and contexts

A natural, human person is represented as a graph of p:Person entities (nodes, or vertices) interconnected by links (edges). Each node represents a different facet of the user (person). Each of these facets is held in a separate (graph) container called a Context shown below as a round cornered rectangle.

Each Person entity node is a set of attributes and values. These attributes may be simple literals (e.g. the user's first name) or they may be other entities (which we call complex attributes). These latter attributes are shown in diagrams as links to other entity nodes.

Typically each node in the person graph is located in its own context. The root node lies in a special context (for each user) called the root context.

Root 2.0.128.png

All of the Person entities can be reached by traversing links of the following kinds, (although other links may also exist (e.g. foaf:knows, etc.):

h:correlation
A link from an entity representing person A to (i) an entity that also represents person A or (ii) to an interstitial Proxy whose p:resource link points to an entity that also represents person A
h:relation
A link from an entity representing person A to (i) an entity that represents a person other than person A or (ii) to an interstitial Proxy whose p:resource link points to an entity that represents a person other than person A
h:indeterminate
A link from an entity representing person A to (i) an entity that represents a person that may or may not represent person A or (ii) to an interstitial Proxy whose p:resource link points to an entity that represents a person that may or may not represent person A
proxy:resource
A link from a Proxy to an entity in another context.

Vocabularies

Vocabularies for Describing People

Contexts describe their contents (i.e. person entity attributes) using in the Persona vocabulary which in turn imports the following well known vocabularies (aka ontologies):

...and the following Higgins-defined vocabularies:

Not imported by the Persona vocabulary but recommended where relevant to the developer's problem space:

Supporting Vocabularies

The following vocabularies are used to support the PDS application itself:

  • Flat Persona vocabulary - a flattened, simplified subset useful for querying persona.owl-based data stores
  • Template vocabulary - for describing template contexts that are instantiated as regular contexts. Also uses these vocabularies:
    • View-builder vocabulary - for describing how to hierarchically organize the contents of a context for presentation (e.g. in a UI)
    • App-data vocabulary - for describing active, JavaScript content that is either stored in a template or fetched from an external service
    • Mapping vocabulary - a set of rules used to map between persona.owl and vocabularies used by external sites and services
  • Template-meta vocabulary - metadata about connection templates; used to create a registry of templates
  • Event vocabulary - for describing attribute changed and attribute disclosure events

Proxies

A Proxy is an object that contains a link (proxy:resource) to an entity (usually a Person) in another context. A proxy allows lazy loading (e.g. by user interfaces) of the entity to which it points. The UI code can rapidly load cards and display them visually. Loading of the resource's context can be delayed and/or happen in a background process.

To simplify diagrams of the persona data model we can hide card/proxies by using the following shorthands:

Pdm proxy 2.0.108B.png

For details about proxies see Proxy vocabulary.

Context Issuer/Authority and Access Control

As we've described above, contexts contain person entities each of which is comprised of a set of attributes. Each context has an issuer attribute that indicates whom is authoritative over the entire contents of the context. If the user is named as the issuer of the context then the access control policy allows the user to edit and update the entire contents of the context as they see fit. Contexts for which the user is the issuer are physically located within the PDS--the ADS to be precise). The access control policy is contained within a special control context associated with each (regular) context. For more information about control contexts see the section below on supporting contexts.

Connection Context Pairs

A connection is a relationship between the PDS user and an external site/business or a friend's account on their PDS. There are two sides to these relationships, but not in the usual sense of things. One side is the face that the user wishes to present to the other party. The other side is what the other party says about the person. Each "side" is represented as a p:Person entity. Each p:Person entity lives in its own connection context. Since both p:Person entities are about the same person, the two person entities are interconnected with h:correlation links.

We refer to one of these connection contexts as the definer and the other as participant. In every relationship one party is defining the ground rules for the relationship, and the other is consenting to play within these rules. In a person-to-business relationship the user plays the role of participant, and the business plays the role of definer. In a person-to-person relationship the user could play either role.

The definer-created template that governs the connection relationship identifies which attributes the definer provide (i.e. is authoritative over) v.s. which attributes it requests from the participant (i.e. the participant is authoritative over). However, the actor playing the definer role writes to the definer context and the actor playing the participant role writes to the participant context. As a consequence, any given attribute (whether definer-authoritative or participant-authoritative) may be written either context; or both.

If the user is playing the role of participant, the identifier of the person entity in the participant context is "<contextid>#me" by convention (see the Naming Conventions section below for more details). The id of the person entity in the definer context is a globally unique identifier of the form "<contextid>#localentityid" where localentityid is usually a URI-friendly normalization of the user's username on the external system.

At this point an example might be helpful. Let's take the example of a relationship between the user and the New York Times:

Connection contexts 2.0.107b.png

The attributes of the person entity in the participant context are the set of statements that Alice makes about herself in the context of their relationship with the NYTimes. It is the face or persona that she wishes to present to that business. Examples might include her, first name, last name, email address, home delivery address, etc. Alice can make these statements by directly editing them in the participant context using her PDS client. However, she could also express the same intent by interacting with the NYTimes website directly. If she did so the NYTimes agent would write the updated values of these attributes into the definer context.

The attributes of the Person entity in the definer context are the set of statements that the NTimes wishes to make about Alice in the context of that user's relationship with the NYTimes. Examples might include Alice's subscriber id. These two Person entities are bi-directionally linked with h:correlation links.

The access control policy of the participant context allows Alice to read and write attributes, and the NYTimes to read them. The access control policy of the definer context allows Alice to read attributes, and the NYTimes to read and write them.

In the user interface (in the Higgins portal) these twin contexts are integrated together and displayed as a single semi-editable view. We discuss attribute integration further in a separate section below.

Attribute Integration

Both the definer and the participant contexts contain p:Person entities with a set of attributes. These two attribute sets are not necessarily disjoint (i.e. there may be N>1 attributes that are common to both p:Persons). The integration algorithm is as follows:

  • For attributes that exist only on one or the other (but not both) of the two interlinked persons, take their values from whichever person entity they are found.
  • For attributes that exist on both persons, take the values from the person whose containing context's modified date-time is more recent.

Let's examine this algorithm using an example of Alice's connection to the NYTimes website. The parameters of this connection were defined by NYTimes, specifically, by a NYTimes-minted ConnectionTemplate. The relationship involves two disjoint sets of attributes: the set of attributes for which the definer is authoritative, and the set for which the participant is authoritative. In this example Alice is authoritative over three: her first name, last name, and email address. The NYTimes is authoritative over one: Alice's subscriber id.

Alice plays the role of participant. Alice's PDS's connection viewer/editor reads attributes from both contexts, integrates them according to the algorithm above, and displays a UI showing these all four of these attributes. Since Alice is authoritative over first name, last name and email address, these are displayed using editable UI widgets. Since the NYTimes is authoritative over her subscriber id, this is displayed in a non-editable widget. If Alice updates any values of any of the three editable attributes, these updated values are written into the participant context (and the context's 'modified' timestamp is updated). As described in the next paragraph, the definer context may contain updated values for none, some or all of the attributes over which Alice is authoritative. Thus these attributes may ultimately exist in both contexts. Per the integration algorithm, the UI takes the values of the common attributes from the most recently updated context. If the definer context has been more recently updated, then it reads these Alice-authoritative attributes from the definer context and writes them into the participant context.

The NYTimes plays the role of definer. We ignore here the technical details (e.g. network protocols, and/or APIs.) of how this data connection works, and just look at the attribute integration logic. The NTYimes has read/write access to the definer context and read access to the participant context. It can also read the modified date-time values of each. The NYTimes is authoritative over the subscriber id value and under no circumstance (either with the PDS or on the NYTimes site) can Alice update or change this value. The NYTimes writes the value of the subscriber id value into the definer context. However, for the other three attributes over which Alice is authoritative, Alice may update their values on the NYTimes site. If she does, the NYTimes writes the updated values of these 3 attributes into the definer context (and its modified value is updated).

Website Facade Connections

Until the day when businesses natively support bi-directional data connection APIs and open protocols (e.g. perhaps things built on top of OpenID Connect, etc.) we can create a connection another way. The Higgins PDS project includes an optional browser extension (aka HBX) that can fill attributes from the PDS to the site, and scrape data from the web pages of the site into the user's PDS.

The data model to implement this involves only one half of the participant/definer context pair described in the previous section. In this case we instantiate a single participant context of a special kind called a WebsiteFacade. The template for this website facade includes scripts, mapping rules and sometimes custom JavaScript to allow the HBX to read/write attributes from/to the site and update them in the user's ADS account. In addition to being editable using the PDS web client UI, the HBX can execute JavaScript that edits it. See Website Facade Connection Example for more details.

Supporting Contexts

Each regular context (e.g. each of the contexts shown above) has the following links:

  • 0..1 ctxt:template
  • 0..1 h:control
  • 1..1 h:vocabulary
Supporting 2.0.117.png

Template Context

A template context acts as a template for a (non-template) context. It contains information common to all instances instantiated from it. Each non-template context may have up to one associated template context (pointed to by p:template attribute).

ConnectorTemplates are templates that describe and govern the relationship between a user and an external party such as a business or a friends's PDS. A ConnectorTemplate describes:

  • The set of attributes that each "end" of the relationship (e.g. participant vs. definer) agree to provide
  • Vocabulary/schema mapping rules to transform the "other" party's attributes into and out of the persona data model
  • In the case of connections to websites (as opposed to web services or other PDSes) it may include scripts (e.g. JavaScript) to read/write to/from the site
  • Future: a legal contract (agred to by both parties) that governs how each party's attributes may be used.

For more information about templates see Template vocabulary.

AppTemplates are templates for instantiated applets (PDS add-ons) that have read (and potentially write) access to a specific set of attributes within the PDS.

Control Context

Each regular context is associated with one "control" context (linked to by h:control). A control context is associated with one regular context. The control context contains meta information including:

  • date-time when the regular context was created and modified
  • access control lists:
    • list of parties (currently PDS account ids) that may read the regular context
    • list of parties that may write the regular context
    • list of parties that may append to the regular context

Vocabulary Context

Each regular context has an h:vocabulary link to a context holding the vocabulary it uses to describe its contents. Multiple regular contexts may the same vocabulary context. The value of this link is usually a reference to the context holding persona.owl (see Persona vocabulary).

Social Graphs

h:relation

HDM defines a h:relation complex attribute that is used in PDM to link one Person node to another where each Person node represents a different person. No symmetry is implied in this thus the statement (A h:relation B) is akin to saying person A "knows of" person B.

Shown below are two social graph examples. One uses foaf:knows links and and (unrelated to this) shows each node in its own context. The other uses h:relation links and (unrelated) shows all person nodes in a single context. In the Work context we see that the user knows three colleagues but doesn't know how they know one another. In the Home & Family context we see that the user knows two people and that everyone knows one another. The foaf:knows links are shown in both directions although logically this is redundant since foaf:knows is what is a called a symmetric relation.

Entities that represent the user are shown in purple. Nodes representing a person other than the user are shown in red.

Social 2.0.107.png

foaf:knows

To indicate that a person A "knows" person B where some level of reciprocated interaction between the parties is implied, we use foaf:knows.

Since foaf:knows is a broader concept than h:relation, foaf:knows is not a sub-attribute of h:relation. Thus if we had the statement "A h:relation B" then we might later add a second statement "A foaf:knows B" to add the stronger, broader (and symmetric) concept of "knowing."

h:indeterminate

HDM also defines h:indeterminate link attribute on node A to indicates that its value(s) may or may not represent the same thing as is represented by A.

Implementation Note

Consumers of the HDM may traverse h:relation, h:correlation and h:indeterminate attribute links and (despite ignoring all other links) traverse the entire graph of Person nodes.

Inbox Context

In order to bootstrap sharing, each PDS user has an inbox context that is globally append-able. This allows users to append invites to other users. See the Data Sharing With Alice And Bob scenario.

Naming Conventions

Context Naming

User Context Naming

User contexts inside an ADS are are named according to the following pattern:

  http://<servername>/<username>/<context-name>

If the context is part of a connection context pair then the context-name uniquely identifies the "other" party in the connection. If the other party is a website then context-name is the domain name of the site (e.g. "staples.com").

Examples wherein servername (PDS/ADS operator) is my.azigo.com:

  http://my.azigo.com/ptrevithick/awp - anonymous web profile
  http://my.azigo.com/ptrevithick/staples.com - paul's profile at staples.com
  http://my.azigo.com/ptrevithick/browsing - browsing history

Reserved Usernames

Any username with 4 or less characters is reserved. Examples of reserved usernames:

  • sys
  • root
  • blog

If the username is 4 or less characters this is the id of a system context (see next section)

System Context Naming

  http://<servername>/<reserved-username>/<meta-type>/<context-name>

The <meta-type> may be one of these values:

  • template
  • ontology
  • data

Example

  http://my.azigo.com/sys/template/awp - the template for a user's regular "awp" context
  http://my.azigo.com/sys/ontology/tracker-catalog
  http://my.azigo.com/sys/data/trackers

Entity Naming

The entity representing the user in most contexts has a local name of "me".

Example:

 If the contextId is http://my.azigo.com/ptrevithick/awp and the local entityId is "me" then
 the fully qualified entityId is:
 http://my.azigo.com/ptrevithick/awp#me

Examples

Imagine a root context containing a p:Person entity locally named "me". This root node could have h:correlation links pointing to the root "me" entities in two contexts, a web profile context, and a alice-staples context.

The web profile context might look like this:

Webprofile.png

Attribute Metadata

To construct a data-driven presentation of the contents of contexts whose data is described using the Persona data model, metadata about the attributes within context are needed. See View-builder vocabulary#Cascading_Metadata for a discussion of where these metadata attributes are stored (i.e. which context) and how metadata attributes are evaluated when mapping rules are involved.

For a given attribute, A, the following metadata attributes (as described in Higgins Data Model 2.0#Attribute_Definitions (with the exception of categories which are not used in PDM 2.0)) comprise A's definition:

UI widget label 
This is stored in an internationalized string value of the skos:prefLabel metadata attribute. An example of a UI label might be the string "Zipcode" for the person's postal-code attribute.
Example value 
The example value is the value of the skos:example attribute. For example "name@domain.com" might be an example of an email value.
Hover/Tooltip text 
The string description of the attribute is the value of the skos:description attribute.
Type 
The type of an attribute is the value of the rdf:type attribute
Allowed values
The allowed values of an attribute is defined by the value of its rdfs:range metadata attribute. An rdfs:range may be an XML schema datatype such as xsd:nonNegativeInteger or it may be object valued in which the value of the rdfs:range attribute is the name of an entity class. If this class is a subclass of p:DiscreteRange, then the allowed values are the rdfs:label values of all instances/members of the class.
Cardinality 
The min..max (inclusive) cardinality of an attribute is specified using owl:minCardinality and owl:maxCardinality. These two meta attributes are properties of a specific class of entity that is the domain of the attribute, not the attribute's own definition. In other words cardinality is expressed within the context of a class/set of individuals.
Syntax restrictions 
We follow the latest OWL2 convensions. The value of the rdfs:range attribute may be rdfs:Datatypes augmented with owl:withRestrictions that include XML Schema facets (e.g. rdf:langRange xsd:length xsd:maxExclusive xsd:maxInclusive xsd:maxLength xsd:minExclusive xsd:minInclusive xsd:minLength xsd:pattern ) as described here.

We have recently introduced a convention that the context id of metadata attribute M must be the same as the context id of A. If the currie form of A is ctxt:attname then the currie form of M must have a prefix (i.e. namespace) of ctxt. For example if the attribute is fp:postalCode then metadata statements about fp:postalCode must be in the Flat Persona vocabulary context (fp being a prefix for this vocabulary) along with the definition of fp:postalCode itself. See also View-builder vocabulary.

Open Issues

  1. To support connector contexts for which a WebsiteFacade is used for the definer side along with its associated JavaScript, it may be useful to add a "date-time-modified" timestamp to every context. This would allow sync operations via a set of N WebsiteFacade JavaScript programs to be decoupled from (and asynchronous to) real-time edit operations by the user. A more sophisticated approach would involve caching as a set of commands (transactions) the changes made to any context and allowing other contexts (well, their associated JavaScript) to subscribe to these transactions.

Back to the top