Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "Persona Data Model 2.0"

(The meta context's and the Persona graph)
m
Line 1: Line 1:
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}} [[Image:Higgins logo 76Wx100H.jpg|right]] This data model is based on [[Higgins Data Model 2.0]]. It used by [[Personal Data Store 2.0]] (i.e. [[Attribute Service 2.0]] and [[IdAS Proxy Service 2.0]]) and will likely be used by future Higgins web services (e.g. future versions of [[I-Card Service 2.0]]).
+
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
  
== Introduction  ==
+
A data model for people and their relationships with other people and businesses. Builds on [[Higgins Data Model 2.0]].
  
The [[Persona Data Model 1.1]] is a model a person's personal information. It is based on the [[Higgins Data Model 1.1]]. The person in question is referred to in the following as the user.
+
== Person entities, attributes, links and contexts  ==
  
=== Restrictions on CDM 2.0 EntityIds ===
+
A natural, human person is represented as a graph of <code>p:Person</code> [[Entity|entities]] (nodes, or vertices) interconnected by links (edges). Each node represents a different facet of the user (person). Each of these facets is held in a separate (graph) container called a [[Context]] shown below as a round cornered rectangle.  
  
The PDM 2.0 uses a slightly restricted set of the full capabilities of CDM 2.0. The restriction is in the area of [[EntityId]]s. PDM 2.0 adds the following constraints:
+
Each Person entity node is a set of attributes and values. These attributes may be ''simple'' literals (e.g. the user's first name) or they may be other entities (which we call ''complex'' attributes). These latter attributes are shown in diagrams as links to other entity nodes.
# All entityIds MUST be URIs
+
# All entityId values MUST be Linked Data URIs or XRI 3.0 URIs as we expect XRI 3.0 to be defined
+
# All entityIds within a given context MUST be either (a) relative to a "base" URI of the context or (b) absolute
+
# Whether or not an entityID is relative or absolute MUST be able to be determined by inspection of its syntax
+
# Absolute entityIds MAY be globally resolvable
+
# Globally resolvable entityIds resolve to an entity (resource description) within exactly one context
+
  
=== The meta context's and the Persona graph  ===
+
Typically each node in the person graph is located in its own context. The root node lies in a special context (for each user) called the ''root'' context.
  
The user's data is represented as a directed acyclic graph of [[Entity]] nodes interconnected by <code>h:correlation</code> or <code>foaf:knows</code> links. The root of this graph (as well as possibly some other nodes) lies in a special context (for each user) called the ''meta'' context. By convention entities in this meta context are of class <code>Persona</code> and all have a <code>persona:personaLabel</code> attribute. Note: Nodes may also have links to other entities using link types other than <code>h:correlation</code> or <code>foaf:knows</code>, however, these links are ''not'' considered part of the Persona graph. The Persona graph is ''distributed''since the entity nodes may live in multiple [[Context]]s that may be physically located anywhere on the Internet. We use the term node to mean an entity that is the source or target of a <code>h:correlation</code> link (binary relation).
+
[[Image:Root 2.0.128.png|center]]
  
An example graph (showing only <code>h:correlation</code> links:  
+
All of the Person entities can be reached by traversing links of the following kinds, (although other links may also exist (e.g. <code>foaf:knows</code>, etc.):  
  
[[Image:Alice-meta-graph-v3.png|center]]
+
;<code>h:correlation</code>: A link from an entity representing person A to (i) an entity that also represents person A or (ii) to an interstitial Proxy whose <code>p:resource</code> link points to an entity that also represents person A
 +
;<code>h:relation</code>: A link from an entity representing person A to (i) an entity that represents a person other than person A or (ii) to an interstitial Proxy whose <code>p:resource</code> link points to an entity that represents a person other than person A
 +
;<code>h:indeterminate</code>: A link from an entity representing person A to (i) an entity that represents a person that may or may not represent person A or (ii) to an interstitial Proxy whose <code>p:resource</code> link points to an entity that represents a person that may or may not represent person A
 +
;<code>proxy:resource</code>: A link from a Proxy to an entity in another context.
  
There are seven nodes in the Persona graph. We follow a convention that the name of the containing context follows the "ex:" and precedes the "-". Thus "ex:Meta-Alice_at_Home" is Persona node in the "Meta" context. For clarity the attributes of the nodes have been omitted.
+
== Vocabularies ==
  
The semantics of the <code>h:correlation</code> link are important. As defined in the [[Higgins Data Model 2.0]] it is statement that, at least to some human observer that made the statement, the source and target of this link are believed to be alternative representations of the same real world person or object. A single, natural person would be represented by different entity nodes in different contexts. This linkage does not presume that the entire set of attributes across these nodes, if they were brought together and combined, is necessarily logically consistent. Further, the entity source (domain) of the h:correlation relation is often within a more privacy-privileged context than the target (range) of the link. Thus the directed nature of the link is important.
+
=== Vocabularies for Describing People ===
 +
Contexts describe their contents (i.e. person entity attributes) using in the [[Persona vocabulary]] which in turn imports the following well known vocabularies (aka ontologies):
 +
* [[VCard vocabulary usage]]
 +
* [[GeoLocation vocabulary usage]]
 +
* [[FOAF vocabulary usage]]
  
=== Personas and correlations  ===
+
...and the following Higgins-defined vocabularies:
 +
* [[Context vocabulary]]
 +
* [[Proxy vocabulary]]
 +
* [[Higgins Data Model 2.0]]
  
The persona nodes in the meta context represent personal information about the user that is relevant across multiple interaction contexts. The <code>h:correlation</code> links emanating from persona nodes in the meta context to entities in different contexts express the concept that these referenced entities are contextualized, partial manifestations of the user. For example, to represent what Alice says about herself in the context of shopping at Amazon.com we use an entity with attributes in the amazon context. To represent what Alice says about herself in the context of buying a ticket on orbitz.com we use another entity. And to represent that these two entities are both about what to Alice is the same person, we use a persona node pointing with correlation links to each of these two respective entities.
+
Not imported by the [[Persona vocabulary]] but recommended where relevant to the developer's problem space:
 +
* [[OpenSocial2 vocabulary]] - additional social Person attributes, Messages, Organization etc.
 +
* [[SchemaOrg vocabulary]] - additional attributes for Person, Organization, Place, Event
 +
* [[Payment vocabulary]] - credit cards, products purchased, etc.
 +
* [[Interest vocabulary]] - general interests - subclasses of online-behavior:InterestTopic
 +
* [[I-Card vocabulary]] - OASIS IMI InfoCard cards
 +
* [[Places vocabulary]] - a database of cities, regions, countries
  
The semantics of a correlation link is closer to association than aggregation. It is about equivalence as it would be seen by a human observer. Alice, for example, would understand that the two entities are described above are about her. Yet the semantics of <code>h:correlation</code> isn't necessarily strictly logical. The ontologies in the two contexts may be such that each of the two representations cannot be merged and remain logically consistent. For this reason higgins does not use <code>owl:sameAs</code> which does imply this ability to directly merge representations.
+
=== Supporting Vocabularies ===
  
The persona entities in the meta context represent personas or roles of a person that are consistent across multiple narrower contexts. For example a regular (non-Persona) entity might represent Alice as an eBay seller in an eBay context. By contrast, a cross-contextual (or meta-contextual) persona entity that represents Alice across multiple contexts would live in Alice's meta context.
+
The following vocabularies are used to support the PDS application itself:
  
In the example above Alice has three personas below the root. One is about the "work" Alice, one is about the "home" Alice and the third doesn't fall neatly within either of those two classifications. The vCard schema has attributes that describe both work and home roles, so Alice's vCard isn't "under" the home or work personas.
+
* [[Flat Persona vocabulary]] - a flattened, simplified subset useful for querying persona.owl-based data stores
 +
* [[Template vocabulary]] - for describing ''template'' contexts that are instantiated as ''regular'' contexts. Also uses these vocabularies:
 +
** [[View-builder vocabulary]] - for describing how to hierarchically organize the contents of a context for presentation (e.g. in a UI)
 +
** [[App-data vocabulary]] - for describing active, JavaScript content that is either stored in a template or fetched from an external service
 +
** [[Mapping vocabulary]] - a set of rules used to map between persona.owl and vocabularies used by external sites and services
 +
* [[Template-meta vocabulary]] - metadata about connection templates; used to create a registry of templates
 +
* [[Event vocabulary]] - for describing attribute changed and attribute disclosure events
  
== Component Ontologies ==
+
== Proxies ==
  
The PDM 2.0 is defined by these ontologies:
+
A Proxy is an object that contains a link (proxy:resource) to an entity (usually a Person) in another context. A proxy allows lazy loading (e.g. by user interfaces) of the entity to which it points. The UI code can rapidly load cards and display them visually. Loading of the resource's context can be delayed and/or happen in a background process.
  
*persona - defined by Higgins
+
To simplify diagrams of the persona data model we can hide card/proxies by using the following shorthands:
*i-card - defined by Higgins
+
  
And builds on these ontologies:
+
[[Image:Pdm proxy 2.0.108B.png|center]]
  
*higgins (h) - defined by Higgins (see [[Higgins Data Model 2.0]])
+
For details about proxies see [[Proxy vocabulary]].
*vCard - the [http://www.w3.org/TR/vcard-rdf/ W3c's most recent recommended RDF/OWL representation] of the IETF vCard format.
+
** PDM 2.0 makes one tweak: telephone numbers are encoded using the tel: URI scheme instead of as strings.
+
** Note: PDM 2.0 Persona nodes are not explicitly typed as instances of the VCard class, but this is logically inferred.
+
*FOAF - friend of a friend ontology
+
  
As shown visually here:
+
== Context Issuer/Authority and Access Control ==
 +
As we've described above, contexts contain person entities each of which is comprised of a set of attributes. Each context has an ''issuer'' attribute that indicates whom is authoritative over the entire contents of the context. If the user is named as the ''issuer'' of the context then the access control policy allows the user to edit and update the entire contents of the context as they see fit. Contexts for which the user is the issuer are physically located within the PDS--the ADS to be precise). The access control policy is contained within a special ''control'' context associated with each (regular) context. For more information about control contexts see the section below on supporting contexts.
  
[[Image:Persona-imports3.png|center]]
+
== Connection Context Pairs ==
  
Where:  
+
A connection is a relationship between the PDS user and an external site/business or a friend's account on their PDS. There are two sides to these relationships, but not in the usual sense of things. One side is the face that the user wishes to present to the other party. The other side is what the other party says about the person. Each "side" is represented as a p:Person entity. Each p:Person entity lives in its own ''connection'' context. Since both p:Person entities are about the same person, the two person entities are interconnected with h:correlation links.
  
*"p" == [[Persona Data Model 2.0]] (persona.owl, rcard.owl, icard.owl)
+
We refer to one of these ''connection'' contexts as the ''definer'' and the other as ''participant''. In every relationship one party is defining the ground rules for the relationship, and the other is consenting to play within these rules. In a person-to-business relationship the user plays the role of participant, and the business plays the role of definer. In a person-to-person relationship the user could play either role.  
*"h" == [[Higgins Data Model 2.0]] (higgins.owl)
+
  
== Persona Ontology ==
+
The definer-created template that governs the connection relationship identifies which attributes the definer provide (i.e. is authoritative over) v.s. which attributes it requests from the participant (i.e. the participant is authoritative over). However, the actor playing the definer role writes to the definer context and the actor playing the participant role writes to the participant context. As a consequence, any given attribute (whether definer-authoritative or participant-authoritative) may be written either context; or both. 
  
=== UML Class Diagram ===
+
If the user is playing the role of participant, the identifier of the person entity in the participant context is "<contextid>#me" by convention (see the Naming Conventions section below for more details). The id of the person entity in the definer context is a ''globally'' unique identifier of the form "<contextid>#localentityid" where localentityid is usually a URI-friendly normalization of the user's username on the external system.
  
[[Image:PDM-UML-class-diagram.png|center]]
+
At this point an example might be helpful. Let's take the example of a relationship between the user and the New York Times:
  
 +
[[Image:Connection contexts 2.0.107b.png|center]]
  
=== Classes ===
+
The attributes of the person entity in the ''participant'' context are the set of statements that Alice makes about herself in the context of their relationship with the NYTimes. It is the face or persona that she wishes to present to that business. Examples might include her, first name, last name, email address, home delivery address, etc. Alice can make these statements by directly editing them in the ''participant'' context using her PDS client. However, she could also express the same intent by interacting with the NYTimes website directly. If she did so the NYTimes agent would write the updated values of these attributes into the ''definer'' context.
  
*<code>Account</code>: Account identifier; may also contain credentials
+
The attributes of the Person entity in the ''definer'' context are the set of statements that the NTimes wishes to make about Alice in the context of that user's relationship with the NYTimes. Examples might include Alice's subscriber id. These two Person entities are bi-directionally linked with h:correlation links.
*<code>Contactable</code>: A Persona that can be reached either for payment or for receipt of a letter or bill. Subclass of <code>Persona</code>
+
**1..1 <code>vcard:n</code>
+
**1..1 <code>vcard:adr</code>
+
**0..1 <code>receivableAdr</code>
+
**0..1 <code>vcard:org</code>
+
*<code>PaymentMethod</code>
+
  
*<code>Persona</code>: A contextualized aspect of a person.  
+
The access control policy of the participant context allows Alice to read and write attributes, and the NYTimes to read them. The access control policy of the ''definer'' context allows Alice to read attributes, and the NYTimes to read and write them.
**0..1 <code>account</code>
+
**0..1 <code>daytimePhone</code>
+
**1..1 <code>personaDisplayLabel</code>
+
**0..1 <code>vcard:n</code>
+
*<code>ReceivableAddress</code>: vCard Address with no P.O. box. Subclass of vcard:Address
+
  
<code>PaymentMethod</code> subclasses:
+
In the user interface (in the Higgins portal) these twin contexts are integrated together and displayed as a single semi-editable view. We discuss attribute integration further in a separate section below.
*<code>ByBankTransferInAdvance</code>
+
*<code>Cash</code>
+
*<code>CheckinAdvance</code>
+
*<code>COD</code>
+
*<code>CreditCard</code>
+
**1..1 <code>ccCid</code>
+
**1..1 <code>ccExpiration</code>
+
**1..1 <code>ccNumber</code>
+
*<code>DirectDebit</code>
+
*<code>PayPal</code>
+
  
<code>CreditCard</code> subclasses:
+
=== Attribute Integration ===
*<code>AMEX</code>
+
*<code>DinersClub</code>
+
*<code>Discover</code>
+
*<code>MasterCard</code>
+
*<code>VISA</code>
+
  
=== DataRanges ===
+
Both the definer and the participant contexts contain p:Person entities with a set of attributes. These two attribute sets are not necessarily disjoint (i.e. there may be N>1 attributes that are common to both p:Persons). The integration algorithm is as follows:
 +
* For attributes that exist only on one or the other (but not both) of the two interlinked persons, take their values from whichever person entity they are found.
 +
* For attributes that exist on both persons, take the values from the person whose containing context's modified date-time is more recent.
  
*<code>telephoneURI</code>: a telephone number in tel: URI syntax
+
Let's examine this algorithm using an example of Alice's connection to the NYTimes website. The parameters of this connection were defined by NYTimes, specifically, by a NYTimes-minted ConnectionTemplate. The relationship involves two disjoint sets of attributes: the set of attributes for which the definer is authoritative, and the set for which the participant is authoritative. In this example Alice is authoritative over three: her first name, last name, and email address. The NYTimes is authoritative over one: Alice's subscriber id.
  
=== Simple Attributes ===
+
Alice plays the role of participant. Alice's PDS's connection viewer/editor reads attributes from both contexts, integrates them according to the algorithm above, and displays a UI showing these all four of these attributes. Since Alice is authoritative over first name, last name and email address, these are displayed using editable UI widgets. Since the NYTimes is authoritative over her subscriber id, this is displayed in a non-editable widget. If Alice updates any values of any of the three editable attributes, these updated values are written into the participant context (and the context's 'modified' timestamp is updated). As described in the next paragraph, the definer context may contain updated values for none, some or all of the attributes over which Alice is authoritative. Thus these attributes may ultimately exist in both contexts. Per the integration algorithm, the UI takes the values of the common attributes from the most recently updated context. If the definer context has been more recently updated, then it reads these Alice-authoritative attributes from the definer context and writes them into the participant context.
  
*<code>authority (xsd:string)</code>: The authority that operates the containing context. E.g. the issuer of security tokens about entities in this context.  
+
The NYTimes plays the role of definer. We ignore here the technical details (e.g. network protocols, and/or APIs.) of how this data connection works, and just look at the attribute integration logic. The NTYimes has read/write access to the definer context and read access to the participant context. It can also read the modified date-time values of each. The NYTimes is authoritative over the subscriber id value and under no circumstance (either with the PDS or on the NYTimes site) can Alice update or change this value. The NYTimes writes the value of the subscriber id value into the definer context. However, for the other three attributes over which Alice is authoritative, Alice may update their values on the NYTimes site. If she does, the NYTimes writes the updated values of these 3 attributes into the definer context (and its modified value is updated).
*<code>ccCid (xsd:string): </code>
+
*<code>ccExpiration (xsd:date): </code>
+
*<code>ccNumber (xsd:string): </code>
+
*<code>eyeColor (xsd:string) oneOf(green, blue, brown): </code>
+
*<code>password (xsd:string): </code>
+
*<code>personaDisplayLabel (xsd:string): </code>
+
*<code>username (xsd:string): </code>
+
  
=== Complex Attributes ===
+
== Website Facade Connections ==
  
*<code>account (Account)</code>: Value is an instance of <code>Account</code>
+
Until the day when businesses natively support bi-directional data connection APIs and open protocols (e.g. perhaps things built on top of OpenID Connect, etc.) we can create a connection another way. The Higgins PDS project includes an optional browser extension (aka HBX) that can fill attributes from the PDS to the site, and scrape data from the web pages of the site into the user's PDS.
*<code>billing (Contactable)</code>: Billing persona. A persona capable of receiving and paying bills.  
+
*<code>knows (Persona)</code>: A person known by this person (indicating some level of reciprocated interaction between the parties).  
+
*<code>otherPhone (telephoneURI)</code>: An alternative telephone number.  
+
*<code>paymentMethod (PaymentMethod)</code>: Payment method.  
+
*<code>receivableAdr (ReceivableAddress): </code>
+
*<code>receiving (Contactable):</code>
+
  
=== Contexts  ===
+
The data model to implement this involves only one half of the participant/definer context pair described in the previous section. In this case we instantiate a single participant context of a special kind called a WebsiteFacade. The template for this website facade includes scripts, mapping rules and sometimes custom JavaScript to allow the HBX to read/write attributes from/to the site and update them in the user's ADS account. In addition to being editable using the PDS web client UI, the HBX can execute JavaScript that edits it. See [[Website Facade Connection Example]] for more details.
  
==== Required Context Attributes ====
+
== Supporting Contexts  ==
  
In the [[Higgins Data Model 1.1]] all Context attributes are optional. However in [[Persona Data Model 2.0]] we have this requirement:  
+
Each regular context (e.g. each of the contexts shown above) has the following links:  
  
*All contexts that are made available by a third party (e.g. the government, a bank, etc.) MUST have a <code>p:authority</code> attribute whose value is the domain name of that third party. If the context is self-asserted (even if it is made available by a so-called "fourth party") then this attribute MUST NOT be present.  
+
*0..1 ctxt:template
 +
*0..1 h:control
 +
*1..1 h:vocabulary
  
If this attribute is not present this indicates that the context contains self-asserted information (information directly asserted by the user). If it is present its value is the name of the domain that is the authority that manages the entities in this context. In reality the situation is much more complex. An authority (e.g. the gmail.com domain) manages entities that are a person's contact list, yet the person is the one who typed in the values. [[R-Card]]s allow attribute-level access control to a single entity, and the user may well be allowed to edit and update some attributes of an entity. Nevertheless, it is useful to have a single context-level authority attribute string that can differentiate between a person's entry in gmail vs. their profile in facebook.com or some enterprise directory.
+
[[Image:Supporting 2.0.117.png|center]]  
  
=== Concept Scheme ===
+
=== Template Context ===
  
The attributes defined in the PDM have attribute annotations that specify where the attribute lies within the following concept scheme:
+
A template context acts as a template for a (non-template) context. It contains information common to all instances instantiated from it. Each non-template context may have up to one associated template context (pointed to by p:template attribute).
  
[[Image:Conceptsv5.png|center]]
+
''ConnectorTemplates'' are templates that describe and govern the relationship between a user and an external party such as a business or a friends's PDS. A ConnectorTemplate describes:
 +
* The set of attributes that each "end" of the relationship (e.g. participant vs. definer) agree to provide
 +
* Vocabulary/schema mapping rules to transform the "other" party's attributes into and out of the persona data model
 +
* In the case of connections to websites (as opposed to web services or other PDSes) it may include scripts (e.g. JavaScript) to read/write to/from the site
 +
* ''Future'': a legal contract (agred to by both parties) that governs how each party's attributes may be used.  
  
Which is represented as:
+
For more information about templates see [[Template vocabulary]].
  
[[Image:Persona-concept-hierarchy.png|center]]
+
''AppTemplates'' are templates for instantiated applets (PDS add-ons) that have read (and potentially write) access to a specific set of attributes within the PDS.
  
Note: see [[Higgins Data Model 1.1]] for more information on concept schemes.
+
=== Control Context  ===
  
=== Proposed Extensions ===
+
Each regular context is associated with one "control" context (linked to by h:control). A control context is associated with one regular context. The control context contains meta information including:
  
* [[Persona Account History]]
+
*date-time when the regular context was created and modified
 +
*access control lists:
 +
**list of parties (currently PDS account ids) that may read the regular context
 +
**list of parties that may write the regular context
 +
**list of parties that may append to the regular context
  
=== Use Cases ===
+
=== Vocabulary Context  ===
  
* [[Data Sharing With Alice And Bob]]
+
Each regular context has an h:vocabulary link to a context holding the vocabulary it uses to describe its contents. Multiple regular contexts may the same vocabulary context. The value of this link is usually a reference to the context holding persona.owl (see [[Persona vocabulary]]).
* [[Activity Streams In Persona]]
+
  
== I-Card Ontology (icard.owl) ==
+
== Social Graphs ==
  
Information Card (aka i-card) technology is defined by the OASIS IMI TC. It is a standard way to represent a person's digital identities using a card metaphor, XML card formats, and associated SOAP and HTTP network protocols. See also [[I-Card]].
+
=== h:relation ===
  
Before we introduce the I-Card classes, remember that in CDM multiple inheritance is allowed: any single entity may be a member of multiple classes simultaneously. In this section we leverage this characteristic.  
+
[[Higgins Data Model 2.0|HDM]] defines a <code>h:relation</code> complex attribute that is used in PDM to link one <code>Person</code> node to another where each <code>Person</code> node represents a different person. No symmetry is implied in this thus the statement (A <code>h:relation</code> B) is akin to saying person A "knows of" person B.  
  
First we define an abstract class called <code>I-Card</code> that is a subclass of h:Context. This captures the common attributes across the sub-classes defined below. These common attributes include:  
+
Shown below are two social graph examples. One uses <code>foaf:knows</code> links and and (unrelated to this) shows each node in its own context. The other uses <code>h:relation</code> links and (unrelated) shows all person nodes in a single context. In the Work context we see that the user knows three colleagues but doesn't know how they know one another. In the Home &amp; Family context we see that the user knows two people and that everyone knows one another. The <code>foaf:knows</code> links are shown in both directions although logically this is redundant since <code>foaf:knows</code> is what is a called a symmetric relation.
  
*<code>cardId (xsd:string)</code> - a unique identifier for the card
+
Entities that represent the user are shown in purple. Nodes representing a person other than the user are shown in red.  
*<code>image</code> - an image bitmap for the background of the card when it is displayed
+
*... and many others.
+
  
These two sub-classes of [[I-Card]] are defined:
+
[[Image:Social 2.0.107.png|center]]
  
* <code>P-Card</code> - an OASIS IMI Personal card
+
=== foaf:knows ===
* <code>M-Card</code> - an OASIS IMI Managed card
+
  
And lastly by adding a special resource-udr attribute either of the above can become an [[R-Card]]. The following classes are ''inferred'' by the presence of this attribute on their respective base classes:
+
To indicate that a person A "knows" person B where some level of reciprocated interaction between the parties is implied, we use foaf:knows.  
  
*Personal relationship card (aka r-card)
+
Since foaf:knows is a broader concept than h:relation, foaf:knows is not a sub-attribute of h:relation. Thus if we had the statement "A h:relation B" then we might later add a second statement "A foaf:knows B" to add the stronger, broader (and symmetric) concept of "knowing."
*Managed r-card
+
  
Any [[Persona]]-class entity may be one (or two) of these classes of cards, perhaps in addition to also being an instance of yet other classes.
+
=== h:indeterminate ===
  
=== P-Card  ===
+
HDM also defines <code>h:indeterminate</code> link attribute on node A to indicates that its value(s) may or may not represent the same thing as is represented by A.
  
The attributes that define a personal card are taken directly from the OASIS IMI specification. An example p-card is shown here:
+
=== Implementation Note ===
  
[[Image:Personal-i-card-example.png|center]]
+
Consumers of the HDM may traverse <code>h:relation</code>, <code>h:correlation</code> and <code>h:indeterminate</code> attribute links and (despite ignoring all other links) traverse the entire graph of <code>Person</code> nodes.
  
=== M-Card  ===
+
== Inbox Context ==
 +
In order to bootstrap sharing, each PDS user has an inbox context that is globally append-able. This allows users to append invites to other users. See the [[Data Sharing With Alice And Bob]] scenario.
  
An IMI managed card is represented by the M-Card class, a sub-class of the Context class. 
+
== Naming Conventions ==
  
Shown below is an example of an instance of an m-card. For simplicity this m-card has only a single supported claim, "LastName". The entity shown in the center of the card is a cache of what is returned by the STS in response to a request for a display token.
+
=== Context Naming ===
  
[[Image:M-card-explained.png|center]]
+
==== User Context Naming ====
  
Note: There is an error in the above diagram the DisplayTokenEntity should have been modeled in the Persona data model (thus identity:surname would have been transformed into its equivalent in PDM.
+
User contexts inside an ADS are are named according to the following pattern:
  
=== Personal R-Card  ===
+
  <code>http://<servername>/<username>/<context-name></code>
  
From a structural point of view, the presence of the resource-udr claim on a [[P-Card]] or an [[M-Card]] makes it be considered an [[R-Card]]. Here is an example of a personal [[R-Card]]:  
+
If the context is part of a connection context pair then the ''context-name'' uniquely identifies the "other" party in the connection. If the other party is a website then ''context-name'' is the domain name of the site (e.g. "staples.com").
 +
 
 +
Examples wherein servername (PDS/ADS operator) is my.azigo.com:
  
[[Image:Example-r-pcard-v2.png|center]]
+
  <code>http://my.azigo.com/ptrevithick/awp</code> - anonymous web profile
 +
  <code>http://my.azigo.com/ptrevithick/staples.com</code> - paul's profile at staples.com
 +
  <code>http://my.azigo.com/ptrevithick/browsing</code> - browsing history
  
ERRATA: the above image is incorrect for PDM 2.0. As above the card is a context. The entity (in this case referenced by the value of the resource_udr claim) would be a free standing Persona entity (as above) and described in the PDM 1.1 model.
+
==== Reserved Usernames ====
  
=== Managed R-Card  ===
+
Any username with 4 or less characters is reserved. Examples of reserved usernames:
 +
* sys
 +
* root
 +
* blog
  
The final type of card is the managed r-card. The presence of the resource-udr claim makes an ordinary [[M-Card]] into an [[R-Card]]. Here is an example of a managed [[R-Card]]:
+
If the username is 4 or less characters this is the id of a system context (see next section)
  
[[Image:Managed-r-card.png|center]]
+
==== System Context Naming ====
  
ERRATA: The image above needs to be replaced.
+
  <code>http://<servername>/<reserved-username>/<meta-type>/<context-name></code>
  
=== More about R-Cards  ===
+
The <meta-type> may be one of these values:
 +
* template
 +
* ontology
 +
* data
  
For more details about R-Cards see [[R-Card]].
+
Example
  
=== Card Axioms  ===
+
  <code>http://my.azigo.com/sys/template/awp</code> - the template for a user's regular "awp" context
 +
  <code>http://my.azigo.com/sys/ontology/tracker-catalog</code>
 +
  <code>http://my.azigo.com/sys/data/trackers</code>
  
#For any [[M-Card]]: The ''value'' of any of the above "supported" claims attributes is considered to be a cache of the most recent value of these claims as fetched from the m-card's STS
+
=== Entity Naming ===
 +
The entity representing the user in most contexts has a local name of "me".
  
== See Also  ==
+
Example:
 +
  If the contextId is http://my.azigo.com/ptrevithick/awp and the local entityId is "me" then
 +
  the fully qualified entityId is:
 +
  http://my.azigo.com/ptrevithick/awp#me
  
*[[Higgins Data Model 2.0]]  
+
== Examples ==
*[[Context Data Model 2.0]]  
+
 
*[[R-Card]] - details of the [[Persona Data Model 1.1]] relating to r-cards.  
+
Imagine a root context containing a p:Person entity locally named "me". This root node could have h:correlation links pointing to the root "me" entities in two contexts, a web profile context, and a alice-staples context.
*[[Parallel CardSync and XDI Channels]]
+
 
 +
The web profile context might look like this:
 +
 
 +
[[Image:Webprofile.png|center]]
 +
 
 +
== Attribute Metadata ==
 +
 
 +
To construct a data-driven presentation of the contents of contexts whose data is described using the Persona data model, metadata about the attributes within context are needed. See [[View-builder vocabulary#Cascading_Metadata]] for a discussion of where these metadata attributes are stored (i.e. which context) and how metadata attributes are evaluated when mapping rules are involved.
 +
 
 +
For a given attribute, '''A''', the following metadata attributes (as described in [[Higgins Data Model 2.0#Attribute_Definitions]] (with the exception of ''categories'' which are not used in PDM 2.0)) comprise '''A''''s definition:
 +
 
 +
; UI widget label : This is stored in an internationalized string value of the skos:prefLabel metadata attribute. An example of a UI label might be the string "Zipcode" for the person's postal-code attribute.
 +
; Example value : The example value is the value of the skos:example attribute. For example "name@domain.com" might be an example of an email value.
 +
; Hover/Tooltip text : The string description of the attribute is the value of the skos:description attribute.
 +
; Type : The type of an attribute is the value of the rdf:type attribute
 +
; Allowed values: The allowed values of an attribute is defined by the value of its rdfs:range metadata attribute. An rdfs:range may be an XML schema datatype such as xsd:nonNegativeInteger or it may be object valued in which the value of the rdfs:range attribute is the name of an entity class. If this class is a subclass of p:DiscreteRange, then the allowed values are the rdfs:label values of all instances/members of the class.
 +
; Cardinality : The min..max (inclusive) cardinality of an attribute is specified using owl:minCardinality and owl:maxCardinality. These two meta attributes are properties of a specific class of entity that is the domain of the attribute, not the attribute's own definition. In other words cardinality is expressed within the context of a class/set of individuals.
 +
; Syntax restrictions : We follow the latest OWL2 convensions. The value of the rdfs:range attribute may be rdfs:Datatypes augmented with owl:withRestrictions that include XML Schema facets (e.g. rdf:langRange xsd:length xsd:maxExclusive xsd:maxInclusive xsd:maxLength xsd:minExclusive xsd:minInclusive xsd:minLength xsd:pattern ) as described [http://www.w3.org/TR/owl2-rdf-based-semantics/#Facet_Names here].
 +
 
 +
We have recently introduced a convention that the context id of metadata attribute M must be the same as the context id of A. If the currie form of A is ''ctxt:attname'' then the currie form of '''M''' must have a prefix (i.e. namespace) of ''ctxt''. For example if the attribute is ''fp:postalCode'' then metadata statements about ''fp:postalCode'' must be in the [[Flat Persona vocabulary]] context (fp being a prefix for this vocabulary) along with the definition of ''fp:postalCode'' itself. See also [[View-builder vocabulary]].
 +
 
 +
== Open Issues ==
 +
# To support connector contexts for which a WebsiteFacade is used for the definer side along with its associated JavaScript, it may be useful to add a "date-time-modified" timestamp to every context. This would allow sync operations via a set of N WebsiteFacade JavaScript programs to be decoupled from (and asynchronous to) real-time edit operations by the user. A more sophisticated approach would involve caching as a set of commands (transactions) the changes made to any context and allowing other contexts (well, their associated JavaScript) to subscribe to these transactions.
 +
 
 +
[[Category:Higgins 2]]

Revision as of 13:00, 15 August 2014

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

A data model for people and their relationships with other people and businesses. Builds on Higgins Data Model 2.0.

Person entities, attributes, links and contexts

A natural, human person is represented as a graph of p:Person entities (nodes, or vertices) interconnected by links (edges). Each node represents a different facet of the user (person). Each of these facets is held in a separate (graph) container called a Context shown below as a round cornered rectangle.

Each Person entity node is a set of attributes and values. These attributes may be simple literals (e.g. the user's first name) or they may be other entities (which we call complex attributes). These latter attributes are shown in diagrams as links to other entity nodes.

Typically each node in the person graph is located in its own context. The root node lies in a special context (for each user) called the root context.

Root 2.0.128.png

All of the Person entities can be reached by traversing links of the following kinds, (although other links may also exist (e.g. foaf:knows, etc.):

h:correlation
A link from an entity representing person A to (i) an entity that also represents person A or (ii) to an interstitial Proxy whose p:resource link points to an entity that also represents person A
h:relation
A link from an entity representing person A to (i) an entity that represents a person other than person A or (ii) to an interstitial Proxy whose p:resource link points to an entity that represents a person other than person A
h:indeterminate
A link from an entity representing person A to (i) an entity that represents a person that may or may not represent person A or (ii) to an interstitial Proxy whose p:resource link points to an entity that represents a person that may or may not represent person A
proxy:resource
A link from a Proxy to an entity in another context.

Vocabularies

Vocabularies for Describing People

Contexts describe their contents (i.e. person entity attributes) using in the Persona vocabulary which in turn imports the following well known vocabularies (aka ontologies):

...and the following Higgins-defined vocabularies:

Not imported by the Persona vocabulary but recommended where relevant to the developer's problem space:

Supporting Vocabularies

The following vocabularies are used to support the PDS application itself:

  • Flat Persona vocabulary - a flattened, simplified subset useful for querying persona.owl-based data stores
  • Template vocabulary - for describing template contexts that are instantiated as regular contexts. Also uses these vocabularies:
    • View-builder vocabulary - for describing how to hierarchically organize the contents of a context for presentation (e.g. in a UI)
    • App-data vocabulary - for describing active, JavaScript content that is either stored in a template or fetched from an external service
    • Mapping vocabulary - a set of rules used to map between persona.owl and vocabularies used by external sites and services
  • Template-meta vocabulary - metadata about connection templates; used to create a registry of templates
  • Event vocabulary - for describing attribute changed and attribute disclosure events

Proxies

A Proxy is an object that contains a link (proxy:resource) to an entity (usually a Person) in another context. A proxy allows lazy loading (e.g. by user interfaces) of the entity to which it points. The UI code can rapidly load cards and display them visually. Loading of the resource's context can be delayed and/or happen in a background process.

To simplify diagrams of the persona data model we can hide card/proxies by using the following shorthands:

Pdm proxy 2.0.108B.png

For details about proxies see Proxy vocabulary.

Context Issuer/Authority and Access Control

As we've described above, contexts contain person entities each of which is comprised of a set of attributes. Each context has an issuer attribute that indicates whom is authoritative over the entire contents of the context. If the user is named as the issuer of the context then the access control policy allows the user to edit and update the entire contents of the context as they see fit. Contexts for which the user is the issuer are physically located within the PDS--the ADS to be precise). The access control policy is contained within a special control context associated with each (regular) context. For more information about control contexts see the section below on supporting contexts.

Connection Context Pairs

A connection is a relationship between the PDS user and an external site/business or a friend's account on their PDS. There are two sides to these relationships, but not in the usual sense of things. One side is the face that the user wishes to present to the other party. The other side is what the other party says about the person. Each "side" is represented as a p:Person entity. Each p:Person entity lives in its own connection context. Since both p:Person entities are about the same person, the two person entities are interconnected with h:correlation links.

We refer to one of these connection contexts as the definer and the other as participant. In every relationship one party is defining the ground rules for the relationship, and the other is consenting to play within these rules. In a person-to-business relationship the user plays the role of participant, and the business plays the role of definer. In a person-to-person relationship the user could play either role.

The definer-created template that governs the connection relationship identifies which attributes the definer provide (i.e. is authoritative over) v.s. which attributes it requests from the participant (i.e. the participant is authoritative over). However, the actor playing the definer role writes to the definer context and the actor playing the participant role writes to the participant context. As a consequence, any given attribute (whether definer-authoritative or participant-authoritative) may be written either context; or both.

If the user is playing the role of participant, the identifier of the person entity in the participant context is "<contextid>#me" by convention (see the Naming Conventions section below for more details). The id of the person entity in the definer context is a globally unique identifier of the form "<contextid>#localentityid" where localentityid is usually a URI-friendly normalization of the user's username on the external system.

At this point an example might be helpful. Let's take the example of a relationship between the user and the New York Times:

Connection contexts 2.0.107b.png

The attributes of the person entity in the participant context are the set of statements that Alice makes about herself in the context of their relationship with the NYTimes. It is the face or persona that she wishes to present to that business. Examples might include her, first name, last name, email address, home delivery address, etc. Alice can make these statements by directly editing them in the participant context using her PDS client. However, she could also express the same intent by interacting with the NYTimes website directly. If she did so the NYTimes agent would write the updated values of these attributes into the definer context.

The attributes of the Person entity in the definer context are the set of statements that the NTimes wishes to make about Alice in the context of that user's relationship with the NYTimes. Examples might include Alice's subscriber id. These two Person entities are bi-directionally linked with h:correlation links.

The access control policy of the participant context allows Alice to read and write attributes, and the NYTimes to read them. The access control policy of the definer context allows Alice to read attributes, and the NYTimes to read and write them.

In the user interface (in the Higgins portal) these twin contexts are integrated together and displayed as a single semi-editable view. We discuss attribute integration further in a separate section below.

Attribute Integration

Both the definer and the participant contexts contain p:Person entities with a set of attributes. These two attribute sets are not necessarily disjoint (i.e. there may be N>1 attributes that are common to both p:Persons). The integration algorithm is as follows:

  • For attributes that exist only on one or the other (but not both) of the two interlinked persons, take their values from whichever person entity they are found.
  • For attributes that exist on both persons, take the values from the person whose containing context's modified date-time is more recent.

Let's examine this algorithm using an example of Alice's connection to the NYTimes website. The parameters of this connection were defined by NYTimes, specifically, by a NYTimes-minted ConnectionTemplate. The relationship involves two disjoint sets of attributes: the set of attributes for which the definer is authoritative, and the set for which the participant is authoritative. In this example Alice is authoritative over three: her first name, last name, and email address. The NYTimes is authoritative over one: Alice's subscriber id.

Alice plays the role of participant. Alice's PDS's connection viewer/editor reads attributes from both contexts, integrates them according to the algorithm above, and displays a UI showing these all four of these attributes. Since Alice is authoritative over first name, last name and email address, these are displayed using editable UI widgets. Since the NYTimes is authoritative over her subscriber id, this is displayed in a non-editable widget. If Alice updates any values of any of the three editable attributes, these updated values are written into the participant context (and the context's 'modified' timestamp is updated). As described in the next paragraph, the definer context may contain updated values for none, some or all of the attributes over which Alice is authoritative. Thus these attributes may ultimately exist in both contexts. Per the integration algorithm, the UI takes the values of the common attributes from the most recently updated context. If the definer context has been more recently updated, then it reads these Alice-authoritative attributes from the definer context and writes them into the participant context.

The NYTimes plays the role of definer. We ignore here the technical details (e.g. network protocols, and/or APIs.) of how this data connection works, and just look at the attribute integration logic. The NTYimes has read/write access to the definer context and read access to the participant context. It can also read the modified date-time values of each. The NYTimes is authoritative over the subscriber id value and under no circumstance (either with the PDS or on the NYTimes site) can Alice update or change this value. The NYTimes writes the value of the subscriber id value into the definer context. However, for the other three attributes over which Alice is authoritative, Alice may update their values on the NYTimes site. If she does, the NYTimes writes the updated values of these 3 attributes into the definer context (and its modified value is updated).

Website Facade Connections

Until the day when businesses natively support bi-directional data connection APIs and open protocols (e.g. perhaps things built on top of OpenID Connect, etc.) we can create a connection another way. The Higgins PDS project includes an optional browser extension (aka HBX) that can fill attributes from the PDS to the site, and scrape data from the web pages of the site into the user's PDS.

The data model to implement this involves only one half of the participant/definer context pair described in the previous section. In this case we instantiate a single participant context of a special kind called a WebsiteFacade. The template for this website facade includes scripts, mapping rules and sometimes custom JavaScript to allow the HBX to read/write attributes from/to the site and update them in the user's ADS account. In addition to being editable using the PDS web client UI, the HBX can execute JavaScript that edits it. See Website Facade Connection Example for more details.

Supporting Contexts

Each regular context (e.g. each of the contexts shown above) has the following links:

  • 0..1 ctxt:template
  • 0..1 h:control
  • 1..1 h:vocabulary
Supporting 2.0.117.png

Template Context

A template context acts as a template for a (non-template) context. It contains information common to all instances instantiated from it. Each non-template context may have up to one associated template context (pointed to by p:template attribute).

ConnectorTemplates are templates that describe and govern the relationship between a user and an external party such as a business or a friends's PDS. A ConnectorTemplate describes:

  • The set of attributes that each "end" of the relationship (e.g. participant vs. definer) agree to provide
  • Vocabulary/schema mapping rules to transform the "other" party's attributes into and out of the persona data model
  • In the case of connections to websites (as opposed to web services or other PDSes) it may include scripts (e.g. JavaScript) to read/write to/from the site
  • Future: a legal contract (agred to by both parties) that governs how each party's attributes may be used.

For more information about templates see Template vocabulary.

AppTemplates are templates for instantiated applets (PDS add-ons) that have read (and potentially write) access to a specific set of attributes within the PDS.

Control Context

Each regular context is associated with one "control" context (linked to by h:control). A control context is associated with one regular context. The control context contains meta information including:

  • date-time when the regular context was created and modified
  • access control lists:
    • list of parties (currently PDS account ids) that may read the regular context
    • list of parties that may write the regular context
    • list of parties that may append to the regular context

Vocabulary Context

Each regular context has an h:vocabulary link to a context holding the vocabulary it uses to describe its contents. Multiple regular contexts may the same vocabulary context. The value of this link is usually a reference to the context holding persona.owl (see Persona vocabulary).

Social Graphs

h:relation

HDM defines a h:relation complex attribute that is used in PDM to link one Person node to another where each Person node represents a different person. No symmetry is implied in this thus the statement (A h:relation B) is akin to saying person A "knows of" person B.

Shown below are two social graph examples. One uses foaf:knows links and and (unrelated to this) shows each node in its own context. The other uses h:relation links and (unrelated) shows all person nodes in a single context. In the Work context we see that the user knows three colleagues but doesn't know how they know one another. In the Home & Family context we see that the user knows two people and that everyone knows one another. The foaf:knows links are shown in both directions although logically this is redundant since foaf:knows is what is a called a symmetric relation.

Entities that represent the user are shown in purple. Nodes representing a person other than the user are shown in red.

Social 2.0.107.png

foaf:knows

To indicate that a person A "knows" person B where some level of reciprocated interaction between the parties is implied, we use foaf:knows.

Since foaf:knows is a broader concept than h:relation, foaf:knows is not a sub-attribute of h:relation. Thus if we had the statement "A h:relation B" then we might later add a second statement "A foaf:knows B" to add the stronger, broader (and symmetric) concept of "knowing."

h:indeterminate

HDM also defines h:indeterminate link attribute on node A to indicates that its value(s) may or may not represent the same thing as is represented by A.

Implementation Note

Consumers of the HDM may traverse h:relation, h:correlation and h:indeterminate attribute links and (despite ignoring all other links) traverse the entire graph of Person nodes.

Inbox Context

In order to bootstrap sharing, each PDS user has an inbox context that is globally append-able. This allows users to append invites to other users. See the Data Sharing With Alice And Bob scenario.

Naming Conventions

Context Naming

User Context Naming

User contexts inside an ADS are are named according to the following pattern:

  http://<servername>/<username>/<context-name>

If the context is part of a connection context pair then the context-name uniquely identifies the "other" party in the connection. If the other party is a website then context-name is the domain name of the site (e.g. "staples.com").

Examples wherein servername (PDS/ADS operator) is my.azigo.com:

  http://my.azigo.com/ptrevithick/awp - anonymous web profile
  http://my.azigo.com/ptrevithick/staples.com - paul's profile at staples.com
  http://my.azigo.com/ptrevithick/browsing - browsing history

Reserved Usernames

Any username with 4 or less characters is reserved. Examples of reserved usernames:

  • sys
  • root
  • blog

If the username is 4 or less characters this is the id of a system context (see next section)

System Context Naming

  http://<servername>/<reserved-username>/<meta-type>/<context-name>

The <meta-type> may be one of these values:

  • template
  • ontology
  • data

Example

  http://my.azigo.com/sys/template/awp - the template for a user's regular "awp" context
  http://my.azigo.com/sys/ontology/tracker-catalog
  http://my.azigo.com/sys/data/trackers

Entity Naming

The entity representing the user in most contexts has a local name of "me".

Example:

 If the contextId is http://my.azigo.com/ptrevithick/awp and the local entityId is "me" then
 the fully qualified entityId is:
 http://my.azigo.com/ptrevithick/awp#me

Examples

Imagine a root context containing a p:Person entity locally named "me". This root node could have h:correlation links pointing to the root "me" entities in two contexts, a web profile context, and a alice-staples context.

The web profile context might look like this:

Webprofile.png

Attribute Metadata

To construct a data-driven presentation of the contents of contexts whose data is described using the Persona data model, metadata about the attributes within context are needed. See View-builder vocabulary#Cascading_Metadata for a discussion of where these metadata attributes are stored (i.e. which context) and how metadata attributes are evaluated when mapping rules are involved.

For a given attribute, A, the following metadata attributes (as described in Higgins Data Model 2.0#Attribute_Definitions (with the exception of categories which are not used in PDM 2.0)) comprise A's definition:

UI widget label 
This is stored in an internationalized string value of the skos:prefLabel metadata attribute. An example of a UI label might be the string "Zipcode" for the person's postal-code attribute.
Example value 
The example value is the value of the skos:example attribute. For example "name@domain.com" might be an example of an email value.
Hover/Tooltip text 
The string description of the attribute is the value of the skos:description attribute.
Type 
The type of an attribute is the value of the rdf:type attribute
Allowed values
The allowed values of an attribute is defined by the value of its rdfs:range metadata attribute. An rdfs:range may be an XML schema datatype such as xsd:nonNegativeInteger or it may be object valued in which the value of the rdfs:range attribute is the name of an entity class. If this class is a subclass of p:DiscreteRange, then the allowed values are the rdfs:label values of all instances/members of the class.
Cardinality 
The min..max (inclusive) cardinality of an attribute is specified using owl:minCardinality and owl:maxCardinality. These two meta attributes are properties of a specific class of entity that is the domain of the attribute, not the attribute's own definition. In other words cardinality is expressed within the context of a class/set of individuals.
Syntax restrictions 
We follow the latest OWL2 convensions. The value of the rdfs:range attribute may be rdfs:Datatypes augmented with owl:withRestrictions that include XML Schema facets (e.g. rdf:langRange xsd:length xsd:maxExclusive xsd:maxInclusive xsd:maxLength xsd:minExclusive xsd:minInclusive xsd:minLength xsd:pattern ) as described here.

We have recently introduced a convention that the context id of metadata attribute M must be the same as the context id of A. If the currie form of A is ctxt:attname then the currie form of M must have a prefix (i.e. namespace) of ctxt. For example if the attribute is fp:postalCode then metadata statements about fp:postalCode must be in the Flat Persona vocabulary context (fp being a prefix for this vocabulary) along with the definition of fp:postalCode itself. See also View-builder vocabulary.

Open Issues

  1. To support connector contexts for which a WebsiteFacade is used for the definer side along with its associated JavaScript, it may be useful to add a "date-time-modified" timestamp to every context. This would allow sync operations via a set of N WebsiteFacade JavaScript programs to be decoupled from (and asynchronous to) real-time edit operations by the user. A more sophisticated approach would involve caching as a set of commands (transactions) the changes made to any context and allowing other contexts (well, their associated JavaScript) to subscribe to these transactions.

Back to the top