Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Context
A Higgins Context is a set of one or more Digital Subjects identified by a ContextRef. Some Contexts are abstract; their ContextRefs are not resolvable to a physical Context instance. Most Contexts are not abstract; through a network (or local) data access service their ContextRefs are resolvable to data objects that are instantiated and managed by Context Provider plug-ins.
Every Digital Subject within a Context has a unique identifier called "CUID" --a Contextually Unique Identifier Identity Attribute. This identifier is unique within a namespace that is either (a) defined by the Context, C1, itself, or (b) defined externally by some other Context, C2, of which the C1 is a subset.
Examples of (non-abstract) Contexts that contain multiple Digital Subjects include: directories, informal groups, project teams, collaboration spaces, and communications systems and networks. Examples of Contexts that, at least from the point of view of the authenticated consumer, typically contain only a single Digital Subject are: driver's licenses, credit cards, business cards, and many other kinds of security devices.
An example of an abstract Context would be the internet mail Context associated with the internet mail ContextRef. The Digital Subjects within this Context have a CUID that is an email address (e.g. "foo@boo.com") within the email namespace defined by internet mail. This ContextRef cannot be resolved to a physical Context because there is no globally defined set of all email addresses.
Every Context has a schema that describes kinds of Digital Subjects and Identity Attributes that an instance of this Context contains.
Contexts are identified by URIs called ContextRefs. The Identity Attribute Service is the Higgins component that is used to connect to a Context and open it. Every Context has its own security policy, consumers must be able to provide the required Digital Identity object to "open" i.e. authenticate to a Context. Once opened, the contents of the Context can be searched, read and updated to varying extents based on the authorization policy of the Context.