|
|
| (14 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| − | {{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
| |
| − | This page describes the Higgins Personal Data Store. For an overview see [[Personal Data Store Overview]].
| |
| | | | |
| − | ===Data Representation===
| |
| − | Within a PDS a single individual is represented as a set of containers called Contexts each of which holds a digital identity called a Person. Each person instance has a set of attributes and values. Thus one individual (natural person, data subject) is represented as multiple Person entities each in its own context-container.
| |
| − |
| |
| − | [[Image:Pds 2.0.107.png|center]]
| |
| − |
| |
| − | The data in these [[Context]]s adheres to the Higgins [[Persona Data Model 2.0]], which can be used for storing arbitrary (identity and social networking) data. [[UDI]] references are used for representing links between [[Context]]s, both inside the [[Personal Data Store 2.0]] and to external data stores.
| |
| − |
| |
| − | Attribute values stored locally on the [[Personal Data Store 2.0]] are encrypted on the client (identity agent) using a client-side key prior to transmission to the [[Personal Data Store 2.0]]. Thus data attribute values on the [[Personal Data Store 2.0]] are ''blinded'' from the service operator offering/hosting the PDS service. PDS data may be accessed directly (as an endpoint) or via a ''PDS client'' library.
| |
| − |
| |
| − | The blue areas of the following diagram are PDS-related:
| |
| − |
| |
| − | [[Image:Higgins pds 2.0.106.png|center]]
| |
| − |
| |
| − | The [[Personal Data Store 2.0]] is a variant of the [[IdAS Proxy Service]], with the following changes:
| |
| − |
| |
| − | *The [[Org.eclipse.higgins.idas.udi|UDI Resolver]] is configured to support '''sync://''' UDIs
| |
| − | *The [[Org.eclipse.higgins.idas.registry|IdAS Registry]] is configured to include the [[Org.eclipse.higgins.idas.cp.rdf2|RDF2]] [[Context Provider]].
| |
| − |
| |
| − | The [[IdAS Proxy Service]] is layered over the [[Attribute Service 1.1]] to provide a bi-directional, synchronizing XDI endpoint over data managed by Context Provider plug-ins to the IdAS package. These context providers area also data adapters to a variety of back end data stores.
| |
| − |
| |
| − | The [[Personal Data Store 2.0]] can be accessed by:
| |
| − | * Sending [[XDI]] messages to its endpoint
| |
| − | * Using the following low level client libraries:
| |
| − | **[[Org.eclipse.higgins.idas.client]] (Java IdAS Client)
| |
| − | **[[Org.eclipse.higgins.idasclient.cpp.core]] (C++ IdAS Client)
| |
| − | * Using the [[PDS Client]] (under development)
| |
| − |
| |
| − | ===PDS Client ===
| |
| − | The [[PDS Client 2.0]] is code that apps may choose to use to access the [[Personal Data Store 2.0]].
| |
| − |
| |
| − | ===Authentication (AuthN) Service ===
| |
| − | The [[IdAS Proxy Service 2.0]] and [[Attribute Service 2.0]] require access tokens minted by the [[Authentication Service 2.0]]. Eventually the [[I-Card Service]] and [[CardSync Service]] will also rely on this external authN service.
| |
| − |
| |
| − | ===Authorization Manager ===
| |
| − | * Authorization Manager (planned) gives the user control over the flows of data from a managed relationship card provider to a relying party. We plan to use/adapt Kantara UMA protocols.
| |
| − |
| |
| − | ===Web Portal ===
| |
| − | * We plan to develop a Web Portal--an evolution of the [[Cloud Selector 1.1]] from Higgins 1.1 with broader functionality.
| |
