PDS Client 2.0
The PDS Client provides a high level interface for apps that wish to read and write attributes in the Personal Data Store 2.0.
- Maintains (also in the PDS) the user’s permissions–the decisions that the user has make as to who (what app or relying party) has access to what attributes. The first time a new app/RP asks for a certain set of attributes, the PDS Client will trigger the PDS Dashboard to present the policy decision to the user. The next time this same request happens, the PDS Client remembers the grant and usually doesn’t have to bother the user about it this time.
- Maintains a local copy of some or all of the person’s personal data stored in the remote PDS
- Maintains an OAuth WRAP access token that it gets by authenticating itself to an external authentication service. It passes this token along in XDI messages to the remote PDS service.
- Can be configured to encrypt attribute values before they are sent over the wire (e.g. in XDI messages) to the remote PDS
- Contains a local Security Token Service (STS) that allows it to create and sign SAML (for example) tokens for self-asserted attributes.
- Contains an STS client to support remote IdP/STSes managed by external parties (e.g. to support managed i-cards).
- Performs cross context schema mapping.
The PDS Client is packaged as either a C++ or Java code library or as a separate operating system process (e.g. on Windows it is a Windows Service).