Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "PDS Architecture"
Line 3: | Line 3: | ||
__NOTOC__ | __NOTOC__ | ||
− | The Personal Data Store (PDS) is a new work area under development for Higgins 2.0 | + | The Personal Data Store (PDS) is a new work area under development for Higgins 2.0. |
==Introduction== | ==Introduction== | ||
− | The PDS is a secure vault in the cloud that holds personal information about you in encrypted form. | + | The PDS is a secure vault in the cloud that holds personal information about you in encrypted form. It also acts as a gateway for personal data stored in external ''data sources''. A PDS gives people control over their own information. It allows the person to share selected sub-sets of their information with people and organizations that they trust. A PDS synchronizes personal data to other devices and computers owned by the person using a variety of network protocols. |
− | Attribute data are encrypted on the client (identity agent) using a client-side key. | + | PDS data may be accessed directly (as an endpoint) or via a ''PDS client'' library. Attribute data stored locally on the PDS are encrypted on the client (identity agent) using a client-side key prior to transmission to the PDS. Thus data attribute values on the PDS are "blinded" from the service operator offering/hosting the PDS service. |
The blue areas of the following diagram are PDS-related: | The blue areas of the following diagram are PDS-related: |
Revision as of 17:14, 11 June 2010
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
The Personal Data Store (PDS) is a new work area under development for Higgins 2.0.
Introduction
The PDS is a secure vault in the cloud that holds personal information about you in encrypted form. It also acts as a gateway for personal data stored in external data sources. A PDS gives people control over their own information. It allows the person to share selected sub-sets of their information with people and organizations that they trust. A PDS synchronizes personal data to other devices and computers owned by the person using a variety of network protocols.
PDS data may be accessed directly (as an endpoint) or via a PDS client library. Attribute data stored locally on the PDS are encrypted on the client (identity agent) using a client-side key prior to transmission to the PDS. Thus data attribute values on the PDS are "blinded" from the service operator offering/hosting the PDS service.
The blue areas of the following diagram are PDS-related:
The Personal Data Store 2.0 can be accessed by:
- Sending XDI messages to its endpoint
- Using the following low level client libraries:
- Org.eclipse.higgins.idas.client (Java IdAS Client)
- Org.eclipse.higgins.idasclient.cpp.core (C++ IdAS Client)
- Using the PDS Client (under development)
PDS Client
The PDS Client 2.0 is code that apps may choose to use to access the Personal Data Store 2.0.
Authentication (AuthN) Service
The IdAS Proxy Service 2.0 and Attribute Service 2.0 require access tokens minted by the Authentication Service 2.0. Eventually the I-Card Service and CardSync Service will also rely on this external authN service.
Authorization Manager
- Authorization Manager (planned) gives the user control over the flows of data from a managed relationship card provider to a relying party. We plan to use/adapt Kantara UMA protocols.
Web Portal
- We plan to develop a Web Portal--an evolution of the Cloud Selector 1.1 from Higgins 1.1 with broader functionality.
Building Blocks
This section describes the data related services, java frameworks and data models that are used by the personal data agent services.
Data Models
Data models used in Higgins code and services:
IdAS Solution
The IdAS solution is a testbed for exercising the IdAS Java framework.
- Higgins 1.1: See Higgins_1.1_Plan#IdAS_Solution_1.1
- Higgins 1.0: IdAS Solution 1.0: a basic configuration of the Identity Attribute Service 1.0 (IdAS). IdAS is a java framework that provides a common interface to identity, profile, and relationship data from external data sources (e.g. websites, databases, directories).
XDI4J
XDI4J is a java library for working with XDI.
- Higgins 1.1: XDI4j 1.1