Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "PDS Architecture"
(→PDS Vault) |
|||
| Line 21: | Line 21: | ||
===PDS Vault=== | ===PDS Vault=== | ||
* Provides an encrypted "lock box" in the cloud | * Provides an encrypted "lock box" in the cloud | ||
| − | * Data in the PDS | + | * Data in the PDS vault cannot be read by the PDS vault's operator |
* Backs up personal data stored on your computers and mobile devices | * Backs up personal data stored on your computers and mobile devices | ||
* Synchronizes personal data to other devices and computers owned by the person using a variety of network protocols. | * Synchronizes personal data to other devices and computers owned by the person using a variety of network protocols. | ||
| − | * Is used by the PDS | + | * Is used by the PDS agent to store certain kinds of information about you |
[[Image:Tla 2.0.18.png|center]] | [[Image:Tla 2.0.18.png|center]] | ||
Revision as of 16:53, 12 July 2010
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
This page describes the Personal Data Store (PDS), a new work area under development for Higgins 2.0. It also includes a Building Blocks section describing some additional components.
Intro
The PDS is a combination of a PDS Agent and a PDS Vault.
PDS Agent
- Is a web app that acts as your agent sharing information about yourself only to those to whom you wish it to be shared.
- Allows you to be discoverable by others that meet criteria you specify
- Provides a virtual integration of your personal information that is currently scattered across hundreds of database silos.
- Gives you control over your own information by allowing the individual to define and manage a set of personas (e.g. Work, Home & Friends, Citizen, Health, Anonymous) over which they have complete control.
- Allows you to link information from your personas to PDS "accounts" or "profiles" that you have at services providers, websites, social networking sites, etc. and over which you share joint control and rights
- Allows you to link information from your personas with the personas on friend's and colleague's PDSes
- Provides a run-time environment for apps that run within the PDS Agent itself
PDS Vault
- Provides an encrypted "lock box" in the cloud
- Data in the PDS vault cannot be read by the PDS vault's operator
- Backs up personal data stored on your computers and mobile devices
- Synchronizes personal data to other devices and computers owned by the person using a variety of network protocols.
- Is used by the PDS agent to store certain kinds of information about you
As shown in the top-left in the diagram above, we are also developing Windows, Mac and mobile clients for the Higgins PDS. These clients have two advantages over the PDS agent. First, data stored on these devices is entirely under your control without the need to rely on third party hosted services. Second the client is closely integrated with the browser and other local apps. This allows the client to capture information about you as you browse and can augment your web experience through web augmentation (overlaying context-specific information within your browser) as well as through automatic form filling (e.g. filling in your passwords).
Information from a wide variety of data sources such as the social network, telco and health data sources shown above are virtually integrated by the PDS Agent and presented in a "dashboard" application.
Data Representation
Within a PDS a single individual is represented as a set of containers called Contexts each of which holds a digital identity called a Person. Each person instance has a set of attributes and values. Thus one individual (natural person, data subject) is represented as multiple Person entities each in its own context-container.
The data in these Contexts adheres to the Higgins Persona Data Model 2.0, which can be used for storing arbitrary (identity and social networking) data. UDI references are used for representing links between Contexts, both inside the Personal_Data_Store_2.0 and to external data stores.
Components
PDS Agent
- An evolution of the Cloud Selector 1.1 from Higgins 1.1 with broader functionality.
PDS Vault
- PDS Vault 2.0 - secure, encrypted storage
PDS Client
The PDS Client 2.0 is a library used to access the Personal_Data_Store_2.0.
Authentication (AuthN) Service
The IdAS Proxy Service 2.0 and Attribute Service 2.0 require access tokens minted by the Authentication Service 2.0. Eventually the I-Card Service and CardSync Service will also rely on this external authN service.
Authorization Manager
- Authorization Manager (planned) gives the user control over the flows of data from a managed relationship card provider to a relying party. We plan to use/adapt Kantara UMA protocols.
Building Blocks
This section describes the data related services, java frameworks and data models that are used by the personal data store service.
Data Models
Data models used in Higgins code and services:
IdAS Solution
The IdAS solution is a testbed for exercising the IdAS Java framework.
- Higgins 1.1: See Higgins_1.1_Plan#IdAS_Solution_1.1
- Higgins 1.0: IdAS Solution 1.0: a basic configuration of the Identity Attribute Service 1.0 (IdAS). IdAS is a java framework that provides a common interface to identity, profile, and relationship data from external data sources (e.g. websites, databases, directories).
XDI4J
XDI4J is a java library for working with XDI.
- Higgins 1.1: XDI4j 1.1