Difference between revisions of "PDS Architecture"

Revision as of 23:48, 20 July 2010

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

This page describes the Personal Data Store (PDS), a new work area under development for Higgins 2.0. It also includes a Building Blocks section describing some additional components.

Introduction

A PDS provides a central point of control for information about a person, their lives, friends, interests, affiliations and so on. A PDS is comprised of a Personal Data Store (PDS) and a Personal Data Agent (PDA)

PDS

• Gives you control over your information stored in hundreds of external silos as well locally in your own PDS
• Provides a personal data abstraction layer mapping internal and external data sources into a consistent data model based around notions of personas
• Manages a set of your personas (e.g. Work, Home & Friends, Citizen, Health, Anonymous)
• Provides an encrypted "lock box" in the cloud such that data in the PDS cannot be read by the PDS's operator
• Backs up personal data stored on your computers and mobile devices
• Synchronizes personal data to other devices and computers owned by the person using a variety of network protocols.
• Manages access by external apps (aka service providers) to your data that is stored locally as well data stored in PDSes managed by external organizations
• Links information from your personas to accounts (profiles) that you have at services providers, websites, social networking sites, etc. and over which you share joint control and rights
• Links information from your personas with the personas of your friend's and colleague's PDSes

PDA

• Provides a web "dashboard" UI to your PDS (as an alternative to PDS clients on computers and mobile devices)
• Provides a run-time environment for apps that run within the PDA itself
• Implements an API that allows you to be discoverable by others that meet criteria you specify
• Decrypts data from your PDS (using a locally stored key) to allow it to be managed in the dashboard UI
• Implements two factor authentication

As shown at the top of the diagram above, we are developing Windows, Mac and mobile clients for the PDS. These clients have two advantages over the web-based PDA. First, data stored on these devices is entirely under your control without the need to rely on third party hosted services. Second the client is closely integrated with the browser and other local apps. This allows the client to capture information about you as you browse and can augment your web experience through web augmentation (overlaying context-specific information within your browser) as well as through automatic form filling (e.g. filling in your passwords).

Information from a wide variety of data sources such as the social network, telco and health data sources shown above are virtually integrated by the PDA and presented in a "dashboard" application.

A PDS gives you control over your own information by allowing you to share selected sub-sets of it with other people and organizations that you trust. It also allows you to advertise yourself in variable ways to different kinds of people and companies attempting to contact you.

Attribute data stored locally on the PDA are encrypted by the PDS Client using an internally managed key prior to transmission to the PDS. Thus data attribute values on the PDS are blinded from the service operator offering/hosting the PDS.

Although in principle you only need a single PDS to work on your behalf, we expect that until the time comes that most people fully trust the architecture's security and privacy characteristics, a significant number will choose to have more than one PDS account. Doing so allows them not to have to trust that the PDS architecture is capable of fully isolating the private, work, health-related, and social dimensions of their lives.

What's in a PDS?

Within a PDS a person is represented as a set of containers called Contexts each of which holds a digital identity called a Person. Each person instance has a set of attributes and values. Thus one individual (natural person, data subject) is represented as multiple Person entities each in its own context-container.

The data in these Contexts adheres to the Higgins Persona Data Model 2.0, which can be used for storing arbitrary (identity and social networking) data. UDI references are used for representing links between Contexts, both inside the Personal_Data_Store_2.0 and to external data stores.

Components

PDS Agent

• An evolution of the Cloud Selector 1.1 from Higgins 1.1 with much broader functionality.
• Planned to include a Kantara UMA Authorization Manager that gives the user control over the flows of data from an external data source to a (relying) service provider.

PDS Vault

• PDS Vault 2.0 - secure, encrypted storage

PDS Client

The PDS Client 2.0 is a library used to access the Personal_Data_Store_2.0. It is incorporated into the PDS agent as well as PC and mobile PDS clients.

Authentication (AuthN) Service

The Authentication Service 2.0 (not shown above) is an OAuth web service that authenticates PDS users and returns an access token that is relied on by the PDS Agent and the PDS Vault.

Building Blocks

This section describes the data related services, java frameworks and data models that are used by the personal data store service.

Data Models

Data models used in Higgins code and services:

• Persona Data Model 2.0
• Higgins Data Model 2.0
• Context Data Model 2.0

IdAS Solution

The IdAS solution is a testbed for exercising the IdAS Java framework.

• Higgins 1.1: See Higgins_1.1_Plan#IdAS_Solution_1.1
• Higgins 1.0: IdAS Solution 1.0: a basic configuration of the Identity Attribute Service 1.0 (IdAS). IdAS is a java framework that provides a common interface to identity, profile, and relationship data from external data sources (e.g. websites, databases, directories).

XDI4J

XDI4J is a java library for working with XDI.

• Higgins 1.1: XDI4j 1.1