Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "PDS 2.0"
(→Access to user's personal data) |
|||
| Line 1: | Line 1: | ||
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}} | {{#eclipseproject:technology.higgins|eclipse_custom_style.css}} | ||
| + | |||
| + | ==Higgins PDS 2.0== | ||
| + | |||
| + | Attribute data stored locally on the [[Personal Data Store 2.0]] are encrypted on the client (identity agent) using a client-side key prior to transmission to the [[Personal Data Store 2.0]]. Thus data attribute values on the [[Personal Data Store 2.0]] are ''blinded'' from the service operator offering/hosting the PDS service. PDS data may be accessed directly (as an endpoint) or via a ''PDS client'' library. | ||
| + | |||
| + | The blue areas of the following diagram are PDS-related: | ||
| + | |||
| + | [[Image:Higgins pds 2.0.106.png|center]] | ||
| + | |||
| + | The [[Personal Data Store 2.0]] can be accessed by: | ||
| + | * Sending [[XDI]] messages to its endpoint | ||
| + | * Using the following low level client libraries: | ||
| + | **[[Org.eclipse.higgins.idas.client]] (Java IdAS Client) | ||
| + | **[[Org.eclipse.higgins.idasclient.cpp.core]] (C++ IdAS Client) | ||
| + | * Using the [[PDS Client]] (under development) | ||
| + | |||
| + | ===PDS Client === | ||
| + | The [[PDS Client 2.0]] is code that apps may choose to use to access the [[Personal Data Store 2.0]]. | ||
| + | |||
| + | ===Authentication (AuthN) Service === | ||
| + | The [[IdAS Proxy Service 2.0]] and [[Attribute Service 2.0]] require access tokens minted by the [[Authentication Service 2.0]]. Eventually the [[I-Card Service]] and [[CardSync Service]] will also rely on this external authN service. | ||
| + | |||
| + | ===Authorization Manager === | ||
| + | * Authorization Manager (planned) gives the user control over the flows of data from a managed relationship card provider to a relying party. We plan to use/adapt Kantara UMA protocols. | ||
| + | |||
| + | ===Web Portal === | ||
| + | * We plan to develop a Web Portal--an evolution of the [[Cloud Selector 1.1]] from Higgins 1.1 with broader functionality. | ||
| + | |||
The [[Personal Data Store 2.0]] is a web service that stores personal data on behalf of an individual. | The [[Personal Data Store 2.0]] is a web service that stores personal data on behalf of an individual. | ||
Revision as of 21:47, 21 June 2010
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
Contents
Higgins PDS 2.0
Attribute data stored locally on the Personal Data Store 2.0 are encrypted on the client (identity agent) using a client-side key prior to transmission to the Personal Data Store 2.0. Thus data attribute values on the Personal Data Store 2.0 are blinded from the service operator offering/hosting the PDS service. PDS data may be accessed directly (as an endpoint) or via a PDS client library.
The blue areas of the following diagram are PDS-related:
The Personal Data Store 2.0 can be accessed by:
- Sending XDI messages to its endpoint
- Using the following low level client libraries:
- Org.eclipse.higgins.idas.client (Java IdAS Client)
- Org.eclipse.higgins.idasclient.cpp.core (C++ IdAS Client)
- Using the PDS Client (under development)
PDS Client
The PDS Client 2.0 is code that apps may choose to use to access the Personal Data Store 2.0.
Authentication (AuthN) Service
The IdAS Proxy Service 2.0 and Attribute Service 2.0 require access tokens minted by the Authentication Service 2.0. Eventually the I-Card Service and CardSync Service will also rely on this external authN service.
Authorization Manager
- Authorization Manager (planned) gives the user control over the flows of data from a managed relationship card provider to a relying party. We plan to use/adapt Kantara UMA protocols.
Web Portal
- We plan to develop a Web Portal--an evolution of the Cloud Selector 1.1 from Higgins 1.1 with broader functionality.
The Personal Data Store 2.0 is a web service that stores personal data on behalf of an individual.
The PDS is a variant of the IdAS Proxy Service, with the following changes:
- The UDI Resolver is configured to support sync:// UDIs.
- The IdAS Registry is configured to include the RDF2 Context Provider.
The IdAS Proxy Service is layered over the Attribute Service 1.1 to provide a bi-directional, synchronizing XDI endpoint over data managed by Context Provider plug-ins to the IdAS package. These context providers area also data adapters to a variety of back end data stores.
An endpoint for the user's personal data
The user's data are represented as a number of Contexts adhering to the Higgins Persona Data Model 2.0, which can be used for storing arbitrary (identity and social networking data) data. UDI references are used for representing "links" between Contexts, both inside the Personal Data Store 2.0 and to external data sources.
The following diagram shows how apps can access the PDS endpoint over XDI. The diagram shows four contexts that backed by external data sources: Google Contacts, Medical Records, an RDF store and an enterprise LDAP directory:
