Upload
sydney-mckay
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Higgins 1.1 Data Models
Higgins: a species of Tasmanian long-
tailed mouse.14 September 2007; revised 24 January
2010
2
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Three layer cake
• Top: Persona data model (aka PDM 1.1)
• Middle: Higgins data model (aka HDM 1.1)
• Bottom: Context data model (aka CDM 1.1)
4
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Section One: Context Data Model 1.1
5
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Context Data Model (CDM)
• IdAS uses the CDM to provide a data abstraction that makes identity data portable across heterogeneous data sources such as enterprise directories, databases, communications networks, and social networks
6
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
CDM’s RDF Foundation
• The Context Data Model (CDM) encompasses the core semantics of the W3C's Resource Description Framework (RDF)
• Anything expressible in RDF is expressible in the CDM (although the converse isn't true)
• Higgins uses RDF/S predicate URI literals as Attribute ids (e.g. rdf:type, rdf:subject, rdf:predicate, rdf:object, rdfs:subClass, etc.)
7
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
CDM’s RDF Foundation: Mapping between RDF triples and Higgins vector triples
The set of RDF (subject predicate object) triples, (S1 P1 O1), (S1 P1 O2),…(S1 P1 On) are equivalent to a Higgins vector-triple (S1 A1 V) where:
• Subject S1 is an EntityId identifying the Entity that we’re making a statement about
• A1 is an AttributeId identifying an Attribute Entity. It has the same value as RDF predicate P1
• Vector V is the set of RDF object values, (O1 … On) [As with RDF, some objects are literals, others are EntityIds]
Implementation note: Context implementation MAY allow zero length object/attribute values.
8
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Contexts
• The CDM includes a kind of object called a Context that is very close to the RDF concept of named graph
• Contexts may be sub-graphs of a single globally distributed graph
Implementation note: IdAS Context Provider plug-ins adapt existing data sources and expose them as Contexts that in turn contain sets of objects
9
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Contexts
• Contexts contain Entities of various types including:
• Regular data instances
• Entity Classes
• Attribute Classes
• Policy Entities
• All of these Entities are represented using Entity-Attribute-Value(s) described earlier:
• (E1 A1 V1… Vn)
10
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Universal Data Identifiers (UDIs) are not really new, just a name for one of…
• An (OASIS) XRI or (W3C) Cool URI that resolves to an XRDS document
• An OpenID 2.0 URI that resolves to an XRDS document
• A developer-defined URI or String
11
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
UDIs Identify…
• Contexts
• UDI can be used as a ContextId
• Entities (including specializations like Attribute Types, Entity Classes, etc.)
• UDI can be used as absolute or relative EntityIds
• A relative EntityId identifies an Entity within a given Context
• Attribute instances
• A two part UDI that identifies all of the values of the given Attribute of the given Entity
12
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Local and Global UDIs
• Some UDIs are global —they can be resolved to an entity from anywhere on the internet
• Entities identified with global UDIs may be interconnected together to form a distributed object graph called the global graph
• Some UDIs are local — they can only be resolved within a LAN or perhaps on a local machine
• Entities identified by local UDIs cannot be part of the global graph
13
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Drilling in…
14
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Contexts
• A Context is a data container/source
• Each Context is identified by a global or local UDI called a ContextId
• Examples of Contexts:
• Facebook social network
• LDAP directory
• PeopleSoft database
• Mobile phone network
A Context
15
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Context Ontologies
• Contexts describe their ontologies or schemas using RDF/OWL
• Contexts must base their ontologies on higgins.owl (aka HOWL) but are otherwise free to define their own Entity Classes and Attribute Types
• For example, a Context could define an Employee, class that has eyeColor and phoneNumber attributes:
• Employee would sub-class higgins:Person
• eyeColor and phoneNumber could be defined within this (or another accessible) Context or reused from some existing ontology
16
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Contexts contain Entities
• Entities represent real world people, groups, organizations, objects, etc.
R&D Dept.A Entity representing your
manager
An Entity representing you
Context
17
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
EntityIds
• An Entity is identified within a Context by 0..N EntityIds
• EntityIds may be unique beyond the scope of the containing Context
• A canonical EntityId uniquely and persistently identifies it
• An Entity may have a single canonical EntityId
• Entities without any EntityIds are called blank Entities
• An EntityId is either an Attribute instance (type and value) or a string
18
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
• Implementation note: In IdAS:
• An EntityId can be a string, a UDI or an IAttribute implementation
In the following “28394” is the EntityId, the balance is the ContextId
http://fabrikam.com/context/c1#28394
19
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Entities have Zero or More Attributes*
• Statements about Entities are represented as “vector-triples” where the last member is a vector of 1..N values:
• <EntityId> <AttributeId> <value(s)>
• Each Attribute is identified by a URI• E.g. ex:eyeColor
• Example of a single-valued vector-triple expressing that the Entity ex:paul has green eyes:
• ex:paul ex:eyeColor “green”• These values may be simple (e.g. a string) or
complex (e.g. representing a postal address, 3D avatar mesh, calendar event, etc.)
• If complex, the value itself is another Entity*Not including the type attribute
20
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
An Entity with Simple Attributes
Abstract Concept
Simple values example
ex:Bob
ex:fullname = Bob Smithex:email = [email protected]:availableToPlayGolf = Wed, Sat
<CanonicalEntityId>
<AttributeId> = value(s)
21
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Datatypes of Simple Attribute Values
• All values of a simple attribute have a base datatype that is one of the XML Schema types (e.g. string, integer, boolean, anyURI, etc.)
• They may also have syntax constraint facets (e.g. length, pattern, minInclusive, etc.) as defined by XML Schema
• [In OWL the combination of the base datatype and the optional syntax constraints is called a Data Range]
22
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Complex Attribute Values
• Complex values are entities
foaf:knowsex:Bob ex:Alice
ex:hasAddressex:Bob ex:Address_1
Example #1 (single valued)
ex:street = 123 Main Streetex:city = Bostonex:state = Massachusetts
ex:Aliceex:Alice
Example #2 (multi-valued)
23
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Entity Class
• Entities may have a complex valued attribute (rdf:type) the value of which is an Entity called its Entity Class
rdf:typeex:Bob ex:Person
24
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Higgins Statement Entities
• Given a vector-triple vt1 = (E1 A1 V)
• [Remember V is a set of (V1, V2, … Vn) of n values]
• If we create statement entity, Si to represent a single (E1 A1 Vi) triple within vt1
• Then we can make create new vector-triples that attach attributes to the statement.
• This allows metadata to be associated with each specific (E1 A1 Vi) triple
25
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Statement Example
• Given triple t = Person_1, age-over-1, true
• We make this Statement about t:
t, lastVerifiedFromSource, Jan 1, 2000 12:10
The original triple t
The statement that says “t was last verified in Jan 2000”
26
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Relationships between Entities
• Attributes with complex values allow you to express relationships between Entities
<some attribute here>ex:Bob ex:Aliceex:Alice
ex:Alice
27
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
The higgins:correlation Attribute
• A correlation attribute is a link that states that the source Entity and the target Entity(ies) are representations of the same person, organization, concept or thing
higgins:correlationex:Bob ex:Aliceex:Aliceex:Robert-Smith
28
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
higgins:correlation
• The semantic is close but not identical to owl:sameAs
• The semantic seems closer to oguid:identical proposed here: http://openguid.net/specification
• Note that the two (or more) Entities linked may be in different Contexts
• Since Contexts have different ontologies, each Entity may have a different set of attribute types (and of course values)
• It is a statement not about the equivalence of the Entity models, but that both are representations of the same underlying real world resource
29
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Correlation Examples
Context A @Yahoo*group-22
Other entity relationships (e.g. foaf:knows)
In this example you have two accounts/profiles in Context A and you are also member of the Yahoo Group. You know another member of the Yahoo Group.
333 4668
@yahoo*group22 // 4668
@yahoo*group22 // 333
ContextId
An Entity representing entity #1 (e.g. you)An Entity representing an entity other than entity #1 (e.g. someone other than you)
EntityId
UDI
higgins:correlation
30
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Friends List Example
e.g. Facebook
The triple : “You know Drummond”
Drummond
An Entity representing entity #1 (e.g. you)An Entity representing an entity other than entity #1 (e.g. someone other than you)
31
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Social Network Example
Reciprocated (confirmed) Entity Relations
An Entity representing entity #1 (e.g. you)An Entity representing an entity other than entity #1 (e.g. someone other than you)
32
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
A Cross-Context Example
Facebook Second LifeDept of Motor
VehiclesSocial Security Administration
Other Entities
You
You
“Meta” Context
You
An Entity representing entity #1 (e.g. you)An Entity representing an entity other than entity #1 (e.g. someone other than you)
33
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Contexts Relations
• Context relations are complex valued attributes of contexts
34
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Enterprise Directory Example
Enterprise directory Context with two sub-Contexts
You
R&D Dept.
XYZ Corporation
Marketing Dept.
Contexts can have relationships with other Contexts.
Your Manager
35
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Section Two: Higgins Data Model 1.1
NOT WRITTEN
36
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Section Three: Persona Data Model 1.1
NOT WRITTEN
37
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
EXTRA SLIDES: Experimental Stuff, and Misc
38
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Access Control Policy Entities Original Proposal
• E1 is the resource being protected
• E2 is the AccessControl Policy Entity
• E3 is the subject who is (or is not) granted permission to perform operations on E1
• <operation> is a literal (e.g. “Read”, “Modify”, etc.)
• In the example, subject E3 is granted read access to the entire Entity E1
C1
E1
E2: Policy
:resource
E3
:subject
<operation>
Concept:
C1
E1
E2: Policy
:resource
E3
:subject
“Read”
Example:
39
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Access Control Policy Entities Revised Proposal
• E1 is the resource being protected
• E2 is the AccessControl Policy Entity
• E3 is the subject who is (or is not) granted permission to perform operations on E1
• higgins:operation is an abstract super-Attribute. Its value is the resource being protected. Its sub-type indicates one kind of allowed operation
• higgins:operation has concrete sub-Attributes of (higgins:read, higgins:modify, etc.)
• In the example, subject E3 is granted read access to the entire Entity E1
C1
E1
E2: Policy
:operation
E3
:subject
Concept:
C1
E1
E2: Policy
:read
E3
:subject
Example:
40
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Key:
Higgins Ontology Language (HOWL)
Ontology (Schema)
RDFS / OWL
Higgins XRDS
Service Endpoints
Identifiers
Cool URIs
OpenID
XDI
Higgins Context
Descriptors
WS-Addressing
[Planned]
XRI
UDI Discovery
XRI
v10
W3C OASIS De facto
Data Model Specifications
UDI
41
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
AC
DelegatesTo
DelegatedBy
Delegation Use Case
Delegation Registry Context
Entity representing the accountant. Has attributes (e.g. name, etc. [not shown]) other than the DelegatedBy attribute.
42
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Delegation Use Case
AC
DelegatesTo
DelegatedBy
Delegation Registry Context
R-Card issued by the Delegation Registry website and imported into Selector
Delegation Registry STS
Delegation Registry Website Accountant’s Identity Selector
R-Card
Import
STS Endpoint
Digital Identity (security token issued by STS) is presented to the Tax Authority. This token contains at least the claim: “A is delegated to by C”.
43
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Attic
44
Copyright© 2007-2010 Azigo, Inc. Made available under EPL v1.0
Earlier Names for Entity
• In the early years of Higgins the fundamental object in the data model was called a Digital Subject
• Just before Higgins 1.0 was released (Feb 21st 2008) it was changed to Node to eliminate confusion with the term Subject or Data Subject as used in international data protection law
• In the version 1.1 of Higgins currently under development it was changed again to Entity as a more intuitive term