440 likes | 582 Views
Higgins 1.1 Data Models. Higgins : a species of Tasmanian long-tailed mouse. 14 September 2007; revised 24 January 2010. Three layer cake. Top: Persona data model (aka PDM 1.1) Middle: Higgins data model (aka HDM 1.1) Bottom: Context data model (aka CDM 1.1).
E N D
Higgins 1.1 Data Models Higgins: a species of Tasmanian long-tailed mouse. 14 September 2007; revised 24 January 2010
Three layer cake • Top: Persona data model (aka PDM 1.1) • Middle: Higgins data model (aka HDM 1.1) • Bottom: Context data model (aka CDM 1.1)
Context Data Model (CDM) • IdAS uses the CDM to provide a data abstraction that makes identity data portable across heterogeneous data sources such as enterprise directories, databases, communications networks, and social networks
CDM’s RDF Foundation • The Context Data Model (CDM) encompasses the core semantics of the W3C's Resource Description Framework (RDF) • Anything expressible in RDF is expressible in the CDM (although the converse isn't true) • Higgins uses RDF/S predicate URI literals as Attribute ids (e.g. rdf:type, rdf:subject, rdf:predicate, rdf:object, rdfs:subClass, etc.)
CDM’s RDF Foundation: Mapping between RDF triples and Higgins vector triples The set of RDF (subject predicate object) triples, (S1 P1 O1), (S1 P1 O2),…(S1 P1 On) are equivalent to a Higgins vector-triple (S1 A1 V) where: • Subject S1 is an EntityId identifying the Entity that we’re making a statement about • A1 is an AttributeId identifying an Attribute Entity. It has the same value as RDF predicate P1 • Vector V is the set of RDF object values, (O1 … On) [As with RDF, some objects are literals, others are EntityIds] Implementation note: Context implementation MAY allow zero length object/attribute values.
Contexts • The CDM includes a kind of object called a Context that is very close to the RDF concept of named graph • Contexts may be sub-graphs of a single globally distributed graph Implementation note: IdAS Context Provider plug-ins adapt existing data sources and expose them as Contexts that in turn contain sets of objects
Contexts • Contexts contain Entities of various types including: • Regular data instances • Entity Classes • Attribute Classes • Policy Entities • All of these Entities are represented using Entity-Attribute-Value(s) described earlier: • (E1 A1 V1… Vn)
Universal Data Identifiers (UDIs) are not really new, just a name for one of… • An (OASIS) XRI or (W3C) Cool URI that resolves to an XRDS document • An OpenID 2.0 URI that resolves to an XRDS document • A developer-defined URI or String
UDIs Identify… • Contexts • UDI can be used as a ContextId • Entities (including specializations like Attribute Types, Entity Classes, etc.) • UDI can be used as absolute or relative EntityIds • A relative EntityId identifies an Entity within a given Context • Attribute instances • A two part UDI that identifies all of the values of the given Attribute of the given Entity
Local and Global UDIs • Some UDIs are global —they can be resolved to an entity from anywhere on the internet • Entities identified with global UDIs may be interconnected together to form a distributed object graph called the global graph • Some UDIs are local — they can only be resolved within a LAN or perhaps on a local machine • Entities identified by local UDIs cannot be part of the global graph
Contexts • A Context is a data container/source • Each Context is identified by a global or local UDI called a ContextId • Examples of Contexts: • Facebook social network • LDAP directory • PeopleSoft database • Mobile phone network A Context
Context Ontologies • Contexts describe their ontologies or schemas using RDF/OWL • Contexts must base their ontologies on higgins.owl (aka HOWL) but are otherwise free to define their own Entity Classes and Attribute Types • For example, a Context could define an Employee, class that has eyeColor and phoneNumber attributes: • Employee would sub-class higgins:Person • eyeColor and phoneNumber could be defined within this (or another accessible) Context or reused from some existing ontology
Contexts contain Entities • Entities represent real world people, groups, organizations, objects, etc. Context R&D Dept. A Entity representing your manager An Entity representing you
EntityIds • An Entity is identified within a Context by 0..N EntityIds • EntityIds may be unique beyond the scope of the containing Context • A canonical EntityId uniquely and persistently identifies it • An Entity may have a single canonical EntityId • Entities without any EntityIds are called blank Entities • An EntityId is either an Attribute instance (type and value) or a string
Implementation note: In IdAS: • An EntityId can be a string, a UDI or an IAttribute implementation In the following “28394” is the EntityId, the balance is the ContextId http://fabrikam.com/context/c1#28394
Entities have Zero or More Attributes* • Statements about Entities are represented as “vector-triples” where the last member is a vector of 1..N values: • <EntityId> <AttributeId> <value(s)> • Each Attribute is identified by a URI • E.g. ex:eyeColor • Example of a single-valued vector-triple expressing that the Entity ex:paul has green eyes: • ex:paul ex:eyeColor “green” • These values may be simple (e.g. a string) or complex (e.g. representing a postal address, 3D avatar mesh, calendar event, etc.) • If complex, the value itself is another Entity *Not including the type attribute
An Entity with Simple Attributes <CanonicalEntityId> Abstract Concept <AttributeId> = value(s) ex:Bob Simple values example ex:fullname = Bob Smith ex:email = bsmith@gmail.com ex:availableToPlayGolf = Wed, Sat
Datatypes of Simple Attribute Values • All values of a simple attribute have a base datatype that is one of the XML Schema types (e.g. string, integer, boolean, anyURI, etc.) • They may also have syntax constraint facets (e.g. length, pattern, minInclusive, etc.) as defined by XML Schema • [In OWL the combination of the base datatype and the optional syntax constraints is called a Data Range]
Complex Attribute Values • Complex values are entities Example #1 (single valued) ex:Alice ex:Alice ex:Alice ex:Bob ex:hasAddress ex:Address_1 ex:street = 123 Main Street ex:city = Boston ex:state = Massachusetts Example #2 (multi-valued) ex:Bob foaf:knows
Entity Class • Entities may have a complex valued attribute (rdf:type) the value of which is an Entity called its Entity Class ex:Bob rdf:type ex:Person
Higgins Statement Entities • Given a vector-triple vt1 = (E1 A1 V) • [Remember V is a set of (V1, V2, … Vn) of n values] • If we create statement entity, Si to represent a single (E1 A1 Vi) triple within vt1 • Then we can make create new vector-triples that attach attributes to the statement. • This allows metadata to be associated with each specific (E1 A1 Vi) triple
Statement Example • Given triple t = Person_1, age-over-1, true • We make this Statement about t: t, lastVerifiedFromSource, Jan 1, 2000 12:10 The statement that says “t was last verified in Jan 2000” The original triple t
Relationships between Entities • Attributes with complex values allow you to express relationships between Entities ex:Alice ex:Alice ex:Alice ex:Bob <some attribute here>
The higgins:correlation Attribute • A correlation attribute is a link that states that the source Entity and the target Entity(ies) are representations of the same person, organization, concept or thing ex:Alice ex:Alice ex:Robert-Smith ex:Bob higgins:correlation
higgins:correlation • The semantic is close but not identical to owl:sameAs • The semantic seems closer to oguid:identical proposed here: http://openguid.net/specification • Note that the two (or more) Entities linked may be in different Contexts • Since Contexts have different ontologies, each Entity may have a different set of attribute types (and of course values) • It is a statement not about the equivalence of the Entity models, but that both are representations of the same underlying real world resource
Correlation Examples In this example you have two accounts/profiles in Context A and you are also member of the Yahoo Group. You know another member of the Yahoo Group. UDI ContextId EntityId higgins:correlation @yahoo*group22 // 4668 333 4668 Context A @Yahoo*group-22 An Entity representing entity #1 (e.g. you) @yahoo*group22 // 333 An Entity representing an entity other than entity #1 (e.g. someone other than you) Other entity relationships (e.g. foaf:knows)
Friends List Example The triple : “You know Drummond” Drummond e.g. Facebook An Entity representing entity #1 (e.g. you) An Entity representing an entity other than entity #1 (e.g. someone other than you)
Social Network Example Reciprocated (confirmed) Entity Relations Facebook An Entity representing entity #1 (e.g. you) An Entity representing an entity other than entity #1 (e.g. someone other than you)
A Cross-Context Example You “Meta” Context You You Dept of Motor Vehicles Social Security Administration Facebook Second Life An Entity representing entity #1 (e.g. you) Other Entities An Entity representing an entity other than entity #1 (e.g. someone other than you)
Contexts Relations • Context relations are complex valued attributes of contexts
Enterprise Directory Example Enterprise directory Context with two sub-Contexts XYZ Corporation Contexts can have relationships with other Contexts. R&D Dept. Marketing Dept. You Your Manager
Section Two: Higgins Data Model 1.1 NOT WRITTEN
Section Three: Persona Data Model 1.1 NOT WRITTEN
Access Control Policy Entities Original Proposal Concept: • E1 is the resource being protected • E2 is the AccessControl Policy Entity • E3 is the subject who is (or is not) granted permission to perform operations on E1 • <operation> is a literal (e.g. “Read”, “Modify”, etc.) • In the example, subject E3 is granted read access to the entire Entity E1 E1 E3 :subject :resource E2: Policy <operation> C1 Example: E1 E3 :subject :resource E2: Policy “Read” C1
Access Control Policy Entities Revised Proposal Concept: • E1 is the resource being protected • E2 is the AccessControl Policy Entity • E3 is the subject who is (or is not) granted permission to perform operations on E1 • higgins:operation is an abstract super-Attribute. Its value is the resource being protected. Its sub-type indicates one kind of allowed operation • higgins:operation has concrete sub-Attributes of (higgins:read, higgins:modify, etc.) • In the example, subject E3 is granted read access to the entire Entity E1 E1 E3 :subject :operation E2: Policy C1 Example: E1 E3 :subject :read E2: Policy C1
Data Model Specifications Identifiers Ontology (Schema) UDI Discovery UDI Higgins XRDS Service Endpoints Higgins Context Descriptors [Planned] Higgins Ontology Language (HOWL) OpenID Cool URIs XRI XRI XDI WS-Addressing RDFS / OWL Key: W3C OASIS De facto v10
Delegation Use Case Entity representing the accountant. Has attributes (e.g. name, etc. [not shown]) other than the DelegatedBy attribute. DelegatesTo A C DelegatedBy Delegation Registry Context
Delegation Use Case Digital Identity (security token issued by STS) is presented to the Tax Authority. This token contains at least the claim: “A is delegated to by C”. Tax Authority Website Import Accountant’s Identity Selector Delegation Registry Website STS Endpoint Delegation Registry STS R-Card DelegatesTo C A DelegatedBy R-Card issued by the Delegation Registry website and imported into Selector Delegation Registry Context
Earlier Names for Entity • In the early years of Higgins the fundamental object in the data model was called a Digital Subject • Just before Higgins 1.0 was released (Feb 21st 2008) it was changed to Node to eliminate confusion with the term Subject or Data Subject as used in international data protection law • In the version 1.1 of Higgins currently under development it was changed again to Entity as a more intuitive term