© 2004-2007 Informed Control Inc.

 

Home

Specifications

Schema

Commentary

Mark Wahl


Web Design by
Kristen Lanum

Schema Ontology Tools

An ontology is a system of knowledge representation and classification that is intended to aid in understanding and categorizing data.

Further design discussion on schema ontologies are occuring on the weblog, on the schemat discussion list (to subscribe to the schemat discussion list, contact public-schemat-interest-request (a) informed-control.com), and in the Identity Commons2 Identity Schemas working group.

Schemat Selector (last updated 2007 July 16)

The Schemat Selector is a demonstration InfoCard identity selector that illustrates the use of the Schemat Consumer and Schemat libraries for generating and parsing RDF.

The design of this selector differs from typical CardSpace-inspired identity selectors, as it assumes the user already has defined one or more personas which incorporate their personal attributes (such as name or address). A card is tied to a persona, which supplies the identity attributes which are sent to a web site as claims when using that card. The only claims which are stored with a card are those which are not part of the user's persona.

This design decision is intended to simplify the management of self-issued cards: a user may already manage certain claim values (such as their telephone number, email address or mailing address) in repositories maintained by other tools or social networking services external to the InfoCard environment. In order to avoid duplication of data, a self-issued card should not store these values, but should leverage existing repositories. In this first version, the card takes its values from a persona which is imported from a file, but later implementations could have the card dynamically obtain values from the user's web resource describing themself (in LDIF, vCard, FOAF, RDFa, etc).

After initializing their card store (implemented as a JCE keystore), 

java -jar schemat_selector.jar --initialize-home
keystore password: secret

the user imports a persona into their store. This version of the selector uses Schemat to implement parsing the persona from a file encoded either in RDF with FOAF-defined properties, 

java -jar schemat_selector.jar --import-persona \
 --import-file file:///tmp/me.rdf#me /tmp/me.rdf \
 --persona personal

or in LDIF with the RFC 2079 (labeledURI), 2798 (inetOrgPerson), 4512 (top), 4519 (person) and 4524 (pilot) attributes.

java -jar schemat_selector.jar --import-persona \
 --import-file file:///tmp/me.ldif#uid=me /tmp/me.ldif \
 --persona work

When the user logs in to a web site using that persona, 

java -jar schemat_selector.jar --login --persona work \
 --uri https://rp.example.com/relyingparty/

they are prompted to create a new card, or send an existing card (if one is present in that store for that persona). When creating a new card, the user is only prompted to enter the values of claims which are not supplied by the persona backing the card.

The attributes or properties of a user's persona are stored using the original predicate URIs (if imported from FOAF) or URIs representing the attributes as defined in LDAP schema (if imported from LDIF). Since the relying party may ask for claims using a different schema (e.g., the Microsoft schema for self-issued claims at http://schemas.xmlsoap.org/ws/2005/05/identity/claims), the selector uses the Schemat Consumer to locate an equivalent property for the relying party's claim, using owl:equivalentProperty, and automatically maps existing schemas to those required by a relying party.

Currently, as the web site schemas.xmlsoap.org where the Microsoft claim types are stored does not appear to provide an RDF file with schema metadata, the Schemat Selector bundles selfissued.rdf which includes mapping statements for the Microsoft self-issued claims givenname, surname, emailaddress, streetaddress, locality, stateorprovince, postalcode, country, primaryphone, webpage, homephone, mobilephone. These mapping statements resemble

<rdf:Description  rdf:about="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
  <rdfs:isDefinedBy
   rdf:resource="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/" />
  <owl:equivalentProperty rdf:resource="http://xmlns.com/foaf/0.1/surname" />
  <owl:equivalentProperty rdf:resource="http://www.ldap.com/1/schema/rfc4519.owl#2.5.4.4" />
</rdf:Description>

The preceeding RDF description of the Microsoft self-asserted claim surname states that it is equivalent to the FOAF surname property, and the LDAP attribute 2.5.4.4 (sn, defined in RFC 4519).

Note that this version of Schemat Selector is not a full identity selector, in that it does not include the support for managed cards, WS-MetadataExchange or WS-Trust. It only submits to a relying party web site, via a HTTPS POST, a SAML 1.1 attribute assertion for a self-issued card.

This software is distributed under the BSD-style Informed Control Research Software License B, and relies upon third-party components distributed under various BSD-style licenses, the Apache Public License, and Netscape Public License.

Schemat Consumer (last updated 2007 July 16)

The Schemat Consumer is a small proof of concept metadata implementation which provides applications in an identity metasystem with a simple Java API for retrieving the metadata of URI-named attribute types. 

SchematConsumer sc = SchematConsumer.getInstance();
// ...
IAttributeTypeMetadataClasses iatmc = sc.findAttributeTypeMetadataFromSubjectUri(new URI(attribute_type));
CommonAttributeTypeMetadata c = new CommonAttributeTypeMetadata(iatmc);
String label = c.getLabel(); // get display label for the attribute type
String comment = c.getComment(); // get display comment for the attribute type
List seealso = c.getSeeAlsoUriStringsList(); // get URIs of 'see also' 
boolean isequiv = c.isEquivalentToUri(another_attribute_type); // test are two attribute types equivalent?
List acq_uris = c.getAcquisitionUriStringsList(); // get URIs where to acquire values of this attribute
List auth_uris = c.getAuthorityUriStringsList(); // get URIs of authorities for this attribute
String example = c.getValueExampleString(); // get String example value of this attribute
HigginsValuePropertyDatatype v = c.getHigginsValuePropertyDatatype();
if (v != null) {
String pattern = v.getPatternString();  // get regular expression of value syntax
}
String xhtml = c.summarizeAttributeTypeAsXhtml(); // get XHTML fragment describing the attribute

Schemat Consumer wraps the Jakarta HTTP core client library and the HP Labs Jena ARP2 RDF parser. As of 2007 July 16, it implements the http and file URI schemes to retrieve the RDF/XML encoding of metadata, and a subset of metadata elements defined by W3C, Dublin Core, Higgins and OpenID. Future versions are anticipated to implement the full set of Identity Schemas metadata.

This software is distributed under the BSD-style Informed Control Research Software License B, and relies upon third-party components distributed under various BSD-style licenses, the Apache Public License, and Netscape Public License.

Schemat (last updated 2007 July 16)

Schemat is a collection of Java functions for translating ontology instances and classes between formats based on the Web Ontology Language (OWL), XML and the Lightweight Directory Access Protocol Data Interchange Format (LDIF). It is intended to aid in researching the developments of ontologies to represent identity information and the mappings between ontologies, with a goal of enabling the development of standards enabling extensibility of emerging Internet protocols which exchange identity information to support decentralized localization of identity management systems.

This software is distributed under the BSD-style Informed Control Research Software License B, and relies upon third-party components distributed under various BSD-style licenses, the Apache Public License, and Netscape Public License.