Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Personium - Open Source PDS envisioning the Web of MyData

181 views

Published on

How can we citizens maximize the benefits of the new right to data portability, which is now rapidly being recognized globally?
Personal Data Store is a technology that will receive all “My Data” from hundreds of services. It aggregates and integrates them, and at times discloses a portion of them to others under user’s control for creating new values.
This talk will introduce an open-source Personal Data Store (PDS) server “Personium”, providing details on its technical implementation, the underpinning business models, and the actual implemented and future use cases.

Published in: Internet

Personium - Open Source PDS envisioning the Web of MyData

  1. 1. Open Source PDS envisioning the Web of MyData Akio Shimono Project Lead - Personium Project Member – Open Knowledge Japan Manager – Service Technology Unit, Fujitsu Ltd. MyData 2018 – Tools for Data Portability 2018-08-29
  2. 2. “Data Portability” encouraging MyData 2  With “Data Portability”, MyData is now out from enclosure, in a machine readable way.  Now, Question is  Who / What Entity, What kind of Machine should receive these ported data.  Where is the best place to put the ported data.
  3. 3. Imagine 3  Invisible ball floating above your head  You can put whatever your data into that ball.  All your data is there. I know all my data is there Whatever data about me can be stored  Invisible Concierge.  Perfectly “Yours”  Helps your life in all aspects  Never betrays you. Your Personium Just like your Car augments your ability of mobility. augments your ability of information processing such as: - reception, - recognition, - memory, - integration, - analysis - expression Create such an Information TechnologyOur Project Goal #1
  4. 4. PDS – “MyData” Storage 4 “ Where is the best place for MyData, now getting available by data portability ?” Question Our Answer Why Server ?  24 hrs / 365 days Up,  Accessible from any device / service  Easy to put Intelligence (computing power) Why a choice of entities trusted ?  It varies depending on your belief.  We like democracy rather that despotism “My Own Server operated by a choice of entities I trust.”
  5. 5. World Wide Web of interconnected PDS’s  Various PDS Providers (Information Bank) can co-exist and co-prosper Bank Energy Provider Railway Local Govt. Shopping Mall Interoperable among PDS providers using Personium or compatible software Various PDS Providers Similar usability, regardless of PDS Providers Can use Same Apps Can communicate and share data with People who use a PDS from other provider  Consumers can choose a provider  Interoperability among providers should be there Provide it in the form that many players can co-exist and co-prosperOur Project Goal #2
  6. 6. Open source: Anyone can be a PDS Provider 6 https://personium.io/ Currently developed by our team in Fujitsu. Aiming for open and neutral project management  Available on github  Apache License version 2.0.  Tools, samples are also available https://github.com/personium/ Anyone can set up a PDS server, and become a PDS provider. Business entity, national / local government, individual, etc. Free, Secure, Public Aiming to be an “Apache” in MyData Domain
  7. 7. Tech Overview 1.Accessibility from variety of Apps  All functions provided in the form of Web API  Each Personium PDS has a unique URL  Any platform (OS, language) can speak with Personium  All API’s are protected with user authentication and access control.  Well known standards used for data access  WebDAV for directory tree file system model data  OData for relational model data  Per-App spaces  Decently isolated to avoid unintentional mix-up  app authentication for protection against phishing apps  Packaged data model including ACL, Roles, relational data schema, etc.. can be provided from app and installed onto Personium upon first use 7 https://akio.some-provider.example/ HTTPS Apps Per-App spaces HTTPS HTTPS HTTPS Web API standards WebDAV For Relational Data For Files Unique URL
  8. 8. Tech Overview 2.Linking for sharing MyData  Sharing MyData by pointing target PDS URL  Disclosing or sharing your data to the others (e.g. wife, family doctor, work place, etc.) are done by specifying the other party's PDS URL.  PDS access uses digital signature technology, therefore, the other party's PDS can be resided on another server.  Passive Data Subject  Full privilege delegation enables Passive Data Subject  By granting all privileges on all resources to someone else, full delegation can also be configured in the continuum of Personium access control model.  Data from / of infants, pets, cars, communities, organizations can be handled using Personium (MyData can be disclosed to organizations or apps) 8 My doctor My patient I will show my diet log and exercise log only to my doctor Active Data Subject Passive Data Subject Allow parents all data all operation My son My dad I will manage it until he grows up 8 Active Passive
  9. 9. Unit Architecture: Web of 3-layer structure over HTTP (REST APIs) 9 UnitBox Cell Box BoxCell Cell Cell Name Description Typical URL Unit The server to host Cells. What you get by software installation. https://pds.example/ Cell “Personium” Data Store for “everything” https://akio-shimono.pds.example/ Box Per- App space inside a cell. https://akio-shimono.pds.example/schedule/ Cell Cell Cell ■ Cells can be networked beyond units. ■ A Box provides a separate space dedicated to each application.
  10. 10. Unit Architecture: Closer Look  Security : All SSL, Authn/ Authz, Access Control  3 types of clients call corresponding level of APIs 10 Box BoxCell Box pictures 2016-09-01.jpg 2016-08-31.jpg Thumb-svc shared Trip-log settings.json Unit Ctl Cell Ctl Unit Mgt Client Service Provider Application ClientCell Mgt Client Super-user access Create/ delete Cells Various apps storing and utilizing my data Access Control Consent Mgmt Access Control External / existing IdP / Authn IdP / Authn User RESTful API standards WebDAV For Files For Relational Data
  11. 11. Other features of Personium Cell  Messaging  Between cells to send request each other (Relation building, Data disclosure, etc.. )  Event Bus  Rule based event handler + Pub-sub WebSocket interface  Engine  Sandboxed custom logic execution environment to implement “intelligence”  Extensibility of User Authentication Methods  Open ID Connect / SAML / Card … 11
  12. 12. Our final goal Web of “MyData”  Every active / passive data subject’s MyData store connected with each other  World Wide Web of PDS’s can be formed if everybody is happy to use one. Our logo represents our dream of World Wide Personium (MyData) Web Notice: Cyber Physical System will be formed
  13. 13. Key: App Ecosystem  User Satisfaction parameters  Richness of Data providing Apps, which sync ported data to the PDS  Richness of Data consuming Apps, which utilize the data in PDS and provide new values. Calendar Wearable Health Sensor Event recommendations Job huntingUser Finance Asset management Electronic health record Health advices Trip planner Data Data Data Data Recommend an event tailored to your preference during the free time of your schedule Expert advices based on your daily health data Proposal of travel tailored to your financial status, preferences and schedule Job offering according to your skills, qualifications, practical experiences etc. Control Data Consuming AppsData Providing Apps (including adapters existing service) DataPortability IndividualConsent As data grow, app ecosystem and user base grow. As app ecosystem grows, user base and data grow
  14. 14. Personium Data Portability Demo using our sample GUI + Calendar App 1. Calendar Data synced near-real-time to Personium from multiple major source services 2. Merged and integrated 3. Shared with others upon user’s control 14 You can freely modify and customize them for your needs. (e.g. Put your logo and redistribute under you brand.)
  15. 15. Business Model  PDS Provider (Information Bank)  Several projects under development. Many big companies interested.  Financial Institution, public sector, energy company, Media, etc.  They all have individual ”paid” accounts and have strong interest in adding extra value on them.  They do not have to earn immediate money with this, rather engagement.  ICT Provider  Cloud Service, System Integration, etc. 15
  16. 16. Last Words: Join Us !  Visit our web page and join our slack community  About 100 members in the community.  Current majority is Fujitsu Group Employees in Japan  We want more diversity !!  App Developers  We want more apps.  Server Operators  We want more servers.  Server Development  Our software is still far from maturity. 16 https://personium.io

×