A domain ontology represents concepts. MyIdentityGraph defines an information schema specific to the Identity and IoT Domain and an implementation applied to the use at SSOCircle.
- Entities represent subjects like persons, services, data or devices (Vertices in the Graph)
- Verbs represent relationships between entities (Edges in the Graph)
- Attributes describe properties of an entity or a verb
Identity vertices represent subjects which own resources or have other access permissions to act on resources. Identities may delegate their rights to other identities and as such hand over their access permissions to other identities. Currently the following classes of identities are available at SSOCircle MyIdentityGraph:
Resource vertices represent objects which are owned by a Person. Currently the following classes of resources are availabe at SSOCircle MyIdentityGraph:
|Identity||Super Resource||Parent Super Resource|
Permissions are represented as Graph Edges of the corresponding type and start at an Identity Vertex and end at a Resource Vertex.
|Permissions and Permission Requests|
|Permission / Request||Super Class|
Permissions to a resource can be requested at the owner of the resource. Permission requests are represented as Graph Edges and start at an Identity Vertex. The following permission and corresponding request types are defined
|Request – Permission correspondence|
Delegations are represented as Graph Edges and start at an Identity Vertex and end at another Identity Vertex. A Delegation is a special type of Permission.
|Edge||Super Class||Parent Super Class|
Other relationships are represented as Graph Edges. Here we summarize relationships which do not inherit from permission type. For example, a user who federates to a SAML or OpenID service provider creates a “federate” relation between his person node and the provider.
Attributes are specific to the entity or the verb. Some examples are listed below
|UserProfileData||Lastname, Givenname, Email, Initials|
|Person||public profile attributes like Lastname, Givenname, Email|
The formal MyIdentityGraph (MIDG) ontology format description is described in Resource Description Format (RDF) – coming soon.