MyIdentityGraph Ontology

A domain ontology represents concepts. MyIdentityGraph defines an information schema specific to the Identity and IoT Domain and an implementation applied to the use at SSOCircle.

  • Entities represent subjects like persons, services, data or devices (Vertices in the Graph)
  • Verbs represent relationships between entities (Edges in the Graph)
  • Attributes describe properties of an entity or a verb

Entities

Identity vertices represent subjects which own resources or have other access permissions to act on resources. Identities may delegate their rights to other identities and as such hand over their access permissions to other identities. Currently the following classes of identities are available at SSOCircle MyIdentityGraph:

Identities
Identity Super Resource
Person Identity
Group
Role
Organization
Department

 
Resource vertices represent objects which are owned by a Person. Currently the following classes of resources are availabe at SSOCircle MyIdentityGraph:

Resources
Identity Super Resource Parent Super Resource
UserProfileData Data Resource
Yubikey Device
Swekey
SAMLServiceProvider Provider
OpenIDProvider

 

Verbs

Permissions are represented as Graph Edges of the corresponding type and start at an Identity Vertex and end at a Resource Vertex.

Permissions and Permission Requests
Permission / Request Super Class
read Permission
write
execute
full
reqRead Request
reqWrite
reqExec
reqFull

 

Permissions to a resource can be requested at the owner of the resource. Permission requests are represented as Graph Edges and start at an Identity Vertex. The following permission and corresponding request types are defined

Request – Permission correspondence
Permission Request
read reqRead
read reqRead
write reqWrite
execute reqExecute
read reqRead

 
Delegations are represented as Graph Edges and start at an Identity Vertex and end at another Identity Vertex. A Delegation is a special type of Permission.

Delegations
Edge Super Class Parent Super Class
delegate Delegation Permission

 

Other relationships are represented as Graph Edges. Here we summarize relationships which do not inherit from permission type. For example, a user who federates to a SAML or OpenID service provider creates a “federate” relation between his person node and the provider.

Other Relations
Edge Super Class
federate Relation

Attributes
Attributes are specific to the entity or the verb. Some examples are listed below

Attributes
Entity Attributes
UserProfileData Lastname, Givenname, Email, Initials
Person public profile attributes like Lastname, Givenname, Email
SAMLServiceProvider EntityID
Yubikey YubikeyID

 

The formal MyIdentityGraph (MIDG) ontology format description is described in Resource Description Format (RDF) – coming soon.