Pds

From Unhosted Web Community Group

Personal Data Service spec

WARNING: this spec is still experimental and depends on what will happen with swd/webfinger and also json-home.

Definition

A personal data service:

  • is accessible via TCP/IP
  • is specific for an internet user ('personal')
  • adheres to the following restrictions

The exact definition of the term 'internet user' depends on the discovery method. in the case of webfinger/swd, it can be any of:

  • a 'user@host' string that describes a user without promising anything about available interfaces. This is sometimes URIfied by putting the 'virtual' scheme acct: in front of it.
  • the URI of an interface to the user (e.g. mailto:user@host)
  • the URI of a document describing the user (e.g. http://unhosted.org/~michiel)

Announcement

There is currently one recognized way to announce a personal data service, which is via webfinger/swd. Example: 

   GET /.well-known/host-meta.json?resource=acct%3Amichiel%40unhosted.org HTTP/1.1
   Host: unhosted.org
   
   HTTP/1.1 200 OK
   access-control-allow-origin: *
   access-control-allow-headers: Content-Type
   content-type: application/json
   connection: close
   transfer-encoding: chunked
   
   {"links":[{
     "href": "https://storage.unhosted.org/michiel",
     "rel": "remoteStorage",
     "type": "https://www.w3.org/community/rww/wiki/read-write-web-00#webdav",
     "properties": {
       "auth-method": "https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2",
       "auth-endpoint": "https://storage.unhosted.org/michiel"
     }
   }]}

Depending on the link's rel attribute, there may be more or other attributes and/or properties for a personal data service link.

The service

The end-point for interaction with the service is specified by the 'href' attribute. The 'type' attribute should point to a description of the interface of the service.

OAuth

A way to obtain access to the service is described by the "auth" property. In order to make it easier for relying parties to support all pds providers, currently only: 

   "http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2"

is allowed as the auth property's type.

CORS

Although the href attribute may contain for instance a WebSocket URL, whenever it's a http or https resource, it should be offered with CORS headers

Retrieved from "https://www.w3.org/community/unhosted/wiki/index.php?title=Pds&oldid=105"