Pds
Personal Data Service spec
WARNING: this spec is still experimental and depends on what will happen with swd/webfinger and also json-home.
Definition
A personal data service:
- is accessible via TCP/IP
- is specific for an internet user ('personal')
- adheres to the following restrictions
The exact definition of the term 'internet user' depends on the discovery method. in the case of webfinger/swd, it can be any of:
- a 'user@host' string that describes a user without promising anything about available interfaces. This is sometimes URIfied by putting the 'virtual' scheme acct: in front of it.
- the URI of an interface to the user (e.g. mailto:user@host)
- the URI of a document describing the user (e.g. http://unhosted.org/~michiel)
Announcement
There is currently one recognized way to announce a personal data service, which is via webfinger/swd. Example:
GET /.well-known/host-meta.json?resource=acct%3Amichiel%40unhosted.org HTTP/1.1 Host: unhosted.org HTTP/1.1 200 OK access-control-allow-origin: * access-control-allow-headers: Content-Type content-type: application/json connection: close transfer-encoding: chunked {"links":[{ "href": "https://storage.unhosted.org/michiel", "rel": "remoteStorage", "type": "https://www.w3.org/community/rww/wiki/read-write-web-00#webdav", "properties": { "auth-method": "https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2", "auth-endpoint": "https://storage.unhosted.org/michiel" } }]}
Depending on the link's rel attribute, there may be more or other attributes and/or properties for a personal data service link.
The service
The end-point for interaction with the service is specified by the 'href' attribute. The 'type' attribute should point to a description of the interface of the service.
OAuth
A way to obtain access to the service is described by the "auth" property. In order to make it easier for relying parties to support all pds providers, currently only:
"http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2"
is allowed as the auth property's type.
CORS
Although the href attribute may contain for instance a WebSocket URL, whenever it's a http or https resource, it should be offered with CORS headers