General relationship manager

 

 

Entities

The GRM describes entities and relationships. Entities may take many forms.

Inert	An item with fixed properties that does not interact with the outside world	A button on a static remote control. In our GRM model we may have an IR control system that wants to emulate that function but it never needs to interact with the button it just needs the buttons function and IR code to be findable in the cloud.
IPP	Internet Privacy provider data item. An item identified by a GUID as being available subject to permission from an IPP itself identified by a GUID.	The theory is that most entities in someones world would be stored in their IPP, which would store in encrypted form all the users cloud data. e.g. things like social networking, financial transactions, and the connected hierarchy of their world across the whole spectrum of person to people, person to vendor, person to devices.
Device	Information from a device identified by a GUID	Devices in the IOT would either directly support the GRM protocol, or an intermediary would query devices and store the data at the IPP in queryable format.

The Global Relationship Manager

In the GRM every object in your interconnected world is represented by  GUIDs (Globally Unique Id's)

The GUIDs  represent other entities and/or someones relationship with those entities.

The relationship GUID has a representation in the cloud which defines the relationship. Essentially anyone can create these GUIDs and upload them, and anyone can then using other GUIDs to associate functions and data they would like the relationship GUID to support.

At the top level we have kind of core relationships

Can read public data from	This is a relationship such as becoming a household guest, so you can obtain data such as the wifi password. It is a relationship that is mutable in that the "household guest" entity that you relate to may change its details without breaking/reaffirming the relationship.
Can access public methods in	Similar to above, but relates to public functions such as controlling a TV remote. A TV remotes setup functions would be private.
Allow Public Read	This is the relationship setup with say the "household" guest entity by the router to allow a household guest relationship to read the wifi password.
Allow Public Methods	This is the relationship setup with say the "household" guest entity by the router to allow a household guest relationship to control a device

For example the record button on a particular PVR remote would have a GUID and against that GUID a generic guid with a meaning of "get IR code" would be associated. Since this PVR remote is not actually itself connected to the IOT the actual IR code would also be recorded in the cloud.

In other relationships the GUID for a method would be a method that interrogated an actually connected device, or your personal cloud data.

SISTER	getbirthday	my cloud data
IOT Set Top Box	getcurrentchannel	querying device
Av Receiver Record Button	Get IR Code	global cloud database
Fridge	Get Contents list	querying device via nfc label on contents

The GUID may be absolutely explicit.  e.g. if a new API came along for "Get Contents List" it would be represented by a new GUID.

The above table could be a bit ambiguous on where the GUIDs reside, in the case of our AV receiver record button for example, we certainly don't want our GRM enabled remote control to be accessing the global cloud each time you press record, plainly data would be cached, but here is the point, the data is not so much cached as copied. It would become a GUID on the device evolved with a key saying where the data originated.

This ties in with the flexibility of the system GUIDs are all about the semantics they contain, something using those semantics may refer to that GUID directly, it may copy the semantics and keep a reference to the originating GUID so that it can follow updates, or it may choose its own entirely new path.

In the cloud database of GUIDs,  each GUID entity has list of GUID->value pairs which can take the following form

key		a property defined by a GUID
key/value	key=>value		"SCRIPT-LANGUAGE-SPECIFIED-INLINE-FORMAT1"=>"<script language=javascript>..."
key/list	key=>value1,value2...		"DIRECTLY-CONNECTED_LIST"=>device1GUID,device2GUID..
key/keyvaluepairs	key=>(key=>value),(key=>value)...		"HELP_LABEL_TEXT_COUNTRY-CODE-MAP"=>(COUNTRY-CODE_UK=>"text",COUNTRY-CODE_US=>"text"
key./blob	key=>blob	binary large object	Image file

This is an almost free form database where language translation is inherent and where as every key is itself a GUID the keys link to information on what the keys mean. Plainly when drilling down the software looking at the GUID database will start off pre-primed with a level of GUID knowledge such as the GUID of a country. Note that even at country level we are using a GUID, this is because the database is entirely free form. A translation table might not be between languages, it might be between dialects.

Where the system is not free form is that by insisting all keys are themselves GUIDs, and by insisting that a valid primitive GUID entry must contain a DEFINITION-TEXT keys, the system is self documenting.

RSA keys

Every entity that can relate to another entity in a contractual fashion may have its own GUID and RSA keypair. With the IOT this becomes a potential serial number and audit trail of device ownership. If the entity does not have its own RSA pair it may relate via an owners key pair. Note that how relationships are made might be even looser than that, this is a semantic model where each side of a relationship request endeavours via exploring the GUID to seek a level of understanding. One would expect agreement types to follow something like the SSH system:

SSH can be configured to utilize a variety of different symmetrical cipher systems, including AES, Blowfish, 3DES, CAST128, and Arcfour. The server and client can both decide on a list of their supported ciphers, ordered by preference. The first option from the client's list that is available on the server is used as the cipher algorithm in both directions.

Basically a system where the application receiving the request is fussy about the security level. It is worth noting that all relationship requests are owner signed and that the owner is themselves ratified by a signing authority.

The role of the IPP

An IPP is a trusted by the user body that has both of copy of the global cloud and also the users cloud data. The copy of the global cloud has features similar to that of the bitcoin blockchain. In the global cloud databases that have signed/immutable data must never have core data under a GUID altered. With bitcoin it relies on no one organizational having the power to out compute and hence out vote on transactions in the blockchain.

The IPP is a little like a vastly extended LASTPASS, something that not only stores notes and access keys, but also organizes your world into hierarchies or entities and relationships.

Databases within the IPP stay within the IPP, apart from such data as relationships allow. One core relationship here is that of backup. The chances are you would have an application on your main PC backing up your IPP data, and also you would authorize a relationship with a secondary IPP as well.

This underlines the point that our lives are now mapped out by devices, data and relationships. The IPP would for example be the archive of all of your emails. This archiving role is an important element of the functionality of the IPP. Your data is YOUR DATA and you want to own and control it. But the IPP is not best suited for data access. Take for example a skype chat, Skype is an optimized and polished frontend to a chat, and it would be nonsensical for Skype to pull chat data from IPP's, however it should push the chat to your IPP, and if for any reason the chat parties got fed up with Skype, they should be able to switch to say facebook messager and authorize messager with the GUID of the chat at which point messenger would pull the chat from the IPP's.

This changes the role of facebook, twitter, skype etc. These organizations continue to operate, but they no longer own us, they get our interaction because they offer the best experience. In this model there is no reason why given a chat GUID why I should not be chatting on Skype because I like skype, but the other party is on messenger. This might not be quite as responsive as the IPP's would be acting as intermediary, but the whole model makes this sort of interoperability far simpler.

A Secure Model?

In the model used every entity is by and large signed by a private RSA key and linked to the public key used, which is in turn linked to an authority for that key. This is roughly the equivalent of SSL certificate, except the signing authority is an IPP Internet privacy provider. Where does this leave us in terms of security against fraudulent attempts to form a relationship? Say we receive a request for a payment to "Nationwide Bank" the name of this entity would have to have been signed by the IPP. e.g. it would need a rogue IPP for this to happen and the system will need means of reporting and tracking incidents in the common cloud. This rogue request would also not contain a GUID referring to any current relationship you have with the bank, which would set off alarm bells. Requests would also work via the micropayment system making mass spamming of rogue requests more difficult, last but not least a relationship request that asks for payment would only be validated if it contained at least some tokens properly identified the receiver.

What this type of model does not prevent is all type of rogue marketing and extortion.But even there it can help. For example a common ploy at the moment is the one off special offer with the large recurring monthly fee in the small print. In a relationship request there is no small print, the full financial details would be present in the relationship request, and this type of request would be a three way request involving your bank which would now have full details on what could be withdrawn. So your application in approving this relationship would be showing in large letters the real nature of what you would be signing up to.

As alluded to with IPP the common cloud database could also be used to report issues and your relationship application could check for reports.

The Relationship model and the user interface

A relationship model means that your rights in respect of a relationship may be mediated by other relationships, for such a model to work for the user in terms of an understandable model manipulated by a simple use interface then a user interface will have two basic modes of looking at a relationship.

A good example of this would be a joint mortgage endowment policy, this is a relationship between an endowment entity owned by a building society and an entity referring to a couple, it might well be down to the building society whether the couple entity is a new one or the couples standard entity if it qualifies.

But some actions on an endowment policy such as setting up payment via direct debit would be open to the individual rather than the couple.

As such in a user interface opening a bank's direct debit entity would pull in the status/possibility of that direct debit without cluttering the screen with the relationship chain.

The key point is that the relationship as to what can and can’t be done is simple from a user point of view, the relationship entity of a couple or an endowment might well be quite complex, but that complexity does not hit the screen that the user sees unless they zoom in on the relationship. As a rule the user wants to do something between two entities and is or is not allowed to do so based on relationships, but those relationships are only visible if the user needs to explore why they can or cannot do something.

An inheritance model

Consider a dimmable lightbulb, this could expose several GUIDs describing its methods.

on_off_method_visible	I'm a device that can receive and on/off instruction and can provide a status as to whether I am on or off.	grm_version_1	The core GRM object identifying an object is read, this is central to how the GRM can constantly update
on_off_method_visible_unconfirmed	I can be operated without needing a confirmation of the access.	on_off_method_visible
on_off_method_visible_unconfirmed_stepped	I have a range of on levels	on_off_method_visible_unconfirmed
on_off_method_visible_unconfirmed_modes	I can provide a list of modes of operation	on_off_method_visible_unconfirmed_stepped
on_off_method_visible_unconfirmed_modes_philips_mood_lighting	I can do other funky things	on_off_method_visible_unconfirmed_modes	At this stage we get in to manufacturer specifics

The principle is that systems accessing the lightbulb can do useful things even if they don't know about the subclasses. So for example if you have given a power company a relationship that allows it to turn off devices in preparation for a powercut, then their controller only needs very basic abilities, as you move up the scale you might eventually reach the point where a manufacturing has specific software the does very special things with a device such as setup functions, but below that any  household controller with a reasonable understanding of core GUIDs can deal with any system that supports those GUIDS.

GUIDS

A GUID is a globally unique identifier. In the case of the GRM GUIDs have two typical parts.

1. A GUID of where the data can be found, its ORIGIN. e.g. which IPP and personal space is it on, or is it in the cloud. This is actually a left to right series of ORIGIN GUIDs. So for example if we are dealing with a chat between individuals, each IPP would store both sides of the chat, but record the other persons IPP location as well. This both speeds up access and creates a secure recorded chat. The left most location is the local copy, the rightmost location is the origin.

2. The actual GUID which also contains the GUID of the signing authority. All static GUIDs are signed by a trusted authority which will only sign the same GUID once. This does not preclude a rogue GUID, but it secures the model in that once you have established a relationship with a set of GUIDs, the GUIDs cannot be changed.

At this moment I am thinking the signatures ignore the first GUID part, so as to allow data to migrate without invalidating signed relationships. This might be an option based on the signingGUID.

GUID spaces

GUID data lives in multiple databases according to purpose and hence calling APIs will need to know which database to ask for. This has the effect of:

1. predefining a level of security. e.g. if you go to the "STATIC" section you know whatever is there for a GUID must always be the same once signed, and your device can cache sand verify signatures.

2. By having sections such as STATIC/DYNAMIC/IOT/SOCIAL the IPP can optimize technology around those databases.

Note that the database names won't be text strings STATIC etc, they will themselves be GUID keys into a GLOBAL segment that describes the properties of the database.

database is simply a word that fits here, the technology used is entirely up to the IPP.

GUIDs fall into at least a number classes with clearly distinguishable formats.

STATIC	The SHA1 hash of the core segment
RATIFIED	A core set of GUIDs will be short English labels. Such as JPG, PNG or more complex English labels such as PREVIOUS_3_PAYSLIPS_MAIN_EMPLOYER_3DA_30DR.  There will be an evolution of a GUID from a GUID someone creates as a STATIC GUID to its use being accepted and its proposed inclusion in the RATIFIED set of GUIDs. When a GUID is ratified its static ID would be marked in the META data as superseded by, and applications would update to the RATIFIED GUID. The relevance of this is the process of discovery and interoperability.  Whilst anyone can create STATIC GUIDs that their application or device in the IOT understands, the idea is to create a common language. For example if we want our house remote control application to know which channel is being watched on a TV, it would prefer the TV to respond to a common GUID for that question, not a Samsung, or Sharp specific GUID. Of course applications will have abstraction layers themselves, and if there are different GUIDs to perform similar functions an application may know of all the different GUIDs or it maybe able to discover what GUIDs a device supports, and look at the GUIDs within each GUID and basically be able to guess the function just so long as there is sufficient information.
OTHER	The SHA1 hash of the creators GUID and a microtime.

GUID break down

Let's break down a RATIFIED tag layer by layer so we can understand what an IPP would do with the tag on seeing this for the first time. The PREVIOUS_3_PAYSLIPS_MAIN_EMPLOYER_3DA_30DR is a GUID and its label whilst descriptive is ignored. The meaning is derived from the keys within the GUID.  For brevity I have not included the keys that will generally be present.  So we will deal with them first. Note that within a GUID "_" is used to delimit parts of the key that are also keys "-" is used to delimit words within a key. Those words may also be keys in their own right. Please remember this is only a naming convention the GUID does not imply any meaning at all.

Common keys

ORIGIN	originguid	This is where the GUID we are accessing, hence the accessing caller already knows this information.
CREATED-DATETIME	unixtime
OWNER	ownerguid
RSA-SIGNATURE	ras-signature	The signature of the CORE segment of the GUID so that we can verify validity
ORIGIN-LIST	location-guid, location-guid..	In normal operation especially with IOT devices,GUIDs will end up copied to the device itself, but this may be a chain. Lets say for example we want to be ultra secure about exactly how a label on a device appears. Normally label text will be part of a translation map that will be in a DYNAMIC guid. A dynamic GUID is a GUID where the contents can be updated by the owner. Since we want to avoid this we end up with an origin chain. The first port of call is our device, the second is in our IPP where we have in effect a backup copy, and finally there is the original wherever that might be.
PERMISSIONS	permissionguid	Allowed access

Common keys breakdown

Note that these keys themselves with have the Common Key parts

ORIGIN

ORIGIN	none
DATA-TYPE	DATA-TYPE-URL	Data source as a URL
LABEL-LANGUAGE-CODE-MAP-TEXT	ORIGIN_LABEL-LANGUAGE-CODE-MAP-TEXT
DESCRIPTION-LANGUAGE-CODE-MAP-TEXT	ORIGIN_DESCRIPTION-LANGUAGE-CODE-MAP-TEXT

DEFINITION-TEXT

DEFINITION-TEXT	DEFINITION-TEXT_LANGUAGE-CODE-MAP-TEXT

LABEL_DATA-TYPE

LABEL-LANGUAGE-CODE-MAP-TEXT	LABEL_DATA_TYPE_LANGUAGE-CODE-MAP-TEXT
VALUE-MAXIMUM-CHARACTER-COUNT	20

LABEL-TEXT

LABEL-TEXT	LABEL-TEXT_LANGUAGE-CODE-MAP-TEXT
LANGUAGE-CODE-MAP-TEXT-FORMAT-HINTS	LABEL-TEXT_LANGUAGE-CODE-MAP-TEXT-FORMAT-HINTS	Formatting hints by language code

LANGUAGE-CODE-MAP-TEXT

DEFINITION-TEXT	LANGUAGE-CODE-MAP-TEXT_LANGUAGE-CODE-MAP-TEXT
KEY-VALUE-CONTAINER
CORE-CONSTRUCT

LANGUAGE-CODE-MAP-TEXT_LANGUAGE-CODE-MAP-TEXT

LANGUAGE-CODE-MAP-TEXT	UKENGLISH_LANGUAGE-CODE=>"A key value list of language codes and associated text"

LABEL-TEXT_LANGUAGE-CODE-MAP-TEXT

LANGUAGE-CODE-MAP-TEXT	UKENGLISH_LANGUAGE-CODE=>"Label Text" FRENCH_LANGUAGE-CODE=>"...."

LABEL-TEXT_COUNTRY-CODE-MAP-TEXT-FORMAT-RULES

PRECEDENCE-GUID-LIST	LANGUAGE-CODE-AND-CHARACTER-ENCODING-MAP-RULES LANGUAGE-CODE-MAP-TEXT-FORMAT-RULES CHARACTER-ENCODING-MAP-TEXT-FORMAT-RULES
LANGUAGE-CODE-AND-CHARACTER-ENCODING-MAP-RULES	WUCHINESE-BIG5_LABEL_FORMAT	Invented case for if the character encoding combined with the language of the label need special formatting
LANGUAGE-CODE-MAP-TEXT-FORMAT-RULES	UKENGLISH=>CAPITALISE-FIRST-LETTER-OF-EVERY-WORD
CHARACTER-ENCODING-MAP-TEXT-FORMAT-RULES	UTF-8=>UTF-8_CAPITALISE-FIRST-LETTER-OF-EVERY-WORD

PRECEDENCE-GUID-LIST

DEFINITION-TEXT	PRECEDENCE-GUID-LIST_LANGUAGE-CODE-MAP-TEXT
GUID-LIST		Tells us that PRECEDENCE-GUID-LIST is a GUID-LIST
CORE-CONSTRUCT	none	A core construct is something an application has to understand to utilize the GUID

GUID-LIST

KEY-VALUE_CONTAINER	none
DATA-TYPE	GUID-DATA-TYPE
DEFINITION-TEXT	GUID-LIST_DESCRIPTION-TEXT

KEY-VALUE_CONTAINER

DEFINITION-TEXT	KEY_VALUE-CONTAINER_LANGUAGE-CODE-MAP-TEXT
CORE-CONSTRUCT	none	A core construct is something an application has to understand to utilize the GUID	We can contrast a KEY-VALUE-CONTAINER being a CORE-CONSTRUCT and PRECEDENCE-GUID-LIST also being a CORE-CONSTRUCT with the fact that GUID-LIST is not. An application may be able to deal with a GUID-LIST without having to do anything with it that engages with the fact it is a GUID-LIST. A way of looking at CORE-CONSTRUCT is that an application has to be able to understand the description of the GUID sufficiently to undertake the task described. So with PRECEDENCE-GUID-LIST the application clearly needs to know to how to process a list of GUIDs in order. However if we look at an example level above that LABEL-TEXT_COUNTRY-CODE-MAP-TEXT-FORMAT-RULES which uses a PRECEDENCE-GUID-LIST it is quite possible for an application to: Ignore the rules Not understand all the rules Perhaps in the case above we are a device that translates to http://en.wikipedia.org/wiki/Baby_sign_language and unsurprisingly whilst we are still UKENGLISH language we have no concept of formatting conventions. Hence CORE-CONSTRUCT cares only about it's own descriptive level, and does not always need to understand everything going downwards and it imposes nothing on level above.

KEYVALUE-CONTAINER_LANGUAGE-CODE-MAP-TEXT-TEXT

LANGUAGE-CODE-MAP-TEXT	UKENGLISH_LANGUAGE-CODE=>"A GUID key (A)  where (A) has the KEYVALUE-CONTAINER GUID in its keys and where values are stored as a key=>value array against (A)

PRECEDENCE-LIST_LANGUAGE-CODE-MAP-TEXT

LANGUAGE-CODE-MAP-TEXT

UKENGLISH_LANGUAGE-CODE=>"A list of GUIDs in order of precedence" FRENCH_LANGUAGE-CODE=>|"Une .... "

LANGUAGE-CODE-AND-CHARACTER-ENCODING-MAP-RULES

DEFINITION-TEXT

LANGUAGE-CODE-AND-CHARACTER-ENCODING-MAP-RULES_LANGUAGE-CODE-MAP-TEXT

LANGUAGE-CODE-AND-CHARACTER-ENCODING-MAP-RULES_LANGUAGE-CODE-MAP-TEXT

LANGUAGE-CODE-MAP-TEXT

UKENGLISH_LANGUAGE-CODE=>"Formatting rules applicable to special combination of language and encoding systems"

CAPITALISE-FIRST-LETTER-OF-EVERY-WORD

DEFINITION-TEXT	CAPITALISE-FIRST-LETTER-OF-EVERY-WORD_LANGUAGE-CODE-MAP-TEXT
SCRIPT-MAP	"JAVASCRIPT_SCRIPT=>CAPITALISE-FIRST-LETTER-OF-EVERY-WORD_JAVASCRIPT_SCRIPT"	functions to perform this operation defined in a variety of languages.	This level of interaction is entirely down to the application in use. The application may ignore formatting instructions or it may have an internal map of all the common formatting GUIDs that maps them to efficient internal implementations.

JAVASCRIPT-SCRIPT

DESCRIPTION-TEXT	JAVASCRIPT-SCRIPT_LANGUAGE-CODE-MAP-TEXT
SYNTAX-CHECKER	JAVASCRIPT-SCRIPT_SYNTAX_CHECKER	Method to validate scripts

CAPITALISE-FIRST-LETTER-OF-EVERY-WORD_JAVASCRIPT_SCRIPT

ENTRY-POINT	formatToFirstCaps(__INPUT1__)
SINGULAR-VALUE_JAVASCRIPT-SCRIPT_TYPE1	function formatToFirstCaps(str) { return str.replace(/\w\S*/g, function(txt){return txt.charAt(0).toUpperCase() + txt.substr(1).toLowerCase();}); }		Plainly there are security implications to javascript scripts.This is handled in a number core ways. The first is that these are signed GUIDs hence they belong to an organization you choose to trust. In this case of a primitive key, it is signed by the body overseeing the GRM. Secondly the script is not being run directly on the DOM of your web browser, but is being run by your IPP application, and that application will as a matter of course sandbox the request. The IPP application would probably be at some point a browser extension wrapping a plugin to isolate IPP interactions. But we are not concerning ourselves with implementation details. Thirdly scripts in the primitive realm are likely to be implemented by the application itself in its own way.

SINGULAR-VALUE_JAVASCRIPT-SCRIPT_TYPE1

DEFINITION-TEXT

SINGULAR-VALUE_JAVASCRIPT-SCRIPT_TYPE1-LANGUAGE-CODE-MAP-TEXT

Worth mentioning again why DEFINITION texts are separate and what their role is. This key will be a signed STATIC entity telling us that what it means is set on store, albeit it may be superseded giving people the option of moving on. The DEFINITION-TEXT pointed to is there to fully describe that functionality

SINGULAR-VALUE_JAVASCRIPT-SCRIPT_TYPE1-LANGUAGE-CODE-MAP-TEXT

LANGUAGE-CODE-MAP-TEXT

UKENGLISH_LANGUAGE-CODE=>"A Javascript script without script tags where the ENTRY_POINT will map to a function to be called. The function will be called within its own sandboxed namespace"

SCRIPT-MAP

DEFINITION-TEXT	SCRIPT-MAP_LANGUAGE-CODE-MAP-TEXT
KEY-VALUE_CONTAINER	none

SCRIPT-MAP_LANGUAGE-CODE-MAP-TEXT

LANGUAGE-CODE-MAP-TEXT	UKENGLISH_LANGUAGE-CODE=>"A container where a key with this GUID points to key/value pairs of SCRIPT type (a) => keys (b). (b) will be a GUID containing calling information the script to be run. There may be many possible formats, but keys within (b) will guide the application.

READ-ACCESS-REQUEST-DURATION

Note that this key will not be used on its own. A READ-ACCESS_REQUEST will also be part of a relationship GUID

DEFINITION-TEXT	READ-ACCESS-REQUEST_LANGUAGE-CODE-MAP-TEXT	The definition is for programmers adding to the privacy application
DESCRIPTION-TEXT	READ-ACCESS-REQUEST_LANGUAGE-CODE-MAP-FORMATTED_TEXT	The description is formatted text with string substitutions that may be presented to the user
NEEDS-DURATION-VALUE	none	This is a validation rule, that the key containing READ-ACCESS-REQUEST must pass

TEMPORARY-DURATION

TEMPORARY-DURATION_TRANSLATION

PREVIOUS-INCLUSIVE-COUNT-3

PREVIOUS-INCLUSIVE-COUNT

3

PREVIOUS-INCLUSIVE-COUNT

DEFINITION-TEXT	PREVIOUS-INCLUSIVE-COUNT_TEXT_COUNTRY-MAP

PREVIOUS-INCLUSIVE-COUNT_TEXT_COUNTRY_MAP

TEXT_COUNTRY_MAP	UKENGLISH_LANGUAGE=>"previous # items including the latest available item. # is a strictly positive integer as the value of the PREVIOUS-INCLUSIVE-COUNT guid"
CORE-CONSTRUCT

3-DAY-READ-ACCESS_REQUEST

This is just an example, there would be a lot of these keys in the core cloud available

READ-ACCESS-REQUEST-DURATION	3d
LABEL-TEXT	3-DAY-READ-ACCESS_REQUEST_LABEL-TEXT
DESCRIPTION_TEXT	3-DAY-READ-ACCESS_REQUEST_DESCRIPTION-TEXT

PREVIOUS_3_PAYSLIPS_MAIN_EMPLOYER_3DA_30DR

This is a STATIC entity.  It is important to note that a lot of the definition of this entry could be done in other ways. For example we have placed DESCRIPTION_AUDIO and DESCRIPTION_TEXT as top level items, there could just as well be a top level item called DESCRIPTION with DESCRIPTION_AUDIO and DESCRIPTION_TEXT as sub-items, or perhaps a top level item called DYNAMIC for all mutable sub-items. An application seeing a GUID is expected to understand enough of the core definitions to make sense of any format of the GUID.

So long as our IPP can make sense of some of the terms it can respond intelligently. If it does not know what MAIN_EMPLOYER means it just asks you about all payslips when asking you if you want to share the items. Note that PREVIOUS_3_PAYSLIPS_MAIN_EMPLOYER_3DA_30DR will itself be wrapped in relationship request GUID specifying the parties involved.

READ-ACCESS-REQUEST_SINGULAR-ENTITY_PAYSLIP	none	A payslip type, or rather a GUID that identifies that this is the item being asked for and which identifies itself as a PAYSLIP type.	Again this is a GUID and points to a GUID with some definitions that might help define a payslip
SINGULAR-OPERATION_TEMPORARY-DURATION_SHARE_REQUEST	none	We are requesting information is shared
SEARCH_MAIN_EMPLOYER	none	Search Parameter
3-DAY-READ-ACCESS-REQUEST	none	Access allowed for 3 days
30-DAY-RETENTION-REQUEST	none	Data to be kept for a maximum of 30 days
PREVIOUS-INCLUSIVE-COUNT_3	none	We want the previous 3	The GUID info on PREVIOUS_3 will again specify this more clearly
LABEL-TEXT	PREVIOUS_3_PAYSLIPS_MAIN_EMPLOYER_3DA_30DR_LABEL-TEXT
DESCRIPTION-TEXT	PREVIOUS_3_PAYSLIPS_MAIN_EMPLOYER_3DA_30DR_DESCRIPTION_TEXT
HELP-TEXT	PREVIOUS_3_PAYSLIPS_MAIN_EMPLOYER_3DA_30DR_HELP_TEXT
LABEL-AUDIO	PREVIOUS_3_PAYSLIPS_MAIN_EMPLOYER_3DA_30DR_LABEL_AUDIO
DESCRIPTION_AUDIO	PREVIOUS_3_PAYSLIPS_MAIN_EMPLOYER_3DA_30DR_DESCRIPTION_AUDIO
LABEL_IMAGE	PREVIOUS_3_PAYSLIPS_MAIN_EMPLOYER_3DA_30DR_LABEL_IMAGE
HELP_AUDIO	PREVIOUS_3_PAYSLIPS_MAIN_EMPLOYER_3DA_30DR_HELP_AUDIO

TEMPORARY-DURATION

DESCRIPTION_TEXT	TEMPORARY-DURATION_DESCRIPTION_TEXT_COUNTRY-MAP
HINT-LIST	TEMPORARY-DURATION_HINT_LIST	HINTS are helpers to the caller on what to look for

HELP_AUDIO

LABEL_TEXT	HELP_AUDIO_LABEL_TEXT
LABEL_DESCRIPTION	HELP_AUDIO_LABEL_DESCRIPTION
HELP_AUDIO	HELP_AUDIO_LABEL_AUDIO

HELP_AUDIO_LABEL_AUDIO

SINGULAR-OPERATION_AUDIO	none
SINGULAR-ENTITY	HELP_AUDIO_LABEL_AUDIO_COUNTRY-CODE-MAP

HELP_AUDIO_LABEL_AUDIO_COUNTRY-CODE-MAP

Audio help on the audio help label

SINGULAR-ENTITY_COUNTRY-CODE-MAP	COUNTRY-CODE_UK->HELP_AUDIO_LABEL_AUDIOFILES-LIST_UK COUNTRY-CODE-US->HELP_AUDIO_LABEL_AUDIOFILES-LIST_US

COUNTRY-CODE_UK->HELP_AUDIO_LABEL_AUDIOFILES_UK

SINGULAR-ENTITY_AUDIOFILES-LIST	COUNTRY-CODE_UK_HELP_AUDIO_LABEL_AUDIO_MP3 COUNTRY-CODE_UK_HELP_AUDIO_LABEL_AUDIO_AU

COUNTRY-CODE_UK_HELP_AUDIO_LABEL_AUDIO_MP3

SINGULAR-ENTITY_BLOB	mp3 audio blob

READ-ACCESS-REQUEST_SINGULAR-ENTITY_PAYSLIP

READ-ACCESS	none
SINGULAR-ENTITY	PAYSLIP-FIND-PREVIOUS
REQUEST	none

PAYSLIP-FIND-PREVIOUS

This is getting to the heart of the GRM, have we actually got a payslip in our IPP?

DEFINITION-TEXT	PAYSLIP-FIND_TEXT_COUNTRY-MAP
SINGULAR-ENTITY	PAYSLIP
SINGULAR-OPERATION	FIND-PREVIOUS
SINGULAR-GUID	SINGULAR-COUNT	Look for this GUID in the request hierarchy
FIND-HINTS	PAYSLIP-FIND_FIND_HINTS

PAYSLIP-FIND_FIND_HINTS

These are hints that can help the GRM explore data sources for items. Items are going to fall into categories.

1. Items outside of the IPP in non GRM format that we can nonetheless search for and present as candidates and extract some useful information from. e.g. an email has a date.

2. Items that are outside of the GRM and in non GRM format but which the user can set up say an email rule to reference or copy into their IPP.

3. Items in GRM format.

EMAIL_SUBJECT_CONTAINS_TEXT	HINT_WEIGHT_HIGH=>"payslip"
EMAIL_SUBJECT_CONTAINS_TEXT	HINT_WEIGHT_HIGH=>"pay slip"
EMAIL_ATTACHMENT_NAME_CONTAINS_TEXT	HINT_WEIGHT_HIGH=>"payslip"
EMAIL_TEXT_CONTAINS_TEXT	HINT_WEIGHT_LOW=>"tax"
EMAIL_SUBJECT_CONTAINS_KEY	HINT_WEIGHT_LOW=>EMPLOYER_NAME

REQUESTED

REQUESTED_TRANSLATION

SINGULAR-ENTITY

SINGULAR-OPERATION

This is a core semantic expected to be universally understood  as identifying the core entity in a GUID.  SINGLULAR- will have a parent that will provide context. e.g. SINGULAR_OPERATION or SINGULAR_ENTITY.

SINGULAR-ENTITY_TRANSLATION

SINGULAR-DERIVED-VALUE

This is a core semantic expected to be universally understood  as identifying the core operation in a GUID.

GUID data segments

The data GUID for a GUID has three segments.

core	This is the core data of the key. It is RSA signed and once signed it cannot be updated, only superseded	The whole system is geared around the fact that things change, and hence keys may be updating, even adding a language translation will mean a new GUID is needed and that can cause a ripple effect through parents. e.g. if the new GUID represents a change in an access script, then a parent is going to need to have that GUID and hence itself will need a new GUID. This approach might seem wasteful, but it is a little like the GIT approach to things. In most source control systems branching is an afterthought, GIT bases itself around branching. In the GRM change and the need for full backwards compatibility and an audit trail mean GUIDs must frequently change, but the old relationship will always be there. When I wrote the above I was thinking about an inflexible approach of not allowing GUID core data to change. I am having second thoughts on that as it is limiting. This is now covered by having different silos/databases with different rules. This makes things more flexible, so for example you may point a STATIC functional entity to a NONSTATIC language GUID that gives the text/audio/icons/help for the entity. In this way not everything is forced to update when someone adds say audio help. The user still maintains security as their application knows what silos are being used. Think of accessing http elements on a https page. It might actually make sense not to be bothered about loading an image to that page insecurely, but you would care about a script. In the same way the application would know it was asking for an audio/help element. The exact nature of the data is held in the GUID of each key, and the application would elect not to care. A main point here is that all keys are themselves GUIDs and are STATIC and signed as to what they are.
meta	This section is append only made up of time/key/value/RSAsignature sets.	This allows us to informs users of the GUID of a superseded GUID or other non functional information that we want to convey. Examples:

SUPERSEDED-BY Guid This GUID has a new version that should be used Depending on the situation something using the GUID might upgrade and start linking to the new GUID, or it might hold on to the current GUID, start using the new new one and later invite the user to confirm that things are still working. New GUIDs would normally contain a link to the GUID they superseded so as to allow downgrades. PUBLIC-NOTE Guid A user applied tag visible to anyone with read permission on the GUID. PRIVATE-NOTE Guid A user applied tag visible only to the owner of the GUID. NOTE tags would generally point to A DYNAMIC GUID that itself would contain not just a note, but other GUIDs to classify what the note is about. CRITICAL-ALERT Guid
system	Information maintained by the cloud	this will be stuff like access times, rates etc. Probably influenced by flags in the core data.

The GRM format is intended as a repository of all kinds of information include "chat" type data. In a chat each sent message will be a GUID and hence if it is edited then it will have a superseded by GUID in the meta data, there will also be a GUID for the whole chat and a GUID for the chat state which will have a list of the message GUIDs and again will be being constantly superseded as the chat goes on. This is plainly quite verbose, but this is intended to be a secure system.

Core Keys

parentTypeGUID=GUID		If we are a value what was the key type we are a value of.	This is actually an optional value, but is used to impose one of the few policing rules on the system. The basic rule of the system is one of backwards compatibility and audit trail. Once a GUID is in the system and signed it can never be changed only superseded. This would make adding translations, updating descriptions which are harmless and needed operations difficult. For example
CREATION-DATETIME	unixtime	datetime created
UPDATED-DATETIME	unixtime	datetime updated
PUBLIC-RSAKEY	GUIDofpublickeyofsigner	Not the actual public key but a GUID for the  key	Any entity that can enter an agreement needs its own RSA key pair.
RSA-SIGNATURE_LIST	="owneruid=>signature text"	verifies validity of entry	This is the signed signature using your RSA private key of all keys that required a signature. An unsigned key is also one we agree to trust that updates to it will not break things. e.g. unsigned keys fall outside of the audit trail.
DESCRIPTION	mydescriptionGUID
ChildOfGUID=list			The parent/child relationship describes the organic/physic relationship of objects. A button being part of a control etc.
OwnedByGUID=list			multiple ownership is a core concept, an entity may be owned by an individual, a number of individuals, a house would also commonly be an owning entity.
basePermissionsModeGUID		who can by default access the device and how	For example an NFC tag would have universal read access. The default permission applied if no key exists will be inheretFromParent
TrustZoneGUID
label=(key=>value),(key=>value)		short text	All keys like this would ideally have audio entries as well.
description=(key=>value),(key=>value)		long text
help=(key=>value),(key=>value)		help text
icon16x16GUID=imageGUID
icon32x32GUID=imageGUID
icon64x64GUID=imageGUID

The Agreement Model

This is fundamental to the GRM a relationship between two of more GUIDs is defined as follows in the core data:

agreementTypeGUID	this details all the permissions in the relationship.	As ever this is part of an audit trail. In the context of a terms and conditions update. If the agreement type has T&Cs and they are updated then the GUID here will refer to an earlier version, hence it would itself need superseding and and re-signing by parties. Signing in this context is from the users point of view much like ticking an agreement checkbox on a web page. The difference being that the action is taking place both client side and server side. The client side is having to generate an RSA signature to pass to the server to prove this is a valid agreement, and clearly the server side cannot claim the agreement of the client without the signature.
firstparty_signatures	List of RSA guid signature pairs to the agreement
secondparty_signatures	List of RSA guid signature pairs to the agreement	This will generally be the owning authorities of the first parties.
trustedAuthority_signature	a signature of the agreement include the signatures of the parties	optional
startdatetime
enddatetime

Agreements would generally be held by the IPP, and as part of auditing it would ensure knowledge of an agreement is held by the owning parties meta data.

The permissions model

The agreement type GUID contains the permissions as a list of permission GUIDs. What these permissions are is extremely flexible. They might refer to anything at all, the key point is that the agreement has established the right. for example the GUID might be the GUID of "Get Contents list" mentioned earlier. That call would basically accept an encrypted protocol that would contain "whose asking and by what agreement". In practical terms I would imagine devices on the IOT of things would heavily cache authorization data as they could not possibly verify agreements on each access.

Discovery and access

One of the core operations is for devices to discover each others existence, to this end they can contain discover ability and access keys

Discovery keys

hiddenGUID	Not normally discoverable, again a default	Under the GUID system every device may be made of many parts with their own GUID. In the case of a remote control, there is never a reason to "discover" a single button on the control. Instead a device that has a relationship with the buttons parent control will ask for a list of buttons. An owner would be able to force discovery  of hidden items.
visibleGUID	visible to relationships allowed to look because such a relationship in in place between a parent and the device.	This relates to aliases and trust zones, descendants within a trust zone will be able to see visible items.For example
privateGUID	Visible only to parent/owner GUIDs

Note that there are only three discovery states. This is deemed very important. If we want people to engage with a relationship manager, it has to be simple and manageable, and free of nasty surprises. I run phpbb2 and phpbb3 forums systems, the permissions system on phpbb2 was quite simplistic but still gave some people problems, in phpbb3 the complexity was ramped up and I doubt 1 in 10 forum administrators has a clue how to work the permissions system.

It should be noted that all GUID entities operate in the same way. e.g.

Permissions keys

As alluded to permission are free form. But there would be common ones

Identity and Aliases

A real human owner would mostly never directly own any entity but would own entities under the guise of aliases and would at any point in time be logged into the system as an alias or as multiple aliases at the same time. Each alias can be given a relationship with another alias.  As such by default whilst as "owner" I can discover and control devices in all my aliases whereever I am logged in, but information will not be shared. For example I might under my browser history at work want to share that history between my work chrome and firefox browsers, I might want the same at home. But with those permissions work and home histories would remain separate unless I specifically set up a relationship.

An alias is I think Identical in functionality with a trustzone. For example if you have two houses, you might have a home alias, that then itself owns a trustzone for each house. In each house is a thermostat controller that wants to discover the thermostats in only its own house.

Micropayments

Micro payments fall easily out of an IPP model. The individual has a micro credit account with their trusted IPP, and it is important to remember that IPPs are accredited bodies signed off by a higher authority. All payments are routed via IPPs and IPPs like interbank transfers just settle the differences at the end of the day. Hence no small payments actually occur in reality.

Micropayments and Spam

We have already established that IPPs would be a good repository for email, by extension if emails were received by IPPs, it would be an opportunity to extract a micropayment from the sender, make a special case of email micropayments as an internet tax and there is no incentive to send or receive spam messages. Spam only works because sending spam is free, and ISPs are not bothered by compromised customers sending spam,an IPP seeing a customers micropayment account being drained by email fees (even at .01p an email) would be economically forced to take care of the customer.

A Note on the Semantic Dictionary

I think I can hear someone objecting that GRM is asking everything in the world to have the capacity to understand a massive dictionary.

This is not the case for a number of reasons.

1. Many devices can be entirely passive. For example a home control application connect to an IR emitter will want to know how to relate to each piece of IR controlled kit you have and have activity entities such as "myWATCH-BLURAY" that knows what devices to turn on. For this to work there is no need to involve the actual devices at all. Though of course a device with the sentience to tell us it had turned on would be even better.

2. This is not a complete dictionary, the eight parts of English are apparently nouns, pronouns, verbs, adjectives, adverbs, conjunctions, prepositions, and interjections. We don't have all of these things, and I think its only the verbs that need to be really understood by an application or device.

3. Devices are only going to need to understand the small subset that might apply to them. Say we have got a GRM connected bluray player. It would want to have a list of the GUIDs of each of its possible commands, and would want the ability to echo back to a received command that it had done it, actually that’s kind of a bad example as a bluray player on the GRM would not be being controlled by IR but by sending it GRM requests.

4. This is not the language of Shakespeare, the primitives that require understanding will surely be in the realms of 3 digits, and it is mostly our IPPs GRM application that needs to understand most things.

 Listen, and understand. The GRM is out there. It doesn't have adjectives. It doesn't care about nouns. It doesn't  have adverbs, or prepositions or conjunctions. All it is, is an unrelenting set of verbs, that will  never stop.

The API

There are liable to be protocols developed for the API. But essentially the API is as follows:

talk

Guids and Entities

Guids and Entities

Essentially each API call is a conversation in which the IPP or object being called may respond not with an answer but with a call of its own until a conclusion is reached.Much of this conversation may be about breaking down the GUID of the call into what it actually means by reading the primitives. Once that is understood the same call might need less conversation because the called object might have cached the meaning. At some level of course the called object must know something. At the very basic level there will be a GET-GUID-ENTITY GUID a called object would need to know in order to even ask about the meaning of other GUID's.

There is a DNS like element here, if you recall GUIDS are split into an ORIGIN part and general GUID part. When a called object needs to understand a GUID it may actually be asking its caller for the meaning, it may go to the IPP, or it may go to some general cloud GNS type service.

How does this work in terms of security? this being the GRM the answer is to some degree however the heck you want it to! But for example a device might make an API request to the IPP, which would then respond with a AND-WHO-THE-HELL-ARE-YOU guid, which would then need to be responded to with an entity security RSA signed  by the authority. From that point on the called object provides an authorizing GUID that may be geared to just that conversation or for a session or even longer.

There is likely to be a "telnet" like negotiation on some of these things, a  WILL,WON'T, DO, DON'T conversation about how the sides can talk. Perhaps the first call is over https and then the sides establish that they can talk a different protocol.

How is all this passed around and with what protocols?

Once again the keyword is evolution, you have to start somewhere and I would envisage that the starting point is a REST API over https passing POST data in JSON format. But at the start of the conversation the requesting entity may pass a GUID saying what protocols it can use, or conversely the called application may respond with suggested protocols. If a device is in the IOT and we want to communicate with it, we will contact the public cloud with its GUID to find out how to talk to it.

Once we have that bootstrap of the JSON format of a set of guids and entities things are free to evolve.

GRM in the browser

I think a lot of this would be done in "divs". e.g.

---

<div class="ipp-request" id="guid">

EntityJSON

</div>

---

This would be inert, but the browser would have an extension supplied by the IPP or as part of the browsers code that you would key to your IPP. This extension would see the DIV and respond accordingly.

GRM JSON

"guidofcaller": {

"core":[core entity]

"meta":[meta data]

"system:":[system data]

}

guid	A guid	guids may be in several formats including the GUID being replace with an agreed shortened translation. The general format is a "|" separated list of GUIDs representing locations where the entity data of the GUID can be found, followed by the GUID itsefl. If there is no location data, it is assumed that the caller can be interrogated for the definition. The left most location is the most local and preferred query location. The GUID locations and the actual GUIDs are in the form of URLs. https://ippcloudserver.nationwide.co.uk:80/ grmp://send_ir_code grmi://an_actually_generated_long_string_of_ascii_text 21 an example of an agreed short translation
core	json array of guids pointing to json objects.	This is the dynamic or immutable core data of the GUID and we would in general expect to see a form of security object embedded that is a signature of the rest of the guids and objects if the item is STATIC/immutable. Note that when we are entering into a relationship it is our sides responsibility to verify and store the signature so we can continue to verify that when that GUID wants to do something based on the relationship we know that it has not changed.
meta	json array of guids pointing to json objects.	Place where the superseded GUID and other messages may be appended
system	additional information

Bandwidth

With the advent of Netflix streaming  4K video a verbose conversation with long GUIDs is hardly a big bandwidth issue. However the GRM can easily economize on bandwidth. One class of GUID will be translated GUIDs. In this format the chatting devices agree on a list of translations. In that context for a lot of devices the GUID instruction may reduce to 2 bytes.

Evolution

Evolution is inherent in the SUPERSEDES model, a model that goes all the way down to the API. One important aspect of this is the ability of items in the internet of things to evolve. This ties in with the somewhat interesting question that when you have an internet connected device, just how much is it talking to the manufacture? I'd like to think in a GRM model there would become an agreement relationship that made this a contract, but in one way or another devices would like to report back at least some things. One core thing that would be reported, is any GUIDs that were passed to the devices API that the API failed to understand. So for example if a manufacturer gets a lot of reports that its devices are being asked to SWITCH-TO-STANDBY-MODE they can see what the request means by looking at the DEFINITION-TEXT and realize that.

1. Eek I'm a Fridge this means nothing sensible to me, but maybe I should be able to respond with a REASON code of some description.

2. Yes I should be able to do this.

3. I'm a simple motion sensor, part of an alarm system. The suggestion of STANDBY is  suspect and I need my limited firmware memory for things I might need to understand. So I will not upgrade to know about this request.

GRM and AI

Does it take artificial intelligence to process a GRM conversation? Emphatically NO.  Conversations are not like people talking, they are constructed to be understood clearly and this is aided by the SINGULAR guids that act to identify the most important part of each sentence.

There is though an underlying scope for AI within the GRM, here we have a collection of entities and relationships between people and things, people and people, things and things, companies and people, companies and things that can hold independent conversations.

On the midst of this is your IPP able given the permission to survey your world... bank account high... do you want to transfer some money to savings? warning mobile bill unusually high...  Your schedule says you are at home at the weekend and the weathers good, may a BBQ?

Your IPP can be your personal assistant.

User Stories

Mortgage Application

In the current world I receive a letter asking for print outs of three payslips, and business and personal bank statement. This is a palaver and hardly secure from the building societies point of view.

In the GRM world.  I receive an email, and three rows of choices pop-up.  The first row asks me to confirm access to the payslips which are listed on the right, the second for access to the personal bank statements, the third row is stuck a little and asks me to choose which account to share. All three rows state that they are asking for access for 7 days. A few clicks and I'm done.

So what is going on behind the scenes?

1. I see the request without any security worries because I already have a relationship with the building society and the security signing of the request has been verified as valid.

2. Since I have provided the GUID of my employer and current account already, my IPP has gone and found the pertinent information. The request GUID is quite explicit about what it wants.

3. I had not provided enough information on the business account, Hence I am presented with accounts that might be what is wanted and have to make that choice myself.

Since all the GUID for these entities are signed by the bank and my employer, there is no question of fraudulent data being provided. I also have an explicit contract that my data will only be accessed within 7 days, with a side note that non pertinent information will not be retained for more than 30 days.

Thermostat

I have installed a new intelligent thermostat. It is "discovered" as a new entity when I login. It immediately shows up as an Icon along side three container entities.

1. Martin

2. Household

3. Kids Household

The first two are entities that will tend to exist for everyone, "Kids Household" is a container I have chosen to create for just the kids. e.g. Martin is myself, household has myself and partner as owners. I make the kids users of "Kids household".

I drag the themostat icon into all three containers and click done. But I am not finished.

I go to the Kids Household and edit the thermostat. I can drill into it and see it has a "Set Temperature" entity. This Entity already happens to have a VALID_RANGE entity that limits what temperatures can be set. I want to limit what the kids can set and so I edit that entity. When I try to do that I am asked "Do you want to edit the operation of the Thermostat for everyone or just for Kids Household"? I choose to alter it just for kids Household.

Behind the Scenes a few things have happened:

1. The thermostat entity has an I-WANT-TO-BELONG entity, that suggests what containers it would like to be in.

2. We have created a mythermostat Entity which is an entity that is a COPIED-INSTANCE-OF=>thermostatguid. This means our IPP has copied all the semantics of the thermostat keeping note of the source GUID. We now have in our space a thermostat we can change for ourselves.

3. mythermostat is then referenced by entities we create in each of our containers.

4. In the Kids Household container we gain another entity INHERITED-INSTANCE-OF->mythermostat which just contains the modified VALID_RANGE entity.

As a householder I am none to aware unless I choose to be of the actual mechanics. I don't see terms such as VALID_RANGE I will see readable labels and descriptions. However this is all about PRIMATIVES and devices, it is our household control system that reads the entities associated with a thermostat and adds then to its GUI for the household. If the thermostat had no VALID_RANGE concept I could go down to a programmers level and add one myself.

Supermarket

Your signed verified purchase list can be shared with your IPP automatically as you pay via the relationship between your payment method and your IPP. This is of course both useful and valuable information. No more need to keep receipts for electrical goods, and should you choose to allow your IPP to use this information to profile you perhaps as part of an anonyminised  group it could earn you commission. It will also give you automatic ability to profile your own spending to help you budget.

Household Guest

When you visit someone, they accept your request to be a household guess.

When you access something in the household, something like this happens.

"Hi I'm provably Tom via a https type connection, and here is the relationship that allows me access"

The appliance then asks the middleware if that is valid, and then probably does set up a temporary relationship that means it can cut out the middleman for a while.

When you leave, the householder either removes you, are allows your access to timeout. The middleware should have recorded a list of accesses and can sent a revocation code to used appliances.

The OK google issue

How do you allow "ok google" to active the google voice system without google being able to listen to everything said. GRM makes this relatively easy, there is a certified app that does not spy on you, but simply polls for "okay google" this app has a relationship with the browser and a relationship with the microphone and can mediate a connection when it detects "ok google".

LikeBe the first to like this

• No labels

• Edit Labels

Write a comment…

• Powered by Atlassian

• Terms of Use

• Answers

• Maintenance Schedule

Atlassian

Basic 4 way web site authentication

This is the model for a user visiting a domain, the domain and  being validated by the IPPs for both the domain and the user, so both sides know the relationship. 

The model depends on a trust relationship between the IPPs.

The authentication between the user and the IPP and between the Domain and the IPP are not described, as that is entirely for the IPP to define and would be different between devices.

Client	Server	Action	Result
User	Domain	User visits Domain	The domain is valid as far as https validation counts for anything.
Domain	User	Domain asks user for random token which it returns to user encrypted with it organisations private key and its IPP address and it s own GUID.
User	Users IPP	Request to validate token and return relationship GUID
Users IPP	Organisations IPP	Organisations IPP must be trusted by Users IPP and token must decrypt with public key supplied by Organisations IPP	User knows the domain represents the organisation.
Domain	User	Domain asks for for user to encrypt its own random token which user returns encrypted with IPP address and relationship GUID.
Domain	Organisations IPP	Request to validate token and return relationship GUID
Organisations IPP	User IPP	Users IPP must be trusted by Organisations IPP, and token must decrypt with key supplied by users IPP.	Domain now has a verified relationship GUID between it and the User.

At this point communication can carry on over https without further authorisation or additional encryption.