XRI-XDI-I-Names-OpenID-2007-02-v4b by liaoxiuli


									          Overview of
XRI, XDI, I-Names, and OpenID

 Collaborative Expedition Workshop:
  Exploring the Potentials and Realities
 of the Identity Management Landscape

           February 27, 2007
        at the National Science Foundation
             (Arlington, Virginia, USA)
Our Panel on: XRI, XDI, I-Names & OpenID
  • Drummond Reed (Cordance)
  • Les Chasen (Neustar)
  • Andy Dale (ooTao)
  • Owen Davis (Linksafe)
  • David Recordon (Verisign)

  Moderator: Peter Yim (CIM3)
Four topics
          OASIS XRI Technical Committee:
 XRI      An open standard language for
          interoperable digital identifiers
          OASIS XDI Technical Committee:
 XDI      An open standard data interchange
          schema and protocol based on XRI
          XDI.org: An open public XRI registry
I-Names   infrastructure based on XRI and XDI
          OpenID.net: An open community
OpenID    specification for Internet identity and Web
          authentication based on URLs/XRIs
         Part One: XRI
(Extensible Resource Identifier)
XRI Technical Committee

The primary goals of XRI

• Develop a language for digital identifiers that
  can be used across all contexts and protocols
  – Do for identifiers what XML has done for data
• Provide a machine-readable dictionary of XRI
  identifiers that can be used to describe other
  identifiers of all types (identifier metadata)
• Enable standardized infrastructure for both
  reassignable and persistent XRIs

                Reassignable   Persistent
 XRI Layer       “i-name(s)”   “i-number”

                          Docu-      XRI
                          ment    Resolution

                      Domain Name
URI/IRI Layer           IP Address
                     Local Path/Query

Example XRIs (in XRI-normal form)
@cordance                             i-name
+résumé                              i-number
XRI resolution

• The goal was a simple, easily-deployed
  infrastructure for resolving XRIs to URIs much
  like resolving DNS names to IP addresses
• The solution was to use HTTP(S) and a very
  simple XML document format called XRDS
  (Extensible Resource Descriptor Sequence)
• The open source OpenXRI (openxri.org)
  project aims to make XRI resolution a stand-
  ard feature of web servers (e.g., Apache)

 Example XRDS document for “=example”
<XRDS xmlns=“xri://xrds”>
 <XRD xmlns=“xri://xrd*($v*2.0)”>
XRI adoption

• Boeing (www.boeing.com, @boeing) is standardizing
  on XRI for global identifiers
   – Published in their Enterprise Directory service for all people,
     applications, and devices
   – Deploying in new web services
   – Using for principals in SAML assertions
• OpenID 2.0 (www.openid.net) supports XRIs for Web
  authentication and XRDS for service discovery
• I-names (www.inames.net, @inames) uses XRI for
  privacy-protected global digital identity and XRDS for
  service discovery

    Part Two: XDI
(XRI Data Interchange)
The primary goals of XDI

• Develop a standardized data interchange
  schema & protocol based on XRIs and XML
  – XDI is to XML what HTML is to SGML
• Enable “link contracts” – machine-readable
  data sharing agreements that bind shared
  data to policies governing its use
• Enable machine-readable XDI dictionaries
  that enable for automated mapping of XRI-
  identified data across schemas & contexts

The XDI “Dataweb” model

• Applies the Web model to machine-readable
  data sharing
  – XDI documents are XRI-addressable the same
    way HTML documents are URI-addressable
  – XRI addressing/linking goes all the way down to
    the atomic element level (URI addressing/linking
    goes down only to the document fragment level)
  – XDI addressing can reference and link elements
    across XDI documents just like HTML hyperlinks


• XDI documents are collections of RDF
  statements using XRIs instead of URIs
  – Using XRI cross-reference syntax, all XDI RDF
    statements are expressable as XRIs
  – XDI RDF vocabulary consists of five core XRIs to
    describe resource relationship types
• Dramatically simplifies/standardizes cross-
  domain data description and exchange
• XDI dictionaries function as machine-
  readable, self-describing RDF vocabularies

XDI link contracts

• A link contract is an XDI document governing
  an XDI data sharing relationship between two
  XDI data authorities
  – It “binds” XRI-addressable data to XRI-
    addressable policies governing its use
• Link contracts can cover any type of XDI data
  (including other link contracts)
• Link contracts can associate any type of data
  sharing policy

XDI adoption

• First XDI engine implemented by Ootao
  (www.ootao.com, @ootao)
• ooTao and Kintera (www.kinterainc.com)
  have announced a major XDI data sharing
  project for La Leche League
  – 100K+ data sharing accounts
• XDI will be a primary data sharing protocol
  supported by the Higgins Project

Part Three:
I-names (and i-numbers)

• I-names is a new public XRI registry service
  for privacy-protected digital identifiers
• These registries are operated by XDI.org, an
  international public trust organization
• Registrations include both an i-name
  (reassignable) and an i-number (persistent)
• There are three registries:
  = for individuals
  @ for organizations of any kind
  ! for XDI.org-accredited i-brokers (i-numbers only)

• An i-broker is a provider of Internet identity
  services (“banker for data”)
• XDI.org accredits i-brokers to become global
  i-name/i-number registrars (similar to the role
  ICANN plays for DNS infrastructure)
• Accredited i-brokers are listed on the XDI.org
  i-names website
   – www.inames.net/register.html
• These i-brokers all offer a core set of identity
  services including OpenID authentication
I-names are the next step in digital addressing


                                             Domain Name
                                       IM Address

                         Email Address

                   Fax Number

        Phone Number

Postal Address

Antiquity   1940      1975      1990      1995      2000   2005
    I-names let individuals and organizations control
    their communications channels              msmith@home.com

                                                              408-881-2375 x58

                                                             887 Birch Lane
                                                             Berkeley, CA 99071

   1) Simplicity                                          www.work.com/team/mjs
one communications       2) Privacy
 address that never   100% control over         3) Automated services
  needs to change      access via any      Intelligent new communications
                          channel         services that save time and money
I-names adoption

• I-names are integrated into the OpenID 2.0
  specification (www.openid.net)
• I-names are the basis for the new Equals
  communications management service from
  AmSoft (www.amsoft.net)
• I-names are the basis for two more open
  Internet services currently under development
  – Authenticated, secure email (“imail”)
  – Authenticated, secure data sharing (“ishare”)

Part Four:
OpenID 2.0

• OpenID 2.0 is the convergence of OpenID
  1.0, LID, i-names, Yadis, and SXIP
• OpenID 2.0 supports both URLs and XRIs
  – Only XRIs support automatic mapping of an
    i-name to its persistent i-number to prevent an
    OpenID identity from being reassigned
• OpenID 2.0 uses the XRI XRDS format for
  service discovery
• OpenID 2.0 adds new features to its basic
  http(s) Web authentication protocol

OpenID support

• Microsoft announced at RSA that it will
  support OpenID working with CardSpace
• AOL just announced that it will provide
  OpenID service for all AOL users
• Yahoo is expected to follow suite shortly
• This will drive the market for what Gartner
  calls “personal identity frameworks” (PIFs)
  – Gartner anticipates that PIFs will integrate into
    enterprise IAM products in the next 2-3 years

OpenID adoption

• Widely supported throughout the blogging
  – SixApart, LiveJournal, WordPress, Technorati
• Spreading to other Web 2.0 sites
  – Wikitravel (Wikipedia), Ma.gnolia.com, Zoomr, etc.
• Widespread open source support
  – PHP, Python, Perl, Ruby, C#, Java
  – pyblosxom, plone, Apache, MoinMoin, mailman,
    mediawiki, Drupal, phbBB, openXRI

Links to more information





Panel Discussion / Q&A
Supplemental Slides
The five key features of XRI syntax

                    “XML for identifiers” - enable a common
  Extensibility       identifier scheme for all resources

                      Identify the same logical resource
Cross-referencing          across multiple contexts

 Global context        Establish a standard set of global
    symbols                         contexts

                    Standardize identifier metadata such as
    Metadata           language, version, date, and type

 Persistence &      Support both persistent and reassign-
 Reassignability     able identifiers in the same syntax

  Four options for identifier authorities
  With an XRI you can represent an identifier
  authority in four ways (all resolvable):

  IP Address      $ip*

  DNS Name        $dns*cordance.net/path?query

Cross-Reference $(mailto:jh@foo.com)/path?query

 GCS Symbol       =drummond/path?query
HTTP Proxy XRI (HXRI) Syntax
All XRIs can be represented as HTTP URIs
using HXRI syntax:


Features of XRI resolution
• Simple, lightweight XML document format
• Uses standard HTTP caching
• Supports three types of XRI synonyms
   – Local (from the same authority as the XRDS)
   – Canonical (preferred of all synonyms, typically an i-number)
   – Cross-references (from other XRI authorities)
• Simple service endpoint description/selection
   – By Type (identified by URI, IRI, or XRI)
   – By MediaType (IANA standard strings)
   – By Path (stem-based matching)
• Supports both local and HTTP(S) proxy resolution

Link contracts can include policies for:

•   Identification
•   Authentication
•   Authorization and access control
•   Privacy and usage control
•   Synchronization
•   Termination
•   Recourse

Link contract policy references

• Every policy referenced by a link contract has
  its own XRI (or set of XRI synonyms)
• The policy itself need not be an XDI
  document; it might be:
  – Human-readable text document (e.g., Creative
    Commons licenses, www.creativecommons.org, or
    an Identity Commons identity rights agreement)
  – A document in machine-readable policy
    expression language (XACML, WS-Policy, etc.)
  – Any other XRI-addressable resource to which the
    parties can agree
XRI Specification status

• Current specs
  – XRI Syntax 2.0 – December 2005
  – XRI Resolution 2.0 Working Draft 11 – Feb 2006
• XRI $ Dictionary 2.0 specification underway
  – Major contributions by Boeing
• Complete XRI 2.0 specification suite
  expected in public review by late spring
• OASIS Standard vote expected this fall

XDI specification status

• XDI schema and addessing model complete
• Link contract vocabulary work underway
• Protocol and protocol binding work
• First part of XDI 1.0 specifications expected
  this spring
• Complete XDI 1.0 specifications expected this


To top