XRI-XDI-I-Names-OpenID-2007-02-v4b

Document Sample
XRI-XDI-I-Names-OpenID-2007-02-v4b Powered By Docstoc
					          Overview of
XRI, XDI, I-Names, and OpenID

 Collaborative Expedition Workshop:
  Exploring the Potentials and Realities
 of the Identity Management Landscape

           February 27, 2007
        at the National Science Foundation
             (Arlington, Virginia, USA)
Our Panel on: XRI, XDI, I-Names & OpenID
  • Drummond Reed (Cordance)
  • Les Chasen (Neustar)
  • Andy Dale (ooTao)
  • Owen Davis (Linksafe)
  • David Recordon (Verisign)

  Moderator: Peter Yim (CIM3)
                                           2
Four topics
          OASIS XRI Technical Committee:
 XRI      An open standard language for
          interoperable digital identifiers
          OASIS XDI Technical Committee:
 XDI      An open standard data interchange
          schema and protocol based on XRI
          XDI.org: An open public XRI registry
I-Names   infrastructure based on XRI and XDI
          OpenID.net: An open community
OpenID    specification for Internet identity and Web
          authentication based on URLs/XRIs
                                                        3
         Part One: XRI
(Extensible Resource Identifier)
XRI Technical Committee




                          5
The primary goals of XRI

• Develop a language for digital identifiers that
  can be used across all contexts and protocols
  – Do for identifiers what XML has done for data
• Provide a machine-readable dictionary of XRI
  identifiers that can be used to describe other
  identifiers of all types (identifier metadata)
• Enable standardized infrastructure for both
  reassignable and persistent XRIs


                                                    6
                Reassignable   Persistent
 XRI Layer       “i-name(s)”   “i-number”

                          XRDS
                          Docu-      XRI
                          ment    Resolution


                      Domain Name
URI/IRI Layer           IP Address
                     Local Path/Query

                                               7
Example XRIs (in XRI-normal form)
$ip*206.198.17.5/some/path?some=query
$dns*www.cordance.com/some/path#somefragment
=drummond.reed
=!1234.5678.a1b2.c3d4
@cordance                             i-name
+résumé                              i-number
@cordance*drummond
@cordance=drummond.reed
@cordance=drummond.reed/local/directory/résumé.html
@cordance=drummond.reed/+résumé$v*2
@!76d3.f297.90e2.142d=!1234.5678.a1b2.c3d4/+!8763
!!1003@!76d3.f297.90e2.142d=!1234.5678.a1b2.c3d4/+!8763
                                                          8
XRI resolution

• The goal was a simple, easily-deployed
  infrastructure for resolving XRIs to URIs much
  like resolving DNS names to IP addresses
• The solution was to use HTTP(S) and a very
  simple XML document format called XRDS
  (Extensible Resource Descriptor Sequence)
• The open source OpenXRI (openxri.org)
  project aims to make XRI resolution a stand-
  ard feature of web servers (e.g., Apache)

                                               9
 Example XRDS document for “=example”
<XRDS xmlns=“xri://xrds”>
 <XRD xmlns=“xri://xrd*($v*2.0)”>
  <Query>*example</Query>
  <Expires>2005-05-30T09:30:10Z</Expires>
  <ProviderID>xri://=</ProviderID>
  <Synonym>xri://=!1234.5678.A1B2.C3D4</Synonym>
  <Ref>xri://!!1000!4444.5555</Ref>
  <Service>
    <Type>xri://$res*auth*($v*2.0)</Type>
    <URI>http://res.example.com/=!1234.5678.a1b2.c3d4/</URI>
   </Service>
  <Service>
     <Type>http://openid.net/openid/1.0</Type>
     <URI>http://authn.example.com/openid/</URI>
  </Service>
  </XRD>
</XRDS>
                                                               10
XRI adoption

• Boeing (www.boeing.com, @boeing) is standardizing
  on XRI for global identifiers
   – Published in their Enterprise Directory service for all people,
     applications, and devices
   – Deploying in new web services
   – Using for principals in SAML assertions
• OpenID 2.0 (www.openid.net) supports XRIs for Web
  authentication and XRDS for service discovery
• I-names (www.inames.net, @inames) uses XRI for
  privacy-protected global digital identity and XRDS for
  service discovery

                                                                   11
    Part Two: XDI
(XRI Data Interchange)
The primary goals of XDI

• Develop a standardized data interchange
  schema & protocol based on XRIs and XML
  – XDI is to XML what HTML is to SGML
• Enable “link contracts” – machine-readable
  data sharing agreements that bind shared
  data to policies governing its use
• Enable machine-readable XDI dictionaries
  that enable for automated mapping of XRI-
  identified data across schemas & contexts

                                               13
The XDI “Dataweb” model

• Applies the Web model to machine-readable
  data sharing
  – XDI documents are XRI-addressable the same
    way HTML documents are URI-addressable
  – XRI addressing/linking goes all the way down to
    the atomic element level (URI addressing/linking
    goes down only to the document fragment level)
  – XDI addressing can reference and link elements
    across XDI documents just like HTML hyperlinks


                                                       14
XDI and RDF

• XDI documents are collections of RDF
  statements using XRIs instead of URIs
  – Using XRI cross-reference syntax, all XDI RDF
    statements are expressable as XRIs
  – XDI RDF vocabulary consists of five core XRIs to
    describe resource relationship types
• Dramatically simplifies/standardizes cross-
  domain data description and exchange
• XDI dictionaries function as machine-
  readable, self-describing RDF vocabularies

                                                       15
XDI link contracts

• A link contract is an XDI document governing
  an XDI data sharing relationship between two
  XDI data authorities
  – It “binds” XRI-addressable data to XRI-
    addressable policies governing its use
• Link contracts can cover any type of XDI data
  (including other link contracts)
• Link contracts can associate any type of data
  sharing policy

                                              16
XDI adoption

• First XDI engine implemented by Ootao
  (www.ootao.com, @ootao)
• ooTao and Kintera (www.kinterainc.com)
  have announced a major XDI data sharing
  project for La Leche League
  – 100K+ data sharing accounts
• XDI will be a primary data sharing protocol
  supported by the Higgins Project
  (www.eclipse.org/higgins/)

                                                17
Part Three:
 I-Names
I-names (and i-numbers)

• I-names is a new public XRI registry service
  for privacy-protected digital identifiers
• These registries are operated by XDI.org, an
  international public trust organization
• Registrations include both an i-name
  (reassignable) and an i-number (persistent)
• There are three registries:
  = for individuals
  @ for organizations of any kind
  ! for XDI.org-accredited i-brokers (i-numbers only)
                                                        19
I-brokers

• An i-broker is a provider of Internet identity
  services (“banker for data”)
• XDI.org accredits i-brokers to become global
  i-name/i-number registrars (similar to the role
  ICANN plays for DNS infrastructure)
• Accredited i-brokers are listed on the XDI.org
  i-names website
   – www.inames.net/register.html
• These i-brokers all offer a core set of identity
  services including OpenID authentication
                                                     20
I-names are the next step in digital addressing


                                                           i-name

                                             Domain Name
                                       IM Address

                         Email Address

                   Fax Number

        Phone Number

Postal Address

Antiquity   1940      1975      1990      1995      2000   2005
                                                                  21
    I-names let individuals and organizations control
    their communications channels              msmith@home.com
                                                          mary.smith@work.com


                                                              408-881-2375 x58
                                                              408-602-9188
                                                              206-733-5742

   i-name
                                                             887 Birch Lane
                                                             Berkeley, CA 99071



                                                          360.yahoo.com/~mary
   1) Simplicity                                          www.work.com/team/mjs
one communications       2) Privacy
 address that never   100% control over         3) Automated services
  needs to change      access via any      Intelligent new communications
                          channel         services that save time and money
                                                                       22
I-names adoption

• I-names are integrated into the OpenID 2.0
  specification (www.openid.net)
• I-names are the basis for the new Equals
  communications management service from
  AmSoft (www.amsoft.net)
• I-names are the basis for two more open
  Internet services currently under development
  – Authenticated, secure email (“imail”)
  – Authenticated, secure data sharing (“ishare”)

                                                    23
Part Four:
 OpenID
OpenID 2.0

• OpenID 2.0 is the convergence of OpenID
  1.0, LID, i-names, Yadis, and SXIP
• OpenID 2.0 supports both URLs and XRIs
  – Only XRIs support automatic mapping of an
    i-name to its persistent i-number to prevent an
    OpenID identity from being reassigned
• OpenID 2.0 uses the XRI XRDS format for
  service discovery
• OpenID 2.0 adds new features to its basic
  http(s) Web authentication protocol

                                                      25
OpenID support

• Microsoft announced at RSA that it will
  support OpenID working with CardSpace
• AOL just announced that it will provide
  OpenID service for all AOL users
• Yahoo is expected to follow suite shortly
• This will drive the market for what Gartner
  calls “personal identity frameworks” (PIFs)
  – Gartner anticipates that PIFs will integrate into
    enterprise IAM products in the next 2-3 years

                                                        26
OpenID adoption

• Widely supported throughout the blogging
  industry
  – SixApart, LiveJournal, WordPress, Technorati
• Spreading to other Web 2.0 sites
  – Wikitravel (Wikipedia), Ma.gnolia.com, Zoomr, etc.
• Widespread open source support
  – PHP, Python, Perl, Ruby, C#, Java
  – pyblosxom, plone, Apache, MoinMoin, mailman,
    mediawiki, Drupal, phbBB, openXRI

                                                    27
Links to more information

          http://www.oasis-open.org/committees/xri/
  XRI
          http://en.wikipedia.org/wiki/XRI

          http://www.oasis-open.org/committees/xdi/
  XDI
          http://en.wikipedia.org/wiki/XDI

          http://www.inames.net
I-names
          http://en.wikipedia.org/wiki/i-name

          http://www.openid.net
 OpenID
          http://en.wikipedia.org/wiki/openid


                                                      28
Panel Discussion / Q&A
Supplemental Slides
The five key features of XRI syntax

                    “XML for identifiers” - enable a common
  Extensibility       identifier scheme for all resources

                      Identify the same logical resource
Cross-referencing          across multiple contexts

 Global context        Establish a standard set of global
    symbols                         contexts

                    Standardize identifier metadata such as
    Metadata           language, version, date, and type

 Persistence &      Support both persistent and reassign-
 Reassignability     able identifiers in the same syntax

                                                            31
  Four options for identifier authorities
  With an XRI you can represent an identifier
  authority in four ways (all resolvable):

  IP Address      $ip*124.17.192.4/path?query

  DNS Name        $dns*cordance.net/path?query

Cross-Reference $(mailto:jh@foo.com)/path?query

 GCS Symbol       =drummond/path?query
                  @cordance/path?query
                                                32
HTTP Proxy XRI (HXRI) Syntax
All XRIs can be represented as HTTP URIs
using HXRI syntax:

 http://xri.net//$ip*124.17.192.4/path?query

 http://xri.net/$dns*cordance.net/path?query
 http://xri.net/$(mailto:jh@foo.com)/path?query
 http://xri.net/=drummond/path?query
 http://xri.net/@cordance/path?query
                                               33
Features of XRI resolution
• Simple, lightweight XML document format
• Uses standard HTTP caching
• Supports three types of XRI synonyms
   – Local (from the same authority as the XRDS)
   – Canonical (preferred of all synonyms, typically an i-number)
   – Cross-references (from other XRI authorities)
• Simple service endpoint description/selection
   – By Type (identified by URI, IRI, or XRI)
   – By MediaType (IANA standard strings)
   – By Path (stem-based matching)
• Supports both local and HTTP(S) proxy resolution

                                                                34
Link contracts can include policies for:

•   Identification
•   Authentication
•   Authorization and access control
•   Privacy and usage control
•   Synchronization
•   Termination
•   Recourse


                                       35
Link contract policy references

• Every policy referenced by a link contract has
  its own XRI (or set of XRI synonyms)
• The policy itself need not be an XDI
  document; it might be:
  – Human-readable text document (e.g., Creative
    Commons licenses, www.creativecommons.org, or
    an Identity Commons identity rights agreement)
  – A document in machine-readable policy
    expression language (XACML, WS-Policy, etc.)
  – Any other XRI-addressable resource to which the
    parties can agree
                                                 36
XRI Specification status

• Current specs
  – XRI Syntax 2.0 – December 2005
  – XRI Resolution 2.0 Working Draft 11 – Feb 2006
• XRI $ Dictionary 2.0 specification underway
  – Major contributions by Boeing
• Complete XRI 2.0 specification suite
  expected in public review by late spring
• OASIS Standard vote expected this fall

                                                     37
XDI specification status

• XDI schema and addessing model complete
• Link contract vocabulary work underway
• Protocol and protocol binding work
  prototyped
• First part of XDI 1.0 specifications expected
  this spring
• Complete XDI 1.0 specifications expected this
  fall

                                             38

				
DOCUMENT INFO