Copyright © 2004, Epok, Inc. Extensible Resource Identifiers (XRIs) XDI Face to Face 28 April 2004

Copyright © 2004, Epok, Inc. What are XRIs Extensible Resource Identifier (XRIs) are abstract identifiers - broadly useful but include features especially well suited to identity and web services Based on URIs as defined by RFC2396 and can be downcast into conventional URIs Resolvable to concrete endpoints via standard resolution protocol defined by XRI Specification.

Copyright © 2004, Epok, Inc. XRIs: True Unified Identifiers XRIs can provide a uniform layer of abstract identifiers for any resource on any network IP Address DNS Names Phone Numbers Address Future Addresses XRIs The Web

Copyright © 2004, Epok, Inc. XRI Goals A unified syntax for abstract identifiers providing –Abstraction and independence –Persistence and reassignability –Human-friendliness and machine-friendliness –Internationalization –Cross-context identification A standard Internet-based resolution protocol, including support for trusted resolution

Copyright © 2004, Epok, Inc. Absolute and relative persistent identifiers URNs require absolute persistent identifiers –The entire identifier is persistent –It will never be reassigned for all time This can be difficult to meet operationally –Requires a persistent ID for all higher-level domains Many uses require only relative persistence –Only part of the identifier is persistent –This portion is persistent for a relative period (i.e. the lifetime of its potentially reassignable id space)

Copyright © 2004, Epok, Inc. Examples of relative and absolute persistence Absolute persistent URNs urn:isbn: urn:ietf:rfc:2141 urn:us:gov:usdoj:ins:somedata Note that this is now “broken” because the DOJ has transitioned to Department of Homeland Security and INS now has a new title of BCIS. To be semantically accurate this should therefore be changed to urn:us:gov:bcis:someschema ). Example of the problem of “semantic reflection” in persistent identifiers. Absolute persistent XRIs xri://:isbn: xri://:ietf:rfc:2141 xri://:us:gov:bcis/:somedata xri://:34F2:A98E:B8FC/:somedata Relative persistent XRIs xri:// xri://ietf.org/rfc/:2141 xri://

Copyright © 2004, Epok, Inc. Human-friendly identifiers A longtime goal of computing in general –Character-based interfaces  GUIs –8 char DOS filenames  Macintosh file names Providing HFIs for machine-friendly IP addresses was a key motivation for DNS Machine-friendly Identifier i.e., Human-friendly Identifier i.e., epok.com IP Addresses DNS Names

Copyright © 2004, Epok, Inc. XRI Naming XRIs supports a layer of reassignable names that resolve (potentially) to persistent identifiers Global Context Symbols –“=” indicates a natural person indicates any legal entity other than a natural person –“+” indicates a generic noun, concept or name IP Addresses DNS Names E Numbers E Names Physical Network

Copyright © 2004, Epok, Inc. XRI Naming Examples Individual Human Friendly Identifiers (any natural person) xri:=JohnDoe xri:=MaryVincentSmith Organizational Human Friendly Identifiers (any legal mark) General Human Friendly Identifiers (any generic term) xri:+us xri:+books xri:+music/rock xri:+geology/rock xri:+someschema xri:+someschema/FirstName

Copyright © 2004, Epok, Inc. Cross-context identifiers A cross-context identifier identifies the same logical resource in different physical contexts English-language example: –John’s car –Mary’s car HTTP URI example: – –

Copyright © 2004, Epok, Inc. Cross-context Example The same publication xri:// xri:// xri:// The same type of web page xri:// xri:// The same type of directory attribute xri:=JohnSmith/(+ )

Copyright © 2004, Epok, Inc. Attribute and version identifiers Standardizing cross-context data exchange requires more than just object-level identifiers Attributes must be addressable relative to a containing object –Must support nested attributes Versions must be addressable relative to an object or attribute –Must support nested versions

Copyright © 2004, Epok, Inc. Attribute and version Examples Attributes xri:=John Smith/(+ )/work Versions xri:=JohnSmith/(+ )/work/($v/3) xri:=JohnSmith/(+ )/work/($d/ T07:33:48Z)

Copyright © 2004, Epok, Inc. Forms of an XRI Well defined transforms for various “normal forms” –XRI normal form – Native XRI –IRI normal form – Identifier in the form expected by the IRI draft. Primarily involves obfuscation of cross- references. –anyURI normal form – Appropriate for anyURI as defined by XML schema. Transforms URI-authority component into legal DNS name. –URI normal form – Pure 2396-style URI. Mainly normalizes international characters.

Copyright © 2004, Epok, Inc. XRI Resolution Spec defines resolution for GCS-based XRI Authorities –Local Path resolution is not defined Resolution is based on HTTP Gets. –Series of HTTP Gets to subsequent XRIAuthorities –Last subsegment points to a Local Access or AlternativeXRI Returns XML as an XRIDescriptor element XRIDescriptor has well defined elements for XRIAuthority, LocalAccess, Mapping and AlternativeXRI Benefit: Extensible via XML, but server doesn’t have to parse XML during resolution. Each XRI Authority is considered to be unaware of what other subsegments are pointing to it. –Extremely flexible –Makes sanity checking difficult

Copyright © 2004, Epok, Inc. XRI Resolution (cont.) Describes the result of resolving an XRI subsegment XRIAuthority element indicates URI for resolving an additional subsegment LocalAccess element indicates URIs to use for various MIME types Resolved element indicates what subsegment was resolved Nothing indicates what authority resolved it –Client is responsible for keeping XRI Descriptors in context Sample descriptor :3 application/vnd.epok.xns

Copyright © 2004, Epok, Inc. Example of Resolution Client wants to resolve Client disregards everything after the first “/”. This part (Local Path) is not globally resolvable. Client knows URI for beforehand. – Client asks about “:1010” – –Client parses XRIDescriptor for XRIAuthority Client asks about “:3” – –Client parses XRIDescriptor for appropriate local access Client can now interact with resource :6 in the context via local access protocol identified in XRID

Copyright © 2004, Epok, Inc. Trusted Resolution XRID is signed by the providing XRI Authority Moves metadata like TTL out of HTTP headers so they can be included in the signed data Backward compatible with standard resolution Contains a SAML assertion with a new kind of attribute statement that points back to the enclosing XRID (like an enveloped signature) :3 application/vnd.epok.xns

Copyright © 2004, Epok, Inc. Misconceptions about XRIs Spaces are legal in XRIs –xri:=john smith – The XRI is =john –xri:=john%20smith – legal –xri:=(john.smith) – legal (though not equivalent to previous) The spec allows and = authorities is equivalent Resolution requires HTTP / HTTPS eNames resolve to eNumbers / has implied semantics –Do. and : imply delegated authority, while / implies organization within the same authority? No –=john/addresses/work/city –=john/addresses.work/city XRIs must be rooted =, + or // XRIs have a canonical form There is an authority for +