Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of XRI, XDI, I-Names, and OpenID Collaborative Expedition Workshop: Exploring the Potentials and Realities of the Identity Management Landscape.

Published byCandace Carroll Modified over 8 years ago

Similar presentations

Presentation on theme: "Overview of XRI, XDI, I-Names, and OpenID Collaborative Expedition Workshop: Exploring the Potentials and Realities of the Identity Management Landscape."— Presentation transcript:

1 Overview of XRI, XDI, I-Names, and OpenID Collaborative Expedition Workshop: Exploring the Potentials and Realities of the Identity Management Landscape February 27, 2007 at the National Science Foundation (Arlington, Virginia, USA)

2 2 Our Panel on: XRI, XDI, I-Names & OpenID Drummond Reed (Cordance) Les Chasen (Neustar) Andy Dale (ooTao) Owen Davis (Linksafe) David Recordon (Verisign) Moderator: Peter Yim (CIM3)

3 3 Four topics OpenID.net: An open community specification for Internet identity and Web authentication based on URLs/XRIs OpenID XDI.org: An open public XRI registry infrastructure based on XRI and XDI I-Names OASIS XDI Technical Committee: An open standard data interchange schema and protocol based on XRI XDI OASIS XRI Technical Committee: An open standard language for interoperable digital identifiers XRI

4 Part One: XRI (Extensible Resource Identifier)

5 5 XRI Technical Committee

6 6 The primary goals of XRI Develop a language for digital identifiers that can be used across all contexts and protocols –Do for identifiers what XML has done for data Provide a machine-readable dictionary of XRI identifiers that can be used to describe other identifiers of all types (identifier metadata) Enable standardized infrastructure for both reassignable and persistent XRIs

7 7 Local Path/Query IP Address Domain Name URI/IRI Layer XRI Layer Reassignable “i-name(s)” Persistent “i-number” XRDS Docu- ment XRI Resolution

8 8 Example XRIs (in XRI-normal form) =drummond.reed @cordance $dns*www.cordance.com/some/path#somefragment $ip*206.198.17.5/some/path?some=query @cordance*drummond +résumé @cordance=drummond.reed/local/directory/résumé.html =!1234.5678.a1b2.c3d4 @cordance=drummond.reed/+résumé$v*2 @cordance=drummond.reed @!76d3.f297.90e2.142d=!1234.5678.a1b2.c3d4/+!8763 i-name i-number !!1003@!76d3.f297.90e2.142d=!1234.5678.a1b2.c3d4/+!8763

9 9 XRI resolution The goal was a simple, easily-deployed infrastructure for resolving XRIs to URIs much like resolving DNS names to IP addresses The solution was to use HTTP(S) and a very simple XML document format called XRDS (Extensible Resource Descriptor Sequence) The open source OpenXRI (openxri.org) project aims to make XRI resolution a stand- ard feature of web servers (e.g., Apache)

10 10 Example XRDS document for “=example” *example 2005-05-30T09:30:10Z xri://= xri://=!1234.5678.A1B2.C3D4 xri://!!1000!4444.5555 xri://$res*auth*($v*2.0) http://res.example.com/=!1234.5678.a1b2.c3d4/ http://openid.net/openid/1.0 http://authn.example.com/openid/

11 11 XRI adoption Boeing (www.boeing.com, @boeing) is standardizing on XRI for global identifiers –Published in their Enterprise Directory service for all people, applications, and devices –Deploying in new web services –Using for principals in SAML assertions OpenID 2.0 (www.openid.net) supports XRIs for Web authentication and XRDS for service discovery I-names (www.inames.net, @inames) uses XRI for privacy-protected global digital identity and XRDS for service discovery

12 Part Two: XDI (XRI Data Interchange)

13 13 The primary goals of XDI Develop a standardized data interchange schema & protocol based on XRIs and XML –XDI is to XML what HTML is to SGML Enable “link contracts” – machine-readable data sharing agreements that bind shared data to policies governing its use Enable machine-readable XDI dictionaries that enable for automated mapping of XRI- identified data across schemas & contexts

14 14 The XDI “Dataweb” model Applies the Web model to machine-readable data sharing –XDI documents are XRI-addressable the same way HTML documents are URI-addressable –XRI addressing/linking goes all the way down to the atomic element level (URI addressing/linking goes down only to the document fragment level) –XDI addressing can reference and link elements across XDI documents just like HTML hyperlinks

15 15 XDI and RDF XDI documents are collections of RDF statements using XRIs instead of URIs –Using XRI cross-reference syntax, all XDI RDF statements are expressable as XRIs –XDI RDF vocabulary consists of five core XRIs to describe resource relationship types Dramatically simplifies/standardizes cross- domain data description and exchange XDI dictionaries function as machine- readable, self-describing RDF vocabularies

16 16 XDI link contracts A link contract is an XDI document governing an XDI data sharing relationship between two XDI data authorities –It “binds” XRI-addressable data to XRI- addressable policies governing its use Link contracts can cover any type of XDI data (including other link contracts) Link contracts can associate any type of data sharing policy

17 17 XDI adoption First XDI engine implemented by Ootao (www.ootao.com, @ootao) ooTao and Kintera (www.kinterainc.com) have announced a major XDI data sharing project for La Leche League –100K+ data sharing accounts XDI will be a primary data sharing protocol supported by the Higgins Project (www.eclipse.org/higgins/)

18 Part Three: I-Names

19 19 I-names (and i-numbers) I-names is a new public XRI registry service for privacy-protected digital identifiers These registries are operated by XDI.org, an international public trust organization Registrations include both an i-name (reassignable) and an i-number (persistent) There are three registries: = for individuals @ for organizations of any kind ! for XDI.org-accredited i-brokers (i-numbers only)

20 20 I-brokers An i-broker is a provider of Internet identity services (“banker for data”) XDI.org accredits i-brokers to become global i-name/i-number registrars (similar to the role ICANN plays for DNS infrastructure) Accredited i-brokers are listed on the XDI.org i-names website –www.inames.net/register.html These i-brokers all offer a core set of identity services including OpenID authentication

21 21 Postal Address Phone Number Fax Number Email Address IM Address Domain Name 194019751990199520002005 i-name Antiquity I-names are the next step in digital addressing

22 22 I-names let individuals and organizations control their communications channels i-name 1) Simplicity one communications address that never needs to change mary.smith@work.com msmith@home.com 408-881-2375 x58 408-602-9188 206-733-5742 360.yahoo.com/~mary www.work.com/team/mjs 887 Birch Lane Berkeley, CA 99071 2) Privacy 100% control over access via any channel 3) Automated services Intelligent new communications services that save time and money

23 23 I-names adoption I-names are integrated into the OpenID 2.0 specification (www.openid.net) I-names are the basis for the new Equals communications management service from AmSoft (www.amsoft.net) I-names are the basis for two more open Internet services currently under development –Authenticated, secure email (“imail”) –Authenticated, secure data sharing (“ishare”)

24 Part Four: OpenID

25 25 OpenID 2.0 OpenID 2.0 is the convergence of OpenID 1.0, LID, i-names, Yadis, and SXIP OpenID 2.0 supports both URLs and XRIs –Only XRIs support automatic mapping of an i-name to its persistent i-number to prevent an OpenID identity from being reassigned OpenID 2.0 uses the XRI XRDS format for service discovery OpenID 2.0 adds new features to its basic http(s) Web authentication protocol

26 26 OpenID support Microsoft announced at RSA that it will support OpenID working with CardSpace AOL just announced that it will provide OpenID service for all AOL users Yahoo is expected to follow suite shortly This will drive the market for what Gartner calls “personal identity frameworks” (PIFs) –Gartner anticipates that PIFs will integrate into enterprise IAM products in the next 2-3 years

27 27 OpenID adoption Widely supported throughout the blogging industry –SixApart, LiveJournal, WordPress, Technorati Spreading to other Web 2.0 sites –Wikitravel (Wikipedia), Ma.gnolia.com, Zoomr, etc. Widespread open source support –PHP, Python, Perl, Ruby, C#, Java –pyblosxom, plone, Apache, MoinMoin, mailman, mediawiki, Drupal, phbBB, openXRI

28 28 Links to more information http://www.openid.net http://en.wikipedia.org/wiki/openid OpenID http://www.inames.net http://en.wikipedia.org/wiki/i-name I-names http://www.oasis-open.org/committees/xdi/ http://en.wikipedia.org/wiki/XDI XDI http://www.oasis-open.org/committees/xri/ http://en.wikipedia.org/wiki/XRI XRI

29 Panel Discussion / Q&A

30 Supplemental Slides

31 31 The five key features of XRI syntax Identify the same logical resource across multiple contexts Cross-referencing Establish a standard set of global contexts Global context symbols Support both persistent and reassign- able identifiers in the same syntax Persistence & Reassignability Standardize identifier metadata such as language, version, date, and type Metadata “XML for identifiers” - enable a common identifier scheme for all resources Extensibility

32 32 With an XRI you can represent an identifier authority in four ways (all resolvable): IP Address$ip*124.17.192.4/path?query DNS Name$dns*cordance.net/path?query GCS Symbol=drummond/path?query Cross-Reference$(mailto:jh@foo.com)/path?query Four options for identifier authorities @cordance/path?query

33 33 All XRIs can be represented as HTTP URIs using HXRI syntax: http://xri.net//$ip*124.17.192.4/path?query http://xri.net/$dns*cordance.net/path?query http://xri.net/=drummond/path?query http://xri.net/$(mailto:jh@foo.com)/path?query HTTP Proxy XRI (HXRI) Syntax http://xri.net/@cordance/path?query

34 34 Features of XRI resolution Simple, lightweight XML document format Uses standard HTTP caching Supports three types of XRI synonyms –Local (from the same authority as the XRDS) –Canonical (preferred of all synonyms, typically an i-number) –Cross-references (from other XRI authorities) Simple service endpoint description/selection –By Type (identified by URI, IRI, or XRI) –By MediaType (IANA standard strings) –By Path (stem-based matching) Supports both local and HTTP(S) proxy resolution

35 35 Link contracts can include policies for: Identification Authentication Authorization and access control Privacy and usage control Synchronization Termination Recourse

36 36 Link contract policy references Every policy referenced by a link contract has its own XRI (or set of XRI synonyms) The policy itself need not be an XDI document; it might be: –Human-readable text document (e.g., Creative Commons licenses, www.creativecommons.org, or an Identity Commons identity rights agreement)www.creativecommons.org –A document in machine-readable policy expression language (XACML, WS-Policy, etc.) –Any other XRI-addressable resource to which the parties can agree

37 37 XRI Specification status Current specs –XRI Syntax 2.0 – December 2005 –XRI Resolution 2.0 Working Draft 11 – Feb 2006 XRI $ Dictionary 2.0 specification underway –Major contributions by Boeing Complete XRI 2.0 specification suite expected in public review by late spring OASIS Standard vote expected this fall

38 38 XDI specification status XDI schema and addessing model complete Link contract vocabulary work underway Protocol and protocol binding work prototyped First part of XDI 1.0 specifications expected this spring Complete XDI 1.0 specifications expected this fall

Download ppt "Overview of XRI, XDI, I-Names, and OpenID Collaborative Expedition Workshop: Exploring the Potentials and Realities of the Identity Management Landscape."

Similar presentations

UDDI v3.0 (Universal Description, Discovery and Integration)

UDDI v3.0 (Universal Description, Discovery and Integration)
1 Understanding Web Services Presented By: Woodas Lai.

1 Understanding Web Services Presented By: Woodas Lai.
Developing a Metadata Exchange Format for Mathematical Literature David Ruddy Project Euclid Cornell University Library DML 2010 Paris 7 July 2010.

Developing a Metadata Exchange Format for Mathematical Literature David Ruddy Project Euclid Cornell University Library DML 2010 Paris 7 July 2010.
WEB SERVICES DAVIDE ZERBINO.

WEB SERVICES DAVIDE ZERBINO.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
The role of trusted computing in Internet-scale DRM Geoffrey Strongin AMD Fellow Platform Security Architect

The role of trusted computing in Internet-scale DRM Geoffrey Strongin AMD Fellow Platform Security Architect
By: Ansuya Chauhan.

By: Ansuya Chauhan.
Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.

Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
ECHO: NASA’s E os C learing HO use Integrating Access to Data Services Michael Burnett Blueprint Technologies, 7799 Leesburg.

ECHO: NASA’s E os C learing HO use Integrating Access to Data Services Michael Burnett Blueprint Technologies, 7799 Leesburg.
What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS May 6, 2008 Gabe Wachob, XRI TC Co-Chair Paul Trevithick, The.

What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS May 6, 2008 Gabe Wachob, XRI TC Co-Chair Paul Trevithick, The.
1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.

1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.
May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS.

May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
Presentation 7 part 2: SOAP & WSDL. Ingeniørhøjskolen i Århus Slide 2 Outline Building blocks in Web Services SOA SOAP WSDL (UDDI)

Presentation 7 part 2: SOAP & WSDL. Ingeniørhøjskolen i Århus Slide 2 Outline Building blocks in Web Services SOA SOAP WSDL (UDDI)
UKOLN is supported by: OAI-ORE a perspective on compound information objects (www.openarchives.org/ore/)www.openarchives.org/ore/ Defining Image Access.

UKOLN is supported by: OAI-ORE a perspective on compound information objects ( Defining Image Access.
COMP 6703 eScience Project Semantic Web for Museums Student : Lei Junran Client/Technical Supervisor : Tom Worthington Academic Supervisor : Peter Strazdins.

COMP 6703 eScience Project Semantic Web for Museums Student : Lei Junran Client/Technical Supervisor : Tom Worthington Academic Supervisor : Peter Strazdins.

Similar presentations

Ads by Google