copyright © 2004, epok, inc. extensible resource identifiers (xris) xdi face to face 28 april 2004

Copyright © 2004, Epok, Inc.

Extensible Resource Identifiers (XRIs)

XDI Face to Face28 April 2004


What are XRIs

• Extensible Resource Identifier (XRIs) are abstract identifiers - broadly useful but include features especially well suited to identity and web services

• Based on URIs as defined by RFC2396 and can be downcast into conventional URIs

• Resolvable to concrete endpoints via standard resolution protocol defined by XRI Specification.


XRIs: True Unified Identifiers

• XRIs can provide a uniform layer of abstract identifiers for any resource on any network

IP Address

DNS NamesPhone Numbers Email Address

Future Addresses

XRIs

The WebThe Web


XRI Goals

• A unified syntax for abstract identifiers providing

– Abstraction and independence– Persistence and reassignability– Human-friendliness and machine-friendliness – Internationalization– Cross-context identification

• A standard Internet-based resolution protocol, including support for trusted resolution


Absolute and relative persistent identifiers

• URNs require absolute persistent identifiers– The entire identifier is persistent– It will never be reassigned for all time

• This can be difficult to meet operationally– Requires a persistent ID for all higher-level domains

• Many uses require only relative persistence– Only part of the identifier is persistent– This portion is persistent for a relative period (i.e. the

lifetime of its potentially reassignable id space)


Examples of relative and absolute persistence

• Absolute persistent URNsurn:isbn:0-395-36341-1urn:ietf:rfc:2141urn:us:gov:usdoj:ins:somedata

• Note that this is now “broken” because the DOJ has transitioned to Department of Homeland Security and INS now has a new title of BCIS. To be semantically accurate this should therefore be changed to urn:us:gov:bcis:someschema). Example of the problem of “semantic reflection” in persistent identifiers.

• Absolute persistent XRIsxri://:isbn:0-395-36341-1xri://:ietf:rfc:2141xri://:us:gov:bcis/:somedataxri://:34F2:A98E:B8FC/:somedata

• Relative persistent XRIsxri://www.bookstore.com/:isbn:0-395-36341-1xri://ietf.org/rfc/:2141xri://www.bcis.gov/:somedata


Human-friendly identifiers

• A longtime goal of computing in general– Character-based interfaces GUIs– 8 char DOS filenames Macintosh file names

• Providing HFIs for machine-friendly IP addresses was a key motivation for DNS

Machine-friendly Identifieri.e., 192.168.10.134

Human-friendly Identifieri.e., epok.com

IP Addresses

DNS Names


XRI Naming

• XRIs supports a layer of reassignable names that resolve (potentially) to persistent identifiers

• Global Context Symbols– “=” indicates a natural person– “@” indicates any legal entity

other than a natural person– “+” indicates a generic noun,

concept or name

IP Addresses

DNS Names

E Numbers

E Names

Physical NetworkPhysical Network


XRI Naming Examples

• Individual Human Friendly Identifiers (any natural person)xri:=JohnDoexri:=MaryVincentSmith

• Organizational Human Friendly Identifiers (any legal mark)xri:@BarnesAndNoblexri:@bcisZri:@gsa

• General Human Friendly Identifiers (any generic term)xri:+usxri:+booksxri:+music/rockxri:+geology/rockxri:+someschemaxri:+someschema/FirstName


Cross-context identifiers

• A cross-context identifier identifies the same logical resource in different physical contexts

• English-language example:– John’s car– Mary’s car

• HTTP URI example:– http://www.wines.com/index.html– http://www.books.com/index.html


Cross-context Example

• The same publicationxri://www.bcis.gov/(xri://gsa.gov/:somepublication)

xri://www.dod.gov/(xri://gsa.gov/:somepublication)

xri://www.gsa.gov/(xri://gsa.gov/:somespublication)

xri:@gsa/(xri://gsa.gov/:somepublication)

• The same type of web pagexri://www.bcis.gov/(+faq)

xri://www.gsa.com/(+faq)

• The same type of directory attributexri:=JohnSmith/(+email)

xri:@gsa/(=JohnSmith)/(+email)


Attribute and version identifiers

• Standardizing cross-context data exchange requires more than just object-level identifiers

• Attributes must be addressable relative to a containing object

– Must support nested attributes

• Versions must be addressable relative to an object or attribute

– Must support nested versions


Attribute and version Examples

• Attributesxri:=John Smith/(+email)/work

xri:@gsa/(=JohnSmith)/(+email)/work

xri:@gsa/:someschema/FirstName

• Versionsxri:=JohnSmith/(+email)/work/($v/3)

xri:=JohnSmith/(+email)/work/($d/2001-06-21T07:33:48Z)

xri:@gsa/:someschema/($v/1)/FirstName


Forms of an XRI

Well defined transforms for various “normal forms”

– XRI normal form – Native XRI– IRI normal form – Identifier in the form expected by

the IRI draft. Primarily involves obfuscation of cross-references.

– anyURI normal form – Appropriate for anyURI as defined by XML schema. Transforms URI-authority component into legal DNS name.

– URI normal form – Pure 2396-style URI. Mainly normalizes international characters.


XRI Resolution

• Spec defines resolution for GCS-based XRI Authorities– Local Path resolution is not defined

• Resolution is based on HTTP Gets.– Series of HTTP Gets to subsequent XRIAuthorities– Last subsegment points to a Local Access or AlternativeXRI

• Returns XML as an XRIDescriptor element• XRIDescriptor has well defined elements for XRIAuthority,

LocalAccess, Mapping and AlternativeXRI• Benefit: Extensible via XML, but server doesn’t have to parse XML

during resolution.• Each XRI Authority is considered to be unaware of what other

subsegments are pointing to it.– Extremely flexible– Makes sanity checking difficult


XRI Resolution (cont.)

• Describes the result of resolving an XRI subsegment• XRIAuthority element indicates URI for resolving an additional

subsegment• LocalAccess element indicates URIs to use for various MIME types• Resolved element indicates what subsegment was resolved• Nothing indicates what authority resolved it

– Client is responsible for keeping XRI Descriptors in context• Sample descriptor

<XRIDescriptor><Resolved>:3</Resolved><XRIAuthority> <URI>http://x.customer.com/xri/resolve?ns=hostid</URI></XRIAuthority><LocalAccess>

<Type>application/vnd.epok.xns</Type><URI>http://x.customer.com/eis/XNSRequest</URI><URI>https://x.customer.com/eis/XNSRequest</URI>

</LocalAccess><XRIDescriptor>


Example of Resolution

• Client wants to resolve “xri:@:1010:3/:6” • Client disregards everything after the first “/”. This part

(Local Path) is not globally resolvable.• Client knows URI for “@” beforehand.

– http://gcs.xriroot.com/xri/resolve?ns=at• Client asks “@” about “:1010”

– http://gcs.xriroot.com/xri/resolve/:1010?ns=at– Client parses XRIDescriptor for XRIAuthority

• http://xns.epok.com/xri/resolve?ns=hostid• Client asks “@:1010” about “:3”

– http://xns.epok.com/xri/resolve/:3?ns=hostid– Client parses XRIDescriptor for appropriate local access

• Client can now interact with resource :6 in the context of @:1010:3 via local access protocol identified in XRID


Trusted Resolution

• XRID is signed by the providing XRI Authority• Moves metadata like TTL out of HTTP headers so they can be included in the signed data• Backward compatible with standard resolution• Contains a SAML assertion with a new kind of attribute statement that points back to the

enclosing XRID (like an enveloped signature)<XRIDescriptor>

<Resolved>:3</Resolved><XRIAuthority>

<URI>http://x.customer.com/xri/resolve?ns=hostid</URI></XRIAuthority><LocalAccess>

<Type>application/vnd.epok.xns</Type><URI>http://x.customer.com/eis/XNSRequest</URI><URI>https://x.customer.com/eis/XNSRequest</URI>

</LocalAccess><ds:Signature>...</ds:Signature><saml:Assertion>...</saml:Assertion>

<XRIDescriptor>


Misconceptions about XRIs

• Spaces are legal in XRIs– xri:=john smith – The XRI is =john– xri:=john%20smith – legal– xri:=(john.smith) – legal (though not equivalent to previous)

• The spec allows multiple @ and = authorities• xri:@example/=dave is equivalent to @example/(=dave)• Resolution requires HTTP / HTTPS• eNames resolve to eNumbers• / has implied semantics

– Do . and : imply delegated authority, while / implies organization within the same authority? No

– =john/addresses/work/city– =john/addresses.work/city

• XRIs must be rooted on @, =, + or //• XRIs have a canonical form• There is an authority for +

copyright © 2004, epok, inc. extensible resource identifiers (xris) xdi face to face 28 april 2004

Documents

absolute persistent

somedata xri

xri naming xris

humanfriendly identifiers

johndoe xri

xri goals

xri specification

natural person xri