Presentation is loading. Please wait.

Presentation is loading. Please wait.

May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS."— Presentation transcript:

1 May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS

2 OASIS XRI Technical Committee Opened January 2003

3 Topics n What are XRI and XRDS? n Why have they become key building blocks of the Internet identity layer? l Case study: what specific problems did they help solve for OpenID 2.0? n What synergy do they have with other OASIS TCs and specifications? n OASIS Standard vote on XRI 2.0

4 What are XRI and XRDS?

5 XRI (Extensible Resource Identifier) n A new type of Internet identifier (URI) designed expressly for digital identity n An open standard for expressing and discovering abstract structured identifiers l Abstract: identifiers that resolve to other identifiers l Structured: identifiers that can contain self- describing “tags” – “XML for identifiers”

6 XRDS (Extensible Resource Descriptor Sequence) n A simple, extensible, XML-based service discovery format for any XRI- or URL- identifiable resource n The logical equivalent of a DNS resource record at the XRI layer of identification n The discovery format used by OpenID 2.0, OAuth, and Higgins

7 Local Path/Query IP Address Domain Name URI/IRI Abstract Identifier Layer Reassignable XRI “i-name(s)” Persistent XRI “i-number” XRDS Docu- ment XRDS Resolution TN (Tele- phone Number) Other concrete identifier types Concrete Identifier Layer Synonyms

8 Examples of XRI i-names n Human-friendly reassignable identifiers =gmw = 用例 @boeing @cordance*drummond +flower $xml

9 Examples of XRI i-numbers n Persistent identifiers (never reassigned) =!7a42.cd93.40f4.18e5 =!7a42.cd93.40f4.18e5!283 @!b3a7.5537.9fea.31ec +!3792 +!3792!14

10 Examples of XRI cross-references n Identifiers reused across contexts =(mailto:gabe.wachob@gmail.com) =(http://equalsdrummond.name) @(http://boeing.com) @cordance*(urn:isbn:0-395-36341-1) +flower*(http://en.wikipedia.org/rose)

11 Examples of XRIs transformed into URIs n XRI Syntax 2.0 defines a strict trans- formation of an XRI into an IRI and URI xri://=drummond.reed xri://= 用例 xri://@!b3a7.5537.9fea.31ec!133 xri://=(mailto:gabe.wachob@gmail.com) xri://@cordance*(urn:isbn:0-395-36341-1)

12 *example 2005-05-30T09:30:10Z xri://= xri://=!7c4.58ff.7c9a.e285 xri://$res*auth*($v*2.0) http://res.example.com/=!7c4.58ff.7c9a.e285/ http://openid.net/openid/1.1 http://openid.net/openid/2.0 +openid http://authn.example.com/openid/ Query and synonyms Service #1 Service #2 Example XRDS document

13 Why have XRI and XRDS become key building blocks of the Internet identity layer?

14 Not only did XRI and XRDS become an integral part of OpenID 2.0, but the XRI technical community has become an integral part of the OpenID community. — Bill Washburn Executive Director, OpenID Foundation

15 XRI and XRDS have become essential elements of the Higgins Project. Without them, we couldn’t fully implement the abstract data model that is the heart of Higgins and the key to user-controlled identity and data sharing. — Paul Trevithick Higgins Project Lead

16 Where are XRI and XRDS being used? n OpenID 2.0 n OAuth Discovery n Higgins Project n XDI.org i-name/i-number registries n XDI data sharing

17 Case Study: the top 3 problems XRI/XRDS solved for OpenID 2.0 n Extensible service discovery n OpenID recycling n Automatic secure resolution

18 What is OpenID? n An open community specification for user-centric Internet authentication l Based on the concept that users have their own globally-resolvable identifier and OpenID authentication service n Primary use case: eliminate the need for separate usernames and passwords for different websites

19 XRDS Document Relying Party (RP) OpenID Provider (OP)

20 Problem #1: Extensible service discovery n OpenID 2.0 need to describe what versions an OpenID identifier supports n Also what OpenID extensions it supports (SREG, AX, PAPE, etc.) n And what other services may be available (e.g., OAuth, SAML, XDI) n It also needed redundant, prioritized OpenID provider endpoints

21 Solution: XRDS documents n Simple, standard discovery format n Can be hosted on any blog, web server, IdM system, etc. n Easily extensible using new URIs or XRIs to define service types n Can be extended with elements from any other namespace

22 *example 2005-05-30T09:30:10Z xri://= xri://=!7c4.58ff.7c9a.e285 xri://$res*auth*($v*2.0) http://res.example.com/=! 7c4.58ff.7c9a.e285/ http://openid.net/openid/1.1 http://openid.net/openid/2.0 +openid http://authn.example.com/openid/ https://secure-authn.example.com/openid/ http://example.com/bob

23 Problem #2: OpenID recycling n With usernames/passwords, usernames can be recycled l The service provider controls the binding with the credential n With OpenID, that’s no longer true l The user controls the binding to the credential! l Losing control of the identifier = losing control of the credential

24 Solution: persistent synonyms n Bind a recyclable OpenID identifier with a non-recyclable (persistent) identifier such as an XRI i-number n Authenticate based on the persistent i-number n Treat the recyclable identifier as only a temporary handle for the persistent synonym

25 *example 2005-05-30T09:30:10Z xri://= xri://=!7c4.58ff.7c9a.e285 xri://$res*auth*($v*2.0) http://res.example.com/=!1234.5678.a1b2.c3d4/ http://openid.net/openid/1.1 http://openid.net/openid/2.0 +openid http://authn.example.com/openid/

26 Problem #3: Automatic secure resolution n OpenID could not specify HTTPS resolution for all OpenID URLs l Too many users do not have access to HTTPS certs or infrastructure l Thus the default had to be HTTP l This forces users with HTTPS URLs to to type the entire string, e.g., https://my.openid.identifier.tld

27 Solution: XRI secure resolution n As abstract identifiers, XRIs always map to concrete identifiers n This mapping process - XRI resolution - offers three trusted modes: l HTTPS, SAML, or both n So XRI i-names used as OpenIDs can use HTTPS resolution as the default l No need for users to know/do anything

28 XRI and XRDS are also building blocks for other identity solutions n OAuth l XRDS discovery format n Higgins Project l Context discovery and resolution n XDI.org XRI registries l i-name/i-number registries & resolution n SAML and Information Cards l Privacy-protected identifier claims

29 Synergy with Other OASIS TCs

30 XDI (XRI Data Interchange) n The XDI controlled data sharing protocol is based entirely on XRI l A globally addressable RDF graph where the address of every node is an RDF statement structured as an XRI subject-xri / predicate-xri / object-xri l Enables a simple portable authorization format called XDI link contracts

31 ORMS (Open Reputation Management Services) n Newest TC in the OASIS IDtrust member section n Will define neutral, vendor-independent system for exchanging reputation data n XRI and XDI TC members participating l XRI for durable subject identifiers l XDI for controlled data sharing

32 Other TCs in the IDtrust Member Section n Digital Signature Services eXtended (DSS-X) Advancing new profiles for the DSS OASIS Standard n Enterprise Key Management Infrastructure (EKMI) Defining symmetric key management protocols n Public Key Infrastructure (PKI) Adoption Advancing the use of digital certificates as a foundation for managing access to network resources and conducting electronic transactions

33 The OASIS Standard Vote on XRI 2.0

34 Specifications n XRI Syntax 2.0 l Explicit syntax for reassignable and persistent identifiers l Global context symbols l Cross-references for identifier reuse across domains l Flexible delegation at all levels of hierarchy l Lossless transformation into IRI and URI forms n XRI Resolution 2.0 l HTTP(S)-based resolution protocol l XRDS: simple XML discovery document format l Synonym management and verification l Service endpoint selection logic l Redirect and Ref processing

35 Conclusion n OpenID, OAuth, Higgins, i-names, XDI are just the start of what can now be built on XRI and XRDS n The OASIS XRI TC and IDtrust Member Section look forward to developing more key building blocks of the Internet identity layer

36 Contact us n Gabe Wachob, XRI TC Co-Chair l http://xri.net/=gmw http://xri.net/=gmw l gabe.wachob@wachob.com gabe.wachob@wachob.com n Drummond Reed, XRI TC Co-Chair l http://xri.net/=drummond.reed http://xri.net/=drummond.reed l drummond.reed@cordance.net drummond.reed@cordance.net n Wikipedia l http://en.wikipedia.org/xri http://en.wikipedia.org/xri l http://en.wikipedia.org/xrds http://en.wikipedia.org/xrds

37 n Learn through the IDtrust Knowledgebase of educational materials and background on the standards n Share news, events, presentations, white papers, product listings, opinions, questions, and recommendations through postings, blogs, forums, and directories. n Collaborate with others online through a wiki interface http://idtrust.xml.org

Download ppt "May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS."

Similar presentations

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group
UDDI v3.0 (Universal Description, Discovery and Integration)

UDDI v3.0 (Universal Description, Discovery and Integration)
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
OpenID RP Reputation in Trusted Exchange NRI 2008/06/10.

OpenID RP Reputation in Trusted Exchange NRI 2008/06/10.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.

Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.
Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.

Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.
What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS May 6, 2008 Gabe Wachob, XRI TC Co-Chair Paul Trevithick, The.

What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS May 6, 2008 Gabe Wachob, XRI TC Co-Chair Paul Trevithick, The.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
Presentation 7 part 2: SOAP & WSDL. Ingeniørhøjskolen i Århus Slide 2 Outline Building blocks in Web Services SOA SOAP WSDL (UDDI)

Presentation 7 part 2: SOAP & WSDL. Ingeniørhøjskolen i Århus Slide 2 Outline Building blocks in Web Services SOA SOAP WSDL (UDDI)
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.

The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
2006 IEEE International Conference on Web Services ICWS 2006 Overview.

2006 IEEE International Conference on Web Services ICWS 2006 Overview.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.

EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Copyright © 2004, Epok, Inc. Extensible Resource Identifiers (XRIs) XDI Face to Face 28 April 2004.

Copyright © 2004, Epok, Inc. Extensible Resource Identifiers (XRIs) XDI Face to Face 28 April 2004.

Similar presentations

Ads by Google