may 6, 2008 gabe wachob and drummond reed, xri tc co-chairs what do openid, higgins, i-names, and...
Post on 19-Dec-2015
219 views
TRANSCRIPT
![Page 1: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/1.jpg)
May 6, 2008Gabe Wachob and Drummond Reed, XRI TC Co-Chairs
What do OpenID, Higgins, I-Names, and XDI Have in Common?An OASIS Webinar on XRI and XRDS
![Page 3: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/3.jpg)
Topics
What are XRI and XRDS? Why have they become key building
blocks of the Internet identity layer? Case study: what specific problems did
they help solve for OpenID 2.0? What synergy do they have with other
OASIS TCs and specifications? OASIS Standard vote on XRI 2.0
![Page 4: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/4.jpg)
What are XRI and XRDS?
![Page 5: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/5.jpg)
XRI (Extensible Resource Identifier)
A new type of Internet identifier (URI) designed expressly for digital identity
An open standard for expressing and discovering abstract structured identifiers Abstract: identifiers that resolve to other
identifiers Structured: identifiers that can contain self-
describing “tags” – “XML for identifiers”
![Page 6: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/6.jpg)
XRDS (Extensible Resource Descriptor Sequence)
A simple, extensible, XML-based service discovery format for any XRI- or URL-identifiable resource
The logical equivalent of a DNS resource record at the XRI layer of identification
The discovery format used by OpenID 2.0, OAuth, and Higgins
![Page 7: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/7.jpg)
Local Path/Query
IP Address
Domain Name
URI/IRI
AbstractIdentifier
Layer
ReassignableXRI “i-name(s)”
PersistentXRI “i-number”
XRDSDocu-ment
XRDSDocu-ment
XRDSResolution
TN(Tele-phone
Number)
Otherconcreteidentifier
types
ConcreteIdentifier
Layer
Synonyms
![Page 8: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/8.jpg)
Examples of XRI i-names
Human-friendly reassignable identifiers=gmw
= 用例 @boeing
@cordance*drummond
+flower
$xml
![Page 9: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/9.jpg)
Examples of XRI i-numbers
Persistent identifiers (never reassigned)=!7a42.cd93.40f4.18e5
=!7a42.cd93.40f4.18e5!283
@!b3a7.5537.9fea.31ec
+!3792
+!3792!14
![Page 10: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/10.jpg)
Examples of XRI cross-references
Identifiers reused across contexts=(mailto:[email protected])
=(http://equalsdrummond.name)
@(http://boeing.com)
@cordance*(urn:isbn:0-395-36341-1)
+flower*(http://en.wikipedia.org/rose)
![Page 11: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/11.jpg)
Examples of XRIs transformed into URIs
XRI Syntax 2.0 defines a strict trans-formation of an XRI into an IRI and URIxri://=drummond.reed
xri://= 用例 xri://@!b3a7.5537.9fea.31ec!133
xri://=(mailto:[email protected])
xri://@cordance*(urn:isbn:0-395-36341-1)
![Page 12: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/12.jpg)
<XRDS xmlns=“xri://xrds”> <XRD xmlns=“xri://xrd*($v*2.0)”> <Query>*example</Query> <Expires>2005-05-30T09:30:10Z</Expires> <ProviderID>xri://=</ProviderID> <CanonicalID>xri://=!7c4.58ff.7c9a.e285</CanonicalID> <Service priority=“10”> <Type>xri://$res*auth*($v*2.0)</Type> <URI>http://res.example.com/=!7c4.58ff.7c9a.e285/</URI>
</Service> <Service priority=“10”> <Type>http://openid.net/openid/1.1</Type> <Type>http://openid.net/openid/2.0</Type> <Path>+openid <URI>http://authn.example.com/openid/</URI> </Service> </XRD></XRDS>
Query and synonyms
Service #1
Service #2
Example XRDS document
![Page 13: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/13.jpg)
Why have XRI and XRDS become key building blocks of the Internet identity layer?
![Page 14: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/14.jpg)
Not only did XRI and XRDS become an integral part of OpenID 2.0, but the XRI technical community has become an integral part of the OpenID community.
— Bill Washburn Executive Director, OpenID Foundation
![Page 15: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/15.jpg)
XRI and XRDS have become essential elements of the Higgins Project. Without them, we couldn’t fully implement the abstract data model that is the heart of Higgins and the key to user-controlled identity and data sharing.
— Paul Trevithick Higgins Project Lead
![Page 16: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/16.jpg)
Where are XRI and XRDS being used?
OpenID 2.0 OAuth Discovery Higgins Project XDI.org i-name/i-number registries XDI data sharing
![Page 17: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/17.jpg)
Case Study: the top 3 problems XRI/XRDS solved for OpenID 2.0
Extensible service discovery OpenID recycling Automatic secure resolution
![Page 18: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/18.jpg)
What is OpenID?
An open community specification for user-centric Internet authentication Based on the concept that users have their
own globally-resolvable identifier and OpenID authentication service
Primary use case: eliminate the need for separate usernames and passwords for different websites
![Page 19: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/19.jpg)
XRDSDocument
Relying Party(RP)
OpenID Provider(OP)
![Page 20: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/20.jpg)
Problem #1:Extensible service discovery OpenID 2.0 need to describe what
versions an OpenID identifier supports Also what OpenID extensions it
supports (SREG, AX, PAPE, etc.) And what other services may be
available (e.g., OAuth, SAML, XDI) It also needed redundant, prioritized
OpenID provider endpoints
![Page 21: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/21.jpg)
Solution: XRDS documents
Simple, standard discovery format Can be hosted on any blog, web
server, IdM system, etc. Easily extensible using new URIs or
XRIs to define service types Can be extended with elements from
any other namespace
![Page 22: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/22.jpg)
<XRDS xmlns=“xri://xrds”> <XRD xmlns=“xri://xrd*($v*2.0)”> <Query>*example</Query> <Expires>2005-05-30T09:30:10Z</Expires> <ProviderID>xri://=</ProviderID> <CanonicalID>xri://=!7c4.58ff.7c9a.e285</CanonicalID> <Service> <Type>xri://$res*auth*($v*2.0)</Type> <URI>http://res.example.com/=! 7c4.58ff.7c9a.e285/</URI>
</Service> <Service priority=“10”> <Type>http://openid.net/openid/1.1</Type> <Type>http://openid.net/openid/2.0</Type> <Path>+openid</Path> <URI>http://authn.example.com/openid/</URI> <URI>https://secure-authn.example.com/openid/</URI> <openid:delegate>http://example.com/bob</openid:delegate> </Service> </XRD></XRDS>
![Page 23: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/23.jpg)
Problem #2:OpenID recycling With usernames/passwords, usernames
can be recycled The service provider controls the binding
with the credential With OpenID, that’s no longer true
The user controls the binding to the credential!
Losing control of the identifier = losing control of the credential
![Page 24: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/24.jpg)
Solution: persistent synonyms Bind a recyclable OpenID identifier
with a non-recyclable (persistent) identifier such as an XRI i-number
Authenticate based on the persistent i-number
Treat the recyclable identifier as only a temporary handle for the persistent synonym
![Page 25: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/25.jpg)
<XRDS xmlns=“xri://xrds”> <XRD xmlns=“xri://xrd*($v*2.0)”> <Query>*example</Query> <Expires>2005-05-30T09:30:10Z</Expires> <ProviderID>xri://=</ProviderID> <CanonicalID>xri://=!7c4.58ff.7c9a.e285</CanonicalID> <Service> <Type>xri://$res*auth*($v*2.0)</Type> <URI>http://res.example.com/=!1234.5678.a1b2.c3d4/</URI>
</Service> <Service> <Type>http://openid.net/openid/1.1</Type> <Type>http://openid.net/openid/2.0</Type> <Path>+openid <URI>http://authn.example.com/openid/</URI> </Service> </XRD></XRDS>
![Page 26: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/26.jpg)
Problem #3:Automatic secure resolution
OpenID could not specify HTTPS resolution for all OpenID URLs Too many users do not have access to
HTTPS certs or infrastructure Thus the default had to be HTTP This forces users with HTTPS URLs to to
type the entire string, e.g., https://my.openid.identifier.tld
![Page 27: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/27.jpg)
Solution:XRI secure resolution As abstract identifiers, XRIs always
map to concrete identifiers This mapping process - XRI resolution -
offers three trusted modes: HTTPS, SAML, or both
So XRI i-names used as OpenIDs can use HTTPS resolution as the default No need for users to know/do anything
![Page 28: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/28.jpg)
XRI and XRDS are also building blocks for other identity solutions OAuth
XRDS discovery format Higgins Project
Context discovery and resolution XDI.org XRI registries
i-name/i-number registries & resolution SAML and Information Cards
Privacy-protected identifier claims
![Page 29: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/29.jpg)
Synergy with Other OASIS TCs
![Page 30: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/30.jpg)
XDI (XRI Data Interchange)
The XDI controlled data sharing protocol is based entirely on XRI A globally addressable RDF graph where
the address of every node is an RDF statement structured as an XRI
subject-xri / predicate-xri / object-xri Enables a simple portable authorization
format called XDI link contracts
![Page 31: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/31.jpg)
ORMS (Open Reputation Management Services)
Newest TC in the OASIS IDtrust member section
Will define neutral, vendor-independent system for exchanging reputation data
XRI and XDI TC members participating XRI for durable subject identifiers XDI for controlled data sharing
![Page 32: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/32.jpg)
Other TCs in the IDtrust Member Section Digital Signature Services eXtended (DSS-X)
Advancing new profiles for the DSS OASIS Standard
Enterprise Key Management Infrastructure (EKMI)Defining symmetric key management protocols
Public Key Infrastructure (PKI) AdoptionAdvancing the use of digital certificates as a foundation for managing access to network resources and conducting electronic transactions
![Page 33: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/33.jpg)
The OASIS Standard Voteon XRI 2.0
![Page 34: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/34.jpg)
Specifications XRI Syntax 2.0
Explicit syntax for reassignable and persistent identifiers
Global context symbols Cross-references for
identifier reuse across domains
Flexible delegation at all levels of hierarchy
Lossless transformation into IRI and URI forms
XRI Resolution 2.0 HTTP(S)-based
resolution protocol XRDS: simple XML
discovery document format
Synonym management and verification
Service endpoint selection logic
Redirect and Ref processing
![Page 35: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/35.jpg)
Conclusion
OpenID, OAuth, Higgins, i-names, XDI are just the start of what can now be built on XRI and XRDS
The OASIS XRI TC and IDtrust Member Section look forward to developing more key building blocks of the Internet identity layer
![Page 36: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/36.jpg)
Contact us Gabe Wachob, XRI TC Co-Chair
http://xri.net/=gmw [email protected]
Drummond Reed, XRI TC Co-Chair http://xri.net/=drummond.reed [email protected]
Wikipedia http://en.wikipedia.org/xri http://en.wikipedia.org/xrds
![Page 37: May 6, 2008 Gabe Wachob and Drummond Reed, XRI TC Co-Chairs What do OpenID, Higgins, I-Names, and XDI Have in Common? An OASIS Webinar on XRI and XRDS](https://reader036.vdocuments.site/reader036/viewer/2022062714/56649d265503460f949fdc64/html5/thumbnails/37.jpg)
Learn through the IDtrust Knowledgebase of educational materials and background on the standards
Share news, events, presentations, white papers, product listings, opinions, questions, and recommendations through postings, blogs, forums, and directories.
Collaborate with others online through a wiki interface
http://idtrust.xml.org