XRI and XDI Explained

XRI and XDI Explained

XRI (Extensible Resource Identifier) is a new URI-compatible scheme and resolution protocol for abstract identifiers—identifiers that are location-, application-, and transport-independent, and thus can be shared across any number of domains and directories. The XRI 1.0 specifications were published in January 2004 by the OASIS XRI Technical Committee, which is currently working on version 1.1.

XDI (XRI Data Interchange) is a new Web service for trusted data sharing based on XRIs. The XDI protocol is being developed by the OASIS XDI Technical Committee. The goal of XDI is to create a simple but universal data interchange format, similar to TCP/IP packets but at a higher level, in which XML data from any data source can be identified, exchanged, linked, and synchronized into a machine-readable "dataweb" just as HTML pages from any content source are linked into the human-readable Web today. What makes this interchange format possible is identifying, describing, and versioning data using XRIs.

Because the controls needed to mediate access and usage of shared data are built right into XDI link, using a model called link contracts, the emergence of a global Dataweb can provide the distributed data sharing infrastructure necessary to realize the full potential of the Web, Web services, and the Semantic Web.

White Papers

Two white papers are available that explain XDI in much more depth:

• The OASIS XDI white paper published by the OASIS XDI TC discusses the need for a common data sharing infrastructure, how the Dataweb model meets this need, and where XDI fits with other related directory, security, identity, privacy, and data protection standards.
• The Social Web paper published in the PlaNetwork Journal by members of the OASIS XDI TC that explains what an open social networked based on XDI will look like, how it will operate, what new applications it will bring, and how it is likely to evolve.

The following excerpt from The Social Web paper provides a capsule description of XRI and XDI.

The Three Key Building Blocks of XDI

The XDI Technical Committee was formed at OASIS in January 2004 by a consortium of organizations and individuals including AMD, AmSoft, Attachmate, Booz Allen Hamilton, Cordance, Epok, NeuStar, Netmino, NRI, Identity Commons, and PlaNetwork. This section introduces the three major building blocks of the XDI specifications.

1. I-Names and I-Numbers—The Universal Private Address

Today's Web links web pages and other digital objects, while the promise of the Social Web is to link people and organizations. While digital objects live entirely on the network and therefore have relatively stable network addresses, people and organizations live in the dynamic real world—they move and change addresses (postal, phone, fax, email, Web, IM, blog) all the time. They even change their real-world names. Yet their identity remains the same.

This represents a tremendous challenge for the Social Web: how can it maintain long-term, trusted links between real people and organizations over the Internet if their network addresses are constantly changing?

The answer is a new type of abstract address called an XRI (Extensible Resource Identifier). Developed by the OASIS XRI Technical Committee, XRIs solve the problem of maintaining persistent addresses for people and organizations—addresses that do not need to change no matter how often the contact data for a person or organization changes. This is done by adding a new layer of addressing over the existing IP numbering and DNS naming layers used on the Internet today.

Figure 1: XRI i-names and i-numbers are a new abstract addressing layer over IP and DNS.

The XRI addressing layer actually consists of two layers which mirror the two layers below it— DNS domain names and Internet IP numbers. In order of increasing abstraction, these two layers are:

• I-numbers—machine-friendly identifiers (similar to IP addresses) that are registered to a resource (person, organization, application, file, digital object, etc.) and never reassigned. This means they can always be used to address a network representation of the resource as long it remains available somewhere on the network. I-numbers are designed to be very efficient for network routers to process and resolve.
• I-names—human-friendly identifiers that in most cases will resolve to an i-number, making them much easier for people to use. Though typically long-lived, i-names differ from i-numbers in one critical way: they may be transferred or reassigned to another resource by their owner. For example, a company that changes its corporate name could sell its old i-name to another company, while both companies could retain their original i-number.

XRIs are backwards compatible with the DNS and IP addressing systems, so it is possible for domain names and IP addresses to used as i-names. Like DNS names, XRIs can also be delegated, i.e., nested multiple levels deep, just like the directory names on a local computer file system. For example, a company can register a top-level (global) i-name for itself and then assign second- or lower-level (local) i-names to its divisions, employees, etc. Or a community could register a global i-name and assign local i-names to all its participating members.

However XRIs also support two features not available in DNS or IP addressing:

1. Non-hierarchical peer-to-peer addressing—a way any two network nodes can assign each other XRIs and perform cross-resolution.
2. Cross-references—the ability for an XRI to contain another XRI, enabling the same logical resource to be identified in different contexts (a feature particularly relevant to cross-domain data sharing)
3. Global context registries—a simple, human-friendly way to indicate the global context of an i-name or i-number. There are three primary types of global context registries, each represented by a single symbol as shown in the table below:

Examples of i-names and i-numbers from the three primary types of XRI global context registries.

I-names in particular are referred to as unified digital addresses because they solve two other longstanding problems of conventional addresses like phone numbers or email addresses:

• Unified addressing. Because an i-name is abstract, it is the first true “one-line business card.” Given the proper permissions (see below), it can be used to automatically look up (resolve) any other contact data necessary to communicate with its owner. There is no limit to the type of data that can be resolved by an i-name.

Figure 3: XRI i-names and i-numbers can unify all addressing and other contact data.

• Privacy control. An i-name is spam-safe because it is not an email address (or a phone number, or a fax number, or any other form of direct communications channel.) Instead the owner of an i-name controls how it is resolved, and what privacy rules must be observed before any contact can be made or data accessed. This enables new personal contact pages that can automatically filter contact requests, stopping spam before it starts.

In summary, XRI i-names and i-numbers are the persistent, portable, private identifiers needed to anchor the "endpoints" of the Social Web. They provide the abstraction layer and privacy barrier necessary to separate the real-world identities of the people, organizations, applications, and digital objects that will participate in Social Web relationships from the physical machines from which they currently operate.

2. Dataweb Pages—A Lingua Franca for Sharing Data

The second key building block of XDI is a solution to the complex problem of exchanging data across different domains—a problem that must be solved if people and organizations using different operating systems, different databases, and different applications are going to share the data necessary to form trusted relationships via the Social Web.

The Web solved this problem by establishing one standard markup language for all Web documents—HTML. The Social Web applies the same approach using XML, the rapidly growing universal language for data representation. XDI defines an extremely simple, interoperable XML schema in which every element of data is identified with one or more XRIs. XML documents in this format are called Dataweb pages because they can be linked together in a manner very similar to the Web.

The power of this approach is that Dataweb pages provide a single format in which any XML-encoded data (including XML documents in other schema formats) can be shared independent of the application or domain from which they originated. Additionally, using link contracts (see below), these pages can be persistently linked and synchronized, and every page can show the precise chain-of-authority for every item of data on it, whether it is an original or a copy, and whether it belongs in the personal, organizational, or public domain of authority.

3. Link Contracts—Enabling the Dimension of Trust

Just as the World Wide Web protocols allow any two Web pages anywhere on the Internet to be linked, XDI allows any two Dataweb pages to be linked. The difference is the power of the links. Web links are essentially one-way “strings” that allow a linked document to be downloaded (“pulled”) into a browser. Dataweb links are two-way “pipes” through which data can actively flow in either direction (“push” or “pull”). This flow can be controlled automatically by “valves” on either end called XDI link contracts.

Figure 4: XDI link contracts form strong, 2-way "pipes" for trusted data sharing

As shown in Figure 4, XDI link contracts are Dataweb pages that control the exchange of other Dataweb pages the same way real world legal contracts control the exchange of goods, services, or intellectual property. And like real-world contracts, link contracts are flexible enough to address virtually any aspect of data control, including:

• Authority: Who controls the data being shared via the contract?
• Authentication: How will each party prove its identity to the other?
• Authorization: Who has what access rights and privileges to the data?
• Privacy and usage control: What uses can be made of the data and by whom?
• Synchronization: How and when will the subscriber receive updates to the data?
• Termination: What happens when the data sharing relationship is ended?
• Recourse: How will any disputes over the data sharing agreement be resolved?

After i-names/i-numbers and Dataweb pages, link contracts are the third key building block required to create the Social Web. They provide a globally interoperable solution to the complex authority, privacy, synchronization, and other data control issues that exist at a higher level than the packet layer of TCP/IP or the content transport layer of HTTP.