XRI & XDI – the USI (Ultra Simple Introduction)

What if...

  • you could navigate the Web using one easy-to-remember password?
  • you could enter your personal data once and use it on many Web sites?
  • you had a simple way of determining how information about you is used and disclosed by others?
  • you could ensure that your personal information and identity was controlled by one person — you?

These are the questions (posed by the Identity Commons) that, amongst others, the new open, non-proprietary XRI and XDI standards can answer. Their potential impact on identity management, identity-centric applications, information publishing, sharing and advanced searching could be very significant.

XRI

XRI (Extensible Resource Identifier) is a new open standard for abstract identifiers. It builds on and interoperates with existing, successful Internet techniques such as URLs, Domain Names, XML, HTTP and the REST model.

Three classes of XRI have been defined for people, organisations and other (usually data). XRIs can be in one of two forms (a) a human readable, re-assignable form (i-name) and a machine readable, persistent form (i-number). The human readable i-names look similar to URLs and are resolved from distributed, delegated databases managed in a similar way to existing domain name servers. Conceptually, the i-name can be thought of as being analogous to a domain name (human readable and re-assignable) which maps, via an IP address (machine readable and re-assignable), to a MAC address (machine readable and persistent), analogous to the i-number. The i-name can change but the i-number stays the same.

At the personal identifier level, someone’s i-name, resolved to an i-number, acts like a primary database key to look up more information about that person, such as phone number or email address, but under the control of the i-name owner. Any data that can be represented in an XML schema can be stored and referenced in this way. Crucially, the i-name itself, even if resolved to an i-number, provides no access to any communication channel identifiers; knowing someone’s i-name is not enough to communicate with them, unless that person permits you to look up the address associated with that channel, e.g. an email address or a phone number. Typically, a person might have one i-number and one or more i-names (e.g. one identity for private use and one for business use).

At the document level, XRIs can provide the equivalent of ‘permalinks’ which will always point to the expected information or the latest version of it, even if it is moved on the server or to a different server. At the document content level, XRIs can reference any XML element, allowing either the extraction of individual elements or the construction of compound documents using XRIs to reference remote elements.
XRIs are intended to be registered with specialist service providers, like domain names. Once registered, the owner can change the i-name, the information referenced by it and the controls over who can access what. Also like domain names, organisations can register a base i-name applying to the whole organisation and then manage the assignment, numbering and associated data for their own sub-domains.

XDI

XDI (XRI Data Interchange) is a new standard for distributed data sharing and mediation. The goal of XDI is to enable data from any data source to be identified, exchanged, linked, and synchronized into a machine-readable Dataweb. Links (“pipes”) between Dataweb documents provide two-way data flow, persistence, update with fine-grained control over the data exchanged. These features can be used to provide facilities such as trusted search and the metadata referenced by the resolved XRI provides the ability to ask high-quality questions across multiple sources.

The representation and linking for XRIs uses XML and the XDI service used to exchange data can be bound to HTTP (i.e. Web), SOAP (i.e. Web Services), SMTP (i.e. email) or any other suitable transport mechanism. XDI bound to SOAP is compatible with Web Services, as currently defined, but as it could be bound to any other transport protocols, new XDI services could be developed that could improve on or supersede existing and emergent Web Services.

Optional XDI Link Contracts provide active identification, data interchange control and caching. Link contracts can apply to any kind of data interchange, such as scheduling appointments, personal information interchange or e-commerce transactions. Link contracts can support credentials for authentication, authorisation, access control, privacy and usage control, distribution and forwarding control, synchronisation, and termination (of the contract relationship). Furthermore, each side of a link contract can keep copies of the transactions, with obvious implications for compliance and governance.
Examples of potential XDI Dataweb applications include:

  • Exchange, linking, and lifetime synchronization of electronic business cards, public keys, and other common identity attributes across distributed directories (dynamic address books)
  • Internet calendar sharing (not reliant on proprietary protocols or programs)
  • Trusted search (searches that need to cross multiple private websites)
  • Auto-configuration and intelligent data synchronization across multiple user devices (desktop, laptop, PDA, land phone, cell phone, etc.)
  • Automated website registration, form-fill, and e-commerce transactions
  • Cross-domain security and privacy management (using credentials)
  • Automated group memberships (based on rules defined in link contracts)
  • Enhanced Social Networking (at the business and personal level)

Conclusions

XRI and XDI clearly have major implications for identity management and the delivery of identity-based services, as well as enabling the construction of the Dataweb. Careful consideration needs to be given to their place in future information strategies and in relation to other identity management initiatives and products.

(Originally written November 2005)