Transcript The Handle System and Identity Management

The Handle System
ITU Focus Group on Identity Management
Geneva, February 2007
Norman Paskin
Corporation for National Research Initiatives
http://www.cnri.reston.va.us/
The Handle System and Identity Management
•
Norman Paskin [email protected]
– Corporation for National Research Initiatives
– Member of Handle System Advisory Committee
– I manage one implementation of the Handle System (DOI)
•
Handle System: a practical tool, in use today, deployed in several
content sectors to deal with managing information on digital networks
Outline of the presentation:
• Relevance to the ITU FG
• Background
• Handle System overview
• Applications
• Some projects
• Usage statistics
• Topics relevant to identity management: security, granularity
• Relation to the Domain Name System
• Management and standards
The Handle System and Identity Management
•
The Handle System is “a general purpose distributed information
system that provides efficient, extensible, and secure identifier and
resolution services for use on networks such as the Internet.”
•
Fits ITU FG scope: “management of...attributes of an entity”
•
“The network level and in general lower layers have not been
addressed sufficiently with regard to digital identity, and this remains a
weak point in standardization and research”
– ITU Workshop on Digital Identity for Next Generation Networks, Dec 06
•
A non-commercial, openly available protocol and reference
implementation
•
Can utilise existing or new numbering schemes
•
Developed at Corporation for National Research Initiatives (US)
•
www.handle.net
The Handle System and Identity Management
•
“Digital information needs to be a first class citizen in the networked
environment”
• First class = one that has an identity independent of any other item
•
Current internet less than optimal for security, privacy, mobility.
•
Original Internet design conflated addresses to serve two purposes: an
indication of the location of the end point, and an indication of its
identity – now recognised as a limitation (see e.g. NewArch*, FIND**)
*Future generation Internet architecture http://www.isi.edu/newarch/
**Future internet network design http://find.isi.edu/
•
The fundamental characteristic of digital information is that it is
processable data, enabling re-use and hence new forms of electronic
commerce, creativity and social benefit.
•
Managing these units of digital information, the “citizens” in the
network, requires that they have unique names (or “identifiers”)
denoting a specific referent, and the ability to manage their attributes
•
Objects (“citizens”) may be representations of content, people, parties,
resources, licences, avatars, sensors, etc.
Part of Digital Object Architecture
•
Handle System is part of a wider architecture (but entirely separable
and usable alone)
•
Managing information in the Net over very long periods of time – e.g.
centuries or more
•
Dealing with very large amounts of information in the Net over time
•
When information, its location(s) and even the underlying systems may
change dramatically over time
•
Respecting and protecting rights, interests and value
•
Robert Kahn/Robert Wilensky “A framework for distributed digital object
services” 1995
– http://www.cnri.reston.va.us/k-w.html
Terms
•
Identifier: unique persistent string (“number”, “name”, “identifier”)
assigned to a referent
– Unique: one to many: an identifier specifies one and only one referent (but a
referent may have more than one identifier)
– Persistent: once assigned, does not change referent
•
Resolution: process by which an identifier is input to a network service
which returns some information
•
Referent: the object to which the identifier is assigned, whether or not
resolution returns that object.
– may be abstract, physical or digital, since all these forms of object are of
relevance in identifier management (e.g. creations, resources, agreements,
people, organisations) – classical ontology issues
– Digital object: an instance of an abstract data type
Handle System overview
•
•
•
Basic Internet resolution system: identify objects, not servers.
Optimized for speed, reliability, scaling
Open defined protocol and data model (IETF RFC 3650,1,2)
– free protocol; service at low cost (non-profit);
– freely available to be used as engine underneath other named identifiers.
•
Separation of control of the handle and who runs the servers
– distributed administration, granularity at the handle level
•
Any Unicode character set
– internationalisation
•
All transactions can be secure and certified
– Both registration and resolution
•
•
•
•
Not all data public: individual values within a handle can be private.
No semantics in the identifier
Logically centralized, physically distributed and highly scalable
Does not need DNS, but can work with DNS:
– deployed via tools e.g http proxies, client plug-ins, server software, etc
Handle syntax
•
A Handle consists of a prefix and suffix
e.g. 123/4567
•
Prefix and suffix may be any length
e.g. 256.1234/456-mydoc-456584893489
•
Suffix may incorporate another identifier numbering scheme
e.g. 10.1234/ISBN 0-7894-7764-5
Thereby adds functionality to that numbering scheme
Shorter prefixes (1-3 digits) reserved for major projects, countries, etc.
Handles resolve to typed data
Schematic (simplified) representation of a handle record
Handle
Data type
10.123/456
Prefix
Suffix
Handle value(s)
Index
Data value
URL
1
http://acme.com/….
URL
2
http://a-books.com/….
DLS
3
acme/repository
HS_ADMIN
XYZ
100
12
acme.admin/jsmith
1001110011110
One or more Handle values (type:value)
Resolution can return all values, or all values of one type
Handles resolve to typed data
Fuller representation of a handle record:
e.g. the handle "10.1045/may99-payette" has a set of three handle values:
<index>:
3
<index>:
2
<type>:
HS_ADMIN
<data>:
acme.admin/jsmith
<index>:
1
<type>:
URL
<data>:
http://www.dlib.org/dlib...
<TTL>:
{Relative: 24 hours}
<permission>:
PUBLIC_READ, ADMIN_WRITE
<timestamp>:
927314334000
<reference>:
{empty}
Handle System: typing
• A handle has a set of values assigned to it
= a record that consists of a group of fields.
• <type> field defines the syntax and semantics of a value’s data
– e.g. URL (resolving to current location)
– pre-defined set of handle data types for administrative use
– registered handle data types for non-administrative use (URL, EMAIL, and
DESC): others being added *
• Types may include:
– HS_PUBKEY: public key used to authenticate entities in the Handle System.
– HS_SECKEY: secret key password to access some service.
– DESC: UTF8-encoded descriptions of the object identified by the handle.
• Full list at http://www.handle.net/overviews/types.html
*Handle System Advisory Committee is defining a recommended practice process
Handle System usage (1)
•
•
http://www.handle.net/apps.html
Provides infrastructure for application domains, e.g. digital libraries &
publishing, network management, id management ...
• International DOI Foundation
– Federation of several independent applications including e.g.
•
•
•
•
•
CrossRef (scholarly journal consortium: covers 90+% of literature)
Office of Publications of the European Community (EC documents)
MEDRA (Multilingual European DOI Registration Agency)
Nielsen BookData, R.R. Bowker, et al (bibliographic data - ISBN)
German Nat. Lib. Science and Technology (science data)
– adds a layer of social infrastructure (and specific rules)
• Defense Virtual Information Architecture
– Defense Technical Information Center (DTIC), DARPA, CNRI
– context sensitive distribution of data and metadata: resolution result
depends on who you are..
• GRID computing
– Shared computing resources
– Handle System - Globus Toolkit Integration Project
Handle System usage (2)
• DSpace - Digital Repository System
– MIT Libraries/Hewlett-Packard
– stable, long-term storage of intellectual output of faculty, researchers,
centers and labs.
• National Digital Library Program (NDLP)
– Library of Congress. Collections of historic materials converted to
digital formats. LoC use handles to identify material in the library's
own collections.
• Los Alamos National Labs
– internal doc management (600m+)
• Several Digital Library projects
– e.g. ARROW http://arrow.monash.edu.au/
• Others who may adopt RFCs:
– e.g. Fedmark: independent commercial implementation of Handle
protocols for digital rights system http://www.fedmark.com/
Handle System projects
•
Some others of particular relevance to identity management...
•
Transient Network Architecture
– Pervasive transient mobile network in which all communications occur
between persistently identified entities.
– CNRI/Univ New Mexico, under NSF’s FIND (Future Internet Network Design)
project
– http://hdl.handle.net/2118/tna; http://find.isi.edu/
•
Using PKI capability for persistent trustworthy identity, separating:
– Transport trustworthy (name/attribute is binding)
– Administration trustworthy (attribute is issued by attribute holder)
– Attribute credential (attribute value is true)
•
Representing Value as Digital Objects: Transferability and Anonymity
– Deeds of trust, mortgages, bills of lading, digital cash etc.
– “Transferable records" structured as digital objects
– http://www.dlib.org/dlib/may01/kahn/05kahn.html
•
Possible Application of Handles to licences and parties
– See separate talk on content industry identifiers
Handle System statistics
•
Assigned namespaces
– DOI
– D-Space
– Others
•
(“prefix”)
2500+
500+
700+
Individual “Handles”
(identifiers within each namespace)
– DOI
25+ M
– Other:
600?? millions
• total per namespace known only to namespace manager; e.g. LANL adding 600M but
privately
•
Global Handle System
– Core three service sites (added locations being considered)
– c. 60 million direct resolutions per month
– c. 50 million proxy server resolutions
Handle System: security
•
Integrity of the Global Handle Registry service
•
Protected service information and public key pair used to sign global service
information.
•
Handle protocol allows handle servers to authenticate their clients and to
provide data integrity service on client request.
•
Handle servers can be explicitly asked to generate or return a digital signature
for every service response (but normally don’t)
•
Public key and/or secret key cryptography may be used.
•
Server authentication may be used to prevent eavesdroppers from forging
client requests or tampering with server responses.
•
Client applications can (if wished) only accept information from the
authoritative Global Handle Registry (not any mirrors) and check its integrity on
each update.
Handle System and DNS (1)
•
•
See http://www.handle.net/overviews/dns.html
Similarities and differences in both the design and intended use.
• Naming
– DNS naming hierarchy reflects a control hierarchy, Handle system need not.
– Handle separates control of handle (id) from control of server (location)
• Distributed Administration
– Handle administrators can add/delete identifier and identifier values securely over the
public Internet.
• Proxies
– Technical advantages regarding resolution work behind SOCKS or HTTP proxies, both
supported in Handle client library (whereas DNS resolution from behind proxies is
difficult/impossible).
• Unicode
– Handle full native Unicode is supported. There are hacks to make DNS support 8-bit
character sets, but they are not widely implemented.
• Replication
– In DNS, if a single record is updated all records must be copied to mirror servers. The
Handle System has finer granularity: if a single record is updated, the server will copy
only that record to the mirror servers.
Handle System and DNS (2)
• Certification
– DNS has to be fast, especially at the root. Not very good for alternative
uses, e.g. certificates. Handle System has more flexible and robust
certification support.
• Access Control
– Handle System has support for access control and authentication. DNS does
not
• Record Size
– Technical advantages regarding UDP and TCP handling: more efficient
request handling; much larger storage in a record (DNS 64KB, Handle
System 4GB).
• Examples of integration with DNS:
– CNNIC Handle implementation offers secured DNS resolution via a Handle
protocol interface. Further work will package the Handle-DNS software for
public release; deploy the Handle-DNS server in “.cn” TLD registry and its
subsidiaries; and establish an ENUM service and client software based on
the Handle-DNS interface.
– Client library and proxies for use with http etc.
Handle System and granularity
• Functional Granularity: “it should be possible to identify an entity whenever it
•
•
•
•
•
needs to be distinguished”
First class naming: “Digital objects should have first class names”
DNS naming hierarchy reflects a control hierarchy
– DNS: who runs acme.com controls who runs branch.acme.com
– Handle separates control of handle (id) from control of server (location)
Handles are first class names :
– URLs: grouped by domain name and then by some sort of hierarchical
structure, originally based on file trees
– Handles: each name stands on its own, unconnected to any DNS or other
hierarchy. Can avoid broken URLs when control changes
Ownership: In DNS, the system administrator is considered the owner of the
data, in the Handle System the prefix administrator is considered the owner.
– Each Handle identifier and prefix can have its own set of administrators
independent from the system administrator.
Relationships between objects can be expressed:
– If you want to build a hierarchy you can – but on any basis
– Handles can refer to other handles (some applications have introduced a
detailed data model to allow this – e.g DOI)
Handle System management and standards
• Specification
– RFC 3650: Overview
– RFC 3651: Namespace and Service Definition
– RFC 3652: Protocol
• DoD Instruction 1322
– Mandates Handle System use as part of Advanced Distributed Learning
• ISO standards track for DOI
– A Handle application for the content sector
– ISO TC46/SC9 (home of ISBN etc)
• Governance: HSAC - Handle System Advisory Committee
– Approx 15 members representing big users
– Goal: evolve to oversee the system, autonomous (IETF etc)
– Currently by invitation; interest welcomed
Handle System home page www.handle.net
The Handle System
ITU Focus Group on Identity Management
Geneva, February 2007
Norman Paskin
[email protected]
TERTIUS
Ltd