1 / 22

CNRI Handle System and its Applications

CNRI Handle System and its Applications. Sam X. Sun CNRI ssun@cnri.reston.va.us. CNRI Handle System and its Applications. Handle System and its Background Handle System Features Handle System Data & Service Model Handle System Applications Handle System and IDF

kirk-soto
Download Presentation

CNRI Handle System and its Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CNRI Handle System and its Applications Sam X. SunCNRIssun@cnri.reston.va.us

  2. CNRI Handle System and its Applications • Handle System and its Background • Handle System Features • Handle System Data & Service Model • Handle System Applications • Handle System and IDF • Handle System and Identity Management

  3. Handle System • A global name service that provides unique identifier for digital objects over the Internet • Maintains persistent identifier that can be persistent over location and attribute change • An infrastructure service that promotes interoperability for identity management & digital rights management,

  4. Background • R. Kahn, & R. Wilensky, "A Framework for Distributed Digital Object Services", 1995 • Information Layer Infrastructure:- General-purpose global identifier service - Repository for digital objects- Access control & content management • Research project sponsored by DARPA over the past eight years.

  5. Handle System Features • Secured name resolution and data delivery, with standard mechanism for credential validation • Distributed administration via handle system authentication protocol • Ownership defined per handle, access control defined per handle value – essential for privacy protection • International support via UTF-8 encoding • Distributed service model that is both scalable and extendable

  6. Naming authority (NA) Local-Name under NA Handle Namespace Syntax Definition: <handle> ::= <NA> / <Local-Name> <NA> ::= *(<na_seg> ) <na segment> <na_seg> ::= Any Unicode 2.0 character encoded in UTF- 8, except ‘/’ and ‘.’ <Local-Name> ::= Any Unicode 2.0 character Examples: 10.123/456 cnri.dlib/july95-arms

  7. Handle System Data Model

  8. defines handle administrator(e.g. for handle “0.NA/10”) Handle Administrator Record

  9. 20 100 50 3 URL adm. md email Info@pub.com http:/srv2.pub.com/... 10.123/admin http:/meta.pub.com/... Example: Handle and Handle Values Handle Index Data Type Handle data 10.123/456 2 URL http:/srv1.pub.com/...

  10. Client LHS LHS LHS LHS LHS Site 2 Site 1 Site 2 Site 1 Site 3 ... Site n Handle System is a collection of handle services, #1 #2 #3 #4 #n #1 each of which con- sists of one or more replicated sites, each of which may 1 URL http://www. doi .org/..... have one or more 10.1000/123456 http:// meta . doi .org/..... 2 URL servers. Handle System Service Architecture GHS

  11. Handle System Protocol: Message Structure

  12. Envelop Header Credential Handle System Protocol: Message Structure (continued) …<message body>…

  13. Handle System Documentations: • Handle System Overviewhttp://www.handle.net/overview-current.html • Handle System Namespace and Service Definition http://www.handle.net/namespace-current.html • Handle System Protocol Specificationhttp://www.handle.net/protocol-spec-current.html • The Digital Object Identifierhttp://www.doi.org

  14. Handle System Applications: • International DOI Foundation (http://www.doi.org) • US Library of Congress and University libraries • US Learning Object Network • Web-in-the-Box Project for US Navy • Content ID Forum, Japan • KPA/KDC, Korea • Inventory management, ENPIA, Korea

  15. Handle System Applications (cont.) • DARPA/NSF Secure Digital Information System for secured information sharing among different agencies • AAMVA Driver Record Information Verification System (DRIVerS) • Financial Service Technical Consortium (FSTC) • MPEG-21 Standard Process • IETF/IRTF Internet Digital Rights Management

  16. DOI and IDF (http://www.doi.org): • International DOI Foundation: founded 1998 • following demonstration of prototype in 1997 • Not-for-profit; paid membership support • similar principles to World Wide Web Consortium(W3C) • Open to all interested parties • Democratic: board elected from members • Full time staff (Director) • 40+ organisations and growing

  17. DOI and IDF: • Establish a way of identifying content in the digital environment via actionable identifier (e.g. handles in the Handle System). • Use that as the basis for digital rights management in the future. • Aim to maximise value of digital objects (e.g. reduce copy infringement, increase accessibility, help in content management). • Facilitate mass production and mass customisation via terms and conditions associated with digital objects.

  18. DOI and IDF and the Handle System: • DOI registration and resolution service fully implemented over the Handle System. • Applications are being built on top of DOI (e.g. CrossRef and Metadata registration). • Commercial deployment: DOI registration agencies (e.g. CrossRef and others). • E-Book endorsement and DOI-EB prototype(see http://www.doi.org).

  19. Identity and Identity Management: • Identity: Identity Reference + Set of Attributes Examples: Driver’s License Public Key Certificate Handle + Handle Attribute • Different ways of identity reference determines how identities are used or managed. • Identity management is essential for all kinds of security services, especially in areas such as authentication/authorization, data confidentiality, as well as service non-repudiation.

  20. Identity Management using Handle System • Persistent identity reference, separating identity reference from any of its attributes. • Separates transport security from credential validation. Simplifies the authentication process. • Automation of credential validation, such that no intermediate Certificate Authority (CA) is necessary, making identity validation process more liable upon legal challenge.

  21. Identity Management using Handle System(cont) • Real time identity validation can be carried out via authorization agencies, thus avoiding difficulties surrounding certificate revocation process and making it more trustworthy • Ownership of identity attributes are delegated to identity subjects and authorization agencies, so that changes can be made in a timely fashion without dependency on third party • Privacy and access control can be managed by individual identity subject, protecting against impersonation and/or identity theft

  22. Handle System Goal… • An infrastructure service that promotes inter-operability among various information systems, regardless of the computing platform. • Enabling technology for better resource sharing, with distributed administration/ownership defined per named digital object, and secured data binding over public network.

More Related