230 likes | 377 Views
CNRI Handle System and its Applications. Sam X. Sun CNRI ssun@cnri.reston.va.us. CNRI Handle System and its Applications. Handle System and its Background Handle System Features Handle System Data & Service Model Handle System Applications Handle System and IDF
E N D
CNRI Handle System and its Applications Sam X. SunCNRIssun@cnri.reston.va.us
CNRI Handle System and its Applications • Handle System and its Background • Handle System Features • Handle System Data & Service Model • Handle System Applications • Handle System and IDF • Handle System and Identity Management
Handle System • A global name service that provides unique identifier for digital objects over the Internet • Maintains persistent identifier that can be persistent over location and attribute change • An infrastructure service that promotes interoperability for identity management & digital rights management,
Background • R. Kahn, & R. Wilensky, "A Framework for Distributed Digital Object Services", 1995 • Information Layer Infrastructure:- General-purpose global identifier service - Repository for digital objects- Access control & content management • Research project sponsored by DARPA over the past eight years.
Handle System Features • Secured name resolution and data delivery, with standard mechanism for credential validation • Distributed administration via handle system authentication protocol • Ownership defined per handle, access control defined per handle value – essential for privacy protection • International support via UTF-8 encoding • Distributed service model that is both scalable and extendable
Naming authority (NA) Local-Name under NA Handle Namespace Syntax Definition: <handle> ::= <NA> / <Local-Name> <NA> ::= *(<na_seg> ) <na segment> <na_seg> ::= Any Unicode 2.0 character encoded in UTF- 8, except ‘/’ and ‘.’ <Local-Name> ::= Any Unicode 2.0 character Examples: 10.123/456 cnri.dlib/july95-arms
defines handle administrator(e.g. for handle “0.NA/10”) Handle Administrator Record
20 100 50 3 URL adm. md email Info@pub.com http:/srv2.pub.com/... 10.123/admin http:/meta.pub.com/... Example: Handle and Handle Values Handle Index Data Type Handle data 10.123/456 2 URL http:/srv1.pub.com/...
Client LHS LHS LHS LHS LHS Site 2 Site 1 Site 2 Site 1 Site 3 ... Site n Handle System is a collection of handle services, #1 #2 #3 #4 #n #1 each of which con- sists of one or more replicated sites, each of which may 1 URL http://www. doi .org/..... have one or more 10.1000/123456 http:// meta . doi .org/..... 2 URL servers. Handle System Service Architecture GHS
Envelop Header Credential Handle System Protocol: Message Structure (continued) …<message body>…
Handle System Documentations: • Handle System Overviewhttp://www.handle.net/overview-current.html • Handle System Namespace and Service Definition http://www.handle.net/namespace-current.html • Handle System Protocol Specificationhttp://www.handle.net/protocol-spec-current.html • The Digital Object Identifierhttp://www.doi.org
Handle System Applications: • International DOI Foundation (http://www.doi.org) • US Library of Congress and University libraries • US Learning Object Network • Web-in-the-Box Project for US Navy • Content ID Forum, Japan • KPA/KDC, Korea • Inventory management, ENPIA, Korea
Handle System Applications (cont.) • DARPA/NSF Secure Digital Information System for secured information sharing among different agencies • AAMVA Driver Record Information Verification System (DRIVerS) • Financial Service Technical Consortium (FSTC) • MPEG-21 Standard Process • IETF/IRTF Internet Digital Rights Management
DOI and IDF (http://www.doi.org): • International DOI Foundation: founded 1998 • following demonstration of prototype in 1997 • Not-for-profit; paid membership support • similar principles to World Wide Web Consortium(W3C) • Open to all interested parties • Democratic: board elected from members • Full time staff (Director) • 40+ organisations and growing
DOI and IDF: • Establish a way of identifying content in the digital environment via actionable identifier (e.g. handles in the Handle System). • Use that as the basis for digital rights management in the future. • Aim to maximise value of digital objects (e.g. reduce copy infringement, increase accessibility, help in content management). • Facilitate mass production and mass customisation via terms and conditions associated with digital objects.
DOI and IDF and the Handle System: • DOI registration and resolution service fully implemented over the Handle System. • Applications are being built on top of DOI (e.g. CrossRef and Metadata registration). • Commercial deployment: DOI registration agencies (e.g. CrossRef and others). • E-Book endorsement and DOI-EB prototype(see http://www.doi.org).
Identity and Identity Management: • Identity: Identity Reference + Set of Attributes Examples: Driver’s License Public Key Certificate Handle + Handle Attribute • Different ways of identity reference determines how identities are used or managed. • Identity management is essential for all kinds of security services, especially in areas such as authentication/authorization, data confidentiality, as well as service non-repudiation.
Identity Management using Handle System • Persistent identity reference, separating identity reference from any of its attributes. • Separates transport security from credential validation. Simplifies the authentication process. • Automation of credential validation, such that no intermediate Certificate Authority (CA) is necessary, making identity validation process more liable upon legal challenge.
Identity Management using Handle System(cont) • Real time identity validation can be carried out via authorization agencies, thus avoiding difficulties surrounding certificate revocation process and making it more trustworthy • Ownership of identity attributes are delegated to identity subjects and authorization agencies, so that changes can be made in a timely fashion without dependency on third party • Privacy and access control can be managed by individual identity subject, protecting against impersonation and/or identity theft
Handle System Goal… • An infrastructure service that promotes inter-operability among various information systems, regardless of the computing platform. • Enabling technology for better resource sharing, with distributed administration/ownership defined per named digital object, and secured data binding over public network.