Embed Size (px)
Citation preview
CNRI Handle System and its Applications
• Handle System and its Background
• Handle System Features
• Handle System Data & Service Model
• Handle System Applications
• Handle System and IDF
• Handle System and Identity Management
Handle System
• A global name service that provides unique identifier for digital objects over the Internet
• Maintains persistent identifier that can be persistent over location and attribute change
• An infrastructure service that promotes interoperability for identity management & digital rights management,
Background
• R. Kahn, & R. Wilensky, "A Framework for Distributed Digital Object Services", 1995
• Information Layer Infrastructure:- General-purpose global identifier service - Repository for digital objects- Access control & content management
• Research project sponsored by DARPA over the past eight years.
Handle System Features
• Secured name resolution and data delivery, with standard mechanism for credential validation
• Distributed administration via handle system authentication protocol
• Ownership defined per handle, access control defined per handle value – essential for privacy protection
• International support via UTF-8 encoding
• Distributed service model that is both scalable and extendable
Handle Namespace
Syntax Definition:<handle> ::= <NA> / <Local-Name>
<NA> ::= *(<na_seg> ) <na segment>
<na_seg> ::= Any Unicode 2.0 character encoded in UTF- 8, except ‘/’ and ‘.’
<Local-Name> ::= Any Unicode 2.0 character
Examples:
10.123/456cnri.dlib/july95-arms
Naming authority (NA)
Local-Name under NA
Handle System Data Model
Handle Administrator Record
defines handle administrator(e.g. for handle “0.NA/10”)
Handle dataHandle Index Data Type
Example: Handle and Handle Values
10.123/456
2 URL http:/srv1.pub.com/...3 URL http:/srv2.pub.com/...
50 md http:/meta.pub.com/...
100 adm. 10.123/admin
20 email
Client
Handle System
GHS
LHS
LHSLHS
LHS LHS
is a collection ofhandle services,each of which con-sists of one or morereplicated sites,
Site 3Site 2
Site nSite 1 Site 2 Site 1...
each of which mayhave one or moreservers.
#1 #2 #n#4#3 #1
http://www.doi.org/.....10.1000/123456 URL
URL
12 http://meta.doi.org/.....
Handle System Service Architecture
Handle System Protocol: Message Structure
Handle System Protocol: Message Structure (continued)
Envelop
Header
Credential…<message body>…
Handle System Documentations:
• Handle System Overviewhttp://www.handle.net/overview-current.html
• Handle System Namespace and Service Definition http://www.handle.net/namespace-current.html
• Handle System Protocol Specificationhttp://www.handle.net/protocol-spec-current.html
• The Digital Object Identifierhttp://www.doi.org
Handle System Applications:
• International DOI Foundation (http://www.doi.org)
• US Library of Congress and University libraries
• US Learning Object Network• Web-in-the-Box Project for US Navy• Content ID Forum, Japan• KPA/KDC, Korea• Inventory management, ENPIA, Korea
Handle System Applications (cont.)
• DARPA/NSF Secure Digital Information System for secured information sharing among different agencies
• AAMVA Driver Record Information Verification System (DRIVerS)
• Financial Service Technical Consortium (FSTC)
• MPEG-21 Standard Process• IETF/IRTF Internet Digital Rights
Management
DOI and IDF (http://www.doi.org):
• International DOI Foundation: founded 1998 – following demonstration of prototype in 1997
• Not-for-profit; paid membership support– similar principles to World Wide Web Consortium(W3C)
• Open to all interested parties• Democratic: board elected from members• Full time staff (Director)• 40+ organisations and growing
DOI and IDF:
• Establish a way of identifying content in the digital environment via actionable identifier (e.g. handles in the Handle System).
• Use that as the basis for digital rights management in the future.
• Aim to maximise value of digital objects (e.g. reduce copy infringement, increase accessibility, help in content management).
• Facilitate mass production and mass customisation via terms and conditions associated with digital objects.
DOI and IDF and the Handle System:
• DOI registration and resolution service fully implemented over the Handle System.
• Applications are being built on top of DOI (e.g. CrossRef and Metadata registration).
• Commercial deployment: DOI registration agencies (e.g. CrossRef and others).
• E-Book endorsement and DOI-EB prototype(see http://www.doi.org).
Identity and Identity Management:
• Identity: Identity Reference + Set of AttributesExamples:
Driver’s LicensePublic Key CertificateHandle + Handle Attribute
• Different ways of identity reference determines how identities are used or managed.
• Identity management is essential for all kinds of security services, especially in areas such as authentication/authorization, data confidentiality, as well as service non-repudiation.
Identity Management using Handle System
• Persistent identity reference, separating identity reference from any of its attributes.
• Separates transport security from credential validation. Simplifies the authentication process.
• Automation of credential validation, such that no intermediate Certificate Authority (CA) is necessary, making identity validation process more liable upon legal challenge.
Identity Management using Handle System(cont)
• Real time identity validation can be carried out via authorization agencies, thus avoiding difficulties surrounding certificate revocation process and making it more trustworthy
• Ownership of identity attributes are delegated to identity subjects and authorization agencies, so that changes can be made in a timely fashion without dependency on third party
• Privacy and access control can be managed by individual identity subject, protecting against impersonation and/or identity theft
Handle System Goal…
• An infrastructure service that promotes inter-operability among various information systems, regardless of the computing platform.
• Enabling technology for better resource sharing, with distributed administration/ownership defined per named digital object, and secured data binding over public network.
