Post on 27-Mar-2015
ITU Focus Group on Identity ManagementGeneva, February 2007
Norman Paskin
The Handle System
Corporation for National Research Initiativeshttp://www.cnri.reston.va.us/
• Norman Paskin n.paskin@tertius.ltd.uk– Corporation for National Research Initiatives – Member of Handle System Advisory Committee– I manage one implementation of the Handle System (DOI)
• Handle System: a practical tool, in use today, deployed in several content sectors to deal with managing information on digital networks
Outline of the presentation:• Relevance to the ITU FG• Background• Handle System overview• Applications • Some projects • Usage statistics • Topics relevant to identity management: security, granularity• Relation to the Domain Name System• Management and standards
The Handle System and Identity Management
• The Handle System is “a general purpose distributed information system that provides efficient, extensible, and secure identifier and resolution services for use on networks such as the Internet.”
• Fits ITU FG scope: “management of...attributes of an entity”
• “The network level and in general lower layers have not been addressed sufficiently with regard to digital identity, and this remains a weak point in standardization and research”
– ITU Workshop on Digital Identity for Next Generation Networks, Dec 06
• A non-commercial, openly available protocol and reference implementation
• Can utilise existing or new numbering schemes • Developed at Corporation for National Research Initiatives (US)
• www.handle.net
The Handle System and Identity Management
• “Digital information needs to be a first class citizen in the networked environment”
• First class = one that has an identity independent of any other item
• Current internet less than optimal for security, privacy, mobility.
• Original Internet design conflated addresses to serve two purposes: an indication of the location of the end point, and an indication of its identity – now recognised as a limitation (see e.g. NewArch*, FIND**)
*Future generation Internet architecture http://www.isi.edu/newarch/ **Future internet network design http://find.isi.edu/
• The fundamental characteristic of digital information is that it is processable data, enabling re-use and hence new forms of electronic commerce, creativity and social benefit.
• Managing these units of digital information, the “citizens” in the network, requires that they have unique names (or “identifiers”) denoting a specific referent, and the ability to manage their attributes
• Objects (“citizens”) may be representations of content, people, parties, resources, licences, avatars, sensors, etc.
The Handle System and Identity Management
• Handle System is part of a wider architecture (but entirely separable and usable alone)
• Managing information in the Net over very long periods of time – e.g. centuries or more
• Dealing with very large amounts of information in the Net over time
• When information, its location(s) and even the underlying systems may change dramatically over time
• Respecting and protecting rights, interests and value
• Robert Kahn/Robert Wilensky “A framework for distributed digital object services” 1995
– http://www.cnri.reston.va.us/k-w.html
Part of Digital Object Architecture
• Identifier: unique persistent string (“number”, “name”, “identifier”) assigned to a referent
– Unique: one to many: an identifier specifies one and only one referent (but a referent may have more than one identifier)
– Persistent: once assigned, does not change referent
• Resolution: process by which an identifier is input to a network service which returns some information
• Referent: the object to which the identifier is assigned, whether or not resolution returns that object.
– may be abstract, physical or digital, since all these forms of object are of relevance in identifier management (e.g. creations, resources, agreements, people, organisations) – classical ontology issues
– Digital object: an instance of an abstract data type
Terms
• Basic Internet resolution system: identify objects, not servers.• Optimized for speed, reliability, scaling• Open defined protocol and data model (IETF RFC 3650,1,2)
– free protocol; service at low cost (non-profit); – freely available to be used as engine underneath other named identifiers.
• Separation of control of the handle and who runs the servers– distributed administration, granularity at the handle level
• Any Unicode character set – internationalisation
• All transactions can be secure and certified – Both registration and resolution
• Not all data public: individual values within a handle can be private.• No semantics in the identifier• Logically centralized, physically distributed and highly scalable• Does not need DNS, but can work with DNS:
– deployed via tools e.g http proxies, client plug-ins, server software, etc
Handle System overview
• A Handle consists of a prefix and suffixe.g. 123/4567
• Prefix and suffix may be any length e.g. 256.1234/456-mydoc-456584893489
• Suffix may incorporate another identifier numbering scheme e.g. 10.1234/ISBN 0-7894-7764-5Thereby adds functionality to that numbering scheme
Shorter prefixes (1-3 digits) reserved for major projects, countries, etc.
Handle syntax
URL 2 http://a-books.com/….
DLS 3 acme/repository
HS_ADMIN 100 acme.admin/jsmith
XYZ 100111001111012
Data valueHandle
Data type Index
10.123/456 URL 1 http://acme.com/….
Handles resolve to typed data
One or more Handle values (type:value)
Resolution can return all values, or all values of one type
Schematic (simplified) representation of a handle record
Prefix Suffix
Handle value(s)
<index>: 3
Handles resolve to typed data
Fuller representation of a handle record:e.g. the handle "10.1045/may99-payette" has a set of three handle values:
<index>: 2 <type>: HS_ADMIN
<data>: acme.admin/jsmith
<index>: 1 <type>: URL
<data>: http://www.dlib.org/dlib...
<TTL>: {Relative: 24 hours}
<permission>: PUBLIC_READ, ADMIN_WRITE
<timestamp>: 927314334000
<reference>: {empty}
• A handle has a set of values assigned to it = a record that consists of a group of fields.
• <type> field defines the syntax and semantics of a value’s data– e.g. URL (resolving to current location) – pre-defined set of handle data types for administrative use– registered handle data types for non-administrative use (URL, EMAIL, and
DESC): others being added *
• Types may include:– HS_PUBKEY: public key used to authenticate entities in the Handle System.– HS_SECKEY: secret key password to access some service. – DESC: UTF8-encoded descriptions of the object identified by the handle.
• Full list at http://www.handle.net/overviews/types.html
*Handle System Advisory Committee is defining a recommended practice process
Handle System: typing
• http://www.handle.net/apps.html• Provides infrastructure for application domains, e.g. digital libraries &
publishing, network management, id management ...
• International DOI Foundation– Federation of several independent applications including e.g.
• CrossRef (scholarly journal consortium: covers 90+% of literature)• Office of Publications of the European Community (EC documents)• MEDRA (Multilingual European DOI Registration Agency)• Nielsen BookData, R.R. Bowker, et al (bibliographic data - ISBN)• German Nat. Lib. Science and Technology (science data)
– adds a layer of social infrastructure (and specific rules)
• Defense Virtual Information Architecture – Defense Technical Information Center (DTIC), DARPA, CNRI – context sensitive distribution of data and metadata: resolution result
depends on who you are..
• GRID computing – Shared computing resources– Handle System - Globus Toolkit Integration Project
Handle System usage (1)
• DSpace - Digital Repository System – MIT Libraries/Hewlett-Packard – stable, long-term storage of intellectual output of faculty, researchers,
centers and labs.
• National Digital Library Program (NDLP)– Library of Congress. Collections of historic materials converted to
digital formats. LoC use handles to identify material in the library's own collections.
• Los Alamos National Labs – internal doc management (600m+)
• Several Digital Library projects – e.g. ARROW http://arrow.monash.edu.au/
• Others who may adopt RFCs: – e.g. Fedmark: independent commercial implementation of Handle
protocols for digital rights system http://www.fedmark.com/
Handle System usage (2)
• Some others of particular relevance to identity management...
• Transient Network Architecture– Pervasive transient mobile network in which all communications occur
between persistently identified entities.– CNRI/Univ New Mexico, under NSF’s FIND (Future Internet Network Design)
project – http://hdl.handle.net/2118/tna; http://find.isi.edu/
• Using PKI capability for persistent trustworthy identity, separating:– Transport trustworthy (name/attribute is binding)– Administration trustworthy (attribute is issued by attribute holder)– Attribute credential (attribute value is true)
• Representing Value as Digital Objects: Transferability and Anonymity– Deeds of trust, mortgages, bills of lading, digital cash etc. – “Transferable records" structured as digital objects– http://www.dlib.org/dlib/may01/kahn/05kahn.html
• Possible Application of Handles to licences and parties – See separate talk on content industry identifiers
Handle System projects
• Assigned namespaces (“prefix”)
– DOI 2500+– D-Space 500+– Others 700+
• Individual “Handles” (identifiers within each namespace)
– DOI 25+ M
– Other: 600?? millions • total per namespace known only to namespace manager; e.g. LANL adding 600M but
privately
• Global Handle System– Core three service sites (added locations being considered)
– c. 60 million direct resolutions per month – c. 50 million proxy server resolutions
Handle System statistics
• Integrity of the Global Handle Registry service
• Protected service information and public key pair used to sign global service information.
• Handle protocol allows handle servers to authenticate their clients and to provide data integrity service on client request.
• Handle servers can be explicitly asked to generate or return a digital signature for every service response (but normally don’t)
• Public key and/or secret key cryptography may be used.
• Server authentication may be used to prevent eavesdroppers from forging client requests or tampering with server responses.
• Client applications can (if wished) only accept information from the authoritative Global Handle Registry (not any mirrors) and check its integrity on each update.
Handle System: security
• See http://www.handle.net/overviews/dns.html • Similarities and differences in both the design and intended use.
• Naming– DNS naming hierarchy reflects a control hierarchy, Handle system need not. – Handle separates control of handle (id) from control of server (location)
• Distributed Administration– Handle administrators can add/delete identifier and identifier values securely over the public Internet.
• Proxies– Technical advantages regarding resolution work behind SOCKS or HTTP proxies, both supported in
Handle client library (whereas DNS resolution from behind proxies is difficult/impossible).
• Unicode– Handle full native Unicode is supported. There are hacks to make DNS support 8-bit character sets, but
they are not widely implemented.
• Replication– In DNS, if a single record is updated all records must be copied to mirror servers. The Handle System
has finer granularity: if a single record is updated, the server will copy only that record to the mirror servers.
Handle System and DNS (1)
• Certification– DNS has to be fast, especially at the root. Not very good for alternative uses, e.g.
certificates. Handle System has more flexible and robust certification support. • Access Control
– Handle System has support for access control and authentication. DNS does not
• Record Size– Technical advantages regarding UDP and TCP handling: more efficient request
handling; much larger storage in a record (DNS 64KB, Handle System 4GB).
• Examples of integration with DNS: – CNNIC Handle implementation offers secured DNS resolution via a Handle
protocol interface. Further work will package the Handle-DNS software for public release; deploy the Handle-DNS server in “.cn” TLD registry and its subsidiaries; and establish an ENUM service and client software based on the Handle-DNS interface.
– Client library and proxies for use with http etc.
Handle System and DNS (2)
• Functional Granularity: “it should be possible to identify an entity whenever it needs to be distinguished”
• First class naming: “Digital objects should have first class names”
• DNS naming hierarchy reflects a control hierarchy– DNS: who runs acme.com controls who runs branch.acme.com– Handle separates control of handle (id) from control of server (location)
• Handles are first class names : – URLs: grouped by domain name and then by some sort of hierarchical structure, originally
based on file trees– Handles: each name stands on its own, unconnected to any DNS or other hierarchy. Can
avoid broken URLs when control changes • Ownership: In DNS, the system administrator is considered the owner of the data, in the
Handle System the prefix administrator is considered the owner.– Each Handle identifier and prefix can have its own set of administrators independent from
the system administrator.• Relationships between objects can be expressed:
– If you want to build a hierarchy you can – but on any basis– Handles can refer to other handles (some applications have introduced a detailed data
model to allow this – e.g DOI)
Handle System and granularity
• Specification– RFC 3650: Overview– RFC 3651: Namespace and Service Definition– RFC 3652: Protocol
• DoD Instruction 1322– Mandates Handle System use as part of Advanced Distributed Learning
• ISO standards track for DOI– A Handle application for the content sector – ISO TC46/SC9 (home of ISBN etc)
• Governance: HSAC - Handle System Advisory Committee– Approx 15 members representing big users– Goal: evolve to oversee the system, autonomous (IETF etc)– Currently by invitation; interest welcomed
Handle System management and standards
ITU Focus Group on Identity ManagementGeneva, February 2007
Norman Paskinn.paskin@tertius.ltd.uk
The Handle System
T E R T I U S L t d