Information Network I Web 3.0. Youki Kadobayashi NAIST

Transcription

1 Information Network I Web 3.0 Youki Kadobayashi NAIST

2 Web 3.0 Overview: Interoperability in the Web dimension (1) Interoperability of data: Metadata Data about data Assist in interacting with arbitrary (including unknown) resources that support known interfaces Identification Identification of resources Common ID space Openness Discovery Discovery of services associated with the resource Maps Appointments Social media Address Copyright(C)2010 Youki Kadobayashi. All rights reserved. 2

3 Web 3.0 Overview: Interoperability in the Web dimension (2) Interoperability of user identifier Identification Identification of user Common ID space Discovery Authentication Proof of identity through shared secret, proof of possession, physical traits etc. Authorization Access privileges Set of granted operations Maps Appointments Social media Copyright(C)2010 Youki Kadobayashi. All rights reserved. 3 User

4 Data about data Metadata Assist in interacting with arbitrary (including unknown) resources that support known interfaces Copyright(C)2010 Youki Kadobayashi. All rights reserved. 4

5 Metadata standard: RDF RDF: Resource Description Format W3C standards RDF primer RDF concepts and abstract syntax RDF vocabulary description language 1.0: RDF schema Many representation forms: RDF/XML RDF triples Turtle Copyright(C)2010 Youki Kadobayashi. All rights reserved. 5

6 RDF: an example (1) An RDF Graph. Source: W3C RDF primer Copyright(C)2010 Youki Kadobayashi. All rights reserved. 6

7 RDF/XML example RDF: an example (2) <?xml version="1.0"?> <rdf:rdf xmlns:rdf=" xmlns:contact=" <contact:person rdf:about=" <contact:fullname>eric Miller</contact:fullName> <contact:mailbox <contact:personaltitle>dr.</contact:personaltitle> </contact:person> </rdf:rdf> RDF triples ex:index.html dc:creator exstaff: ex:index.html exterms:creation-date "August 16, 1999". ex:index.html dc:language "en". Source: W3C RDF primer Copyright(C)2010 Youki Kadobayashi. All rights reserved. 7

8 RDF: an example (3) Turtle serialization syntax for rdf: contact: < < rdf:type contact:person; contact:fullname "Eric Miller"; contact:mailbox contact:personaltitle "Dr.". Source: W3C RDF primer, turtle version Copyright(C)2010 Youki Kadobayashi. All rights reserved. 8

9 Microformat XHTML-based Simple, open data formats microformats.org People, events, tags, No new language hcard <span class="tel"> <span class="type">home</span>: <span class="value"> </span> </span> hcalendar <span class="vevent"> <span class="summary">the WASForum 2010</span> on <span class="dtstart"> </span> at the Kokuyo Hall in <span class="location">tokyo, Japan</span>. </span> Look for Microformat-aware plugin for your favorite Web browser Copyright(C)2010 Youki Kadobayashi. All rights reserved. 9

10 Identification of resources Common ID space Openness URI revisited foo://example.com:8042/over/there?name=ferret#nose _/ / / / / scheme authority path query fragment / / urn:example:animal:ferret:nose Globally unique identification of resources? Copyright(C)2010 Youki Kadobayashi. All rights reserved. 10

11 Data identification standards DOI: Digital Object Identifier UUID: Universally Unique Identifier Copyright(C)2010 Youki Kadobayashi. All rights reserved. 11

12 DOI: Digital Object Identifier Coordinated by International DOI Foundation Standardized as ISO/DIS Used to globally and uniquely identify electronic document or other object DOI: / Naming authority (10: DOI project) Registrant (1145: ACM) Item ID Copyright(C)2010 Youki Kadobayashi. All rights reserved. 12

13 UUID: Universally Unique Identifier also known as GUID X.667 (ITU-T SG17) RFC 4122 (IETF) Generation and registration of Universally Unique Identifiers (UUIDs) and their use as ASN.1 object identifier components Time-based UUID (v1) Node: 48-bit MAC address Name-based UUID (v3, v5) Node: 48 bits from hash: MD5(name) or SHA1(name) Random number-based UUID (v4) Node: 48-bit random UUID URN namespace urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6 v node Copyright(C)2010 Youki Kadobayashi. All rights reserved. 13

14 Discovery Discovery of services associated with the resource Resource identifier Resolver? Service endpoint identifier Capabilities Copyright(C)2010 Youki Kadobayashi. All rights reserved. 14

15 Discovery standards Handle System For DOI etc. Defined by: IETF EPCglobal Object Name Service (ONS) For RFID tags Defined by: EPCglobal XRI For web 3.0 etc. Defined by: OASIS OID resolver For OID (object identifier) Defined by: ITU-T SG Copyright(C)2010 Youki Kadobayashi. All rights reserved. 15

16 RFC 3650 Handle System Identifier and resolution services DOI: an application of Handle System >> redirects you to CACM 52(9), Security in the Browser For more info: Copyright(C)2010 Youki Kadobayashi. All rights reserved. 16

17 Discovery standard: XRI -- An OASIS standard for service discovery Source: OASIS Extensible Resource Identifier (XRI) Resolution Version Copyright(C)2010 Youki Kadobayashi. All rights reserved. 17

18 Interoperability of data in Web 3.0 Identification Discovery Metadata Data Metadata Confined Data Interactions 3.0 Services Bring back the ownership of data! Copyright(C)2010 Youki Kadobayashi. All rights reserved. 18

19 Common ID space Hierarchical vs Federated Identification of user Implications of openness Assignment Identity ownership Conflict resolution/avoidance Assurance Verification Persistence Maps Appointments User Social media Copyright(C)2010 Youki Kadobayashi. All rights reserved. 19

20 Identity management standards X.500 series Hierarchical ID space Distinguished Name as user identifier Originally defined by ITU-T SG 17 in X.500 series Today: IETF PKIX WG / ITU-T SG 17 Q.12 OpenID Federated ID space URL as user identifier Notion of Persona Ability to control privacy of identity information Developed by OpenID Foundation Copyright(C)2010 Youki Kadobayashi. All rights reserved. 20

21 Authentication Proof of identity through: Shared secret Password Use of public/private key pair Digital certificate Proof of possession Hardware token -- IC card etc. Physical traits Fingerprints etc. etc. Multi-factor authentication Combination of two or more of the above Copyright(C)2010 Youki Kadobayashi. All rights reserved. 21

22 X.509 Digital Certificate Defined in ITU-T X.509 Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks X.509 certificate contains: Issuer CN Subject CN Validity period Subject Public Key Signature Algorithm Signature of the issuer Digital signature in X.509. Source: ITU-T Rec. X / Copyright(C)2010 Youki Kadobayashi. All rights reserved. 22

23 X.509 Digital Certificate in action Issuer CN: Equifax Secure Global ebusiness CA-1 Subject CN: Equifax Secure Global ebusiness CA-1 Validity period: 99/06/21 13:00:00-20/06/21 13:00:00 Subject Public Key: ba e Signature Algorithm: PKCS #1 MD5 With RSA Encryption Signature of the issuer: 30 e aa c7 sign certificate Issuer CN: Equifax Secure Global ebusiness CA-1 Subject CN: *.myopenid.com Validity period: 09/04/29 7:08:45-11/05/30 7:08:45 Subject Public Key: d bb Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature of the issuer: 5e 54 e4 c e 9c Copyright(C)2010 Youki Kadobayashi. All rights reserved. 23

24 OpenID authentication protocol Federated ID space URL as user identifier OP: OpenID provider Provides authentication service RP: Relying Party Service that relies on OpenID authentication service Copyright(C)2010 Youki Kadobayashi. All rights reserved. 24

25 OpenID auth protocol in action User Agent Relying Party OpenID Provider User URI or XRI Redirect; get token Get token Discovery XRDS Diffie-Hellman Post credential Redirect Token For more details, consult OpenID Authentication 2.0 spec Copyright(C)2010 Youki Kadobayashi. All rights reserved. 25

26 Authorization Now I know your name and you re here, but it s completely different from what you may do in this room Access privileges Set of granted operations Create, Delete Read, Update User Persona Example: CRUD operation over Persona in social media Copyright(C)2010 Youki Kadobayashi. All rights reserved. 26

27 Authorization process Identify user Authenticate user Map to specific group or role Identify access privilege Permit or deny operation N.B. many variations do exist Copyright(C)2010 Youki Kadobayashi. All rights reserved. 27

28 OAuth Authorization standards For use with OpenID authentication An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications IETF Open Authentication Protocol WG X.509 attribute certificate RFC 3281: An Internet Attribute Certificate Profile for Authorization For use with X.509 digital certificate Copyright(C)2010 Youki Kadobayashi. All rights reserved. 28

29 Open Identity in Web 3.0 Identification Discovery Metadata Metadata User Confined Assignment Ownership Conflict resolution Assurance Verification Persistence User Interactions 3.0 Services Bring back the ownership of identity! Copyright(C)2010 Youki Kadobayashi. All rights reserved. 29

30 Summary -- Web 3.0: Interoperability in the Web dimension Interoperability of data: Metadata Interoperability of user ID: Identification Identification Discovery Discovery Authentication Authorization Copyright(C)2010 Youki Kadobayashi. All rights reserved. 30