Web 3.0 Overview: Interoperability in the Web dimension (1) Web 3.0 Overview: Interoperability in the Web dimension (2) Metadata

Transcription

1 Information Network I Web 3.0 Youki Kadobayashi NAIST Web 3.0 Overview: Interoperability in the Web dimension (1) Interoperability of data: Assist in interacting with arbitrary (including unknown) resources that support known interfaces of resources Openness of services associated with the resource Address Copyright(C)2010 Youki Kadobayashi. All rights reserved. 2 Web 3.0 Overview: Interoperability in the Web dimension (2) Interoperability of user identifier of user Authentication Proof of identity through shared secret, proof of possession, physical traits etc. Authorization Access privileges Set of granted operations Copyright(C)2010 Youki Kadobayashi. All rights reserved. 3 Data about data Assist in interacting with arbitrary (including unknown) resources that support known interfaces Copyright(C)2010 Youki Kadobayashi. All rights reserved. 4 standard: RDF RDF: an example (1) RDF: Resource Description Format W3C standards RDF primer RDF concepts and abstract syntax RDF vocabulary description language 1.0: RDF schema Many representation forms: RDF/XML RDF triples Turtle Copyright(C)2010 Youki Kadobayashi. All rights reserved. 5 An RDF Graph. Source: W3C RDF primer Copyright(C)2010 Youki Kadobayashi. All rights reserved. 6

2 RDF/XML example RDF: an example (2) <?xml version="1.0"?> <rdf:rdf xmlns:rdf=" xmlns:contact=" <contact:person rdf:about=" <contact:fullname>eric Miller</contact:fullName> <contact:mailbox <contact:personaltitle>dr.</contact:personaltitle> </contact:person> </rdf:rdf> RDF triples ex:index.html dc:creator exstaff: RDF: an example (3) Turtle serialization syntax for rdf: contact: < < rdf:type contact:person; contact:fullname "Eric Miller"; contact:mailbox contact:personaltitle "Dr.". Source: W3C RDF primer, turtle version ex:index.html exterms:creation-date "August 16, 1999". ex:index.html dc:language "en". Source: W3C RDF primer Copyright(C)2010 Youki Kadobayashi. All rights reserved Copyright(C)2010 Youki Kadobayashi. All rights reserved. 8 XHTML-based Simple, open data formats microformats.org No new language hcard Microformat <span class="tel"> <span class="type">home</span>: <span class="value"> </span> </span> hcalendar <span class="vevent"> <span class="summary">the WASForum 2010</span> on <span class="dtstart"> </span> at the Kokuyo Hall in <span class="location">tokyo, Japan</span>. </span> Look for Microformat-aware plugin for your favorite Web browser Copyright(C)2010 Youki Kadobayashi. All rights reserved. 9 Identification of resources Openness URI revisited foo://example.com:8042/over/there?name=ferret#nose _/ / / / / scheme authority path query fragment / / urn:example:animal:ferret:nose Globally unique identification of resources? Copyright(C)2010 Youki Kadobayashi. All rights reserved. 10 Data identification standards DOI: Digital Object Identifier UUID: Universally Unique Identifier DOI: Digital Object Identifier Coordinated by International DOI Foundation Standardized as ISO/DIS Used to globally and uniquely identify electronic document or other object DOI: / Naming authority (10: DOI project) Registrant (1145: ACM) Item ID Copyright(C)2010 Youki Kadobayashi. All rights reserved Copyright(C)2010 Youki Kadobayashi. All rights reserved. 12

3 UUID: Universally Unique Identifier also known as GUID X.667 (ITU-T SG17) RFC 4122 (IETF) Generation and registration of Universally Unique Identifiers (UUIDs) and their use as ASN.1 object identifier components Time-based UUID (v1) Node: 48-bit MAC address Name-based UUID (v3, v5) Node: 48 bits from hash: MD5(name) or SHA1(name) Random number-based UUID (v4) Node: 48-bit random of services associated with the resource Resource identifier Resolver? UUID URN namespace urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6 v node Copyright(C)2010 Youki Kadobayashi. All rights reserved. 13 Service endpoint identifier Capabilities Copyright(C)2010 Youki Kadobayashi. All rights reserved. 14 standards Handle System For DOI etc. Defined by: IETF EPCglobal Object Name Service (ONS) For RFID tags Defined by: EPCglobal XRI For web 3.0 etc. Defined by: OASIS OID resolver For OID (object identifier) Defined by: ITU-T SG Copyright(C)2010 Youki Kadobayashi. All rights reserved. 15 Handle System RFC 3650 Identifier and resolution services DOI: an application of Handle System For more info: Copyright(C)2010 Youki Kadobayashi. All rights reserved. 16 standard: XRI -- An OASIS standard for service discovery Interoperability of data in Web 3.0 Identification Data Confined Data Interactions 3.0 Services Source: OASIS Extensible Resource Identifier (XRI) Resolution Version Copyright(C)2010 Youki Kadobayashi. All rights reserved. 17 Bring back the ownership of data! Copyright(C)2010 Youki Kadobayashi. All rights reserved. 18

4 Identification of user Identity management standards Common ID space Hierarchical vs Federated Implications of openness Assignment Identity ownership Conflict resolution/avoidance Assurance Verification Persistence X.500 series Hierarchical ID space Distinguished Name as user identifier Originally defined by ITU-T SG 17 in X.500 series Today: IETF PKIX WG / ITU-T SG 17 Q.12 OpenID Federated ID space URL as user identifier Notion of Persona Ability to control privacy of identity information Developed by OpenID Foundation Copyright(C)2010 Youki Kadobayashi. All rights reserved Copyright(C)2010 Youki Kadobayashi. All rights reserved. 20 Authentication Proof of identity through: Shared secret Password Use of public/private key pair Digital certificate Proof of possession Hardware token -- IC card etc. Physical traits Fingerprints etc. etc. Multi-factor authentication Combination of two or more of the above Copyright(C)2010 Youki Kadobayashi. All rights reserved. 21 X.509 Digital Certificate Defined in ITU-T X.509 Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks X.509 certificate contains: Issuer CN Subject CN Validity period Subject Public Key Signature Algorithm Signature of the issuer Digital signature in X.509. Source: ITU-T Rec. X / Copyright(C)2010 Youki Kadobayashi. All rights reserved. 22 X.509 Digital Certificate in action Issuer CN: Equifax Secure Global ebusiness CA-1 Subject CN: Equifax Secure Global ebusiness CA-1 Validity period: 99/06/21 13:00:00-20/06/21 13:00:00 Signature Algorithm: PKCS #1 MD5 With RSA Encryption sign certificate Issuer CN: Equifax Secure Global ebusiness CA-1 Subject CN: *.myopenid.com Validity period: 09/04/29 7:08:45-11/05/30 7:08:45 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption OpenID authentication protocol Federated ID space URL as user identifier OP: OpenID provider Provides authentication service RP: Relying Party Service that relies on OpenID authentication service Copyright(C)2010 Youki Kadobayashi. All rights reserved Copyright(C)2010 Youki Kadobayashi. All rights reserved. 24

5 OpenID auth protocol in action Agent Relying Party OpenID Provider URI or XRI Redirect; get token XRDS Diffie-Hellman Get token Post credential Redirect Token For more details, consult OpenID Authentication 2.0 spec Copyright(C)2010 Youki Kadobayashi. All rights reserved. 25 Authorization Access privileges Set of granted operations Create, Delete Read, Update Persona Example: CRUD operation over Persona in social media Copyright(C)2010 Youki Kadobayashi. All rights reserved. 26 Authorization process Identify user Authenticate user Map to specific group or role Authorization standards OAuth For use with OpenID authentication simple and standard method from desktop and web IETF Open Authentication Protocol WG Identify access privilege Permit or deny operation N.B. many variations do exist Copyright(C)2010 Youki Kadobayashi. All rights reserved. 27 X.509 attribute certificate RFC 3281: An Internet Attribute Certificate Profile for Authorization For use with X.509 digital certificate Copyright(C)2010 Youki Kadobayashi. All rights reserved. 28 Open Identity in Web 3.0 Identification Summary -- Web 3.0: Interoperability in the Web dimension Interoperability of data: Interoperability of user ID: Confined Assignment Ownership Conflict resolution Assurance Verification Persistence Interactions Services 3.0 Authentication Authorization Bring back the ownership of identity! Copyright(C)2010 Youki Kadobayashi. All rights reserved Copyright(C)2010 Youki Kadobayashi. All rights reserved. 30