Скачать презентацию CNRI Handle System and its Applications Sam X Скачать презентацию CNRI Handle System and its Applications Sam X

13d0e535af906e4ba112f1e3b4dd0281.ppt

  • Количество слайдов: 22

CNRI Handle System and its Applications Sam X. Sun CNRI ssun@cnri. reston. va. us CNRI Handle System and its Applications Sam X. Sun CNRI [email protected] reston. va. us

CNRI Handle System and its Applications • • • Handle System and its Background CNRI Handle System and its Applications • • • Handle System and its Background Handle System Features Handle System Data & Service Model Handle System Applications Handle System and IDF Handle System and Identity Management

Handle System • A global name service that provides unique identifier for digital objects Handle System • A global name service that provides unique identifier for digital objects over the Internet • Maintains persistent identifier that can be persistent over location and attribute change • An infrastructure service that promotes interoperability for identity management & digital rights management,

Background • R. Kahn, & R. Wilensky, Background • R. Kahn, & R. Wilensky, "A Framework for Distributed Digital Object Services", 1995 • Information Layer Infrastructure: - General-purpose global identifier service - Repository for digital objects - Access control & content management • Research project sponsored by DARPA over the past eight years.

Handle System Features • Secured name resolution and data delivery, with standard mechanism for Handle System Features • Secured name resolution and data delivery, with standard mechanism for credential validation • Distributed administration via handle system authentication protocol • Ownership defined per handle, access control defined per handle value – essential for privacy protection • International support via UTF-8 encoding • Distributed service model that is both scalable and extendable

Handle Namespace Syntax Definition: <handle> : : = <NA> / <Local-Name> <NA> : : Handle Namespace Syntax Definition: : : = / : : = *( ) : : = Any Unicode 2. 0 character encoded in UTF 8, except ‘/’ and ‘. ’ : : = Any Unicode 2. 0 character Naming authority (NA) Examples: 10. 123/456 cnri. dlib/july 95 -arms Local-Name under NA

Handle System Data Model Handle System Data Model

Handle Administrator Record defines handle administrator (e. g. for handle “ 0. NA/10”) Handle Administrator Record defines handle administrator (e. g. for handle “ 0. NA/10”)

Example: Handle and Handle Values Handle 10. 123/456 Index Data Type Handle data 2 Example: Handle and Handle Values Handle 10. 123/456 Index Data Type Handle data 2 URL http: /srv 1. pub. com/. . . 3 URL http: /srv 2. pub. com/. . . 100 50 20 adm. 10. 123/admin md http: /meta. pub. com/. . . email [email protected] com

Handle System Service Architecture GHS Client LHS LHS LHS Site 2 Site 1 Handle Handle System Service Architecture GHS Client LHS LHS LHS Site 2 Site 1 Handle System is a collection of handle services, each of which consists of one or more replicated sites, each of which may have one or more servers. Site 3 #1 10. 1000/123456 #2 . . . Site n Site 2 #3 #n #4 URL Site 1 #1 1 2 doi http: //www. . org/. . . http: //meta. doiorg/. . .

Handle System Protocol: Message Structure Handle System Protocol: Message Structure

Handle System Protocol: Message Structure (continued) Envelop Header …<message body>… Credentia Handle System Protocol: Message Structure (continued) Envelop Header …… Credentia

Handle System Documentations: • Handle System Overview http: //www. handle. net/overview-current. html • Handle Handle System Documentations: • Handle System Overview http: //www. handle. net/overview-current. html • Handle System Namespace and Service Definition http: //www. handle. net/namespace-current. html • Handle System Protocol Specification http: //www. handle. net/protocol-spec-current. html • The Digital Object Identifier http: //www. doi. org

Handle System Applications: • International DOI Foundation (http: //www. doi. org) • US Library Handle System Applications: • International DOI Foundation (http: //www. doi. org) • US Library of Congress and University libraries • US Learning Object Network • Web-in-the-Box Project for US Navy • Content ID Forum, Japan • KPA/KDC, Korea • Inventory management, ENPIA, Korea

Handle System Applications (cont. ) • DARPA/NSF Secure Digital Information System for secured information Handle System Applications (cont. ) • DARPA/NSF Secure Digital Information System for secured information sharing among different agencies • AAMVA Driver Record Information Verification System (DRIVer. S) • Financial Service Technical Consortium (FSTC) • MPEG-21 Standard Process • IETF/IRTF Internet Digital Rights Management

DOI and IDF (http: //www. doi. org): • International DOI Foundation: founded 1998 – DOI and IDF (http: //www. doi. org): • International DOI Foundation: founded 1998 – following demonstration of prototype in 1997 • Not-for-profit; paid membership support – similar principles to World Wide Web Consortium(W 3 C) • • Open to all interested parties Democratic: board elected from members Full time staff (Director) 40+ organisations and growing

DOI and IDF: • Establish a way of identifying content in the digital environment DOI and IDF: • Establish a way of identifying content in the digital environment via actionable identifier (e. g. handles in the Handle System). • Use that as the basis for digital rights management in the future. • Aim to maximise value of digital objects (e. g. reduce copy infringement, increase accessibility, help in content management). • Facilitate mass production and mass customisation via terms and conditions associated with digital objects.

DOI and IDF and the Handle System: • DOI registration and resolution service fully DOI and IDF and the Handle System: • DOI registration and resolution service fully implemented over the Handle System. • Applications are being built on top of DOI (e. g. Cross. Ref and Metadata registration). • Commercial deployment: DOI registration agencies (e. g. Cross. Ref and others). • E-Book endorsement and DOI-EB prototype (see http: //www. doi. org).

Identity and Identity Management: • Identity: Identity Reference + Set of Attributes Examples: Driver’s Identity and Identity Management: • Identity: Identity Reference + Set of Attributes Examples: Driver’s License Public Key Certificate Handle + Handle Attribute • Different ways of identity reference determines how identities are used or managed. • Identity management is essential for all kinds of security services, especially in areas such as authentication/authorization, data confidentiality, as well as service non-repudiation.

Identity Management using Handle System • Persistent identity reference, separating identity reference from any Identity Management using Handle System • Persistent identity reference, separating identity reference from any of its attributes. • Separates transport security from credential validation. Simplifies the authentication process. • Automation of credential validation, such that no intermediate Certificate Authority (CA) is necessary, making identity validation process more liable upon legal challenge.

Identity Management using Handle System (cont) • Real time identity validation can be carried Identity Management using Handle System (cont) • Real time identity validation can be carried out via authorization agencies, thus avoiding difficulties surrounding certificate revocation process and making it more trustworthy • Ownership of identity attributes are delegated to identity subjects and authorization agencies, so that changes can be made in a timely fashion without dependency on third party • Privacy and access control can be managed by individual identity subject, protecting against impersonation and/or identity theft

Handle System Goal… • An infrastructure service that promotes interoperability among various information systems, Handle System Goal… • An infrastructure service that promotes interoperability among various information systems, regardless of the computing platform. • Enabling technology for better resource sharing, with distributed administration/ownership defined per named digital object, and secured data binding over public network.