ITU Focus Group on Identity ManagementGeneva, February 2007

Norman Paskin

The Handle System

Corporation for National Research Initiativeshttp://www.cnri.reston.va.us/

• Norman Paskin n.paskin@tertius.ltd.uk– Corporation for National Research Initiatives – Member of Handle System Advisory Committee– I manage one implementation of the Handle System (DOI)

• Handle System: a practical tool, in use today, deployed in several content sectors to deal with managing information on digital networks

Outline of the presentation:• Relevance to the ITU FG• Background• Handle System overview• Applications • Some projects • Usage statistics • Topics relevant to identity management: security, granularity• Relation to the Domain Name System• Management and standards

The Handle System and Identity Management

• The Handle System is “a general purpose distributed information system that provides efficient, extensible, and secure identifier and resolution services for use on networks such as the Internet.”

• Fits ITU FG scope: “management of...attributes of an entity”

• “The network level and in general lower layers have not been addressed sufficiently with regard to digital identity, and this remains a weak point in standardization and research”

– ITU Workshop on Digital Identity for Next Generation Networks, Dec 06

• A non-commercial, openly available protocol and reference implementation

• Can utilise existing or new numbering schemes • Developed at Corporation for National Research Initiatives (US)

• www.handle.net

The Handle System and Identity Management

• “Digital information needs to be a first class citizen in the networked environment”

• First class = one that has an identity independent of any other item

• Current internet less than optimal for security, privacy, mobility.

• Original Internet design conflated addresses to serve two purposes: an indication of the location of the end point, and an indication of its identity – now recognised as a limitation (see e.g. NewArch*, FIND**)

*Future generation Internet architecture http://www.isi.edu/newarch/ **Future internet network design http://find.isi.edu/

• The fundamental characteristic of digital information is that it is processable data, enabling re-use and hence new forms of electronic commerce, creativity and social benefit.

• Managing these units of digital information, the “citizens” in the network, requires that they have unique names (or “identifiers”) denoting a specific referent, and the ability to manage their attributes

• Objects (“citizens”) may be representations of content, people, parties, resources, licences, avatars, sensors, etc.

The Handle System and Identity Management

• Handle System is part of a wider architecture (but entirely separable and usable alone)

• Managing information in the Net over very long periods of time – e.g. centuries or more

• Dealing with very large amounts of information in the Net over time

• When information, its location(s) and even the underlying systems may change dramatically over time

• Respecting and protecting rights, interests and value

• Robert Kahn/Robert Wilensky “A framework for distributed digital object services” 1995

– http://www.cnri.reston.va.us/k-w.html

Part of Digital Object Architecture

• Identifier: unique persistent string (“number”, “name”, “identifier”) assigned to a referent

– Unique: one to many: an identifier specifies one and only one referent (but a referent may have more than one identifier)

– Persistent: once assigned, does not change referent

• Resolution: process by which an identifier is input to a network service which returns some information

• Referent: the object to which the identifier is assigned, whether or not resolution returns that object.

– may be abstract, physical or digital, since all these forms of object are of relevance in identifier management (e.g. creations, resources, agreements, people, organisations) – classical ontology issues

– Digital object: an instance of an abstract data type

Terms

• Basic Internet resolution system: identify objects, not servers.• Optimized for speed, reliability, scaling• Open defined protocol and data model (IETF RFC 3650,1,2)

– free protocol; service at low cost (non-profit); – freely available to be used as engine underneath other named identifiers.

• Separation of control of the handle and who runs the servers– distributed administration, granularity at the handle level

• Any Unicode character set – internationalisation

• All transactions can be secure and certified – Both registration and resolution

• Not all data public: individual values within a handle can be private.• No semantics in the identifier• Logically centralized, physically distributed and highly scalable• Does not need DNS, but can work with DNS:

– deployed via tools e.g http proxies, client plug-ins, server software, etc

Handle System overview

• A Handle consists of a prefix and suffixe.g. 123/4567

• Prefix and suffix may be any length e.g. 256.1234/456-mydoc-456584893489

• Suffix may incorporate another identifier numbering scheme e.g. 10.1234/ISBN 0-7894-7764-5Thereby adds functionality to that numbering scheme

Shorter prefixes (1-3 digits) reserved for major projects, countries, etc.

Handle syntax

URL 2 http://a-books.com/….

DLS 3 acme/repository

HS_ADMIN 100 acme.admin/jsmith

XYZ 100111001111012

Data valueHandle

Data type Index

10.123/456 URL 1 http://acme.com/….

Handles resolve to typed data

One or more Handle values (type:value)

Resolution can return all values, or all values of one type

Schematic (simplified) representation of a handle record

Prefix Suffix

Handle value(s)

<index>: 3

Handles resolve to typed data

Fuller representation of a handle record:e.g. the handle "10.1045/may99-payette" has a set of three handle values:

<index>: 2 <type>: HS_ADMIN

<data>: acme.admin/jsmith

<index>: 1 <type>: URL

<data>: http://www.dlib.org/dlib...

<TTL>: {Relative: 24 hours}

<permission>: PUBLIC_READ, ADMIN_WRITE

<timestamp>: 927314334000

<reference>: {empty}

• A handle has a set of values assigned to it = a record that consists of a group of fields.

• <type> field defines the syntax and semantics of a value’s data– e.g. URL (resolving to current location) – pre-defined set of handle data types for administrative use– registered handle data types for non-administrative use (URL, EMAIL, and

DESC): others being added *

• Types may include:– HS_PUBKEY: public key used to authenticate entities in the Handle System.– HS_SECKEY: secret key password to access some service. – DESC: UTF8-encoded descriptions of the object identified by the handle.

• Full list at http://www.handle.net/overviews/types.html

*Handle System Advisory Committee is defining a recommended practice process

Handle System: typing

• http://www.handle.net/apps.html• Provides infrastructure for application domains, e.g. digital libraries &

publishing, network management, id management ...

• International DOI Foundation– Federation of several independent applications including e.g.

• CrossRef (scholarly journal consortium: covers 90+% of literature)• Office of Publications of the European Community (EC documents)• MEDRA (Multilingual European DOI Registration Agency)• Nielsen BookData, R.R. Bowker, et al (bibliographic data - ISBN)• German Nat. Lib. Science and Technology (science data)

– adds a layer of social infrastructure (and specific rules)

• Defense Virtual Information Architecture – Defense Technical Information Center (DTIC), DARPA, CNRI – context sensitive distribution of data and metadata: resolution result

depends on who you are..

• GRID computing – Shared computing resources– Handle System - Globus Toolkit Integration Project

Handle System usage (1)

• DSpace - Digital Repository System – MIT Libraries/Hewlett-Packard – stable, long-term storage of intellectual output of faculty, researchers,

centers and labs.

• National Digital Library Program (NDLP)– Library of Congress. Collections of historic materials converted to

digital formats. LoC use handles to identify material in the library's own collections.

• Los Alamos National Labs – internal doc management (600m+)

• Several Digital Library projects – e.g. ARROW http://arrow.monash.edu.au/

• Others who may adopt RFCs: – e.g. Fedmark: independent commercial implementation of Handle

protocols for digital rights system http://www.fedmark.com/

Handle System usage (2)

• Some others of particular relevance to identity management...

• Transient Network Architecture– Pervasive transient mobile network in which all communications occur

between persistently identified entities.– CNRI/Univ New Mexico, under NSF’s FIND (Future Internet Network Design)

project – http://hdl.handle.net/2118/tna; http://find.isi.edu/

• Using PKI capability for persistent trustworthy identity, separating:– Transport trustworthy (name/attribute is binding)– Administration trustworthy (attribute is issued by attribute holder)– Attribute credential (attribute value is true)

• Representing Value as Digital Objects: Transferability and Anonymity– Deeds of trust, mortgages, bills of lading, digital cash etc. – “Transferable records" structured as digital objects– http://www.dlib.org/dlib/may01/kahn/05kahn.html

• Possible Application of Handles to licences and parties – See separate talk on content industry identifiers

Handle System projects

• Assigned namespaces (“prefix”)

– DOI 2500+– D-Space 500+– Others 700+

• Individual “Handles” (identifiers within each namespace)

– DOI 25+ M

– Other: 600?? millions • total per namespace known only to namespace manager; e.g. LANL adding 600M but

privately

• Global Handle System– Core three service sites (added locations being considered)

– c. 60 million direct resolutions per month – c. 50 million proxy server resolutions

Handle System statistics

• Integrity of the Global Handle Registry service

• Protected service information and public key pair used to sign global service information.

• Handle protocol allows handle servers to authenticate their clients and to provide data integrity service on client request.

• Handle servers can be explicitly asked to generate or return a digital signature for every service response (but normally don’t)

• Public key and/or secret key cryptography may be used.

• Server authentication may be used to prevent eavesdroppers from forging client requests or tampering with server responses.

• Client applications can (if wished) only accept information from the authoritative Global Handle Registry (not any mirrors) and check its integrity on each update.

Handle System: security

• See http://www.handle.net/overviews/dns.html • Similarities and differences in both the design and intended use.

• Naming– DNS naming hierarchy reflects a control hierarchy, Handle system need not. – Handle separates control of handle (id) from control of server (location)

• Distributed Administration– Handle administrators can add/delete identifier and identifier values securely over the public Internet.

• Proxies– Technical advantages regarding resolution work behind SOCKS or HTTP proxies, both supported in

Handle client library (whereas DNS resolution from behind proxies is difficult/impossible).

• Unicode– Handle full native Unicode is supported. There are hacks to make DNS support 8-bit character sets, but

they are not widely implemented.

• Replication– In DNS, if a single record is updated all records must be copied to mirror servers. The Handle System

has finer granularity: if a single record is updated, the server will copy only that record to the mirror servers.

Handle System and DNS (1)

• Certification– DNS has to be fast, especially at the root. Not very good for alternative uses, e.g.

certificates. Handle System has more flexible and robust certification support. • Access Control

– Handle System has support for access control and authentication. DNS does not

• Record Size– Technical advantages regarding UDP and TCP handling: more efficient request

handling; much larger storage in a record (DNS 64KB, Handle System 4GB).

• Examples of integration with DNS: – CNNIC Handle implementation offers secured DNS resolution via a Handle

protocol interface. Further work will package the Handle-DNS software for public release; deploy the Handle-DNS server in “.cn” TLD registry and its subsidiaries; and establish an ENUM service and client software based on the Handle-DNS interface.

– Client library and proxies for use with http etc.

Handle System and DNS (2)

• Functional Granularity: “it should be possible to identify an entity whenever it needs to be distinguished”

• First class naming: “Digital objects should have first class names”

• DNS naming hierarchy reflects a control hierarchy– DNS: who runs acme.com controls who runs branch.acme.com– Handle separates control of handle (id) from control of server (location)

• Handles are first class names : – URLs: grouped by domain name and then by some sort of hierarchical structure, originally

based on file trees– Handles: each name stands on its own, unconnected to any DNS or other hierarchy. Can

avoid broken URLs when control changes • Ownership: In DNS, the system administrator is considered the owner of the data, in the

Handle System the prefix administrator is considered the owner.– Each Handle identifier and prefix can have its own set of administrators independent from

the system administrator.• Relationships between objects can be expressed:

– If you want to build a hierarchy you can – but on any basis– Handles can refer to other handles (some applications have introduced a detailed data

model to allow this – e.g DOI)

Handle System and granularity

• Specification– RFC 3650: Overview– RFC 3651: Namespace and Service Definition– RFC 3652: Protocol

• DoD Instruction 1322– Mandates Handle System use as part of Advanced Distributed Learning

• ISO standards track for DOI– A Handle application for the content sector – ISO TC46/SC9 (home of ISBN etc)

• Governance: HSAC - Handle System Advisory Committee– Approx 15 members representing big users– Goal: evolve to oversee the system, autonomous (IETF etc)– Currently by invitation; interest welcomed

Handle System management and standards

Handle System home page www.handle.net

ITU Focus Group on Identity ManagementGeneva, February 2007

Norman Paskinn.paskin@tertius.ltd.uk

The Handle System

T E R T I U S L t d