In a recent private discussion list, Phil Becker made an assertion that if your digital identity topology isn't a network of nodes, it isn't going to work.
I couldn't agree more. Here's my reply amplifying how this "network of nodes" concept has been at the core of XRI from day one:
Later on in the thread, the topic of SDSI came up, and I wanted to acknowledge its influence on me personally:(A) "network of nodes" is exactly the architecture that XRI is
designed around. Nodes delegating sub-namespaces to other nodes.Folks have pigeonholed XRI into some sort of tree model, but thats
because all the buzz has been around INames which *do* enable a whole
plethora of new apps based on a small set of globally-known roots
("=", "@", "+", "$") - each of which is a "root" of a tree.But from day one my design philosophy, which separated XRI from DNS,
was that *anyone* could be a root so long as someone else who cares
thinks of that person as a root. Our syntax and resolution are
designed so that a "root authority" is no different than any other xri
namespace authority except that 1) a bunch of people agree to treat
that "root authority" as a place to begin doing resolution, and 2)
agree on a way of identifying that root as distinct from other roots.
Once you start at a root, its delegations/references all the way
down...And how do you identify a root? We have a couple of shortcut symbols -
"=", "@", "+", "$" that the community can come to agree upon as
well-known roots (XDIORG representing the "community" in this case),
but any person can declare their own root and assign a globally unique
identifier (in the form of a URI) to it.For example, I hereby declare my own root with the following:
ID: uuid:bc1a39a4-ca76-4088-9e52-0d5829622870
Authority Service Resolution URL: http://xriauth.wachob.com
There, done. Now, you can use XRIs that have a root identified by the
UUID above:
xri://(uuid:bc1a39a4-ca76-4088-9e52-0d5829622870)*friend
xri://(uuid:bc1a39a4-ca76-4088-9e52-0d5829622870)*enemy
xri://(uuid:bc1a39a4-ca76-4088-9e52-0d5829622870)*home
And so on. I am my own root. But whats nice is that this authority can
actually be delegated (later on, if I decide I want to hook up to the
"=" authority tree) from =GabeW*dev, so the following would resolve to
exactly the same respective descriptors as above:
xri://=GabeW*dev*friend
xri://=GabeW*dev*enemy
xri://=GabeW*dev*home
Note that I don't actually have anything working at xriauth.wachob.com
now, but I plan to hopefully this week. Just to show how easy it is.
And then you can configure your xri resolution client and/or
resolution proxy with my authority identifier and use XRIs in that
namespace... for whatever you want.
Yes, personally I found the concept SPKI/SDSI inspiring, though
obviously the XRI delegation infrastructure does not resemble
SPKI/SDSI very closely, at least from what I know of SPKI/SDSI.In fact, XRI can be deployed in a "I am always my own root" way, or in
a "there is only one root" way, or any number of ways in between. XRI
is mostly just about delegation. You can delegate from a single root
or from an unbounded set of nodes, where "rootness" is a relative
term. Depends on how important "global uniqueness" and findability are
important to you vs. decentralization. I'm not even sure those are
opposing goals, if you think creatively and look to the p2p world for
inspiration.But, again, for a bunch of applications, having a few well known roots
is really important, and thats why the INames deployment of XRI is
valuable. I'm pretty sure it won't be the only one though.
Comments