The Sixth Corollary of Identifiers

[This is the sixth of seven proposed “Corollaries of Identifiers” to Kim Cameron’s Laws of Identity.]

Kim’s Sixth Law is one of the most interesting, particularly from an HMI (human-machine interaction) standpoint:

6. The Law of Human Integration

A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.

Here’s the corollary for identifiers:

6a. The Corollary of Human-Friendly Identifiers

A unifying identifier metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.

This is certainly no surprise; the evolution of the Internet itself illustrates this corollary nicely. What made the net possible was on a new identifier, the IP address, used to route packets between every host on the net. And for roughly first 20 years of its existence, that’s all there was. To reach another Internet machine, you needed to know its IP address, period.

As Internet usage grew among universities and government agencies, however, the need for a more human-friendly solution was obvious. At first it was a text file, HOSTS.TXT, updated periodically and shared among Internet operators like an electronic phone book. When it became clear this wouldn’t scale, DNS was developed to distribute management and updating of this “IP telephone book”. That gave us the two-layer network addressing system we have today – a logical layer of domain names that made “the human user an integrated component” on top of a physical layer of IP addresses designed for machines. Add the Web’s URI syntax that lets you address any local resource in the context of its IP address or domain name and you have the most successful identifier system in history.

However as the other Corollaries of Identifiers suggest, the current URI layer of network identity falls short of the requirements for a unified identifier system that can fully support Kim’s unified identity metasystem. Besides the fundamental issue of persistence (the ability to maintain an identity when a semantic identifier changes, discussed in Corollary #2), there are also privacy issues (corollaries #1, #2, #3, and #4), interoperability issues (corollary #5), and context-management issues (corollary #7, not yet posted).

One solution for these issues is to take the same approach as DNS and create a new layer over the existing URI layer. This layer of abstract “logical” identifiers can resolve to concrete “physical” URIs the same way logical DNS names resolve to physical IP addresses. That’s the approach taken by the OASIS XRI Technical Committee with Extensible Resource Identifiers (XRIs).

Given the lessons of IP and DNS – and Corollary #6 – it’s no surprise the XRI layer ends out having two “sublayers”. The first one – the persistent XRI or “i-number” layer – closely resembles IP addressing, with the key difference being that i-numbers are intended to be assigned once to a resource and never reassigned.

While i-numbers can solve the problem of maintaining persistent identity independent on a semantic name, they fail the test of “making the human user an integrated component” just as badly as IP addresses did. So XRI architecture solves the problem by supporting a second type of abstract identifier: human-friendly, reassignable XRIs, commonly called “i-names”.

(Technical aside: i-names are not actually a separate layer “on top” of i-numbers – they are peers or “synonyms”. In other words, because i-names and i-numbers both use the same resolution protocol, an i-name can be resolved at the same time to one or more i-numbers as well as one or more one or more URIs. The same is true of an i-number. This adds both efficiency and flexibility in resolution.)

To the best of the knowledge of those of us on the OASIS XRI Technical Committee, XRI is the only abstract identifier architecture that supports both persistent, machine-friendly identifiers and reassignable, human-friendly identifiers with one unified syntax and resolution protocol. What Corollary #6 posits is that both types of identifiers are required if both humans and machines are to integral components of the system.

Special Security Note

The Fifth Law and the Fifth Corollary both end with the requirement that humans must be “integrated through protected and unambiguous human-machine communications” (emphasis mine). When this caveat is applied to identifiers, it goes to the heart of one of the fastest growing problems on the net today: phishing and pharming attacks that are based on either on misleading URLs (whose text says one thing and href goes somewhere else) or “homographic attacks” (domain names that are visual lookalikes, especially using Unicode characters – see The Homographic Attack for an excellent summary.)

Any unified, internationalized identifier system that is open to public registration will always need to contend with this issue, however wise registration policies can prevent many of these problems. XDI.ORG is doing this with its Global Services Specifications, specifically the i-name restriction policy that requires i-name to be in a single Unicode script family, with a small number of exceptions.

If you don’t already have my email address, please send me comments via my i-name contact page at =Drummond.


About Drummond Reed

Internet entrepreneur in identity, personal data, and trust frameworks
This entry was posted in General, XRI. Bookmark the permalink.