Identity Woman (Kaliya Hamlin) posts about why current “friend formats” like FOAF and XFN don’t satisfy the need for privacy and personal control of data that she – and many other women – want before they are comfortable sharing personal information online.

She mentions that XRI and XDI provide this capability. Chris Messina comments that:

As it is now, there are few applications that actually support what
you’re talking about in terms of giving you fine grained control over
your relationship lists… It’s something that I hope is coming down
the pipe but is not something that has to do with the format; instead
it’s all about consistent citizen-centric access controls over their
data.

Let me explain why I believe it does indeed have “something to do with the format”, and thus why XRI and XDI are so relevant to this problem.

The core idea is that to provide the control Kaliya wants — over who has access to what parts of her profile — you can’t tie the access control format down to a specific blog, domain, application, or i-broker that you are using. You need the access control format to be as portable as the data it is controlling, or else we’ll never get to real portable data – data (and relationships) you can “take with you” across different communities and applications as your life and work evolves.

XRI and XDI provide a open standard way to do this. They break the problem of portable access control into two parts. The first part is a portable addressing format — a way to address the data being controlled that is domain- and application- independent. That’s the job of XRI (Extensible Resource Identifier). It enables a layer of abstract addressing on top of any network-addressable resource that enables portability of data across domains and applications.

The second part is a portable format for expressing the controls an individual (or other data authority) wants to assert over access and sharing of their information. That’s the job of XDI (XRI Data Interchange), a very simple XML format in wich every node of a data graph is XRI-addressable. Within this graph, certain nodes are used to store the access control metadata. In XDI these are called link contracts.

Link contracts are are the portable access control format Kaliya is asking for. As she mentions in her blog, XDI link contracts have already been implemented by Andy Dale, Steve Churchill, Barry Beechinor, and the team at ooTao in a large scale data sharing project for La Leche League International. ooTao used the original XDI data graph model, called the Authority/Type/Instance (ATI) model, For more about this implementation, see Andy’s blog, The Tao of XDI.

An even simpler XDI data graph model, XDI RDF, has since been developed based on the RDF graph model. To see examples of what link contracts look like in the XDI RDF model, see the current XDI RDF Model writeup.

With the XRI Resolution 2.0 spec going final (public review will begin next week – I’ll blog more about this shortly), I look forward very much to diving much deeper into XDI RDF and link contracts at the Internet Identity Workshop, coming up December 3-5 at the Computer History Museum in Mountain View.