XDI What is it? What is it good for? (4K)

From IIW

Session Topic: Why XDI is Needed? (T4K)

Convener: Mike Schwartz

Notes-taker(s): Mike Schwartz

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Why XDI is needed?

It is too hard to secure data against use by the wrong people, and to share data with the right people.

It is too hard to use the Internet to make sense of data.

What new services would be possible if we had a secure, scalable framework for data sharing?

Security must also be portable / interoperable

XRI 3.0

  • Extensible Resource Identifier

XDI 1.0

  • XRI Data Interchange
  • Standard for connecting XRIs into meaningful graphs

XRI Summary:

  • Abstract identifier (not tied to network which is constantly changing)
  • Persistent identifiers issued by global registry under the management of non-profit: XDI.org

Example of XRI cross reference to URI: (http://www.gluu.org)

XDI Summary:

  • Graph data structure based on
  • Subject / Predicate / Object semantics:

Example: =schwartz/+age/(data:,41)

OpenXDI project: implementation of XDI 1.0 draft:

oxJava, oxRuby, oxJS : Native implementations of XDI standard

oxServer : J2EE server implementation: persistence (LDAP), messaging,

oxGraph : Visual tool for viewing, validating, and converting XDI

oxAuth : OAuth 2.0 Authorization Server using XDI graphs to persist tokens

oxTrust: UI for organizational IDP and trust network management

oxModel: REST interfaces to make it easier for app developers to build XDI enabled applications


Why XDI is a critical innovation:

1. To control data we need to be able to name it

2. Once we can name it, we need to be able to make sense of it

3. Once we can make sense of it, we need to be able to control access to

4. Level playing field / inter-operability

5. New service possibilities ! ! !