Embed Size (px)
Citation preview
1
XDI Graph PatternsOASIS XDI TC Submission
Drummond Reed2012-04-12
This document contains XDI introductory materials plus illustrations of many standard XDI graph patterns:
1. I-names, i-numbers, and synonyms: XDI statements used to assert multiple XRIs for the same logical resource
2. Remote graphs and XDI discovery: statements used to describe and navigate the distributed global XDI graph
3. Social graphs: relationships between XDI authorities
4. Single-valued contexts: simple contexts that accept a single data value and can describe versioning of that value
5. Multi-valued contexts: simple contexts representing a one-dimensional array of single-valued contexts
6. Single-instance contexts: complex contexts with a multiplicity of one
7. Multi-instance contexts: complex contexts with a multiplicity of zero or more
8. Personas and roles: complex contexts and relations that model contextual identity for individuals
9. Link contracts: contexts used for XDI authorization
10. Policy expression: conditional logic for rules evaluation
11. Messages: XDI graphs used in the XDI protocol
12. Dictionaries: machine-readable XDI ontology definitions
2
XDI Graph Notation
Context node: Represents any logical context within the graph
Contextual arc: Uniquely identifies a root or context node
Relational arc: Non-uniquely links root or context nodes
Literal node: Represents a leaf node containing data
Root node: Represents the root context of an XDI graph
Literal arc: Singleton arc that identifies a Literal node
Symbol Usage In RDF graph model?
✔
✖
✔
✔
✖
✔
3
Simple examples
=alice
“+1-206-555-1212”
$!(+tel)
!
“2010-10-10T11:12:13Z”
!
=alice
=alice$!(+tel)
=alice$!(+tel)$!($t)$!($t)
=bob
+friend
=bob
()
(=bob) (=bob)
relational
“value”literal
contextual
contextual
contextual
contextual
contextual
“value”literal
local root
remote root
context
context
context
context
literal
literal
$!($uri)
“http://xdi.example.com/bob”!
(=bob)$!($uri)
4
JSON serialization (1){ "(=bob)$!($uri)/!": [ ”http://xdi.example.com/bob" ], "=bob/+friend": [ "=alice " ], "=alice$!(+tel)/!": [ "+1-206-555-1212" ], "=alice$!(+tel)$!($t)/! ": [ "2010-09-20T10:11:12Z" ]}
5
JSON serialization (2){ "(=!1111.2222.3333.4444)/$is": [ "()" ], "=example/$is": [ "=!1111.2222.3333.4444" ], "=!1111.2222.3333.4444/$is$a": [ "+person" ], "=!1111.2222.3333.4444/+friend": [ "=example2", "=eample3*john.smith", "(mxailto:[email protected])", "(http://example.com/friend)" ], "=!1111.2222.3333.4444$!(+age)/!": [ 33 ], "=!1111.2222.3333.4444$!(+vegetarian)/!": [ true ], "=!1111.2222.3333.4444+favorite$!(+colors)/!": [ "red", "blue", "green" ], "=!1111.2222.3333.4444+address$*(+street)$!1/!": [ "123 Corliss Ave N" ], "=!1111.2222.3333.4444+address$*(+street)$!2/!": [ "Apt 42" ], "=!1111.2222.3333.4444+address$!(+city)/!": [ "Seattle" ], "=!1111.2222.3333.4444+address$!(+state)/!": [ "WA" ], "=!1111.2222.3333.4444+address$!(+postal.code)/!": [ "98133" ]}
6
XRI context symbols
Globally unique identifiers controlled by legal organizations (trademarks)
Globally unique identifiers controlled by standard bodies (e.g., XDI grammar)
Globally unique identifiers controlled by the general public (generic nouns)
Globally unique identifiers controlled by natural persons
Symbol Meaning Examples
=
@
+
$
Context
Individual
Institutional
Generic
Specific
@neustar@kynetx
$and$or
+photo+email
=drummond=windley
Global Context Symbols
Locally unique identifiers that may be reassigned to different resources over time (“i-numbers”)
Locally unique identifiers assigned to a resource once and never reassigned (“i-names”)
Symbol Meaning Examples
!
@
Context
Immutable
Mutable *back.forty*cuddles
!1234!4c3f.87e2
Local Context Symbols
An identifier assigned in one context being reused in another context
Symbol Meaning Examples
() (http://example.com/)@kynetx+customer(http://example.com/)
Cross-References
7
Multiplicity
Node
Literal Context Root
Single-Instance
Simple
Multi-Valued
Complex
Leaf points of the graph containing the raw data
Starting points of the full 3-dimensional XDI
graph - can contain other root nodes
1-dimensional array
2-dimensional array
Complexity
Contains exactly one complex context
Contains zero or more single-valued contexts of the same type
Single-Valued
Contains exactly one literal arc
Multi-Instance
Contains zero or more complex contexts of the same type
8
Multiplicity and dictionary syntax
Multi-instance context
Multi-valued context
Dictionary context
Single valued context
Single instance context
Nestedcontext
Concept In XDI English syntax
Nested dictionary context
Class – plural
Instance – plural
Class definition
Instance - singular
Class – singular
Class specialization
Class definition specialization
XDI syntax
photos
the photos
a photo
the photo
photo
Flicker photo
a Flicker photo
$(photo)
$*(photo)
+(+photo)
$!(+photo)
+photo
@flicker+photo
+(@flicker)+(+photo)
I-names, i-numbers, and synonyms
=!0999.a7b2.25fd.c609
!1
9
=abc
The local root node address is ()
=abc
=!0999.a7b2.25fd.c609
=!0999.a7b2.25fd.c609!1
*household
*home
=!0999.a7b2.25fd.c609*household
=!0999.a7b2.25fd.c609*home
The top two i-names are synonyms for the bottom i-number
Every non-root XDI node has exactly one canonical XDI address. A canonical equivalence relationship may be asserted between two XDI context nodes (i.e., that they represent the same logical resource and thus their XDI addresses are “synonyms”) using a $is relational arc. (The inverse relation is $is$is.) When navigating the graph, an XDI processor is required to redirect to the target node of a $is relation before continuing.
This is the “I am” statement, i.e., a way for the local root of this graph to assert its own XDI address.
(=!0999.a7b2.25fd.c609)
$is
$is
$is$is
The XRI =abc, an i-name, is a synonym for the XRI =!0999.a7b2.25fd.c609, an i-number
Remote graphs and XDI discovery
10
()
The XDI global graph is a single logical graph of which subsets are distributed across any network location (clients, servers, databases, etc.) Each subset, called a local graph, begins with a local root node, expressed as an empty XRI cross-reference, (). A local root node accessible on the network is called an XDI endpoint. A local graph may describe other remote XDI graphs by including XDI statements about remote root nodes. This enables XDI clients to perform XDI discovery: navigation of the global graph by making XDI queries across a chain of local graphs to discover the URIs for other XDI endpoints.
(=!0222.e3f2.76cb.904a)
(@!0111.db4a.e317.7a12)
“http://xdi.example.com/(@!0111.db4a.e317.7a12)/”
!
“http://xdi.example.com/(=!0222.e3f2.76cb.904a)/”
This local graph contains two remote roots each with a single-valued URI context
$!($uri)
!
This multi-valued $uri context is a property of the local root
$is
“http://xdi.example.com/(=!0111.7af3.65d5.8cb7)/”
!
$*($uri)
(=!0111.7af3.65d5.8cb7)
$!1
“http://xdi2.example.com/(=!0111.7af3.65d5.8cb7)/”
!
$!2
$!($uri)
The “Who am I?” statement where the local root node describes its own identifier(s) using a $is relation
11
Social graphs
=abc
(http://facebook.com/)
=xyz
+teammate
=abc is a teammate of =xyz in a Seattle soccer context
=abc is best friends with =xyz
=abc is friends with *bob in the Facebook context
+seattle
+best+friend
*bob
+friend
+soccer
=xyz
Social graph expressed at the (=!1111) local graph, for which =abc is the authority
$is() (=!1111)
=!1111
$is=!2222
!a726df $is
$is
=!2222 $is
XDI graphs can express the relationships between XDI authorities in different contexts. This example illustrates the relationship between =abc (i-number =!1111) and =xyz (i-number =!2222) in a global context, *bob in a Facebook context, and in a Seattle soccer context.
$is
12
Single-valued contexts
=!1111
“33”
$!(+age)
!
“2010-10-10T11:12:13Z”!
$*($v)
$!1
“32”!
“2010-09-09T10:11:12Z”
$!($t)
$!2
Literal context +age
Literal value
Versioning subgraph
First version context
First version timestamp
Second version context, which is also the current version
$is
$!($t)
!
First version value
timestamp subgraph
$v
A single-valued context has a single literal arc to a literal node. It may also contain other contexts describing it (subproperties). A single-valued context is always expressed as a cross-reference (in parens) prefixed with $!. The diagram below illustrates a person's age, $!(+age), with two standard XDI subproperties: a timestamp and a versioning subgraph.
$is
=abc
$is() (=!1111)
13
Multi-valued contexts
$*(+tel)“+1.206.555.1111”
!$!1
$!2
“+1.206.555.2222”!
$*2
$*1
$!($t)
$*($v)
…
$($v)
…
+home
+home+fax
+work
A multi-valued context represents a set of single-valued contexts of the same type and optionally ordinals expressing their order. A multi-valued context is always expressed as a cross-reference prefixed with $*. The example shown below is a phone number with two instances, =abc$*(+tel)$!1 and =abc$*(+tel)$!2. The i-numbers ($!1 and $!2) persistently identify each instance within the set. Ordinal contexts with i-names ($*1 and $*2) assert the unique order of these instances. Relational arcs describe the non-unique type of each instance, e.g., +home, +home+fax, and +work.
Version subgraph – reflects changes to literal values only
Version subgraph – reflectschanges at this level only
$!($t)
… …
$is
$is
Two ordinal contexts, =abc$*(+tel)$*1 and =abc$*(+tel)$*2, assert the order of the two phone number instances
$is
=abc
$is() (=!1111)
=!1111
14
$*(+tel)
“+1.206.555.1111”!$!1
$!2
“+1.206.555.2222”!
$*2
$*1
+home
+home+fax
+work
Single-valued and multi-valued contexts can be used together to express the full semantic richness of contextual data. This example illustrates how the XDI graph for a person (=abc) can express his/her default, work, home, and home fax telephone numbers.
$is
$is
$is
=abc
$is() (=!1111)
=!1111
$!(+tel)
Combining single-valued and multi-valued contexts
+home
+work
+fax
$!(+tel)
$!(+tel)
$!(+tel)
$is $is $is $is
15
Single-instance contexts
+passport
$($v)
…
A single-instance context represents exactly one complex context. It does not use a $ prefix. The example shown below is a passport. It contains three single-valued contexts: a country string, a number string, and an expiration date.
Version subgraph – represents changes to this level only
“2010-10-01T00:00:00Z”
“New Zealand”
“123456789”
$!($t)
…
!
!
!
$!($t)
$*($v)
…
Version subgraph – reflects changes to the literal value only
…
$is
=abc
() (=!1111)
=!1111
$!(+country)
$!(+num)
$!(+expires)
$is
16
Multi-instance contexts
$(+passport)
!
$(!1)
$(!2)
$!($t)
$($v)
…
$($v)
…
+ca
+nz
A multi-instance context represents a set of complex contexts of the same type. A multi-instance context is always expressed as a cross-reference prefixed with $. The example shown below is a set of passports. Two instances are shown, =abc$(+passport)$!1 and =abc$(+passport)$!2. (Ordering of these instances is not shown in this diagram, but uses the same ordinal pattern as with multi-valued contexts.)
Version subgraph – reflects changes to this level only
Version subgraph – reflects changes to this level only
“2005-01-01T00:00:00Z”
“Canada”
“987654321”
“2010-10-01T00:00:00Z”
“New Zealand”
“123456789”
$!($t)
……
!
!
!
!
!
$!(+country)
$!(+num)
$!(+expires)
$!($t)
$*($v)
…
Version subgraph – reflects changes to the literal value only
…
$is
$is
$is
=abc
() (=!1111)
=!1111
$!(+country)
$!(+num)
$!(+expires)
$is
17
Personas and roles
$(!1)
$(!2)
*home
*work
Personas are an example of using complex contexts to model the identity of a person. In the example below, the person =!1111 (aka =abc) has two personas, $(=!1111)$(!1) and $(=!1111)$(!2). @!4444 (aka @example.co) is a company in which the $(=!1111)$(!2) persona plays the role of president.
+president is a role that the persona $(=!1111)$(!2) plays in the context of company @!4444
$(=!1111)$is
$is
“33”
$!(+age)
!
($)
@!4444
@example.co
$is +president
$(=!1111)$(!1) and $(=!1111)$(!2) are personas of =!1111 that enable =!1111 to control the sharing of portions of =!1111’s personal graph
The ($) variable relation allows graphs to be included in other graphs – in this case, the $(=!1111)$(!2) persona includes =!1111$!(+age)
$is
=abc
$is() (=!1111)
=!1111
18
Link contracts (1)
This root link contract uses the $all relation to permit the XDI subjects to which it is assigned to perform all XDI operations on the local graph
A link contract is a complex context used for XDI authorization. A link contract is defined by a$do context. Shown below is the “bootstrap” link contract in a graph, called a root link contract: a $do child of the local root node. The $all relation pointing back to the root asserts that the assignee(s) of this contract have “root access”, i.e., permission to perform all XDI operations on the entire local graph.
=!0999.a7b2.25fd.c609
()
=abc
(=!0999.a7b2.25fd.c609)
$is
$is
$do$all
$is$do
$is$do (the inverse of the $do relation) is the relation used to explicitly assign the permissions of a link contract to one or more XDI subjects
19
Link contracts (2)
$!1
$!2
*home
*work
This diagram shows the addition of a link contract to the previous Personas and Roles diagram. This link contract, created by =!1111 to control access to the $(=!1111)$(!2) persona, gives the organization @!4444 $get (read) permission on that persona.
$(=!1111)$is
$is
“33”
$!(+age)
!
($)
@!4444
@example.co
$is+president
$is
=abc
$is() (=!1111)
=!1111
$do
$get
$is$do
The $is$do relation assigns this link contract to @!4444, which means people from that organ-ization will be able to access the $(=!1111)$(!2) persona
This link contract gives the assignee(s) permission to do an XDI $get operation on the $(=!1111)$(!2) persona, i.e., read anything in its subgraph
Policy expression
$(!2)
$do
20
$if begins the policy expression branch of a link contract$and branches group
policy instances that must all evaluate to true
$not branches group policies that must evaluate to false
(=!1111)
$or branches group policies of which at least one must evaluate to true
$(=!1111)
$is
$if
$!($and)
$*($or)
$!($not)
“{policy}”!
“{policy}”!
$!1
“{policy}”!
$!2
“{policy}”!
Policy expression is handled by the $if subgraph of a link contract. The three policy contexts are $and (all policies must be satisfied), $or (at least one policy must be satisfied), and $not (all policies must not be satisfied). These can be nested as needed for any boolean logic tree.
Link contract
Each policy is a Javascript statement that may include standard XDI graph references
21
Messages
(=!2222)
$do
$get
$add
“to” XDI remote graph
Message instance
Message operations
Message envelope
“2010-12-22T22:22:22Z”
$!($t)
$(!1234)
=!1111
Message timestamp
Message context
()
$($msg)
“from” XDI authority (sender)
(=!1111)
$is“from” XDI local graph
$(=!2222)
$(!1)
!
(!3)
XDI messages are XDI graphs sent from the local XDI graph (the “from” graph) to remote XDI graph(s) (the “to” graph(s)) to perform an XDI operation (e.g., $get, $add, $mod, $del, $copy, $move). Every message must reference the link contract authorizing the operation it is requesting. Note that the $add relation records the source graph for auditing purposes.
$get$do
$is()
Every message must include a $do reference to the link contract authorizing the operation it is requesting. For example, this message references the $(=!2222)$(!1)$do link contract for $get permission on the $(=!2222)$(!1) persona
$do
$is$do
22
Dictionaries
+(+age)
“{XBNF statement}”!
“2010-09-09T10:11:12Z”
$!($t)
The global ! context is the root of the XDI literal type hierarchy
Dictionary statements may be timestamped and versioned like any other XDI graph
!
XBNF (XDI BNF) is a version of ABNF in which statement components can be XRIs. This provides 100% machine readability all the way down to the structure of the literal data
$is$a statements define supertype relationships
XDI graphs containing XDI ontology statements are called XDI dictionaries. They are machine-readable definitions of simple contexts and complex contexts. Simple contexts are defined by reference to the XDI literal type tree, which includes the type trees defined in JSON, XML, and MIME. Complex types are built up from simple types and other complex types.
!
$is() (+)
$string
$json
$string
!
$is$a
$*($xbnf)
$!1
“{XBNF statement}”!
$!2
$is()
$is()$is() statements express supercontexts
