XRIs resolve identity management dilemma

Identity management is a big productivity win for companies, but implementation can be challenging. A company's partner, for instance, might identify each of its employees by personnel number, a distinguished name or an e-mail address. Merely recognizing the type of identifier provided can be difficult or impossible, and supporting them all is costly.

The Organization for the Advancement of Structured Information Standards (OASIS) has developed a unified identifier scheme to help companies tackle today's rampant identity management interoperability problems. The Extensible Resource Identifier (XRI ) specification establishes an interoperable framework for expressing, resolving and establishing equivalence between identifiers of any kind for any resource type, including people, applications, network devices and corporate assets.

XRIs build on the ubiquitous Uniform Resource Identifier (URI) and Internationalized Resource Identifier (IRI) standards - widely used by identity management solutions - by defining standard ways to express characteristics such as type, language and date. The lightweight HTTP- and XML-based XRI resolution framework lets a consuming application quickly and easily discover metadata about those resources, such as an alternative synonym identifier that works better in the application's local identity management system.

Metadata isn't limited to alternative identifiers. Imagine that an XRI-identified resource is a technical manual, available as a PDF or Word document and retrievable from a variety of mirrored network locations via various protocols. In a broad sense, the manual is the same document irrespective of where it is located, how it is retrieved or in what format it is represented. XRIs are ideally suited for identifying resources at this level of abstraction because the resolution process lets the consuming application choose the best network location, retrieval method and file format for its needs from the available options.

Like URIs, XRIs are composed of an authority portion and a path portion. XRI resolution converts the authority portion and the path portion of an XRI to an XML document called an XRIDescriptor. The XRIDescriptor describes the identified resource and the means by which the digital representation of the resource can be retrieved. By providing an additional level of in direction away from concrete instances of a resource, XRIs provide a permanent, unbreakable reference on which stable business relationships can be based.

To support the widespread adoption of XRI technology, OpenXRI.org offers a freely redistributable open source XRI tool kit that can be integrated into corporate, ISP or software vendor architectures. The tool kit includes client-side resolvers and high-performance resolution servers.

OpenXRI.org is chartered to publish and maintain this tool kit to help organizations tackle interoperability problems with minimal disruption to their internal systems. By providing a common framework for expressing, resolving and mapping all types of identifiers, XRIs allow companies to "future-proof" their investment in identity management solutions while making maximum use of their current infrastructures.

OpenXRI.org is a community effort, and the tool kit is distributed under the Apache 2.0 license. OpenXRI.org hopes this royalty-free, sub-licensable client and server software will stimulate organizations from federal and enterprise markets to take a look at the benefits of using XRIs to solve their identity interoperability problems.

How it works: XRI

McAlpin, a senior architect at Epok, is one of the primary authors of the XRI specification at OASIS and the president of OpenXRI.org. He can be reached at dave.mcalpin@epok.net.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies