- By
**ervin** - Follow User

- 80 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' XDI Graph Patterns' - ervin

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### XDI Graph Patterns

This document contains illustrations of basic XDI graph patterns:

I-names, i-numbers, and synonyms: XDI statements used to assert multiple XRIs for the same logical resource

Single-valued simple contexts: contexts that accept a single data value and can describe versioning of that value

Multi-valued simple contexts: contexts that represent a one-dimensional array of single-valued contexts and can describe ordering and typing of those values

Complex contexts: contexts that represent a two-dimensional array of simple contexts and other complex contexts

Local graphs: statements that enable the global XDI graph to be distributed, discovered, and navigated across multiple locations on the network

Social graphs: relationships between XDI authorities

Personas and roles: complex contexts and relations that model contextual identity for individuals

Link contracts: contexts used for XDI authorization

Policy expression: a context with conditional logic for rules evaluation

Messages: XDI graphs used in the XDI protocol

OASIS XDI TC SubmissionDrummond Reed

2012-03-22

XDI Graph Notation

Symbol

Usage

In RDF graph model?

Root node: Represents the root context of an XDI graph

✖

Context node: Represents any logical context (see next page)

✔

Literal node: Represents a leaf node containing data

✔

Contextual arc: Uniquely identifies a root or context node

✖

✔

Relational arc: Non-uniquely links root or context nodes

Literal arc: Singleton arc that identifies a Literal node

✔

Node hierarchy

Complexity

Node

Literal

Context

Root

Literal nodes are the leaf points of the graph – the ones containing the raw data

Root nodes are the starting points of the full 3-dimensional XDI graph

Complex contexts are 2-dimensional arrays of simple contexts and other complex contexts

Simple contexts are 1-dimensional arrays

Simple

Complex

Single-Valued

Ordinal

Multi-Valued

A multi-valued context contains zero or more single-valued contexts of the same type and zero or more ordinal contexts

A single-valued context has exactly one literal arc. Its XRI always begins with $!

An ordinal context has exactly one relational arc used for ordering. Its XRI always begins with $*

I-names, i-numbers, and synonyms

Every non-root XDI node has exactly one canonical XDI address. A canonical equivalence relationship between two XDI context nodes (i.e., that they represent the same logical resource and thus their XDI addresses are “synonyms”) may be declared using a $is relational arc. (The inverse relation is $is$is.) When navigating the graph, an XDI processor is required to redirect to the target node of a $is relation before continuing.

$is

This is the “I am” statement, i.e., a way for the local root of this graph to assert its own XDI address.

()

(=!0999.a7b2.25fd.c609)

=abc

=abc

The XRI =abc, an i-name, is a synonym for the XRI =!0999.a7b2.25fd.c609, an i-number

=!0999.a7b2.25fd.c609

$is

=!0999.a7b2.25fd.c609

+home

=!0999.a7b2.25fd.c609+home

+household

=!0999.a7b2.25fd.c609+household

The top two i-names are synonyms for the bottom i-number (a $number is a form of i-number)

$is

$is

$1

=!0999.a7b2.25fd.c609$1

Single-valued simple contexts

A single-valued context has a single literal arc to a literal node. It may also contain other contexts describing it (subproperties). The diagram below illustrates two standard XDI subproperties: a timestamp (also a single-valued context) and versioning (a complex context).

$is

()

(=!1111)

(=!1111)

=abc

=abc

$is

=!1111

$!(+age)

=!1111

=!1111+age

Literal context +age

!

$is

“33”

Literal value

$!t

timestamp subgraph

=!1111+age$!t

!

“2010-10-10T11:12:13Z”

$v

Versioning subgraph

=!1111+age$v

$2

$1

=!1111+age$v$1

=!1111+age$v$2

First version context

!

$v

“32”

First version value

Second version, which is also the current version

$!t

=!1111+age$v$1$!t

First version timestamp

!

“2010-09-09T10:11:12Z”

Multi-valued simple contexts

A multi-valued context represents a set of single-valued contexts of the same type and optionally ordinals expressing their order. The example shown below is a phone number. Two instances are shown, =abc+tel$!1 and =abc+tel$!2. The i-numbers ($!1 and $!2) persistently identify each instance within the set. Ordinal contexts with i-names ($*1 and $*2) assert the unique order of these instances. Relational arcs describe the non-unique type of each instance, e.g., +home, +home+fax, and +work.

$is

()

(=!1111)

(=!1111)

+home+fax

“+1.206.555.1111”

=abc

=abc

+home

!

$is

=!1111+tel$!1

$!1

$is

=!1111

=!1111

Two ordinal contexts, =abc+tel$*1 and =abc+tel$*2, assert the order of the two phone number instances

$*2

=!1111+tel$*2

+tel

=!1111+tel$*1

=!1111+tel

$*1

$is

$!2

=!1111+tel$!2

+work

!

“+1.206.555.2222”

$!t

$!t

=!1111+tel$!2$!t

=!1111+tel$!t

…

…

$v

$v

=!1111+tel$!2$v

=!1111+tel$v

…

…

Multi-valued context version subgraph – represents changes at this level only

Single-valued context version subgraph – reflects changes to literal values only

Complex contexts

A complex context represents a set of simple contexts and other complex contexts. Each instance of a complex context is another complex context. The example shown below is a passport. Two instances are shown, =abc+passport$1 and =abc+passport$2. (Ordering of these instances is not shown in this diagram, but uses the same ordinal pattern as with simple contexts.)

()

(=!1111)

(=!1111)

=!1111+passport$1$!(+country)

$!(+country)

=abc

!

=abc

$!(+num)

=!1111+passport$1

“Canada”

$is

!

=!1111

=!1111

$1

“987654321”

$is

+ca

!

+passport

$!(+expires)

“2005-01-01T00:00:00Z”

=!1111+passport

$!(+country)

=!1111+passport$2$!(+country)

+nz

$is

!

$2

$!(+num)

“New Zealand”

!

=!1111+passport$2

“123456789”

!

$!(+expires)

“2010-10-01T00:00:00Z”

$!t

$!t

$!t

=!1111+passport$2$!(+expires)$!t

=!1111+passport$!t

…

…

…

$v

$v

$v

=!1111+passport$2$!(+expires)$v

=!1111+passport$v

…

…

…

Complex context version subgraph – represents changes to this level only

Simple context version subgraph – reflects changes to the literal value only

Complex context version subgraph – represents changes to this level only

Local graphs and XDI discovery

The XDI global graph is a single logical graph of which subsets are distributed across any network location (clients, servers, databases, etc.) Each subset, called a local graph, begins with a local root node, expressed as an empty XRI cross-reference, (). A local root node accessible on the network is called an XDI endpoint. A local graph may include XDI statements about the locations of other local graphs. This enables XDI clients to perform XDI discovery: navigation of the global graph by making XDI queries across a chain of local graphs to discover the URIs for other XDI endpoints.

$is

()

(=!0111.7af3.65d5.8cb7)

$uri

The $uri context is a property of a root

$!1

!

“http://xdi.example.com/(=!0111.7af3.65d5.8cb7)”

$!2

!

“http://xdi2.example.com/(=!0111.7af3.65d5.8cb7)”

(@!0111.db4a.e317.7a12)

This local graph contains two other roots describing the URIs of two other local graphs

$!($uri)

!

(=!0222.e3f2.76cb.904a)

“http://xdi.example.com/(@!0111.db4a.e317.7a12)”

$!($uri)

!

“http://xdi.example.com/(=!0222.e3f2.76cb.904a)”

Social graphs

XDI graphs can also express the relationships between XDI authorities in different contexts. This example illustrates the relationship between =abc (i-number =!1111) and =xyz (i-number =!2222) in a global context, in a Facebook context, and in a Seattle soccer context.

$is

()

(=!1111)

(=!1111)

Social graph expressed at the (=!1111) local graph, for which =abc is the authority

=abc

=abc

$is

=!1111

=!1111

=abc is best friends with =xyz

=xyz

=xyz

+best+friend

$is

=!2222

=!2222

(http://facebook.com/)

(http://facebook.com/)

=abc is friends with =xyz in the Facebook context

(http://facebook.com/)=xyz

=xyz

$is

=!2222

+friend

(http://facebook.com/)=!2222

bob

$is

+seattle

=abc is a teammate of =xyz in a Seattle soccer context

(http://facebook.com/)bob

+seattle

+soccer

+seattle+soccer

=xyz

+seattle+soccer=xyz

$is

=!2222

+teammate

+seattle+soccer=!2222

Personas and roles

Personas are an example of using complex contexts to model the identity of a person. In the example below, the person =!1111 (aka =abc) has two personas, =!1111$1 and =!1111$2. Each of these is an instance of =!1111. @!4444 (aka @example.co) is a company in which the =!1111$2 persona plays the role of president.

$is

()

(=!1111)

(=!1111)

=abc

=!1111$1

=abc

$1

=!1111$1 and =!1111$2 are personas of =!1111 that enable =!1111 to control the sharing of portions of =!1111’s personal graph

$is

$is

=!1111

+home

=!1111+home

=!1111+work

=!1111

+work

$is

$2

The ($) variable relation allows graphs to be included in other graphs – in this case, the =!1111$2 persona includes =!1111+age

=!1111$2

$!(+age)

($)

=!1111$!(+age)

@example.co

!

“33”

@example.co

$is

+president

@!4444

+president is a role that the persona =!1111$2 plays in the context of company @!4444

@!4444

Link contracts (1)

A link contract is a complex context used for XDI authorization. A link contract is defined by a$docontext. Shown below is the “bootstrap” link contract in a graph, called a root link contract: a $do child of the root node. The $all relation that points back to the root asserts that the assignee(s) of this contract have “root access”, i.e., permission perform all XDI operations on the entire local graph.

$is

()

(=!0999.a7b2.25fd.c609)

(=!0999.a7b2.25fd.c609)

=abc

=abc

=!0999.a7b2.25fd.c609

$is

=!0999.a7b2.25fd.c609

$all

$do

$do

$is$do

$is$dois the relation used to explicitly assign the permissions of a link contract to one or more XDI subjects

This root link contract permits the XDI subjects to which it is assigned to perform all XDI operations on the local graph

Link contracts (2)

This diagram shows the addition of a link contract to the Personas and Roles diagram shown earlier. This link contract, created by =!1111 to control access to his/her =!1111$2 persona, gives the organization @!4444 $get (read) permission on that persona.

$is

()

(=!1111)

(=!1111)

=abc

This link contract gives the assignee(s) permission to do an XDI $get operation on the =!1111$2 persona, i.e., read anything in its subgraph

=!1111$1

=abc

$1

$is

$is

=!1111

+home

=!1111

+work

$get

$is

$2

$do

=!1111$2

$!(+age)

($)

=!1111$!(+age)

!

“33”

@example.co

@example.co

$is

+president

@!4444

$is$do

@!4444

The $is$dorelation assigns this link contract to @!4444, which means people from that organization will be able to access the =!1111$2 persona

Policy expression

Policy expression is handled by the $if branch of link contracts. The three policy contexts are $and (all policies must be satisfied), $or (at least one policy must be satisfied), and $not (all policies must not be satisfied). They can be nested as needed for any boolean logic tree.

$is

(=!1111)

=!1111

$2

$do

Link contract

$if begins the policy expression branch of a link contract

$if

$and

$and branches group policy instances that must all evaluate to true

$!1

!

“{policy}”

$or

$or branches group policies of which at least one must evaluate to true

$!1

!

$!2

“{policy}”

$not

!

“{policy}”

$!1

$not branches group policies that must evaluate to false

!

“{policy}”

Messages

XDI messages are XDI graphs sent from one XDI local graph (the “from” graph) to another local graph (the “to” graph) to perform an XDI operation (e.g., $get, $add, $mod, $!tel, $move, $copy). Every message must reference the link contract that authorizes the operation it is requesting. Note that the $add relation records the source graph for auditing purposes.

$is

“from” XDI local graph

(=!1111)

(!3)

()

(=!1111)(!3)

(=!1111)

“from” XDI authority (sender)

=!1111

=!1111

$msg

$add

Message context

=!1111$msg

$1234

$is$do

Message instance

=!1111$msg$1234

$!t

Message timestamp

(=!2222)

=!1111$msg$1234$!t

$is()

!

(=!2222)

“2010-12-22T22:22:22Z”

“to” XDIlocal graph

Message envelope

Message operations

=!2222

$do

=!2222

=!1111$msg$1234$do

$get

$1

$get

Every message must include a $do reference to the link contract that authorizes the operation it is requesting, e.g., this message references the =!2222$1$do link contract for $get permission on the =!2222$1 persona

$do

=!2222$1

$do

=!2222$1$do

Download Presentation

Connecting to Server..