Re: [xri] Minutes: XRI TC Telecon 8-9AM PT Tuesday 2009-01-27

[Nat Sakimura <n-sakimura@nri.co.jp>]

Hi

My comment inline:

--------------------------------------------------
From: "Drummond Reed" <drummond.reed@cordance.net>
Sent: Wednesday, January 28, 2009 10:59 AM
To: "'XRI TC'" <xri@lists.oasis-open.org>
Subject: [xri] Minutes: XRI TC Telecon 8-9AM PT Tuesday 2009-01-27

> Following are the minutes of the unofficial telecon of the XRI TC at:
>
> Date:  Tuesday, 27 January 2009 USA
> Time:  8:00AM - 9:00AM Pacific Time (16:00-17:00 UTC)
>
> ATTENDING
>
> Markus Sabadello
> Peter Davis
> George Fletcher
> Drummond Reed
> Eran Hammer-Lahav
> John Bradley
> Brian Eaton
>
>
> AGENDA
>
> Note that the agenda for Tuesday calls is now on the Self-Service Agenda
> page:
>
>        http://wiki.oasis-open.org/xri/SelfServeAgenda
>
> The agenda items below are listed on that page with dated/numbered 
> headings.
>
> 1) XRD - RESOURCE RELATIONSHIP (2009-01-26#1)
>
> The first issue is about the relationship of an XRD and the resource it
> describes. We discussed the terminology around this and agreed that to our
> understanding of the Architecture of the World Wide Web, every URI
> identifies a unique resource, and it is only via other means that one can
> establish if multiple URIs identify the same resource, in which case that
> one resource must be an "abstract" or "aggregate" resource (sometimes 
> called
> an entity).

Not really, I believe. A resource can be pointed by multiple URIs a.k.a. 
aliases.
Although, AWWW recommends not to have aliases, it is a "SHOULD"
requirement and is for the sake of the network effect leverage: i.e.,
to keep the communities together and derive more information out of the
aggregated community. This is a collusion attack in the privacy space,
and sometimes we want to avoid it, i.e., fragment the space intentionally.


>
> Brian: what's the difference between <About> and <URI>?
>
> The key question we discussed was: is the relationship of an XRD to 
> resource
> 1-to-1 or 1-to-many? In other words, can a single XRD describe multiple
> resources?
>
> The assumption up through XRI 2.0 is that the relationship is 1-to-1. 
> Under
> this assumption, an XRD can only have a CanonicalID and any other
> identifiers included to describe that resource must all be synonyms
> (identifier for the same resource).
>
> However Eran's question introduces a new way of looking at it. A single 
> XRD
> may describe an entire set of resources. His proposed <About> element is a
> way for the XRD to identify such resource(s), but it is optional and 
> one-way
> pointer from the XRD to any resource it describes.
>
> Peter suggested that this could be considered an "anonymous XRD" or
> "wildcard XRD". This would mean it is a set of metadata that describes any
> one of a group of resources, such as all the web pages at a site. Such an
> XRD would not have a CanonicalID because it does not represent a single
> resource, but a set of resources.

To me, it looks like a "Class" in the object oriented programming 
terminology.
Then, each "instances" can override values. If you Subclass them, then
you can add other attributes as well.

Important thing is that it is not anonymous. The Class has its own 
identifier.
So, we do not have to reinvent wheels here. We can just have the CanonicalID
for the class, and indicate that it is a class and not instance.

>
> Peter gave the example Walmart having a single XRD that describes all RFID
> tags in its namespace.
>
> He noted this wildcard XRD may introduce some trust processing challenges.
> The consuming application still needs to know that resource X is
> authoritatively described by the XRD Y. In the past, XRDs have used
> CanonicalID to do this, but that does not have to be the only mechanism.
>
> Peter suggested that instead of a fixed CanonicalID or URI element, the 
> XRD
> may support a URI template just as has been proposed for /site-meta. This
> "wildcard CanonicalID" would match any URI which the XRD was authorized to
> describe. That could have the benefit of allowing an application to cache 
> a
> fixed XRD "template" and continue to use it to describe any URI meeting 
> that
> template, which could have significant performance advantages. George
> suggested that there should be a way to explicitly declare that the scope 
> of
> the XRD is beyond a single resource.
>
> There seemed to be general support for this wider definition of the
> applicability of an XRD due to the obvious practical benefits. However we
> ran out of time to discuss it further on this call. We agreed to continue
> the discussion on the list and on Thursday's telecon.

There are benefits to this template CanonicalID that we can reuse this 
element,
but I have to wonder about its security characteristics still.
One might be able to craft a template CanonicalID to claim its authority
over a resource that he has no authority, etc. My gut feel is that
the "instance" must have a backpointer to the "class".
Then there is this question. "Can the backpointer be the template string?"
I feel a bit uneasy on this.

I have not thought through, but I feel it is better to have a usual 
CanonicalID for
the "Class" XRD, and have a template URI for its instances. e.g.,

<XRD>
  <CanonicalID>https://example.com/class/employee</CanonicalID>
  <XrdType>Class</XrdType>
  <TemplateURI>https://example.com/users/[a-zA-Z0-9_-]*</TemplateURI>
  <Link>
       ....
  </Link>
</XRD>

=nat