Robert E Kahn is considered one of the key Internet pioneers. An engineer and computer scientist, who, along with Vint Cerf, invented the Transmission Control Protocol (TCP) and the Internet Protocol (IP), the fundamental communication protocols at the heart of the Internet.
His latest project is the Digital Object (DO) Architecture. A key feature of the DO Architecture is the unique persistent identifier associated with each digital object. Imagine a large document or blog post with a lot of embedded URLs. After a certain amount of time those URLs will most likely become non-operational. If you replace those URLs with unique persistent digital object identifiers then, if properly administered, the links will never be lost – because the identifier is now associated with a digital object rather than a port on a machine. That’s only part of the story though, DO Architecture is exciting technology, it also provides security features that can, for example, better enable transactions and rights management. Libraries and the film industry are among early adopters of this technology.
ITU talked to Robert E Kahn about his work on DO Architecture and his motivation for bringing it to ITU.
With DO Architecture were you trying to address current challenges or facilitate new ways of doing things or both?
In the late 1980s, my colleague Vint Cerf and I perceived the need to move beyond the rather static methods being used to manage information in the Internet. This led to an effort which we called Knowbot programing, or more generally, mobile programing. We wrote a report – The Digital Library Project, Vol. 1: The World of Knowbots (March 1988) – that describes the basic components of an open architecture for a digital library system and a plan for its development. Certain information management aspects of this effort, in particular the identifier/resolution component, were later developed to become the basis for the Digital Object (DO) Architecture, an overview of which is available here.
ITU-T recently approved a global standard for the discovery of identity information (Recommendation ITU-T X.1255) that was based on CNRI’s contribution. What is Recommendation ITU-T X.1255 and why it is important?
With the proliferation of information systems in the Internet that has developed across the world, and with the associated creativity and innovation, a critical question has arisen: “What are the basic building blocks available to the public that will enable interoperability across such heterogeneous systems?”
ITU-T X.1255 was based on CNRI’s DO Architecture and expanded by ITU-T Study Group 17, the ITU-T group leading security and identity management (IdM) standards work Discussions in SG17 took the starting point of analysis from the notion of “digital object,” or more abstractly, “digital entity,” defined as an “entity” that is represented as, or converted to, a machine-independent data structure (of one or many elements) that can be parsed by different information systems, with each such digital entity having an associated unique persistent identifier.
These concepts are the basis for the deployment of systems of registries to improve the discovery and accessibility of not just identity-related management information, but information in digital form, more generally. The Digital Entity Data Model, and associated Digital Entity Interface Protocol, also described in ITU-T X.1255 are basic information infrastructure elements that should span technology generations and stand the test of time.
What contribution can the implementation of the DO Architecture in fields such as banking, healthcare and transportation, make towards addressing security and privacy?
Security is a fundamental capability of the DO Architecture, which is not the case for other distributed management systems for information in digital form in the Internet.
The basic administration of the identifier/resolution component of the DO Architecture is based on a public key encryption (PKI) regime. The creator of a digital object (or more abstractly, digital entity) has the ability to restrict access to their objects to known users; people or machines known to the system by their respective identifiers.
In practice, this system allows for a direct correlation between the security measures deployed and the degree of privacy achieved. Think of the medical records doctors keep on their patients. If a record is structured as a digital entity, access to this confidential information can be limited to authorized users, based on their identifiers and their ability to respond accurately to a PKI challenge. In some cases, access may mean permission to obtain a digital entity in its entirety. In other cases, access may mean permission to perform specific operations on all or part of the digital entity.
How will Recommendation ITU-T X.1255 enable communications and transactions between “things”?
There is a tendency to view “things” in the Internet as being identified with respect to their physical manifestation, but specific information about things is more important. In the Internet today, an IP address is associated with “things” such as a port on a machine, typically a user’s computer or a network-based server, or more generally, a device such as a smart phone or a digitally enabled light bulb socket or a refrigerator.
Moving away from identifying information about things to identifying the information itself, represented in digital form, makes it possible to associate this information with other types of information. This ability to link related kinds of information in digital form holds great promise for enabling new ways of doing business in the Internet. ITU-T X.1255 describes metadata registries that are interoperable, and may be federated to ensure the long-term discoverability and utility of information structured as digital entities with resolvable persistent identifiers that endure over time.
What next for the DO Architecture?
The basic structure of the DO Architecture is applicable to information management needs of all kinds, but its development over the coming years will likely see the creation of multiple metadata schemas for different domains. We can expect the ability to search DO Registries to benefit from advances in search technology. Keyword search is still a primary technique, but other techniques including image understanding, speech analysis and pattern matching in large data sets will prove very useful.
In 2014, the DO Architecture will reach a significant juncture with a change in the administration of one of its key components, the Global Handle Registry (GHR). CNRI has maintained control over the administration of the GHR since it was first made available in the Internet by CNRI in 1994.
Plans are now well underway to transfer overall administration of the GHR to the DONA Foundation, a non-profit organization to be based in Geneva. The Foundation, once established, will be responsible for determining the set of system administrators, for digitally signing critical system information, and for establishing the overall policies and procedures governing the GHR’s operation. Multiple independent parties, which are authorized and credentialed by the Foundation, will be responsible for the distributed operation of the GHR.