Re: What are GIDs good for?

On Jun 12, 2009, at 6:55 AM, Max Ott wrote:

>
> 'non-semantic' - I like that. Do you have a more detailed write-up  
> available somewhere?

A five line summary of the Handle System (HS): What DNS is for  
machines, the HS is for digital entities (including machines). And,  
this includes the scalability and distribution capability associated  
with the DNS. Additionally, the HS provides distributed administration  
over each of those identifiers (handles), and the authorization  
privileges to edit the associated records are per handle, unlike DNS  
where the nameservers are managed by the system admins for all the  
associated domain names. The HS does not define what goes into a  
handle record, other than what's needed to enable administration per  
handle. The applications, GENI apps, for example, which use the  
handles define their data model.

Actually, there is a lot of documentation available on http://www.handle.net/ 
  and, fundamentals, on http://www.handle.net/documentation.html


>
> Does that provide anything beyond storage and retrieval?

As mentioned above, the HS provides distributed administration by  
authenticating (PKI) and authorizing the entity who tries to perform  
such an administration. In essence, if you (and your organization  
people) can create a handle, associate a record of information with  
that handle. The HS ensures who-can-write, who-can-read, etc. The  
default is owners can write, everyone else can see, but this is  
configurable (by virtue of which, for instance, you can enable  
everyone-can-write, but owners-can-read - not sure why you would want  
to do that, though).

However, if you want to query over the attributes defined in a handle  
record and get back the handle (that is, perform reverse lookup), then  
registries are the way to go. We use the registry, along with the HS,  
for indexing and searching capability.

>
> Wouldn't we also ned to capture who added those attributes, or more  
> precisely who claims that an identity has a certain attribute. The  
> old 'Max broke the window - says who?'
>

Yes, and the HS takes care of it. But, if you need more than what the  
HS provides, you can always define what goes into a record and  
configure the HS clients to understand your record of information  
associated with your set of handles.

>
> Exactly. And remember, a certificate is really just an assertion  
> that someone claims that this is the public key for a certain entity.

True.
It might be of interest to you that we started down the federation of  
clearinghouses path to federate from different clusters. We came up  
with a preliminary data model for the clearinghouse records and is  
made available here: (http://groups.geni.net/geni/attachment/wiki/DigitalObjectRegistry/FederatedClearinghouse.pdf 
). We'll be using the registry with the HS, aka Digital Object  
Registry, to perform this federation. ProtoGENI was very collaborative  
and let us federate their data into our federation. But the real test  
to our data model, and our approach in general, is when we federate  
from a second and perhaps the third cluster. But right now, we don't  
have that good problem.

Cheers,
Giridhar

>
> -max
>



_______________________________________________
control-wg mailing list
control-wg@...
http://lists.geni.net/mailman/listinfo/control-wg