InameInumberTechFaq - XDI.ORG Wiki

Technical FAQ on I-Names and I-Numbers

Before Reading This Page
Introduction
Basic Questions

What is an XRI Authority?
What is a Local Path?
What is a Global Context Symbol (GCS)?
What is a cross-reference?
What is the difference between Global Authorities and Community Authorities?

Authorities

What is a Personal Authority ("=")?
What is an Organizational Authority ("@")?
What is a Network Authority ("!")?
Why do Network Authorities only have I-Numbers in the GRS?
Why are "$" and "+" authorities not covered in the V1 GSS?

Synonyms

What is the main purpose of XRI Synonyms?
Why do you need to be able establish equivalence between a Global I-Name and a Global I-Number?
Why do you need to be able to establish equivalence between two or more I-Numbers?
Why do GSS policies require Personal and Organizational Authorities to have at least one Global I-Number synonym?
Can a Personal or Organizational Authority have more than one Global I-Number synonym?
Why do GSS policies require Personal and Organizational Authorities to have at least one Network I-Number synonym?
Can a Personal or Organizational Authority have more than one Network I-Number synonym?

I-Names

What is the difference between a Global I-Name and a Community I-Name?
What is the difference between a Global Personal I-Name (=Name) and a Global Organizational I-Name (@Name)?
What syntax is allowed in Global I-Names and Community I-Names?
Do any of the GSS policies apply to Local I-Names?

I-Numbers

What is the difference between a Global I-Number and a Community I-Number?
Why do XDI.ORG Global and Community I-Numbers use a modified IPv6 syntax?
Why 128-bit values?
What is a Global Network I-Number (!!Number)?
How is a Global Network I-Number (!!Number) different from a Global Personal I-Number (=!Number) or Global Organizational I-Number (@!Number)?
What do Community I-Numbers look like?
Do the GSS policies apply to Local I-Numbers?

NOTE: The content on this page is non-normative, i.e., it is not officially part of the XDI.ORG Global Services Specifications (GSS), but serves as introductory material. See GssDefinitions for definitions of all Capitalized Terms and for other terminology and layout conventions.

1. Before Reading This Page

If you are new to XRI architecture, the InamesAndInumbers page is recommend for understanding the two fundamental forms of XRIs (reassignable i-names and persistent i-numbers). Also recommended is a basic understanding of the XRI 2.0 specifications from the

OASIS XRI Technical Committee.

2. Introduction

This page provides more detailed answers to Internet architects and developers about technical questions concerning i-names and i-numbers and the operation policies of XDI.ORG Global Registry Services (GRS).

3. Basic Questions

3.1. What is an XRI Authority?

In general terms, an XRI Authority is the identifier authority (person, organization, standards body, or network registry) responsible for assignment of an XRI (an i-name or i-number) to represent a resource.

In technical terms, an XRI Authority is one of the two types of authorities that can be identified by the authority segment of an absolute XRI (the other is an IRI authority, i.e., a DNS name or IP address.) An XRI Authority begins with either: a) a Global Context Symbol, or b) a cross-reference (see question below).

The authority segment of an absolute XRI is the portion that follows "xri://" and preceeds the Local Path, if any (see next question). Also note that "xri://" is optional in absolute XRIs that begin with a Global Context Symbol (see below).

        xri://@a*b*c/foo/bar?query
              \----/ <-- authority segment

        xri://@a*b*(=c/d/e)*f/foo/bar*moo#fragment
              \-------------/ <-- authority segment

If the entire XRI is an authority segment, it is optional for it to be followed by a forward slash "/". If the authority segment is followed with a Local Path, the two MUST be separated by a forward slash "/".

        xri://@a*b*c
              \----/ <-- authority segment

        xri://@a*b*c/
              \----/ <-- authority segment

        xri://@a*b*c/foo
              \----/ <-- authority segment

3.2. What is a Local Path?

In an absolute XRI, a Local Path is everything AFTER the authority segment (and separated from it by a single forward slash "/") and before the first question mark ("?") or fragment ("#") or the end of the XRI.

        xri://@a*b*c/foo/bar
                    \------/ <-- Local path

        xri://@a*b*c/foo/bar?query
                    \------/ <-- Local path

        xri://@a*b*(=c/d/e)*f/foo/bar*moo#fragment
                             \----------/ <-- Local path

In a relative XRI, the Local Path is everything from the start (which may or may not include a single forward slash) until the first question mark ("?") or fragment ("#") or the end of the XRI.

3.3. What is a Global Context Symbol (GCS)?

A GCS character is similar to a DNS Top Level Domain (TLD), except there are only five XRI GCS characters representing five global types of identifier authorities:

Equals ("=") represents personal authorities.
At ("@") represents organizational authorities.
Bang ("!") represents network registries (this GCS character is used only to assign persistent identifiers),
Dollar sign ("$") represents standards bodies (such as OASIS).
Plus ("+") represents the general public (i.e., this is the "dictionary" namespace for generic identifiers representing general concepts, subjects, or topics.)

Following are examples of XRI authority segments that start with GCS characters:

        xri://=Example  
        xri://=Example.Person
        xri://@Example
        xri://@Example.Organization
        xri://!!1000!1234!ABCD
        xri://$contract
        xri://+flower

Note that these examples use the fully qualified "xri://" syntax at the start of each authority segment. If an absolute XRI starts with a GCS character, the XRI scheme name and starting double slashes ("xri://") are optional. This is because in many contexts, XRIs can be both human- and machine-recognizable by the starting GCS character alone. An unqualified absolute XRI that starts with a GCS character is equivalent to the same fully-qualified string.

        xri://=Example.Person.Name
        =Example.Person.Name

3.4. What is a cross-reference?

A cross-reference is an "XRI within an XRI". (It can also be a "URI within an XRI".) A cross-reference is a way of syntactically encapsulated another identifier so it can be reused in a different context. A cross-reference is enclosed in parentheses and can appear within the authority segment, the local path, a query, or a fragment of an XRI. Cross-references can even be nested inside each other.

        xri://@a*b*(c/d/e)*f/foo/bar*moo#fragment
                   \-----/ <-- cross-reference

        xri://=Example.Person*(+mother)
                              \-------/ <-- cross-reference

        xri://@Example.Corp*(+customer.service)/
                            \-----------------/ <-- cross-reference

        xri://+flower*(+rose)*(+petal)/
                      \-----/  \-----/<-- cross-references

        xri://!!1000!(@!1234.5678.A1B2.C3D4)!A2B3/xri-resolve
                     \---------------------/ <-- cross-reference

        xri://(http://example.com)/xri-resolve
              \------------------/ <-- cross-reference

        xri://!!1000!(http://example.com)!A2B3/xri-resolve
                     \------------------/ <-- cross-reference

        xri://((http://example.com)*(+email))/foo
              \\------------------/-\------// <-- nested cross-references

3.5. What is the difference between Global Authorities and Community Authorities?

Global Authorities have Global I-Names and Global I-Numbers that are first-level identifiers assigned directly under a GCS character (e.g., =, @, or !). Community Authorities have Community I-Names and Community I-Numbers delegated at any level below a Global I-Name or I-Number. See the examples in the next section.

4. Authorities

4.1. What is a Personal Authority ("=")?

A Personal Authority is an XRI authority representing an individual person. In the GRS it is identified by a Global I-Name and Global I-Number registered under the GCS "=" symbol.

        =Example                        (Global Personal I-Name)
        =Example.Person                 (Global Personal I-Name)                
        =Example.Person.Name            (Global Personal I-Name)                
        =!1234.5678.A1B2.C3D4           (Global Personal I-Number)

4.2. What is an Organizational Authority ("@")?

An Organizational Authority is an XRI authority representing an organization of any kind (corporation, non-profit, government agency, university, etc.) or an asset of an organization (product, service, etc.) In the GRS an Organizational Authority is identified by a Global I-Name and a Global I-Number registered under the GCS "@" symbol.

        @Example                        (Global Organizational I-Name)          
        @Example.Organization           (Global Organizational I-Name)
        @Example.Organization.Name      (Global Organizational I-Name)
        @!1234.5678.A1B2.C3D4           (Global Organizational I-Number)

4.3. What is a Network Authority ("!")?

A Network Authority is an XRI authority that represents a persistent abstract network endpoint (one that must be resolved to a concrete URI) at which XRI resolution and XDI data interchange services are available. Network Authorities are only identified by I-Numbers (not I-Names) registered or delegated under the GCS character "!".

        !!1000                          (Global Network I-Number)
        !!1000!1234                     (Community Network I-Number)
        !!1000!1234!A2B3                (Community Network I-Number)

In the V1 GSS, Global Network I-Numbers are only assigned to XDI.ORG-Accredited I-Brokers, who can then delegate Community Network I-Numbers to other authorities.

4.4. Why do Network Authorities only have I-Numbers in the GRS?

A Network Authority is the XRI equivalent of an IP address, only a Network I-Number is a persistent identifier. Network I-Numbers represent identifiers outside the context of any specific person or organization. By avoiding semantic names for Network Authorities and restricting Network I-Numbers to a strict syntax similar to IP addressing, XDI.ORG can ensure fast, efficient, scalable resolution of persistent Network I-Numbers.

4.5. Why are "$" and "+" authorities not covered in the V1 GSS?

The $ space is reserved for identifiers specified by standards bodies (beginning with the OASIS XRI Resolution Specification Committee Draft 01 and XRI Metadata Specification Committee Draft 01).
The + space is reserved by XDI.ORG for a future version of the GSS which will cover global dictionary services.

5. Synonyms

5.1. What is the main purpose of XRI Synonyms?

In DNS, two or more domain names that resolve to the same resource (e.g., IP address) act as "synonyms". This allows a DNS authority to map different real-world names to the same website, for example.

XRI Synonyms play an even more important role in XRI infrastructure. As in DNS, they can be used to establish equivalence between two or more I-Names, however they can also be used to establish equivalence between an I-Name (which is reassignable) and an I-Number (which is persistent). And they can also be used to establish equivalence between two persistent I-Numbers (for example, those established by different authorities in different contexts.)

5.2. Why do you need to be able establish equivalence between a Global I-Name and a Global I-Number?

A Global I-Name is reassignable, i.e., like a DNS name it can be registered by one Authority at one point in time and then later (if sold or expired) it can registered by another Authority. A Global I-Number, by contrast, is assigned to an Authority once and never reassigned, so it can be used to persistently reference that same Authority even after the Authority's Global I-Name(s) have changed, expired, or been reassigned.

This ability to map from an unstable reassignable identifier to a stable persistent identifier is one of the key differences between the DNS and XRI layers and is vital to the establishment of trusted Internet identity infrastructure. Fundamentally it is the same design principle used in databases where machine-generated unique keys are used for record indexing because they never change no matter how often the data changes. (See InamesAndInumbers for a more in-depth discussion.)

5.3. Why do you need to be able to establish equivalence between two or more I-Numbers?

An Authority (or another XDI Resource) may have more than one representation on the network (just as an individual or an organization might have more than one domain, email address, or bank account.) If this Authority wishes to make an assertion that these representations represent the same real-world Authority, this can be done through asserting the corresponding I-Numbers are XRI synonyms.

5.4. Why do GSS policies require Personal and Organizational Authorities to have at least one Global I-Number synonym?

As explained above, this policy allows the identity of the person, organization, or asset represented by a Global I-Name to persist even if the Global I-Name is reassigned, suspended, or expires. (Once assigned to represent a resource, a Global I-Number is never reassigned.)

5.5. Can a Personal or Organizational Authority have more than one Global I-Number synonym?

In most cases the registrant of a Global I-Name will need only one Global I-Number as a synonym. However there are circumstances under which a Registrant may choose to "merge" two previously assigned Global I-Numbers in order to assert that they (and their synonymous Global I-Names) are synonyms. A typical example is when two businesses or organizations merge into a single legal entity. They could reflect this in their GRS registrations by making their Global I-Numbers synonyms.

This same scenario could happen if an individual registered two or more Global I-Names with separate Global I-Numbers to represent different "personas" (for privacy or data control reasons). If the registrant later decided to merge them to represent the same persona, these Global I-Numbers would become synonyms.

5.6. Why do GSS policies require Personal and Organizational Authorities to have at least one Network I-Number synonym?

To interact with a Personal or Organizational Authority, you must first resolve it to a specific network representation, the same way a DNS name must be resolved to an IP address for further interaction. At the XRI layer, this network representation must be hosted by a specific Network Authority (also called an "I-Broker"). Thus each Personal or Organizational Authority in the GRS always has a corresponding Network I-Number at their current I-Broker expressed using the following formula:

        !!I-Broker's Network I-Number!(Authority's Global I-Number)

Following are several examples � see the I-Numbers section below for more detailed examples.

        !!1000!(=!1234.5678.A1B2.C3D4)                  (Network I-Number for a Personal Authority)
        !!1000!1234!(=!1234.5678.A1B2.C3D4)             (ditto)
        !!1000!(@!1234.5678.A1B2.C3D4)                  (Network I-Number for an Organizational Authority)
        !!1000!1234!A2B3!(@!1234.5678.A1B2.C3D4)        (ditto)

5.7. Can a Personal or Organizational Authority have more than one Network I-Number synonym?

Only if they transfer their registration from one XDI.ORG-Accredited I-Broker (who assigned the first Network I-Number synonym) to a new XDI.ORG-Accredited I-Broker (who assigns the second Network I-Number synonym.) For security purposes, XDI.ORG-Accredited I-Brokers can only assign Network I-Numbers to the Authorities for which they act as Registrar.

6. I-Names

6.1. What is the difference between a Global I-Name and a Community I-Name?

A Global I-Name is a reassignable XRI for a Personal or Organizational Authority that is registered directly under the GCS character "=" (for Personal) or "@" (for Organizational).

        =Example                        (Global Personal I-Name)
        =Example.Person                 (Global Personal I-Name)
        @Example                        (Global Organizational I-Name)
        @Example.Organization           (Global Organizational I-Name)

A Community I-Name is any I-Name delegated below a Global I-Name in the authority segment of an XRI. By this definition, a Community I-Name MUST start with either a Global I-Name or a higher-level Community I-Name. Community I-Names MUST contain at least one "*" as a delimiter, exactly the way a delegated DNS domain name must contain at least one dot as a delimiter ("www.example.com").

        =Example*Person                 (One level of delegation)
        =Example*Person*Person.2        (Two levels of delegation)
        @Example*Person                 (One level of delegation)
        @Example.Organization*Person    (One level of delegation)

The syntax of both Global and Community I-Names is specifed in GssPolicies/InamePolicies.

6.2. What is the difference between a Global Personal I-Name (=Name) and a Global Organizational I-Name (@Name)?

The primary difference is the registration policy (see

Registrant Qualification):

Global Personal I-Names are restricted to persons acting in their own individual capacity as a registrant and may not be asserted as intellectual property (they are "common law" personal identifiers).
Global Organizational I-Names do not have either restriction, i.e., they may be registered by an organization, and may be asserted as intellectual property belonging to the registrant.

Other than these policy differences, the only syntactic difference between a Global Personal I-Name and Global Organizational I-Name is the starting GCS symbol, i.e., "=" vs. "@".

The two are essentially identical from a resolution standpoint: a Global Personal I-Name must have a synonymous Global Personal I-Number and Network I-Number, and a Global Organizational I-Name must have a synonymous Global Organizational I-Number and Network I-Number. In both cases the only difference is the GCS symbol.

6.3. What syntax is allowed in Global I-Names and Community I-Names?

The syntax and normalization rules are defined in GssPolicies/InamePolicies. A synopsis is:

ASCII letters and digits.
Unicode characters (encoded as UTF-8 per IRI (Internationalized Resource Identifier) rules).
Only Dots (".") and hyphens ("-") are allowed as logical separator characters; all other punctuation must be percent-encoded.

Examples of Global Personal I-Name syntax:

        =Example                                (Global Personal I-Name)
        =Example.Person                         (dots are legal)
        =Example.Person.Name                    (dots can be used to any depth)
        =Example-Hyphenated.Name                (hyphens are legal)
        =Example-Hyphentated.Name-More

Examples of Global Organizational I-Name syntax:

        @Example                                (Global Organizational I-Name)
        @Example.Organization                   (dots are legal)
        @Example.Organization.Name              (dots can be used to any depth)
        @Example.Organization-Name              (hyphens are legal)
        @Example-Organization.Name-More

Examples of Community I-Name syntax:

        =Example*Person.Name                    (dots are legal at all levels)
        =Example*Person-Name                    (hyphens are legal at all levels)
        =Example*Person*Person.2
        @Example*Person 
        @Example*Organization
        @Example*Organization.Name
        @Example-Name*Organization.Name
        @Example-Name*Organization-Name

6.4. Do any of the GSS policies apply to Local I-Names?

No. The GSS policies only apply to Global or Community I-Names. A Local I-Name (any I-Name inside a Local Path), while governed by the overall requirements of XRI syntax, is outside the scope of the GSS.

7. I-Numbers

7.1. What is the difference between a Global I-Number and a Community I-Number?

From the standpoint of delegation, the answer is, "Exactly the same as the difference between a Global I-Name and Global I-Number." In other words, a Global I-Number is assigned directly under a GCS character, while a Community I-Number is assigned either under a Global I-Number or under another Community I-Number.

The only other difference is that with i-numbers, the delegation character is "!" instead of "*". See the examples below.

The exact syntax of both Global and Community I-Numbers is specifed in GssPolicies/InumberPolicies.

7.2. Why do XDI.ORG Global and Community I-Numbers use a modified IPv6 syntax?

As explained in GssPolicies/InumberPolicies, the special persistence requirements of I-Numbers means that the XDI.ORG Community I-Number space requires scaling, federation, and delegation characteristics very similar to that of IP (Internet Protocol) infrastructure. Therefore the policies governing XDI.ORG Community I-Number syntax are based on IPv6 addressing architecture as specified in

RFC 2373 with the following modifications:

An XDI.ORG Community I-Number is not a fixed 128-bit value but a path of 128-bit values (so each authority has its own 128-bit namespace.)
The 128-bit values of each path segment are expressed as 16-bit dot-delimited subsegments (like IPv6, each 16 bit value is expressed as a hex quad).
If a 128-bit value contains less than the full eight hex octet pairs, the hex octet pairs present represent the least significant (rightmost) bits of the 128-bit address space.
If a 16-bit subsegment value contains less than the full four hex digits, the digits present represent the least significant (rightmost) bits of the 16-bit address space.

See the examples later in this section.

7.3. Why 128-bit values?

Unlike IPv6 addresses, I-Numbers are effectively

URNs, meaning they are never reassigned. Therefore the address space at each level of delegation must be large enough for each authority to essentially have unlimited space (128 bits is large enough to represent every grain of sand in the universe). It would be impossible to specify a fixed-size 16-bit addressing space at each level of delegation like IPv6.

7.4. What is a Global Network I-Number (!!Number)?

A Global Network I-Number is an Global I-Number registered directly under the GCS "!" character. In the V1 GSS, Global Network I-Numbers are reserved for Network Authorities serving as XDI.ORG-Accredited I-Brokers. They may not be asserted as intellectual property by the registering I-Broker, but are essentially a "lease" from XDI.ORG (similar to the "lease" of a top-level IP address from IANA).

I-Brokers offer XRI and XDI services from one or more concrete network endpoints (URIs), such as a server or server farm (although an I-Broker can technically operate on any device from a smart card to a supercomputer.) As Network Authorities, I-Brokers host the Personal or Organizational Authorities that register in the GRS "=" and "@" spaces. Each Personal or Organizational Authority will have its own Network I-Number delegated under the Network I-Number of its I-Broker (see the examples later in this section.)

In the V1 GSS, GssPolicies/InumberPolicies restricts Global Network I-Numbers to a 16-bit addressing value. It also specifies they must be larger than 1000 (hex) and less than FFFF (hex), meaning that under the V1 GSS, XDI.ORG may assign up to 61439 Global Network I-Numbers. The I-Brokers to whom these are assigned may in turn delegate lower-level Network I-Numbers (providing they comply with Community I-Number syntax.)

        !!1001                          (Global Network I-Number)
        !!1002                          (Global Network I-Number)
        !!1003                          (Global Network I-Number)
        !!C4F8                          (Global Network I-Number)

7.5. How is a Global Network I-Number (!!Number) different from a Global Personal I-Number (=!Number) or Global Organizational I-Number (@!Number)?

There are two key differences. The first one is the registration policy (GssPolicies/InumberPolicies):

Global Network I-Numbers are assigned only to Global Network Authorities (XDI.ORG-Accredited I-Brokers). They do not have XRI Synonyms and must resolve to a set of concrete URIs representing the I-Broker.
Global Personal I-Numbers and Global Organizational I-Numbers may only be registered by individuals or organizations, respectively. They must have Network I-Number synonyms and must resolve to a cross-reference to their Global I-Number under the concrete URIs for their I-Broker.

The second difference is the format of the I-Number itself. As explained above, under the V1 GSS a Global Network I-Number is a 16-bit value between 1000 and FFFF hex (exclusive). This is a large enough addressing space (61439 entries) for a very large number of first-level I-Brokers (if a larger number is needed, XDI.ORG can revise a future version of the GSS to allow 32-bit or larger values.)

The Personal and Organizational I-Number spaces need to be much larger, as there will be potentially tens or hundreds of millions of registrations in these spaces. In addition there are strong privacy and data protection considerations, such as the Minimum Information Policy (see GssPolicies/DataProtectionPolicies). To meet both requirements, in the V1 GSS Personal and Organizational I-Numbers will be 64 bit values randomly generated and checked for uniqueness by the GRS.

        =!1234.5678.A1B2.C3D4           (Global Personal I-Number)
        =!DE32.9211.3CB4.66DE           (Global Personal I-Number)
        @!1234.5678.A1B2.C3D4           (Global Organizational I-Number)                
        @!DE32.9211.3CB4.66DE           (Global Organizational I-Number)

7.6. What do Community I-Numbers look like?

Just as Community I-Names are Global I-Names followed by delegated *names, Community I-Numbers are Global I-Numbers followed by delegated !numbers.

        !!1000!1234                             (Community Network I-Number two levels deep)
        !!1000!1234!A2B3                        (Community Network I-Number three levels deep)
        =!1234.5678.A1B2.C3D4!1234              (Community Personal I-Number two levels deep)
        =!DE32.9211.3CB4.66DE!AB7F!F774         (Community Personal I-Number three levels deep)
        @!1234.5678.A1B2.C3D4!1234              (Community Organizational I-Number two levels deep)             
        @!DE32.9211.3CB4.66DE!AB7F!F774         (Community Organizational I-Number three levels deep)

7.7. Do the GSS policies apply to Local I-Numbers?

No. The GSS policies only apply to Global or Community I-Numbers. A Local I-Number (any I-Number inside a Local Path), while governed by the overall requirements of XRI syntax, is outside the scope of the GSS.

        !!1000!1234/!12345678                   (Local I-Number)
        !!1000!(=!1234.5678.A1B2.C3D4)/!foo     (Local I-Number)
        !!1000!1234/!1/!1/!12345678             (Local I-Number)