log inhelp

 | 

  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

How can a PDS XDI endpoint be discovered from a user's identifier(s)

Page history last edited by Markus Sabadello 13 years, 5 months ago

Given an identifier such as I-Name, username, E-Mail address or URI, it is possible to discover an individual's PDS XDI endpoint.

 

Methods for discovering an XDI endpoint:

  • For I-Names and I-Numbers: XRI Resolution
  • For E-Mail addresses: Webfinger
  • For URIs: LRDD or DNS CNAME lookup 

 


Example #1: =markus

 

Using XRI Resolution, the following PDS XDI endpoint can be discovered:

https://xdi.fullxri.com/=!91F2.8153.F600.AE24/

 

Example #2: E-Mail address

 

TODO

 

Example #3: URI

 

TODO

 

 

PDX Lookup Service - Two Stage Lookup

 

Stage 1: query for PDS Provider

Stage 2: query PDS Provider for XDI endpoint

 

The purpose of a two stage lookup service is to provide a higher level of security for user personas.  In a single stage lookup service (i.e. query PDX with known info and get back an unique XDI endpoint) a user with different personas could be identified as the same user if the same XDI endpoint is used for multiple personas.  To avoid this "persona outing" problem, a two stage lookup service is needed where the XDI endpoint is only disclosed after user input.  This allows a user to return different personas with different XDI endpoints depending on the context of the request.

 

Example:


Bob wants to friend Alice through his PDS.  Bob does not yet know Alice's PDS endpoint.

 

  1. Bob initiates the friend request through an app running against his PDS
  2. Bob's PDS queries for Alice's PDS Provider through the PDX Lookup Service with known info (e.g. Alice's mobile #) stored in Bob's PDS
  3. PDX Lookup Service returns Alice's PDS Provider query endpoint; the query endpoint is generic to the PDS Provider and does not identify whether or not Alice exists
  4. Bob's PDS queries Alice's PDS Provider by sending Alice's graph of known info (mobile #, name, etc.) ; same query as the PDX Lookup Service query
  5. Alice's PDS Provider acks with no indication of whether or not Alice exists
  6. Alice's PDS Provider notifies her of the friend request
  7. Alice now has the option of accepting the request and selecting a specific persona (e.g. Alice at work) or denying the request
  8. If Alice accepts the request, Bob's PDS gets notified of Alice's XDI endpoint and friend request acceptance; if she does not accept, nothing happens


Note: Super users running their own PDS Provider will need to be aware of persona linking security issue and run distinct personas on different domains.

 

Webfinger Support for I-Names

 

The xri2xrd.net tool can be used to make I-Names Webfinger-able, e.g.: =markus@xri2xrd.net

 

Webfinger Tools

 

Comments (0)

You don't have permission to comment on this page.

Printable version