LSID DNS concerns
Benjamin H Szekely
bhszekel at US.IBM.COM
Wed Dec 21 11:47:21 CET 2005
Hi All,
Let me first introduce myself to the community. I have been working
on the LSID standard at IBM since January 2003. I have had the pleasure
working with people in various communities on implementing LSID services
and framing the specification into its current OMG-approved form. I
implemented and am maintaining the Java version of the protocol. I work
with several other LSID experts at IBM in Cambridge, MA so between us, we
may be able to answer any of your LSID questions. I look forward to
working wth all of you.
In a previous posting, some concerns about the use of DNS in LSID
resolution were raised. I will address them below.
- Ben Szekely
* DNS would not scale to support a large number of digital objects as
required in a GUID framework (did they mean to use one domain name as an
identifier for every object?!?!?)
This argument is an easy one to toss. With LSID, DNS is only used to
resolve the authority portion of the LSID. The number of LSID authorities
is likely to be much smaller than the number of internet domains so such
scalability is not a problem.
* Names included in identifiers might be implicated in trademark disputes.
You have the same problem with regular domain names. An organization must
use their own trademarks in the authority name.
* DNS administration model is not suitable for a general purpose name
system, i.e., only network administrators can manage DNS records.
Each authority need only setup their SRV record once.
* Change in ownership of domain names can prevent authorities from
resolving identifiers.
If an organization changes their authority name after issuing LSIDs, they
should support resolution of the old LSIDs for a sufficient duration.
* That reduces semantic opacity of identifiers
The authority name says nothing about where any of the services reside.
The location of the authority service, as well as the data and metadata
services may not reside on a host with a domain that looks anything like
the authority name. In this way, the LSID is opaque as possible. We must
have *some* service to resolve the name thus, the authority name must be
non-opaque to some machine somewhere. Our opacity requirement is that it
is opaque to the users.
--=_alternative 005C375E852570DE_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">Hi All,</font>
<br><font size=2 face="sans-serif"> Let me first introduce
myself to the community. I have been working on the LSID standard
at IBM since January 2003. I have had the pleasure working with people
in various communities on implementing LSID services and framing the specification
into its current OMG-approved form. I implemented and am maintaining
the Java version of the protocol. I work with several other LSID
experts at IBM in Cambridge, MA so between us, we may be able to answer
any of your LSID questions. I look forward to working wth all of
you.</font>
<br>
<br><font size=2 face="sans-serif">In a previous posting, some concerns
about the use of DNS in LSID resolution were raised. I will address
them below.</font>
<br>
<br><font size=2 face="sans-serif">- Ben Szekely</font>
<br>
<br><tt><font size=3>* DNS would not scale to support a large number of
digital objects as<br>
required in a GUID framework (did they mean to use one domain name as an
identifier for every object?!?!?)</font></tt>
<br>
<br><tt><font size=3>This argument is an easy one to toss. With LSID,
DNS is only used to resolve the authority portion of the LSID. The number
of LSID authorities is likely to be much smaller than the number of internet
domains so such scalability is not a problem.<br>
<br>
* Names included in identifiers might be implicated in trademark disputes.</font></tt>
<br>
<br><tt><font size=3>You have the same problem with regular domain names.
An organization must use their own trademarks in the authority name.</font></tt>
<br><tt><font size=3><br>
* DNS administration model is not suitable for a general purpose name<br>
system, i.e., only network administrators can manage DNS records.</font></tt>
<br>
<br><tt><font size=3>Each authority need only setup their SRV record once.
</font></tt>
<br><tt><font size=3><br>
* Change in ownership of domain names can prevent authorities from<br>
resolving identifiers.</font></tt>
<br>
<br><tt><font size=3>If an organization changes their authority name after
issuing LSIDs, they should support resolution of the old LSIDs for a sufficient
duration.</font></tt>
<br><tt><font size=3><br>
* That reduces semantic opacity of identifiers</font></tt>
<br>
<br><tt><font size=3>The authority name says nothing about where any of
the services reside. The location of the authority service, as well
as the data and metadata services may not reside on a host with a domain
that looks anything like the authority name. In this way, the LSID
is opaque as possible. We must have *some* service to resolve the
name thus, the authority name must be non-opaque to some machine somewhere.
Our opacity requirement is that it is opaque to the users. </font></tt>
<br>
<br>
More information about the tdwg-tag
mailing list