Thursday, May 18, 2006

GUID, identity and addresses

I have enjoyed reading the paper on petname systems. It helped me understand why I had feeling of unease for some DNS based systems. I also liked the part on buddy lists based systems. I believe one of the inherent shortcomings of many buddy list systems comes with their mixing addressing and naming.

I find the petname system concept promising, and I am interested in its usability within an XMPP implementation. From an architecture view point, truly scalable distributed communication systems, and more specifically real-time messaging, usually implements an overlay network of some sort over the Internet. This overlay network leverages an homogeneous addressing space and uses the associated protocol routing logic to ensure message delivery. In this category we would find SIP or XMPP based systems, but also email systems. Buddy list based applications have been built on top of these communication systems. One major drawback of all theses implementations is the use of the system provided id as a nickname, this unique id being a routing address. For SIP the id is your URI, but this URI holds a routing semantic. For XMPP, the id is your JID, but the JID also holds a routing semantic. Same exactly applies for email. As a matter of fact, I have always felt using email address in certificates an oddity...

I am strongly convinced naming and addressing must be kept separate in any distributed communication systems. As a matter of fact, this issue is not found in the HTPP world, where URLs and identity are separate during a given authenticated transaction. URLs may be used as identifiers, such as these trustless URL redirects in recent user centric identity developments. They must not have to. In an HTTP based system, the relationship between URL and identity does not survive the transaction. On the contrary, for email, the address is the identifier, and the relationship becomes very long lasting... Temptation is great to use an email address as an identity, but this is wrong. This address is just another attribute of an individual identity. We all have several email addresses, and several IM handles, but our identity lies in our own essence. And our identity will definitively survive our changing email address.

If there was a single ubiquitous communication system with a universal addressing space, I would not be bothering. But I am sustaining the idea that global identifier schemes don’t scale. So does this post. I believe it has laid out sensible arguments in its demonstration, and its conclusions can be extended to other contexts, including communication. If we take this bad scalability of GUID schemes as a real world’s fact, I can conclude that the real world will ultimately be relying on a complex mesh of separate GUID schemes. If the relationship between naming and addressing remains so tight in each namespace, then building a multi protocol communication system becomes more complex and difficult. And then we have to interface different addressing spaces. This is the role of communication systems. What is a bounded communication worth?

In conclusion, I believe scalable and inter-operable communication systems must completely decouple their identity management from their addressing scheme. The identity management must be pluggable. The addressing scheme must only be used for routing, and no authorization or identity semantic should be attached to the address itself. This proper separation of concerns provides for a scalable approach to building multi-protocol communication systems. From this point, it is possible to design a system where address mapping becomes the simple result of a dictionary lookup.

Technorati Tags: , , , , , , , ,

Labels: ,