Gluu Blog

Follow us:
Back to Blog

Graph Man

Michael Schwartz June 10, 2012

The McNay Art Museum in San Antonio has a fantastic children’s art program. They work with local artists and teachers to develop classes that enables kids to emulate the techniques or styles of artists currently on exhibit. Before we moved to Austin, we were regulars at these classes, and frequently the grown-ups get involved. The work above was probably the first time I thought of the idea that art could be a useful tool for evangelizing XDI. The funny thing about this painting is that the original is backwards (i.e. the graph is going from right to left). A quick “flip horizontal” in photoshop fixed the digital version.

I was trying to get a simple idea across in this picture: that we all have our own personal graph. This simple idea is one of the most confusing. And yet it’s one of the most fundamentally important innovations: thatcontext is important.

Let me give an example: my phone number. In my personal graph, my phone number, let’s say mike@gluu.org+phone!, might be 555-1212. In your personal graph, mike@gluu.org+phone! might be 999-1515. But how can this be, it’s the same address? The answer is: context.

In OX, we can each hold a copy of (part) of the global graph. Once we have access to get data, there is nothing to stop us from making a copy of the data. This enables our computers and devices to access data without being connected to the network. And there is nothing wrong with this. The question can be restated as follows: mike@gluu.org+phone! according to Mike is 555-1212; mike@gluu.org+phone! according to you is 999-1515.

Both statements being true—until you try to call me, which illustrates the challenge of caching. As data ages, it becomes increasingly inaccurate. My mobile phone probably has dozens of incorrect phone numbers cached from years past. Its up to the client applications to get updated information.

So its ok to have a local copy of mike@gluu.org+phone!. If you want to find out from the authority (me!) my latest phone number, its best to use the network. And here’s the beauty of it: mike@gluu.org is globally resolvable. So not only might I have changed my phone number, I might have changed the location of my personal datastore. But your phone can solve the problem without a hitch: resolve the OX endpoint of mike@gluu.org, and then make an OX $get request for mike@gluu.org+phone!.

Another way to look at this issue is to browse the LDAP persistence implementation of the OX server. In the screenshot to the left, I have expanded the LDAP tree so you can see the root node of each person’s personal graph, represented by the x=() node. The root node doesn’t exist in some central location on the Internet… every person’s graph contains the root node. Similarly, if I had expanded the nodes further, you might see duplication for the node x=@gluu–as two people might have information about that organization. Clients can be programmed to use context to take the most appropriate action (fail, proceed, warn, etc).

Besides building a better contact management application, how could context be useful? Recently Givoanni Bartolomeo described a similar problem the linked data community is trying to address. For those of you who don’t know, there are billions of linked data “triples” that have been published by governments and other organizations: for example, meteorological information, agricultural data, economic data. Linked data has enabled the publication of lots of useful non-confidential data. The challenge is how to resolve triples published from different sources about the same data? For example: The University of Rome is Good; The University of Rome is Bad? How do you differentiate two contradictory triples. This is another example of how context makes all the difference.

Be sure to subscibe to
our RSS Feed

Mike Schwartz

Mike has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a featured speaker at RSA Conference, Gartner Catalyst, Cloud Identity Summity (now "Identiverse") and many other security conferences around the world.

Reader Interactions