A link contract is an approach to data control in a distributed data sharing network. Link contracts are a key feature of the XDI specifications under development at OASIS.

In XDI, a link contract is a machine-readable XDI document that governs the sharing of other XDI data. Unlike a conventional Web link, which is essentially a one-dimensional "string" that "pulls" a linked document into a browser, a link contract is a graph of metadata (typically in JSON) that can actively control the flow of data from a publisher to a subscriber by either "push" or "pull". The flow is controlled by the terms of the contract, which can be as flexible and extensible as real-world contracts, i.e., link contracts can govern:

  • Identification: Who are the parties to the contract?
  • Authority: Who controls the data being shared via the contract?
  • Authentication: How will each party prove its identity to the other?
  • Authorization: Who has what access rights and privileges to the data?
  • Scope: What data does it cover?
  • Permission and Privacy: What uses can be made of the data and by whom?
  • Synchronization: How and when will the subscriber receive updates to the data?
  • Termination: What happens when the data sharing relationship is ended?
  • Recourse: How will any disputes over the contract be resolved?

Like real-world contracts, link contracts can also refer to other link contracts. Using this design, the vast majority of link contracts can be very simple, referring to a very small number of more complex link contracts that have been carefully designed to reflect the requirements of common data exchange scenarios (e.g., business cards, mailing lists, e-commerce transactions, website registrations, etc.)

Link contracts have been proposed as a key element of digital trust frameworks such as those published by the non-profit Open Identity Exchange.

See also

edit
edit