A link contract is an approach to data control in a distributed data sharing network. Link contracts are a key feature of the XDI specifications under development at OASIS.
In XDI, a link contract is a machine-readable XDI document that governs the sharing of other XDI data. Unlike a conventional Web link, which is essentially a one-dimensional "string" that "pulls" a linked document into a browser, a link contract is a graph of metadata (typically in JSON) that can actively control the flow of data from a publisher to a subscriber by either "push" or "pull". The flow is controlled by the terms of the contract, which can be as flexible and extensible as real-world contracts, i.e., link contracts can govern:
- Identification: Who are the parties to the contract?
- Authority: Who controls the data being shared via the contract?
- Authentication: How will each party prove its identity to the other?
- Authorization: Who has what access rights and privileges to the data?
- Scope: What data does it cover?
- Permission and Privacy: What uses can be made of the data and by whom?
- Synchronization: How and when will the subscriber receive updates to the data?
- Termination: What happens when the data sharing relationship is ended?
- Recourse: How will any disputes over the contract be resolved?
Like real-world contracts, link contracts can also refer to other link contracts. Using this design, the vast majority of link contracts can be very simple, referring to a very small number of more complex link contracts that have been carefully designed to reflect the requirements of common data exchange scenarios (e.g., business cards, mailing lists, e-commerce transactions, website registrations, etc.)
Link contracts have been proposed as a key element of digital trust frameworks such as those published by the non-profit Open Identity Exchange.