1. Protocol Overview

The Digital Object Identifier Resolution Protocol (DO-IRP) is a core component of the Digital Object Architecture (DOA). It is an application-layer network protocol designed to manage and resolve unique, persistent identifiers in distributed network environments.

DO-IRP establishes a secure and reliable binding between an identifier and its state information, represented by an identifier record. Given an abstract identifier such as 86.1000/123, a client can locate and retrieve associated metadata, access locations, fingerprint information, or authorization policies.

The DO-IRP v3.0 specification discussed here was released by the DONA Foundation on June 30, 2022. It is intended to supersede the earlier Handle System Protocol (RFC 3650-3652) and provide a more neutral, general-purpose identifier resolution service.


2. Core Design Principles

DO-IRP differs from conventional DNS and URL-redirection protocols by emphasizing three core properties.

2.1 Decoupling Identifiers from Locations

DO-IRP does not directly transfer files or data streams. Instead, it resolves an Identifier Record. The identifier remains persistent while the underlying data location, such as a URL, IP address, or cloud-storage path, may change. Resolving the identifier record decouples the logical identifier from its physical location and preserves long-term identity.

2.2 Fine-Grained Administrative Authority

Unlike DNS, where administration is generally scoped to a zone, DO-IRP supports highly granular administrative control.

  • Independence: each identifier can have its own administrator.
  • Access control: the protocol includes PKI-based access control. Read and write permissions can be defined independently for each record element. For example, an element may be publicly readable while modifications require an administrator holding a specific private key.

2.3 Distributed and Federated Architecture

DO-IRP is designed for distributed deployment.

  • Two-level resolution architecture: a client first contacts a Prefix Registration Service (PRS), which is analogous to a root service, to discover the Local Identifier Service (LIS) responsible for the identifier. The client then contacts the LIS directly to retrieve the data.
  • Service autonomy: organizations can operate their own Local Identifier Services and independently manage identifiers in their namespaces while remaining interconnected through the global root service.

3. Key Capabilities

DO-IRP defines two primary classes of service operations:

  1. Resolution services:
    • Retrieval: a client submits an identifier and receives a structured identifier record containing elements such as URLs, public keys, fingerprints, and metadata.
    • Type filtering: a client can request only selected data, such as the URL or public key associated with an identifier.
  2. Administration services:
    • Lifecycle management: create and delete identifiers.
    • State maintenance: add, modify, and remove individual information elements in an identifier record.
    • Authority management: update administrative permissions and authentication keys online.

4. Application Scenarios

DO-IRP is applicable where data interoperability and resource management must span systems and organizations.

4.1 Persistent Identifier Systems

This is the canonical DO-IRP use case, as seen in systems such as DOI.

  • Scenario: scholarly papers, datasets, standards, and similar resources require permanent references that remain valid even when the hosting server or domain changes.
  • Role of DO-IRP: resolving the identifier dynamically returns the resource’s current URL or metadata, preserving the durability of the reference.

4.2 Cross-Domain Data Sharing and Data Networking

  • Scenario: in data-networking or industrial-internet environments, data is distributed across private organizational domains. A unified identifier system connects these isolated data assets.
  • Role of DO-IRP: each organization runs its own DO-IRP service, or LIS, and registers identifiers for its data assets. External systems resolve those identifiers to obtain access endpoints, such as API addresses, schema descriptions, and authorization policies. The data remains in place while identifiers provide interoperability.

4.3 Digital Object Lifecycle Management

  • Scenario: the properties of digital assets, such as copyrighted files or medical records, change as the assets are created, transferred, and archived.
  • Role of DO-IRP: applications use administration operations to update state fields such as Timestamp and Status in real time, allowing the identifier record to serve as a dynamic identity record for the digital object.

4.4 Identity and Public-Key Infrastructure Management

  • Scenario: entities in IoT and distributed systems require unique identities and authentication.
  • Role of DO-IRP: an identifier serves as the unique device ID, while the identifier record stores the device public key in an HS_PUBKEY element. A system resolves the ID to retrieve the key, verify device signatures, or establish an encrypted channel. This can support decentralized authentication without relying on a conventional CA certificate chain.

4.5 Service Discovery and Routing

  • Scenario: microservices and distributed-computing systems need to locate concrete service instances from logical names.
  • Role of DO-IRP: the logical name is registered as an identifier, and service instance details such as IP address, port, and protocol version are stored in the record’s HS_SITE element. Resolving the identifier dynamically discovers available service nodes.

5. Protocol Advantages

DO-IRP addresses identifier-management limitations in existing Internet architecture. Compared with conventional network protocols, it offers the following advantages.

5.1 Built-In, Fine-Grained Security

  • Self-contained security mechanisms: DO-IRP does not rely on external security facilities such as SSL/TLS certificate chains. Public keys can be stored directly as elements in identifier records, and the protocol defines a public/private-key challenge-response authentication flow, providing native security at the protocol layer.
  • Fine-grained permissions: each Element in an identifier record can have independent read and write permissions, including Public Read, Admin Write, and Admin Read. Administrators can also receive different operation privileges, such as permission to add identifiers without permission to delete them.

5.2 High Availability and Performance

  • Flexible deployment architecture: a service site can contain multiple primary or mirror nodes. Multiple servers within a site distribute load through a hashing algorithm and reduce single points of failure.
  • Multi-level caching: TTL-based caching is defined for clients and servers, reducing network round trips and improving resolution efficiency.

5.3 Transport Independence

  • DO-IRP is an application-layer protocol and is not bound to a single transport. Although the specification recommends TCP or UDP, the protocol can also be tunneled over HTTP or HTTPS. This allows it to traverse firewalls and integrate with existing Web architectures.

5.4 Internationalization

  • The protocol requires UTF-8 encoding, so identifiers and associated metadata can contain characters from any language without additional transcoding or extension packages.

6. Technical Characteristics

This section summarizes the protocol’s technical architecture and operating model.

6.1 Flat and Structured Data Model

  • Identifier structure: identifiers use a prefix/suffix structure. A global registration authority assigns prefixes to ensure uniqueness across organizations, while each organization independently manages its suffixes. Suffixes may contain arbitrary levels without imposing a tree structure.
  • Identifier Record structure: unlike DNS responses that commonly return addresses, a DO-IRP resolution result is a structured record containing multiple Elements. Each Element has a Type, Value, Index, and TTL, allowing one identifier to reference heterogeneous data such as URLs, email addresses, public keys, and fingerprints.

6.2 Client-Server Interaction Model

  • The protocol uses a conventional request-response model. A client sends a request containing an OpCode, and the server returns a result containing a ResponseCode.
  • Session management allows peers to establish a shared key after one handshake. Subsequent requests can use encryption (ENC) or message authentication (MAC), improving the efficiency and security of repeated operations.

6.3 Two-Stage Resolution

  • Resolution is logically divided into two stages. The client first queries the root service by Prefix to obtain the responsible local Service Info, then connects directly to that local service to retrieve the identifier record. This design supports horizontal scalability.

The following table compares DO-IRP with DNS and LDAP to clarify their respective roles.

FeatureDO-IRP (Digital Object Resolution)DNS (Domain Name System)LDAP (Directory Service)
Primary purposeResolve persistent identifiers and manage metadata and stateResolve domain names to IP addresses and support service discoveryStore and retrieve internal user and resource directory information
Data modelIdentifier Record containing multiple typed, indexed data elementsResource Records (RRs) with fixed types such as A, AAAA, and MX and relatively simple structuresDirectory Information Tree (DIT) with strongly hierarchical, attribute-based entries
PersistenceHigh: identifiers are decoupled from physical locations, so location changes do not alter identifiersMedium: domains are generally bound to addresses or services and records must be updated when they changeMedium: directory trees often reflect organizational structures and may require restructuring after organizational changes
SecurityBuilt in: native PKI support, per-element permissions, and digital signaturesAdded separately: relies on DNSSEC, while basic DNS has no authentication mechanismTransport-dependent: commonly relies on SSL/TLS and includes comparatively complex ACLs
Administrative granularityVery fine: each identifier may have an independent administrator and each element may have distinct permissionsCoarse: zone-based management cannot assign a separate administrator key to an individual domain nameFine: supports attribute-based access control
Architectural flexibilityHigh: a prefix/suffix structure and flat administration facilitate cross-organizational federationLow: a strict hierarchy concentrates control at the rootMedium: a strict hierarchy can make cross-organizational searches slower
Typical scenariosCross-system data exchange, PID systems such as DOI, and IoT device identitiesWebsite access, mail routing, and infrastructure addressingEnterprise employee management and SSO identity sources

Summary

  • DNS acts like the Internet’s phone book. It quickly translates human-readable names into machine-readable addresses, but provides limited complex data description and no native security in its basic form.
  • DO-IRP acts as an identity system for digital objects. It can locate an object, authenticate its identity, and carry important object attributes, making it suitable as a data-exchange layer between heterogeneous systems.

8. Data Model: Element Definition

In DO-IRP, resolving an Identifier returns an Identifier Record composed of multiple Elements.

8.1 Common Element Structure

Every Element follows the same encoding structure regardless of its type.

FieldType / LengthDescription
IndexU32 (4 bytes)Element index, unique within the identifier record. 0 is reserved and must not be used. Values in the signed range (>= 2^31) should be avoided.
TypeUTF8-StringElement type, encoded as a 4-byte length prefix followed by a UTF-8 string. It defines the format and semantics of <Value>.
ValueByte ArrayElement data, encoded as a 4-byte length prefix followed by the data bytes. Its concrete structure is defined by <Type>.
TTL1 byte + U32Time to live for cache control.
- Type=0: relative time in seconds
- Type=1: absolute time as a Unix timestamp
- Value=0: valid only for the current transaction and must not be cached
PermissionU8 (1 byte)Access-control bitmask defining who may read or modify the Element.
TimestampU32 (4 bytes)Last-modified time as a Unix timestamp in seconds.
References4 bytes + listDeprecated. The specification requires four 0x00 bytes.

Permission Bit Definitions

Permission is an 8-bit bitmask with the following definitions:

BitSymbolDescription
0x01PUBLIC_WRITEAnyone may modify or delete the Element.
0x02PUBLIC_READAnyone may read the Element.
0x04ADMIN_WRITEAn authenticated administrator may modify or delete the Element.
0x08ADMIN_READAn authenticated administrator may read the Element. Without PUBLIC_READ, authentication is required.
High bitsReservedReserved and set to 0.

8.2 Predefined System Types

DO-IRP defines system types with the implicit 0.TYPE/ prefix. Their <Value> fields have specific binary structures.

8.2.1 HS_ADMIN (Administrators and Permissions)

Purpose: identifies who may administer an identifier record and defines the corresponding administrative permissions.

Field OrderTypeDescription
AdminPermissionU16 (2 bytes)Administrative-permission bitmask, defined below.
AdminRefUTF8-String + U32Administrator reference.
- Identifier: identifier containing the administrator record.
- Index: specific Element under that identifier, normally HS_PUBKEY, HS_SECKEY, or HS_VLIST.
- Index=0: match any valid authentication Element in the referenced record.

AdminPermission bit definitions:

Value (Hex)SymbolMeaning
0x0001Add_Identifier[Prefix only] Create a new identifier under this prefix.
0x0002Delete_IdentifierDelete this identifier record.
0x0004Add_Derived_Prefix[Prefix only] Create a derived prefix.
0x0010Modify_ElementModify an Element other than HS_ADMIN.
0x0020Delete_ElementDelete an Element other than HS_ADMIN.
0x0040Add_ElementAdd an Element other than HS_ADMIN.
0x0080Modify_AdminModify an HS_ADMIN Element.
0x0100Remove_AdminDelete an HS_ADMIN Element.
0x0200Add_AdminAdd an HS_ADMIN Element.
0x0400Authorized_ReadRead Elements restricted to ADMIN_READ.
0x0800List_Identifiers[Prefix only] List identifiers under this prefix.
0x1000List_Derived_Prefixes[Prefix only] List derived prefixes.

8.2.2 HS_SITE (Service Site Information)

Purpose: describes a DO-IRP service site’s configuration, server list, and access interfaces.

Top-level HS_SITE structure:

Field OrderTypeDescription
VersionU16Data-format version, currently 1.
ProtocolVersionU16Highest protocol version supported by the site, with Major in the high byte and Minor in the low byte.
SerialNumberU16Serial number incremented on each modification and used by clients to synchronize caches.
PrimaryMaskU8Bit 0 (PrimarySite): whether this is a writable primary site.
Bit 1 (MultiPrimary): whether multiple primary sites exist.
HashOptionU8Identifier hashing algorithm used to locate the responsible server.
0x00: HASH_BY_PREFIX
0x01: HASH_BY_SUFFIX
0x02: HASH_BY_IDENTIFIER
HashFilterUTF8-StringReserved field.
AttributeListListAttribute list encoded as Count (U32) followed by {Key (UTF8), Value (UTF8)} entries. Common keys include desc for description and alt_addr for an alternate address.
NumOfServerU32Number of servers in the site.
ServerRecordListListList of server records, defined below.

ServerRecord structure:

Field OrderTypeDescription
ServerIDU32Server ID unique within the site.
Address16 BytesIPv6 address. An IPv4 address must be represented in IPv6-mapped format.
PublicKeyRecordByte ArrayServer public key encoded as Length (U32) followed by KeyData. It verifies signatures on server responses.
InterfaceListListService-interface list encoded as Count (U32) followed by Interface entries, defined below.

Interface structure:

Field OrderTypeDescription
ServiceTypeU8Service-type bitmask.
0x01: administration only
0x02: resolution only
0x03: administration and resolution
ProtocolU8Transport protocol.
0x00: UDP
0x01: TCP
0x02: HTTP
0x03: HTTPS
PortU32Port number.

8.2.3 HS_PUBKEY (Public Key) / HS_SECKEY (Private Key)

Purpose: stores authentication keys.

Field OrderTypeDescription
KeyTypeUTF8-StringKey-type identifier such as DSA_PUB_KEY or RSA_PUB_KEY.
OptionU16Reserved field.
KeyDataByte ArraysConcrete length-prefixed key parameters.
- DSA: q, p, g, y in that order.
- RSA: exponent, modulus in that order.
Note-The HS_SECKEY Value is the raw key byte stream and should not be granted PUBLIC_READ permission.

8.2.4 HS_VLIST (Value List / Administrator Group)

Purpose: defines a set of references, commonly used to create an administrator group.

Field OrderTypeDescription
CountU32Number of references in the list.
ReferencesListReference list. Each reference contains:
1. Identifier (UTF8-String)
2. Index (U32)

8.2.5 HS_CERT (Certificate) / HS_SIGNATURE (Signature)

Purpose: supports offline data-integrity verification and trust-chain construction. The content is serialized as a JWT (JSON Web Token).

HS_CERT Claims (JSON fields):

Claim KeyDescription
issIssuer, represented as an Identifier or Ref.
subSubject, the authorized party.
publickeySubject public key in JWK format.
permsPermission list, for example {"handle": "prefix/...", "perm": "derivedPrefixes"}.
chainList of trust-chain references.

HS_SIGNATURE Claims (JSON fields):

Claim KeyDescription
subSigned identifier.
digestsDigest object containing alg, the algorithm, and digests, the list of Element digests.
Note: digest computation excludes the Element Index and Timestamp fields.
chainList of trust-chain references.

Other System Types

Type NameDescriptionStructure
HS_SERVService identifier<Value> is a UTF8 string referencing another identifier whose record contains HS_SITE information.
HS_ALIASAlias<Value> is a UTF8 string referencing the target identifier. Resolution should redirect to that target.
HS_SITE.PREFIXPrefix service referralSame structure as HS_SITE. It identifies the service location for a derived prefix through a Prefix Referral.
HS_SERV.PREFIXPrefix service referralSame structure as HS_SERV. It indirectly identifies the service location for a derived prefix.

9 Protocol Message Structure

A DO-IRP message consists of four consecutive parts: Envelope, Header, Body, and Credential.

9.1 Message Envelope

The Envelope has a fixed length of 20 bytes. Figure 6.2.1 divides its first 4 bytes among the version, flag, and suggested-version fields; the remaining 16 bytes carry the session, request, sequence, and message-length fields.

FieldLengthDescription
MajorVersionU8Protocol major version, currently 3.
MinorVersionU8Protocol minor version, currently 0.
Flag3 bitsBit 0 (CP): compression, reserved.
Bit 1 (EC): encryption, indicating whether the Body is encrypted.
Bit 2 (TC): truncation, used as a packet-fragmentation flag.
SuggMajor5 bitsMajor version suggested by the client.
SuggMinorVersU8Minor version suggested by the client.
SessionIdU32Session ID. 0 means no session.
RequestIdU32Request ID generated by the client and echoed in the response.
SequenceNumberU32Fragment sequence number used to reassemble truncated messages.
MessageLengthU32Total message length: Header + Body + Credential.

9.2 Message Header

The Header has a fixed length of 24 bytes. Figure 6.2.2 states that it contains eight fields; the final byte after RecursionCount is unnamed in the diagram and has no separate semantics defined by the specification.

FieldLengthDescription
OpCodeU32Operation code, listed in section 2.2.1.
ResponseCodeU32Response code, listed in section 2.2.2. 0 denotes a request.
OpFlagU32Operation-flag bitmask, listed in section 2.2.3.
SiteInfoSerialNumberU16HS_SITE serial number held by the client.
RecursionCountU8Recursive-query depth counter.
Unnamed fieldU8Unnamed one-byte field in Figure 6.2.2; the specification does not define separate semantics for it.
ExpirationTimeU32Message expiration time in Unix seconds.
BodyLengthU32Message Body length in bytes.

9.2.1 Common OpCode Values

OpCodeSymbolMeaning
1OC_RESOLUTIONResolve an identifier.
2OC_GET_SITEINFORetrieve site information.
100OC_CREATE_IDCreate an identifier.
102OC_ADD_ELEMENTAdd an Element.
104OC_MODIFY_ELEMENTModify an Element.
105OC_LIST_IDSList identifiers under a prefix.
200OC_CHALLENGE_RESPONSESend a challenge response for authentication.
400OC_SESSION_SETUPEstablish a session.

9.2.2 Common ResponseCode Values

CodeSymbolMeaning
1RC_SUCCESSSuccess.
2RC_ERRORGeneral error.
100RC_ID_NOT_FOUNDIdentifier not found.
302RC_SERVICE_REFERRALService referral; the client must redirect.
402RC_AUTHEN_NEEDEDAuthentication required.

9.2.3 OpFlag Values

BitSymbolMeaning
ATAuthoritativeThe request or response is associated with the primary, authoritative site.
CTCertifiedRequest a server signature on the response, including a Message Credential.
ENCEncryptionRequest encryption for session messages.
RECRecursiveRequest recursive resolution by the server.
CNContinuousContinuous message used for chunked transfer of large data, such as List operations.
KCKeep ConnectionKeep the TCP connection open.
POPublic OnlyQuery only Elements with PUBLIC_READ permission.
RDRequest DigestInclude the request digest in the response to detect tampering.
OWEOverwriteOverwrite an existing Element during create or add operations.
MNSMint New SuffixAsk the server to generate a suffix when creating an identifier.
DNRDo Not ReferPrevent the server from returning a Referral and require local processing.

9.3 Message Body

The Body structure depends on OpCode. If the Header’s RD (Request Digest) flag is set, the Body begins with a digest.

Common Body structure:

OrderFieldTypePresence Condition
1RequestDigestStructurePresent only when RD=1 in the Header.
2PayloadVariable lengthDepends on OpCode, such as <Identifier>, <IndexList>, or <ElementList>.

RequestDigest structure:

FieldTypeDescription
AlgorithmU81: MD5, 2: SHA-1, 3: SHA-256.
DigestByte ArrayHash of the original request Header + Body. Its length depends on the algorithm.

9.4 Message Credential

The Credential carries a digital signature or session MAC.

FieldLengthDescription
LengthU32Total Credential length. 0 means no Credential.
Reserved8 BytesReserved and filled with zeros.
SessionCounterU32Session counter used to prevent replay attacks.
TypeUTF8-StringCredential type.
"HS_SIGNED": asymmetric-key signature.
"HS_MAC": symmetric-key MAC.
SignedInfoStructureSignature-information block, defined below.

SignedInfo structure:

FieldTypeDescription
LengthU32Length of the SignedInfo block.
AlgorithmUTF8-StringAlgorithm identifier such as "SHA-256" or "HMAC-SHA256".
SignedDataByte ArraySignature value or MAC value, prefixed by a 4-byte length.

Signature coverage:

  1. Envelope fields (12 bytes): Major/Minor/SuggVersion + SessionId + RequestId.
  2. Credential field (4 bytes): SessionCounter.
  3. The complete Message Header.
  4. The complete Message Body.