W3C home > Mailing lists > Public > public-xg-webid@w3.org > December 2011

RE: default hashtags

From: Peter Williams <home_pw@msn.com>
Date: Fri, 2 Dec 2011 13:20:13 -0800
Message-ID: <SNT143-W11C904E8A3F3D517646C9292B60@phx.gbl>
To: <kidehen@openlinksw.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>

Hmm. I dont know what to do, despite all the words :-). I dont know it FCNS test site is conforming or not, in its ACCEPT behaviour. I do know that anyone can mint a cert, and anyone can stick any crap in one (particularly the self-signed variety). I do know that anyone can get a 90day eval of windows 2008 R2 EE and run a Windows CA themselves, into whose certs the admin can stick any old crap... I know that installing openssl binaries is a matter of no-effort, as is running its little command line tool. Running makecert.exe is not much harder in the windows installs of a million developers using microsoft compilers. (Remembering the ever-moving path to its bin directory is the hardest part.)  I do know that validation agents are responsible for formulating the query, and choosing which URIs of the n options **to try** to dereference. They have responsibility for filtering the URIs *suggested*, that is. Are we saying that a good/better validation agent would IGNORE certain URIs if they dont meet some rule? If so, the spec needs to say it, specific it, or give a big hint how important it is. Could we say that UNLESS you have an RDFS reasoner attached to engine evaluating the ASK query, that you ignore this or that of the URI set, if it does or does not terminate with / or a hashtag?? That seems perfectly reasonable counsel to give implementors.  Our  goal is not to make the most complicated way ever designed of screen scraping 2 strings from a text file on a TCP/IP port. It has now to justify all the complexity because the side-effects are WORTH IT. And this means, the semantic web BENEFITS have to now shine (and without being a pain in the ass, reuqireing special web servers, or requiring a PhD in querying). Anyone who has done a a 2 week course in prolog should be able to handle this. For example, in my code, I rejected those URIs whose servers would not give me an OK, for a GET on the URI. I.e. if the site redirected me, I ignore the URI from the cert (and moved onto the next one, in ASN.1 order). This is the kind of advice the spec needs to give. It *can* give required handling rules. The rules need NOT to be idealisms or super-correctness as in a academic programming exam, but what facilites WEBID adoption based on *value*. yes, I want now to know HOW (and when) to exploit equivalencies, so that I can compute the foaf card of the user from my local triple store AND the graph pointed to by the webid. Then, semantic web and foaf cards start to get real. Im doing something I cannot easily, otherhwse.    
 Date: Fri, 2 Dec 2011 15:29:47 -0500
From: kidehen@openlinksw.com
To: public-xg-webid@w3.org
Subject: Re: default hashtags


  


    
  
  
    On 12/2/11 1:50 PM, Peter Williams wrote:
    
      
      
         

         

        The test site is behaving as I want (though I dont know if its
        conforming, or going "beyond" the spec). its natural, and
        useful. It works well with the same blogsite also serving as an
        openid delegation point.

         

        To accomplish the following, all I did was what is "user
        natural". I took my RDFa from the spec, changed the mod value,
        changed to integer typing for the exponent, duplicated that
        ...so a second graph has localid of #, added an openid relation
        to the #-=identiied graph, and made a cert with 3 URIs, as shown
        below.

         

        If the following holds true to the spirit of this movement, Ill
        stop putting #tags in the URIs of my certs (assuming that the
        RDFa marks the graph with the default # tag).

         

         

         

        
          
            
              

                * Checking ownership of certificate (public key matches
                private key)... PASSED (Reason:
                  GENEROUS)

                

                * Checking if certificate contains URIs in the
                subjectAltName field... PASSED

                

                * Found 3 URIs in the certificate (a maximum of 3 will
                be tested).

                

                * Checking URI 1 (http://yorkporc.blogspot.com/)...

                - Trying to fetch and process certificate(s) from webid
                profile... 

                Testing if the modulus representation matches the one in
                the webid (found a modulus value)...

                

                Testing modulus... PASSED

                WebID=b94692148969aeb.......c165dfa03526b25

                Cert =b94692148969aeb.......c165dfa03526b25

                

                Match found, ignoring futher tests!

                

                * Authentication successful!

              
            
          
        
        

        

        Your certificate contains the following WebIDs:

        

        
          http://yorkporc.blogspot.com/ 
          http://yorkporc.blogspot.com/# 
          http://yorkporc.blogspot.com/2011/11/2uri.html#me 
        
        

        The WebID URI used to claim your identity is:

        

        
          http://yorkporc.blogspot.com/ (your claim was SUCCESSFUL!) 

          
        
      
    
    

    Your choice of "/" or "#" terminated URI re. WebID verification is
    important since we are using hyperlinks as object names/handles
    rather than object access addresses (URLs). Basically, good old
    indirection based data access by reference. This fidelity comes into
    play when you actually put WebID to use performing basic equivalence
    reasoning. This is why http: scheme hyperlinks are unintuitive
    object identifiers since they are more commonly used as resource
    access addresses. This is why a mailto: scheme URI + Webfinger
    within context of WebID works more intuitively, you don't have the
    burden of Name or Address disambiguation. Of course, you then end up
    with a different cost re. data access, but that's covered on the XRD
    front via hammer stack [1].

    

    

    The SPARQL ASK is of the form:

    

    PREFIX :<http://www.w3.org/ns/auth/cert#>
    

    PREFIX xsd:<http://www.w3.org/2001/XMLSchema#>
    

    ASK {
    

    <ObjectID-Which-Maybe-Hash-or-Slash-terminated> 
    :key [
    

    :modulus "{modulus}"^^xsd:hexBinary;
    

    :exponent "{exponent}"^^xsd:integer;
    

    ] .
    

    }
    

    

    For now, I encourage you to stick with keeping the "#" in use while
    in user mode. 

    

    Links:

    

    1. http://hueniverse.com/2009/03/the-discovery-protocol-stack/ --
    hammer stack. 

    

    

    Kingsley

    
      
        
           
        
        
          Date: Fri, 2 Dec 2011 13:18:26 -0500

          From: kidehen@openlinksw.com

          To: public-xg-webid@w3.org

          Subject: Re: default hashtags

          

          
          On 12/2/11 12:53 PM, Peter Williams wrote:
          
            
             My brain is such that I dont remember
              technical stuff for more than a few months, unless its
              refreshed. I dont remember the rules of hashtags, anymore.

               

            
          
          
            if I put http://yorkporc.blogspot.com/ 
              in the SAN URI of the certs, will hat get treated asIf http://yorkporc.blogspot.com/#
              for the purposes of SPARQL ASK?

               

              Im hoping I can change my graph in my webid profile to
              stop using #me as the RDFa-coded graph's localid, but use
              # instead, so the above would all dereference

               

              Does it?

               

              If it doesnt happen by default, is there any statement I
              could put in my graph at http:/yorkporc.blogspot.com/#me
              today to that would induce the validation agent
              doing SPARQL ASK (when agumented with an RDFS reasoner,
              perhaps) to have view SAN URI of http://yorkporc.blogspot.com/  

              asIF http://yorkporc.blogspot.com/#
              (and/or http:/yorkporc.blogspot.com/2uri.html#me)

               

               

            
          
          

          Use: http:/yorkporc.blogspot.com/#me
          (which is what has to be in the cert. SAN) for SPARQL ASK
          query patterns, that URI identifies the entity that has a
          relation with the modulus and exponent parts of the "mirrored
          claims" held in the IdP hosted profile graph. 

          

          BTW - you still have the issue of retrieving the profile
          graph. This is where the FROM clause comes into play re. some
          SPARQL engines. For instance, Virtuoso (our engine) will
          perform an HTTP GET subject to in-built cache invalidation
          rules. Of course, you can override using pragmas.

          

          -- 

Regards,

Kingsley Idehen	      
Founder & CEO 
OpenLink Software     
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen





        
      
    
    

    

    -- 

Regards,

Kingsley Idehen	      
Founder & CEO 
OpenLink Software     
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen




 		 	   		  
Received on Friday, 2 December 2011 21:20:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 2 December 2011 21:20:52 GMT