W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

RE: slow down and organize

From: peter williams <home_pw@msn.com>
Date: Wed, 23 Feb 2011 17:33:27 -0800
Message-ID: <SNT143-ds1714F7E2AF420BDC2D057892DA0@phx.gbl>
To: "'Cosimo Streppone'" <cosimo@opera.com>, <public-xg-webid@w3.org>
Today,

In installed Cygwin on windows, all features. This includes gnutls: simple client, simple service, certtool - for making cert credentials and cert chains.

I simply followed in the info showing how to use gnutls's certtool(1), which mints various credentials in .pem "format" for a CA, a SSL server, a SSL client, and even a client proxy credential. It also exported a .p12 file, of the client  credentials which I imported in opera. The whole thing took 1 hour. It was easier than using openssl(1) tool chain.

I started up the gnutls server in a command line window, and made opera connect to the port. The two did mutual auth (using DHE_RSA) with the usual UI dialogs. This took 15m, while I learned my way around opera.

Ok. End of TLS.

Then I did the same with Mirc (an IRC client) talking to an IRC server (though not W3C's). See here <http://yorkporc.wordpress.com/2011/02/23/mirc-mutual-auth-using-tls/> , where mirc imported not the client's .p12 file but the .p12's underlying the private and public key files, generated by gnutls. The mirc client and some IRC server did TLS mutual auth, producing the output shown. I half remember doing this 6 years ago (when last toying with IRC).

What I want now is someone to provide an internet-visible RESTful web service. I want to post (1) a URI in 1 arg, and (2) the base64-encoded client cert in 2nd arg. The webservice has to (a) pull the FOAF card at arg#1 (b) run some or other suitable sparql query against the  foaf card, and (c) send back found/not-found text in the HTTP response, should the sparql query determine that the public key in arg#2 is (not) present in the foaf card's triples.

That's it.

If someone could write that webservice (totally hiding semweb and sparql from me), I'll alter the gnutls protocol engine at the server so it makes the webservice call, and acts on the response.

Then, I'll see if I can find the code for the irc server shown, and try to code the same service call.


-----Original Message-----
From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org] On Behalf Of Cosimo Streppone
Sent: Wednesday, February 23, 2011 4:45 PM
To: public-xg-webid@w3.org
Subject: Re: slow down and organize

On Thu, 24 Feb 2011 06:08:04 +1100, Henry Story <henry.story@bblfish.net>
wrote:

> On 23 Feb 2011, at 18:49, Nathan wrote:
>
>> I admit it, I've lost track - to be honest I think almost everybody 
>> has, can somebody who hasn't lost track write up a mail explaining 
>> where we are now?
>
> [...]
>
> What we are interested is is simply put RESTful, web architecture, 
> Linked data ready, browser enabled secure authentication, [...]
>
> [...]
>
> agree. I would like  to do some development work for Clerezza myself, 
> and work on the Federated Social Web Incubator group.

Thanks Nathan for bringing this up, and thanks Henry for being very open and clear about the status.

I feel a bit overwhelmed too.

I'm trying to get a hold of WebID, and I'm still stuck at the basic concept of it unfortunately.
Following the various threads I often encounter new (for me) technologies and concepts that make it difficult for me to focus and get "the picture". Everyone fully understands X.509?

All of this despite having worked for the last few years with several authentication systems, having implemented a full multi-service OAuth provider, and a single sign on system.

Maybe I just don't get it. That is indeed possible :)

If we want wide adoption, from a developer and software architect perspective, we should aim at really simplifying. And having clear examples. I'm totally willing to help with that, but please don't make me install a Java based server just for that :)

I had never heard of Clerezza before, and I tried to look up its documentation, but it feels like a giant beast. Do I need it to get WebID up and running?

Focusing more on the Opera perspective, we have millions of users and we make a browser. You can see that WebID can be a very useful technology, but it also has to be accessible to developers to succeed.

So, in the end, please feel free to point me to anything I have missed or misunderstood.

--
Cosimo
Received on Thursday, 24 February 2011 01:34:02 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC