W3C home > Mailing lists > Public > public-xg-webid@w3.org > November 2011

RE: henry and code

From: Peter Williams <home_pw@msn.com>
Date: Wed, 16 Nov 2011 19:16:13 -0800
Message-ID: <SNT143-W4845B7CE6EFBB7F084A61092C70@phx.gbl>
To: <kidehen@openlinksw.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>

 If I simply run virtuoso, or were to build a plugin for it, or use its endpoint's validation service (that I know you built, trying to accomodate me and my desire to have a really simple technology that fits first year visual basic programmers), I doubt it would count as  "my" implementation.  I think folks want to see code that others can reuse.  Now, there are 15 other implementations to review, too. so I see what everyone else has done. I can compare and contrast these. Ill write it all up on my blog site, as I find them. I can soon assess the maturity, if they are in source. Ill be as critical as I can, so we can see what its true and what is hype. Ill try to match the third quartile, in demonstrability of what the webid spec actually says. Hows that? So, I start; it should be fun doing this tonight - seeing what .NET 4.0 and MVC 4.0+ offer that the world of .NET 3.5 didnt, in the world of the semantic web (and webid related topics, specifically). The world of websso in windows has gone from prototypes to mainstream in that time. TLS 1.2 has matured a lot, too, and we can see if the windows native platform programmer has anything to leverage with now that was unavailable back then, in the SSL socket arena.  I think the criteria of what constitues a "webid" implementation (vs a semantic web "application" that happens to exploit webid authentication events)  is that the webapp offers endpoints that implement the REST verbs exclusively (per the true semantics), seeks and handles inbound self-signed client certs using only TLS 1.0, de-references the URI within, pulls the resouce using caching headers and can work with a client side cache, parses and handles the (cached) graph identified by the URI, and then locally performs the spaql query folks taught me to do here (updated for some new terms in the syntax). Ive understood that I AM ALLOWED session cookies, and that webid-powered site now has the notion of a loggedin/loggedout "state". If I can make an ASP.NET site interact with webid-powered users, it seems useful to then make that site interact then with an IIS-hosted joomla - where I have already leveraged (using my rapidly improving php skills) an assertion handling framework that allows a session minted on A site to auto-mint a session on B.  Would making joomla appear to be webid-powered (when hosted on windows) count as a useful contribution, though? My thoughts are that once joomla works, drupal would follow easily afterwards, since the techniques Im using to mint user sessions on joomla are largely the same as are found in the drupal world. I think its great the smenatic web has adopted sessions. Now lots of session management technologies can be used to mint them, manage them, etc - gated by the webid authentication controls.Date: Wed, 16 Nov 2011 21:32:30 -0500
From: kidehen@openlinksw.com
To: public-xg-webid@w3.org
Subject: Re: henry and code


  


    
  
  
    On 11/16/11 8:43 PM, Peter Williams wrote:
    
      
      
        

         

        
          I really ought to ask:
           
          does anyone have an EXISTING source implementation of
            webid relying party that runs on windows (AND is built using
            native microsoft technologies). 
           
          Running virtuoso on linux in a vmware linux emulator...
            does NOT count.
        
      
    
    

    Virtuoso is a cross platform product. It runs natively on Windows,
    Mac OS X, Linux, Solaris etc.. That's how we roll :-)

    

    
      
        
           Running a POSIX process under cygwin similarly does NOT
            count. 
           
          If not, there is obviously a major hole in this
            implementation community.
           
          If someone has a joomla controller/plugin/module for
            joomla tuned to webids, also let me know. We have joomla
            running under IIS on Windows, finally.
           
        
      
    
    

    Virtuoso is also a serious .NET host, a few moons ago, it included
    Mono hosting when we assumed Novell and co. would actually make
    something of cross platform .NET. 

    

    We are not a covert Linux only play. Neither are we a so called Open
    Source Stack play. Virtuoso is about real platform independence.

    

    

    
      
        
          Is there a updated foaf.me certificate issuing site which
            produces a XML graph with the VERY latest syntax for the
            webid statements? 
           
          Is there an updated mywiki certificate issuing site,
            which produces an RDFa serialized graph (with the very
            latest...syntax)?
           
          Its obvious that my experiments to host XML files with
            RDF graphs on cloud file servers, and then RDFa XML elements
            on consumer-facing blog sites (e.g. wordpress) have failed.
        
      
    
    

    Wordpress has failed, neither has Twitter, LinkedIn, Facebook, or
    any of these other Web 2.0 oriented data spaces. 

    

    Hopefully, I'll be showing off certificates that have ProxyURI based
    WebIDs. Basically, a layer of abstraction atop our Web 2.0 drivers
    that enables any relying agent built for WebID to leverage the
    aforementioned data spaces as players in the IdP space. 

    

    
      
        
           I'll just give up on that tack, and assume sites like
            foaf.me will mint and host the user's graphs.
        
      
    
    

    Hopefully you've digested my comments. 

    
      
        
           
          What webid needs is lots of relying party sites that
            consume the webid claims, and guard access to the content
            using the semantic web.
        
      
    
    

    I think more about the WWW as a navigable Linked Data Space. Adding
    semantics to its hyperlink based tapestry enables smart processing
    of claims that form the basis of verifiable identity. Syntax and
    stack wars are the only impediments to current visibility. The whole
    thing is actual here right now !!

    

    Kingsley 

    
      
        
           
           
           
          From: home_pw@msn.com

          To: public-xg-webid@w3.org

          Subject: henry and code

          Date: Wed, 16 Nov 2011 17:14:18 -0800

          

          
          
          
            

            Henry has (appropriately) challenged me to produce a
            (modern) implementation of webid (by which he means an http
            responder that pings the URL of an inbound TLS 1.0 client
            cert and verifies if a graph exists at that URI, by
            considering the relevant statements. In essense, the
            verifying routine performs a sparql query having downloaded
            a graph from a file. Having done so, it should mint a
            session using some platforms session management
            infrasructure.

             

            Im happy to do so, upgrading the code I distributed publicly
            for webid a long time ago - still available publicly. As he
            says in his private email, its time. The code I distributed
            a long time is 2 years out of date, and represented the
            dotNet 3.5 community (furthermore), and its (then) luke walm
            adoption of RESTful technologies. Things have changed a lot
            in the last 2 years in the windows world; even in real
            estate I got to offer custom RSS feeds for the first time
            (full of SSO URI that pass session between sites, rather
            than blog content).

             

            Shall we say 7 days from now? What I propose to do is take
            the microsoft webmatrix download (which incidentally
            self-hosts joomla, drupal and wordpress instances, whose
            (wordpress) SIOC plugins Ive been exploiring all day) and
            modify the ASP.NET application which Microsoft distributes
            as a model of how relying parties site really ought to work
            with IDPs. Out of the box, it comes with openid, and OAUTH
            protocol support (but not browserID); being aimed at web
            masters (vs web developers). I propose I make it also accept
            https with client certs, where the interceptor validates the
            webid claims; minting a local session using webid as an
            authentication mechanism, as an alternative to redirecting
            to facebook, google, hotmail, etc.

             

            It will be useful to see how Windows has evolved in the
            RDF/semantic area, in those 2 years.

             

             

          
        
      
    
    

    

    -- 

Regards,

Kingsley Idehen	      
President & CEO 
OpenLink Software     
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen




 		 	   		  
Received on Thursday, 17 November 2011 03:16:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 17 November 2011 03:16:44 GMT