- From: Peter Williams <home_pw@msn.com>
- Date: Wed, 16 Nov 2011 19:16:13 -0800
- To: <kidehen@openlinksw.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
- Message-ID: <SNT143-W4845B7CE6EFBB7F084A61092C70@phx.gbl>
If I simply run virtuoso, or were to build a plugin for it, or use its endpoint's validation service (that I know you built, trying to accomodate me and my desire to have a really simple technology that fits first year visual basic programmers), I doubt it would count as "my" implementation. I think folks want to see code that others can reuse. Now, there are 15 other implementations to review, too. so I see what everyone else has done. I can compare and contrast these. Ill write it all up on my blog site, as I find them. I can soon assess the maturity, if they are in source. Ill be as critical as I can, so we can see what its true and what is hype. Ill try to match the third quartile, in demonstrability of what the webid spec actually says. Hows that? So, I start; it should be fun doing this tonight - seeing what .NET 4.0 and MVC 4.0+ offer that the world of .NET 3.5 didnt, in the world of the semantic web (and webid related topics, specifically). The world of websso in windows has gone from prototypes to mainstream in that time. TLS 1.2 has matured a lot, too, and we can see if the windows native platform programmer has anything to leverage with now that was unavailable back then, in the SSL socket arena. I think the criteria of what constitues a "webid" implementation (vs a semantic web "application" that happens to exploit webid authentication events) is that the webapp offers endpoints that implement the REST verbs exclusively (per the true semantics), seeks and handles inbound self-signed client certs using only TLS 1.0, de-references the URI within, pulls the resouce using caching headers and can work with a client side cache, parses and handles the (cached) graph identified by the URI, and then locally performs the spaql query folks taught me to do here (updated for some new terms in the syntax). Ive understood that I AM ALLOWED session cookies, and that webid-powered site now has the notion of a loggedin/loggedout "state". If I can make an ASP.NET site interact with webid-powered users, it seems useful to then make that site interact then with an IIS-hosted joomla - where I have already leveraged (using my rapidly improving php skills) an assertion handling framework that allows a session minted on A site to auto-mint a session on B. Would making joomla appear to be webid-powered (when hosted on windows) count as a useful contribution, though? My thoughts are that once joomla works, drupal would follow easily afterwards, since the techniques Im using to mint user sessions on joomla are largely the same as are found in the drupal world. I think its great the smenatic web has adopted sessions. Now lots of session management technologies can be used to mint them, manage them, etc - gated by the webid authentication controls.Date: Wed, 16 Nov 2011 21:32:30 -0500
From: kidehen@openlinksw.com
To: public-xg-webid@w3.org
Subject: Re: henry and code
On 11/16/11 8:43 PM, Peter Williams wrote:
I really ought to ask:
does anyone have an EXISTING source implementation of
webid relying party that runs on windows (AND is built using
native microsoft technologies).
Running virtuoso on linux in a vmware linux emulator...
does NOT count.
Virtuoso is a cross platform product. It runs natively on Windows,
Mac OS X, Linux, Solaris etc.. That's how we roll :-)
Running a POSIX process under cygwin similarly does NOT
count.
If not, there is obviously a major hole in this
implementation community.
If someone has a joomla controller/plugin/module for
joomla tuned to webids, also let me know. We have joomla
running under IIS on Windows, finally.
Virtuoso is also a serious .NET host, a few moons ago, it included
Mono hosting when we assumed Novell and co. would actually make
something of cross platform .NET.
We are not a covert Linux only play. Neither are we a so called Open
Source Stack play. Virtuoso is about real platform independence.
Is there a updated foaf.me certificate issuing site which
produces a XML graph with the VERY latest syntax for the
webid statements?
Is there an updated mywiki certificate issuing site,
which produces an RDFa serialized graph (with the very
latest...syntax)?
Its obvious that my experiments to host XML files with
RDF graphs on cloud file servers, and then RDFa XML elements
on consumer-facing blog sites (e.g. wordpress) have failed.
Wordpress has failed, neither has Twitter, LinkedIn, Facebook, or
any of these other Web 2.0 oriented data spaces.
Hopefully, I'll be showing off certificates that have ProxyURI based
WebIDs. Basically, a layer of abstraction atop our Web 2.0 drivers
that enables any relying agent built for WebID to leverage the
aforementioned data spaces as players in the IdP space.
I'll just give up on that tack, and assume sites like
foaf.me will mint and host the user's graphs.
Hopefully you've digested my comments.
What webid needs is lots of relying party sites that
consume the webid claims, and guard access to the content
using the semantic web.
I think more about the WWW as a navigable Linked Data Space. Adding
semantics to its hyperlink based tapestry enables smart processing
of claims that form the basis of verifiable identity. Syntax and
stack wars are the only impediments to current visibility. The whole
thing is actual here right now !!
Kingsley
From: home_pw@msn.com
To: public-xg-webid@w3.org
Subject: henry and code
Date: Wed, 16 Nov 2011 17:14:18 -0800
Henry has (appropriately) challenged me to produce a
(modern) implementation of webid (by which he means an http
responder that pings the URL of an inbound TLS 1.0 client
cert and verifies if a graph exists at that URI, by
considering the relevant statements. In essense, the
verifying routine performs a sparql query having downloaded
a graph from a file. Having done so, it should mint a
session using some platforms session management
infrasructure.
Im happy to do so, upgrading the code I distributed publicly
for webid a long time ago - still available publicly. As he
says in his private email, its time. The code I distributed
a long time is 2 years out of date, and represented the
dotNet 3.5 community (furthermore), and its (then) luke walm
adoption of RESTful technologies. Things have changed a lot
in the last 2 years in the windows world; even in real
estate I got to offer custom RSS feeds for the first time
(full of SSO URI that pass session between sites, rather
than blog content).
Shall we say 7 days from now? What I propose to do is take
the microsoft webmatrix download (which incidentally
self-hosts joomla, drupal and wordpress instances, whose
(wordpress) SIOC plugins Ive been exploiring all day) and
modify the ASP.NET application which Microsoft distributes
as a model of how relying parties site really ought to work
with IDPs. Out of the box, it comes with openid, and OAUTH
protocol support (but not browserID); being aimed at web
masters (vs web developers). I propose I make it also accept
https with client certs, where the interceptor validates the
webid claims; minting a local session using webid as an
authentication mechanism, as an alternative to redirecting
to facebook, google, hotmail, etc.
It will be useful to see how Windows has evolved in the
RDF/semantic area, in those 2 years.
--
Regards,
Kingsley Idehen
President & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Received on Thursday, 17 November 2011 03:16:43 UTC