Re: spec is good

On 11/27/11 2:00 AM, Peter Williams wrote:
> *Im feeling a lot better about the spec, now Ive been through most of 
> a first implementation letting what it says actually lead my thinking.
>
> My old dotNet stuff continued to work fine when reduced to now 50 
> lines working on IIS, and on using the morph translation service that 
> guesses the format of document at the webid URI and gives me rdf/xml 
> (which my statement analyzer can handle). Morph seemed perfectly happy 
> to parse the RDFa graph at blogspot, despite it being surrounded by 
> interactive HTML body elements. This is all making me feel very good. 
> This is how it all should feel.

What you are doing with Morph is what you get from a Web Service URL 
pattern e.g. what you get from the SPARQL Protocol URL. The trouble with 
the letters S-P-A-R-Q-L like the letters R-D-F is you are dealing with 
geeky conflation. SPARQL is really about three things:

1. Query Language -- implemented by an engine
2. Query Result Serialization Formats -- covering SELECT, ASK queries 
that return tabular results sets in XML or JSON; and DESCRIBE or 
CONSTURCT queries that return EAV/SPO graphs in a variety of 
serialization formats which goes beyond RDF family of formats
3. HTTP Web Service for Queries in line with the query types above
4. HTTP Web Service for Create, Read, Update, Delete operations scoped 
to Named Graphs .

Morph is making an RDF serialization for you from RDFa. URIBurner and 
any other Virtuoso instance will do the same, ditto Tripplr and many 
others. What you actually need, as per your comments was a Web Service. 
Thus, you need a SPARQL Protocol Service in the form of a URL pattern 
that lets you simply benefit for boolen oriented ASK or use of SELECT 
for local processing. The key point here is that you don't need a SPARQL 
engine to handle the Query, the SPARQL Protocol Service gives you a Web 
Service that finds the match you seek. The following links in my 
response to you in the foaf-ssl mailing list showcase SPARQL Service 
(which is not the same as mandating the SPARQL query language on an 
implementer):

Example
======

Given a blogspot.com post (with an html+microdata based structured data 
island) with URL based permalink:
http://kidehen.blogspot.com/2011/11/webid-publication-qa-htmlmicrodata.html

1. SPARQL Protocol based Query Results URL (deliberately in SELECT mode 
to show effects of query against the Blog Post URL): http://goo.gl/DaKIv .

2. SPARQL Endpoint's HTML based Query Editor URL: http://goo.gl/U5WW9 .

Repeating this exercise using the same blogspot.com hosted blog, but 
this time using RDFa for the embedded structured data island:

1. SPARQL Protocol based Query Results URL: http://goo.gl/8Qv2j -- 
example of a Web Service that doesn't require you to have a SPARQL processor

2. SPARQL Endpoint's HTML based Query Editor URL: http://goo.gl/Jud6y  
-- example that takes you into an editor with a drop-down that lets you 
select various results serialization formats

3. SPARQL Protocol URL for DESCRIBE -- example that returns an EAV/SPO 
based directed graph using N-Triples format (you can choose many others 
by changing &format parameter in the URL).

Note re. examples above: you only need the "DEFINE get:soft "replace" 
pragam one time since this is how the HTTP GET is performed as per 
earlier comments re. SPARQL and FROM.
>
> Now, I have not made it all work, as I'm taking a little longer than I 
> expected to get used to all this stuff again. It all looked quite 
> alien, when I looked at it anew, last week for the first time in 
> years. But, it will work, Im sure. its at 95% of where it once was, a 
> but of script sitting on a webserver, with modern conformance and MUCH 
> simpler CA stuff than the CA scripting I did originally.
>
> So let's add up:
>
> - standard CA tools mint certs. Any of a million Windows IT admins can 
> do it. Different issuing styles for different cultures.  Web site cert 
> enrollment for browser-centric folk.
> - perfectly normal https setup on IIS (since not worrying about null 
> DN certificate authority list)
> - cut and paste to a blog post addresses key distribution; should be 
> easy to automate cert/RDFa distribution using a bloggers Post port

Yes, as you can see via: http://id.myopenlink.net/certgen re. addition 
of "mirrored claims" that end up in an IdP space where the cert. subject 
has CRUD privileges.

> - stream based data translation services imposes common format (on 
> processing graphs, post), streaming RDFa to RDF/XML
> - statement analyzer library reads common statement format  (the RDF/XML)
> - sparql ASK augmented by RDFS reasoner is doing its thing (once some 
> gotchas go away).

You can slot in exponent and modulus and just use a SPARQL Protocol URL 
re. testing for the match re. "mirrored claim" of choice be its exponent 
and modulus, fingerprint (hash of entire cert), cert in DER etc..

> - Getting the client cert out of ASP.NET is trivial, as is getting the 
> modulus as a byte array (then hex).
> - The rest is just setup the sparql ASK.

See comment about SPARQL ASK. You need to separate the need for your own 
SPARQL engine from the fact that you can use or make a Web Service that 
invokes SPARQL as part of its implementation.


Kingsley

> - ill worry about redirects once the spec says something (not being an 
> expert in querying, etc).
>
> Now, since there is nothing to this code, set, Ill post the current 
> guts below. The ask give a false result, in the resultset XML. But, 
> then its a literal match, I believe. Im not sure what to do, per the 
> theory of the query. The hex I make from the cert happens to upper 
> case, no space. Whereas the literal from the modulus statement happens 
> (by inspection) to be lower case, with spaces. Under the clean 
> structure, Im doing no canonliczation of the inbound statement, and 
> not knowing which variant of the posible hex codings the value has, I 
> cannot know how specially to format the cert hex.  I was just 
> expecting match miracles (possiby unreasonably)
>
> {<sparql xmlns="http://www.w3.org/2001/sw/DataAccess/rf1/result">
> <head />
> <boolean>false</boolean>
> </sparql>}
>
>
> protectedvoidPage_Load(objectsender, EventArgse)
>
> {
>
>
>
> Uriwebid = newUri("http://yorkporc.blogspot.com/2011/11/bob.html#me");
>
>
>
> UriwebidTalis = 
> newUri("http://morph.talis.com/?data-uri%5B%5D=http%3A%2F%2Fyorkporc.blogspot.com%2F2011%2F11%2Fbob.html%23me&input=&output=rdf");
>
>
>
> if(Request.ClientCertificate == null)
>
>
>
> thrownewHttpException("No client certificate present");
>
>
>
> MemoryStorestore = newMemoryStore();
>
>
>
> try
>
> {
>
>
>
> RDFSengine = newRDFS();
>
> engine.LoadSchema(
>
> RdfReader.LoadFromUri(newUri(FOAFont)));
>
> store.AddReasoner(engine);
>
> }
>
>
>
> catch(Exception)
>
> {
>
>
>
> thrownewHttpException("could not load RDFS schema");
>
> }
>
>
>
> try
>
> {
>
> store.Import(
>
> RdfReader.LoadFromUri(webidTalis));
>
> }
>
>
>
> catch(Exception)
>
> {
>
>
>
> thrownewHttpException("could not load webid document");
>
> }
>
>
>
> X509Certificate2cert = 
> newX509Certificate2(Request.ClientCertificate.Certificate);
>
>
>
> RSACryptoServiceProviderrsa = cert.PublicKey.Key 
> asRSACryptoServiceProvider;
>
>
>
> RSAParametersrsaparm = rsa.ExportParameters(false);
>
>
>
>
>
> stringCertModString = ToHex(rsaparm.Modulus);
>
>
>
>
>
> if(!((rsaparm.Exponent[0] == 0x01)
>
> && (rsaparm.Exponent[1] == 0x00)
>
> && (rsaparm.Exponent[2] == 0x01)))
>
>
>
> thrownewHttpException("Cert Exponent not 0x10001");
>
>
>
> // send the query/result back to the client for eval
>
>
>
> StringBuildersb = newStringBuilder(1000);
>
>
>
> StringWriterxmltw = newStringWriter(sb);
>
>
>
> strings = String.Format(webid2key2, "{", webid.ToString(), 
> CertModString, "65537", "}");
>
>
>
> SparqlEnginesparq = newSparqlEngine(s);
>
> sparq.Ask(store, xmltw);
>
> xmltw.Flush();
>
> Response.Write(sb.ToString());
>
>
>
> FormsAuthentication.RedirectFromLoginPage( "user", false);
>
> }
>
> }


-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen