W3C home > Mailing lists > Public > public-xg-webid@w3.org > November 2011

Re: Updated IdP to new spec.

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 28 Nov 2011 18:35:49 -0500
Message-ID: <4ED41AD5.3050300@openlinksw.com>
To: public-xg-webid@w3.org
On 11/28/11 6:18 PM, Andrei Sambra wrote:
> Hi Kingsley,
>
> Yeah, it looks like I forgot to limit the test for the number of 
> public keys a foaf profile can have. Maybe we can have a formal 
> discussion on this subject.
>
> What would be a "best practice" in this case?
>
> How many keys can we have in a single profile, so that it will not 
> look like a DoS attack?
Andrei,

The relation is 1:N re. object of type: foaf:Person and associated 
public key components re. IdP space hosted profile. Thus, you should be 
placing the exponent and modulus components in the SPARQL ASK (if you 
are using SPARQL) pattern, or pass then as SPARQL Protocol parameters if 
you are using a Web Service that fronts a SPARQL endpoint etc..

Kingsley
>
> Andrei
>
>
> On 11/28/11 22:01, Kingsley Idehen wrote:
>> Andrei,
>>
>> Output from testing a latest WebID from our generator [1][2] against 
>> your verifier. I notice you scan all six of the public key relations 
>> in my graph. What happens it there were more? Wouldn't your system 
>> timeout? Luckily I cleaned out the 30+ relations I had prior to this 
>> test. What about performing an explicit lookup?
>>
>>
>> * Checking ownership of certificate (public key matches private 
>> key)...PASSED(Reason: GENEROUS)
>>
>> * Checking if certificate contains URIs in the subjectAltName 
>> field...PASSED
>>
>> * Found 1 URIs in the certificate (a maximum of 3 will be tested).
>>
>> * Checking URI 
>> 1(http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen#this)...
>>   - Trying to fetch and process certificate(s) from webid profile...
>>         Testing if the modulus representation matches the one in the 
>> webid (found a modulus value)...
>>
>>           Testing modulus...- FAILED
>>             WebID=f4990925e526be2.......a5c172d91fafa01
>>              Cert  =994d0067dd21021.......ca1e663983345d3
>>
>>         Testing if the modulus representation matches the one in the 
>> webid (found a modulus value)...
>>
>>           Testing modulus...- FAILED
>>             WebID=c9cbdde371ea987.......c3d4e28dfe27423
>>              Cert  =994d0067dd21021.......ca1e663983345d3
>>
>>         Testing if the modulus representation matches the one in the 
>> webid (found a modulus value)...
>>
>>           Testing modulus...- FAILED
>>             WebID=d633f04252a9b3f.......e719cb59227d8a7
>>              Cert  =994d0067dd21021.......ca1e663983345d3
>>
>>         Testing if the modulus representation matches the one in the 
>> webid (found a modulus value)...
>>
>>           Testing modulus...- FAILED
>>             WebID=db0aec1b33f4909.......8ea627df06f60b3
>>              Cert  =994d0067dd21021.......ca1e663983345d3
>>
>>         Testing if the modulus representation matches the one in the 
>> webid (found a modulus value)...
>>
>>           Testing modulus...- FAILED
>>             WebID=cd3ff1569dc66df.......e3ab848cfccd1e7
>>              Cert  =994d0067dd21021.......ca1e663983345d3
>>
>>         Testing if the modulus representation matches the one in the 
>> webid (found a modulus value)...
>>
>>           Testing modulus...PASSED
>>             WebID=994d0067dd21021.......ca1e663983345d3
>>              Cert  =994d0067dd21021.......ca1e663983345d3
>>
>> *Match found, ignoring futher tests!*
>>
>> * Authentication successful!
>>
>> Your certificate contains the following WebIDs:
>>
>>   * http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen#this
>>
>>
>> The WebID URI used to claim your identity is:
>>
>>   * http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen#this
>>     (your claim wasSUCCESSFUL!)
>>
>>
>> The WebID URL suffix (to be signed) for your service provider is:
>>
>>   * ?webid=http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen#this&ts=2011-11-28UTC20:53:50+00:00
>>
>>
>> Unless both of those strings map to the same number, your 
>> identification experience will vary across clients.
>>
>> *Your certificate in PEM format:*
>> -----BEGIN CERTIFICATE-----
>> MIIDlDCCAv2gAwIBAgICALAwDQYJKoZIhvcNAQEFBQAwdjELMAkGA1UEBhMCVVMx
>> FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEzARBgNVBAcUCkJ1cmxpbmd0b24xHjAc
>> BgNVBAoUFU9wZW5saW5rIFNvZnR3YXJlIEluYzEaMBgGA1UEAxQRaWQubXlvcGVu
>> bGluay5uZXQwHhcNMTExMTI4MjA1MDI4WhcNMTIxMTI3MjA1MDI4WjCBgzEtMCsG
>> A1UEAxMkS2luZ3NsZXkgVXlpIElkZWhlbiAoTXlPcGVuTGluayBOZXcpMSswKQYD
>> VQQKEyJPcGVuTGluayBTb2Z0d2FyZSAoTXlPcGVuTGluayBJZFApMSUwIwYJKoZI
>> hvcNAQkBFhZraWRlaGVuQG9wZW5saW5rc3cuY29tMIIBIjANBgkqhkiG9w0BAQEF
>> AAOCAQ8AMIIBCgKCAQEAmU0AZ90hAhmkSb6xhPIOpQ6ajKces9uLQl/1yPBW1PiK
>> VZxhfk9LILVGNZEdRcYk1B+Ejmzfo62hpo9u3Iu9RbVBjsNsy7DAWtqNkdnCq16p
>> P5gkuukObDMXmMLINCdgy0lMu9Mhg8E81Dy9wMInbGm85j9wkO3CCypN5E9WgAFu
>> GeEgV76AAfOjMWHS/quH21o1Hn7aM+MHts1UonGg6kpHupOY1/ERGBIc7KcIYuhm
>> cZj1/BmSQXHYdYsuHSd/c8d6DFjWKO/a3pdBhXVT6qTFTILEXwiy7xurj3RSrt57
>> jjgsqcJFd2XBRRXJIVLFi93arnHPxpEcoeZjmDNF0wIDAQABo4GeMIGbMB0GA1Ud
>> DgQWBBQQpXFH3GrJwhziRGoN6dvlFLF0fTBLBgNVHREERDBChkBodHRwOi8vaWQu
>> bXlvcGVubGluay5uZXQvZGF0YXNwYWNlL3BlcnNvbi9LaW5nc2xleVV5aUlkZWhl
>> biN0aGlzMC0GCWCGSAGG+EIBDQQgFh5WaXJ0dW9zbyBHZW5lcmF0ZWQgQ2VydGlm
>> aWNhdGUwDQYJKoZIhvcNAQEFBQADgYEAuL9WUixSviSQA6AeIoTguFbam7XA/med
>> eoPnQ13o0erjkAjui+5UBLIMzih4r6Ma/wMrO3HsmU3Zw9/jPyJd+sWXaeYdQOPt
>> 7S+rDHLoYJrafoWA1UORCp/HuOpB2JIdX4pxAO4tNKPQr29I2GdCu3RoTgVrkdNP
>> HrF0JktHuj0=
>> -----END CERTIFICATE-----
>>
>>
>> *Your certificate in text format:*
>> Certificate:
>>      Data:
>>          Version: 3 (0x2)
>>          Serial Number: 176 (0xb0)
>>          Signature Algorithm: sha1WithRSAEncryption
>>          Issuer: C=US, ST=Massachusetts, L=Burlington, O=Openlink Software Inc, CN=id.myopenlink.net
>>          Validity
>>              Not Before: Nov 28 20:50:28 2011 GMT
>>              Not After : Nov 27 20:50:28 2012 GMT
>>          Subject: CN=Kingsley Uyi Idehen (MyOpenLink New), O=OpenLink Software (MyOpenLinkIdP)/emailAddress=kidehen@openlinksw.com
>>          Subject Public Key Info:
>>              Public Key Algorithm: rsaEncryption
>>              RSA Public Key: (2048 bit)
>>                  Modulus (2048 bit):
>>                      00:99:4d:00:67:dd:21:02:19:a4:49:be:b1:84:f2:
>>                      0e:a5:0e:9a:8c:a7:1e:b3:db:8b:42:5f:f5:c8:f0:
>>                      56:d4:f8:8a:55:9c:61:7e:4f:4b:20:b5:46:35:91:
>>                      1d:45:c6:24:d4:1f:84:8e:6c:df:a3:ad:a1:a6:8f:
>>                      6e:dc:8b:bd:45:b5:41:8e:c3:6c:cb:b0:c0:5a:da:
>>                      8d:91:d9:c2:ab:5e:a9:3f:98:24:ba:e9:0e:6c:33:
>>                      17:98:c2:c8:34:27:60:cb:49:4c:bb:d3:21:83:c1:
>>                      3c:d4:3c:bd:c0:c2:27:6c:69:bc:e6:3f:70:90:ed:
>>                      c2:0b:2a:4d:e4:4f:56:80:01:6e:19:e1:20:57:be:
>>                      80:01:f3:a3:31:61:d2:fe:ab:87:db:5a:35:1e:7e:
>>                      da:33:e3:07:b6:cd:54:a2:71:a0:ea:4a:47:ba:93:
>>                      98:d7:f1:11:18:12:1c:ec:a7:08:62:e8:66:71:98:
>>                      f5:fc:19:92:41:71:d8:75:8b:2e:1d:27:7f:73:c7:
>>                      7a:0c:58:d6:28:ef:da:de:97:41:85:75:53:ea:a4:
>>                      c5:4c:82:c4:5f:08:b2:ef:1b:ab:8f:74:52:ae:de:
>>                      7b:8e:38:2c:a9:c2:45:77:65:c1:45:15:c9:21:52:
>>                      c5:8b:dd:da:ae:71:cf:c6:91:1c:a1:e6:63:98:33:
>>                      45:d3
>>                  Exponent: 65537 (0x10001)
>>          X509v3 extensions:
>>              X509v3 Subject Key Identifier:
>>                  10:A5:71:47:DC:6A:C9:C2:1C:E2:44:6A:0D:E9:DB:E5:14:B1:74:7D
>>              X509v3 Subject Alternative Name:
>>                  URI:http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen#this
>>              Netscape Comment:
>>                  Virtuoso Generated Certificate
>>      Signature Algorithm: sha1WithRSAEncryption
>>          b8:bf:56:52:2c:52:be:24:90:03:a0:1e:22:84:e0:b8:56:da:
>>          9b:b5:c0:fe:67:9d:7a:83:e7:43:5d:e8:d1:ea:e3:90:08:ee:
>>          8b:ee:54:04:b2:0c:ce:28:78:af:a3:1a:ff:03:2b:3b:71:ec:
>>          99:4d:d9:c3:df:e3:3f:22:5d:fa:c5:97:69:e6:1d:40:e3:ed:
>>          ed:2f:ab:0c:72:e8:60:9a:da:7e:85:80:d5:43:91:0a:9f:c7:
>>          b8:ea:41:d8:92:1d:5f:8a:71:00:ee:2d:34:a3:d0:af:6f:48:
>>          d8:67:42:bb:74:68:4e:05:6b:91:d3:4f:1e:b1:74:26:4b:47:
>>          ba:3d
>>
>> -- 
>>
>> Regards,
>>
>> Kingsley Idehen	
>> Founder&  CEO
>> OpenLink Software
>> Company Web:http://www.openlinksw.com
>> Personal Weblog:http://www.openlinksw.com/blog/~kidehen
>> Twitter/Identi.ca handle: @kidehen
>> Google+ Profile:https://plus.google.com/112399767740508618350/about
>> LinkedIn Profile:http://www.linkedin.com/in/kidehen
>>
>>
>>
>>
>


-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen








Received on Monday, 28 November 2011 23:36:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 28 November 2011 23:36:14 GMT