W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

Re: WebIDRealm

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 02 Jan 2012 14:20:46 -0500
Message-ID: <4F02038E.5090809@openlinksw.com>
To: public-xg-webid@w3.org
On 1/2/12 8:14 AM, Jürgen Jakobitsch wrote:
> the URL of the WebIDTestServer is
>
> ==>   http://webid.turnguard.com/WebIDTestServer
>
> you'll find all relevant links there (in the menu)
>
> wkr http://www.turnguard.com/turnguard

Cool!

I am impressed :-)


Kingsley
>
>
> ----- Original Message -----
> From: "Jürgen Jakobitsch"<j.jakobitsch@semantic-web.at>
> To: "Henry Story"<henry.story@bblfish.net>
> Cc: "public-xg-webid@w3.org XG"<public-xg-webid@w3.org>
> Sent: Monday, January 2, 2012 2:09:08 PM
> Subject: Re: WebIDRealm
>
> henry,
>
> i need to setup a beautiful server first that serve all
>
>     - data.turnguard.com
>     - schema.turnguard.com
>
> these urls are not dereferenced anywhere at the moment, so they are not needed
> for webIDTestServer internal use by now.
>
> wkr http://www.turnguard.com/turnguard
>
> ----- Original Message -----
> From: "Henry Story"<henry.story@bblfish.net>
> To: "Jürgen Jakobitsch"<j.jakobitsch@semantic-web.at>
> Cc: "public-xg-webid@w3.org XG"<public-xg-webid@w3.org>
> Sent: Monday, January 2, 2012 2:02:57 PM
> Subject: Re: WebIDRealm
>
>
> On 2 Jan 2012, at 13:47, Jürgen Jakobitsch wrote:
>
>> hi,
>>
>> i have updated tomcat's WebIDRealm to the latest spec
>> and set up a test server [1].
>>
>> there are two links on this server for testing :
>>
>> 1. "OnlyWithCert"
>>    requires the user to be in role<http://data.turnguard.com/webid/2.0/Void>
>>    since every presenter of a certificate is added to this reserved role, everybody
>>    with a parseable webIDClaim should be able to see this page (some data from your profile will be displayed)
>> 2. "OnlyWithCert and Role X"
>>    requires the user to be in role<http://data.turnguard.com/webid/2.0/RoleX>.
>>    You should get an access denied.
> Just now I get a Server Not found on those two urls. I can't ping data.turnguard.com either....
>
>
>>
>> - please note that this is now beta (at best) and any pointer, question, comment or wish is really welcome.
>> - please also note that rdfa support will follow sometimes this week.
>>
>>
>> the WebIDRealm now
>>
>> 1. is fully SailAPI compatible [2]
>>    with a simple jndi factory it is possible to use any data-store that has a SailImplementation.
>>    note : the test server uses a simple file that is imported to an OpenRDF MemoryStore.
>>    note : the SailRepository is used to lookup roles needed to check tomcat's security constraints in the first place. (see below)
>> 2. supports different modes
>>    since there is a SailRepository at hand it is now also possible to lookup webIDClaims in that repository.
>>    2.1. DEREFERENCE_ONLY
>>         Tries to dereference the WebIDURI over http
>>    2.2. DEREFERENCE_NO
>>         Only looks up the WebIDURI in the given SailRepository, making it also possible to use any uri as a WebIDClaim (mailto:.., URNs)
>>         This could be usefull in case someone wants to use WebID only "internally" without having to publish all its user profiles
>>         (we want nsa and cia to use it also, right?)
>>    2.3. DEREFERENCE_FIRST, DEREFERENCE_LAST
>>         first try to dereference and then look into the SailRepository or the other way round.
>> 3. way less interwoven with apache's tomcat (catalina) api.
>>    i'm trying to make the Realm fully compatible with major servlet containers during the next couple of weeks.
>> 4. capable to bringing important debug information to the user.
>>    The only way to get more information to the enduser is to create a (Dummy)Principal when something fails during
>>    the authentication process. The actual exception is translated to rdf and added to the (Dummy)Principals data,
>>    making it possible to give the user usefull information why the login didn't work.
>>    it is best to try this by
>>    - making your rdf improper (add a slash where no slash belongs and try to login)
>>    - remove your cert:key from you profile (and try to log in)
>>    - alter the exponent and modulus
>>    - remove the exponent or the modulus
>>    - try it with an expired certificate
>>    - try it with a certificate that is not yet valid
>>    - try it with certificate with a webID that is not dereferencable.
>>    it is also now possible to construct the webID testcases from these exceptions (which will be done soon)
>>    ...
>>
>> wkr http://www.turnguard.com/turnguard
>>
>>
>> [1] http://webid.turnguard.com/WebIDTestServer
>> [2] http://openrdf.org
>>
>>
>>
>> --
>> | Jürgen Jakobitsch,
>> | Software Developer
>> | Semantic Web Company GmbH
>> | Mariahilfer Straße 70 / Neubaugasse 1, Top 8
>> | A - 1070 Wien, Austria
>> | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22
>>
>> COMPANY INFORMATION
>> | http://www.semantic-web.at/
>>
>> PERSONAL INFORMATION
>> | web   : http://www.turnguard.com
>> | foaf  : http://www.turnguard.com/turnguard
>> | skype : jakobitsch-punkt
>>
> Social Web Architect
> http://bblfish.net/
>
>
>
> --
> | Jürgen Jakobitsch,
> | Software Developer
> | Semantic Web Company GmbH
> | Mariahilfer Straße 70 / Neubaugasse 1, Top 8
> | A - 1070 Wien, Austria
> | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22
>
> COMPANY INFORMATION
> | http://www.semantic-web.at/
>
> PERSONAL INFORMATION
> | web   : http://www.turnguard.com
> | foaf  : http://www.turnguard.com/turnguard
> | skype : jakobitsch-punkt
>
>


-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen








Received on Monday, 2 January 2012 19:21:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 2 January 2012 19:21:18 GMT