RE: WebIDRealm RDFa from Peter Williams on 2012-01-04 (public-xg-webid@w3.org from January 2012)

From: Peter Williams <home_pw@msn.com>
Date: Wed, 4 Jan 2012 14:56:50 -0800
To: <j.jakobitsch@semantic-web.at>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Message-ID: <SNT143-W171CF5B577CF726C49488C92970@phx.gbl>
Some days folks object to application/turtle, other days not. Tbhe rdflib site doing translation doesnt accept either value. But, I suspect it wanst originally intended to serve the way Im using it. I think it was supposed to be human visualizer. Its not clear (for ttl sent without translation) that folks are enforcing the text/turtle rule. But then, the spec doesnt say to do so. It implies it (by referencing the latest spec). But, I note lots of folks either accept alternatives, or dont check. I changed that file to text/turtle (and the default, too). I've thrown another case at your log files. It added another issue for ttl files: (1) on https endpoints, now. Then (2) it stress whether the absolute name in the subject triple or the graph can be http (or not), when served from an https endpoint (3) There is no trailing / in the cert SAN URI (but there is in the graph). I'll set up https to http to https redirects next. As I didnt know what to do, in my code sample I banned https URIs - or rather I ignore them. I also was not sure what to do about the roots presented by such endpoints (which MAY be self-signed).  Perhaps, one is supposed to just ignore the cert chain (and not follow/download their CRLs via cert's URL pointers, etc etc)?       From: home_pw@msn.com
To: j.jakobitsch@semantic-web.at
CC: public-xg-webid@w3.org
Subject: RE: WebIDRealm RDFa
Date: Wed, 4 Jan 2012 12:04:48 -0800








Yup. But FCNS says that its all good.... With &, with query strings on URLs, and with the form of the URL and framents.
 
I (as someone who doesnt really understand) just a need a definitive test site. WHen it works there, its "reasonable" to expect it to work elsewhere. I cannot be in the middle of a 10 year never-ending argument about basic stuff of interworking - just so "its all general". Its so general today, it dont work (for bit-fussy security).
 
Now, there is no evidence that FCNS actually handles the stream translated into RDFa, from TTL, using a service. The particular translator only spits out a fragment out HTML (with RDFa markeup), and not a full document (with doctype, etc).
 
Now, if I read the spec, it totally unclear whether or not such things are required. It kind of hints about "what the world ought to be" (if everyone was pure), but noone is. Can I expect folks to consume the HTML5 doctype (with semantic markup)? Or, are we ONLY supproting the XHTML/RDFa doctype?
 
 
> Date: Wed, 4 Jan 2012 20:49:47 +0100
> From: j.jakobitsch@semantic-web.at
> To: home_pw@msn.com
> CC: public-xg-webid@w3.org
> Subject: Re: WebIDRealm RDFa
> 
> hi,
> 
> see inline comments and please also note again that i put the rdf parser online [1], so people
> can test if there's some wrong when trying to parse the webID uri.
> 
> wkr http://www.turnguard.com/turnguard
> 
> [1] http://webid.turnguard.com/WebIDTestServer/utils/parser
> 
> 
> 1. worked for a cert bearing SAN URI of http://id.myopenlink.net/dataspace/person/home_pw#this 
> 
> is valid and the above mentioned parser parses this uri without hazzle.
> 
> 2. not sure whether it worked with cert bearing: 
> 
> - http://yorkporc.blogspot.com/ # 
>   - my parser says : java.net.URISyntaxException: Illegal character in path at index 29: http://yorkporc.blogspot.com/ #
> 
> - http://yorkporc.blogspot.com/2011/11/2uri.html#me 
>   - my parser says : java.io.FileNotFoundException: http://yorkporc.blogspot.com/2011/11/2uri.html#me
> 
> - http://yorkporc.blogspot.com/ 
>   - my parser says : javax.xml.transform.TransformerException: javax.xml.transform.TransformerException: com.sun.org.apache.xml.internal.utils.WrappedRuntimeException: The 
>     entity name must immediately follow the '&' in the entity reference.
> 
> 3. really struggled with cert bearing the following URIs: 
> 
> - http://rdf-translator.appspot.com/parse?url=http://rapstr1.blob.core.windows.net/ods/user.ttl&if=n3&of=rdfa 
>   - my parser says : org.openrdf.rio.RDFParseException: Expected '<', found: 
>   - try 
>     curl -v "http://rdf-translator.appspot.com/parse?url=http://rapstr1.blob.core.windows.net/ods/user.ttl&if=n3&of=rdfa"
>     ==> the response content type is text/plain (i have a fallback in my parser factory to rdf/xml, of course this then throws an error)
> 
> - http://rdf-translator.appspot.com/parse?url=http://rapstr1.blob.core.windows.net/ods/user.ttl 
>   - my parser says : org.openrdf.rio.RDFParseException: Expected '<', found: C [line 1]
>   - this url should give you an error even at rdf-translator.appspot.com
>   - try 
>     curl -v "http://rdf-translator.appspot.com/parse?url=http://rapstr1.blob.core.windows.net/ods/user.ttl"
>     ==> response from appspot : Could not convert from application/turtle to  for provided resource...<br><br>Error Message:<br>No plugin registered for 
>         (application/turtle, <class 'rdflib.parser.Parser'>)
> 
> - http://rapstr1.blob.core.windows.net/ods/user.ttl 
>   - my parser says : org.openrdf.rio.RDFParseException: Content is not allowed in prolog. [line 1, column 1]
>   - again try 
>     curl -v "http://rapstr1.blob.core.windows.net/ods/user.ttl"
>     ==> Content-Type: application/turtle
> 
> 
> 
> 
> Yes, these are crafted to force engineering issues, since its a security spec. They also enable me to see if the smantics web's "bigger claims" are true (or getting there, anyways). 
> 
> 
> 
> 
> 
> 4. All cases work at FCNS - assuming that its triple walking is a definitive statement of conformance. 
> 
> Checking ownership of certificate (public key matches private key)... PASSED (Reason: GENEROUS) 
> 
> * Checking if certificate contains URIs in the subjectAltName field... PASSED 
> 
> * Found 3 URIs in the certificate (a maximum of 3 will be tested). 
> 
> * Checking URI 1 (http://rdf-translator.appspot.com/parse?url=http://rapstr1.blob.core.windows.net/ods/user.ttl&if=n3&of=rdfa)... 
> - Trying to fetch and process certificate(s) from webid profile... 
> * Checking URI 2 (http://rdf-translator.appspot.com/parse?url=http://rapstr1.blob.core.windows.net/ods/user.ttl)... 
> - Trying to fetch and process certificate(s) from webid profile... 
> * Checking URI 3 (http://rapstr1.blob.core.windows.net/ods/user.ttl)... 
> - Trying to fetch and process certificate(s) from webid profile... 
> Testing if the modulus representation matches the one in the webid (found a modulus value)... 
> 
> Testing modulus... PASSED 
> WebID=bd28978fc256880.......c0536bca7cd684d 
> Cert =bd28978fc256880.......c0536bca7cd684d 
> 
> Match found, ignoring futher tests! 
> 
> * Authentication successful! 
> 
> 
> 
> 
> 5. The last one doesnt work at the OpenLink openid/webid bridge, failing to deliver a required fied in the openid message. 
> 
> 6.The last one fails at http://id.myopenlink.net/ods/webid_demo.html?error=noVerified&ts=2012-01-04T14%3A25%3A22.000014-05%3A00&signature=M3yu7VgesSmkKMqqZER1qXZC2dt93NLRJ%2BmKbWTww1qxEd3atNWQo0DWBIO9PuHacAXZ2mZyT8RyhvNgEYrsz1DJrd%2FDmlkkXbFCR672QvpHxqvnNLAoHikvXaEfDIB3F55xdxeDS%2BFMvFvZe2QzwlVjUHqJ8OS2nWbUxMGU4tg%3D , too. Or, rather someone signed an error message (that is typically the gateway to crypto oracles...that subvert keys, 1940s style, 1 bit at a time) 
> 
> 
> > Date: Wed, 4 Jan 2012 19:45:56 +0100 
> > From: j.jakobitsch@semantic-web.at 
> > To: public-xg-webid@w3.org 
> > Subject: WebIDRealm RDFa 
> > 
> > hi, 
> > 
> > WebIDRealm [1] now also supports rdfa (not vastly tested). 
> > maybe someone wants to give it a try. 
> > 
> > i now use a modified version of the unofficial openrdf-api-trunk's [2] RDFaParser. 
> > since this rdfa parser uses a stylesheet for transformation, 
> > i rewrote the trunk-version to respect w3 bandwidth concerns [3] using an XML CatalogResolver [4]. 
> > 
> > if your rdfa profile looks something like so [5] (check source) 
> > it should be parseable. 
> > 
> > wkr http://www.turnguard.com/turnguard 
> > 
> > [1] http://webid.turnguard.com/WebIDTestServer/ 
> > [2] http://repo.aduna-software.org/svn/org.openrdf/sesame/tags/3.0-alpha1/core/rio/rdfa/src/main/java/org/openrdf/rio/rdfa/RDFaParser.java 
> > [3] http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic/ 
> > [4] http://nwalsh.com/docs/articles/xml2003/ 
> > [5] http://2sea.org/sea.jsp#j 
> > 
> > 
> > -- 
> > | Jürgen Jakobitsch, 
> > | Software Developer 
> > | Semantic Web Company GmbH 
> > | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 
> > | A - 1070 Wien, Austria 
> > | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 
> > 
> > COMPANY INFORMATION 
> > | http://www.semantic-web.at/ 
> > 
> > PERSONAL INFORMATION 
> > | web : http://www.turnguard.com 
> > | foaf : http://www.turnguard.com/turnguard 
> > | skype : jakobitsch-punkt 
> > 
> 
> -- 
> | Jürgen Jakobitsch, 
> | Software Developer
> | Semantic Web Company GmbH
> | Mariahilfer Straße 70 / Neubaugasse 1, Top 8
> | A - 1070 Wien, Austria
> | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22
> 
> COMPANY INFORMATION
> | http://www.semantic-web.at/
> 
> PERSONAL INFORMATION
> | web   : http://www.turnguard.com
> | foaf  : http://www.turnguard.com/turnguard
> | skype : jakobitsch-punkt
>
Received on Wednesday, 4 January 2012 22:57:21 UTC