W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

Re: FOAF SSL success, form windows RDFa (via linked data)

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 10 Jan 2012 01:11:54 +0100
Cc: public-xg-webid@w3.org
Message-Id: <A6751677-700B-4B96-92F6-6CFCB76C6D8B@bblfish.net>
To: Kingsley Idehen <kidehen@openlinksw.com>

On 10 Jan 2012, at 00:32, Kingsley Idehen wrote:

> On 1/9/12 6:18 PM, Peter Williams wrote:
>> Finally, I made a long uri into a tiny URI, with nice QR code. Is the point that this COULD be pointing at my proxy URI (and the cRUI could be going in the cert SAN URI?) If so, this bvegs the redirects question I posed a while ago. Are validators supposed to following redirects (or not).
> 
> And that question manifests at some point when (if possible) we Henry get beyond what seems to be a covert mandate of # based HTTP URIs in SAN.

There is no covert mission of # uris. 
That is what we keep explaining to you. 

The SPARQL query in the spec does not specify that. As long as the quary works it is ok. Here is the page extracted:
3.2.4.2 Verifying the WebID Claim

To check a WebID claim one has to find if the graph returned by the profile relates the WebID to the Certificate Public Key with the cert:key relation. In other words one has to check if those statements are present in the graph.

Verifying the WebID Claim with SPARQL

Testing for patterns in graphs is what the SPARQL query language is designed to do [RDF-SPARQL-QUERY]. We will first look at how to use this as it is also the simplest method, and then what some other programmatic options may be.

Below is the SPARQL Query Template which should be used for an RSA public key. It contains three variables ?webid, ?mod and ?exp that need to be replaced by the appropriate values:

PREFIX : <http://www.w3.org/ns/auth/cert#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
ASK {
   ?webid :key [
      :modulus ?mod;
      :exponent ?exp;
   ] .
}
The variables to be replaced for each WebID claim are:

Variable	Details on its value.
?webid	should be replaced by the WebID Resource. In the SPARQL notation that is the URL string would be placed between <...> in the position of the ?webid variable.
?mod	should be replaced by the modulus written as a xsd:hexBinary as specified by the cert:modulus relation. All leading double 0 bytes (written "00" in hexadecimal) should be removed. The resulting hexadecimal should then be placed in the space of the XXX in"XXX"^^xsd:hexBinary
?exp	should be replaced by the public exponent written as an xsd:integer typed literal. In SPARQL as in Turtle notation this can just be written directly as an integer.
Assuming that we received Bob's key whose modulus starts with cb24ed85d64d794b6... and whose exponent is 65537 then the following query should be used:

PREFIX : <http://www.w3.org/ns/auth/cert#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
ASK {
   <https://bob.example/profile#me> :key [
      :modulus "cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1"^^xsd:hexBinary;
      :exponent 65537;
   ] .
}
An ASK query simply returns true or false. If it returns true, then the key was found in the graph with the proper relation and the claim is verified.



Henry


> Once you go beyond the HTTP # based style of URI Name, you hit indirection via HTTP responses for redirection. Basically, the slash based HTTP URI and 303 issue.
> 
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> Founder&  CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 
> 
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/
Received on Tuesday, 10 January 2012 10:48:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 10 January 2012 10:48:59 GMT