- From: Laurent Le Meur <laurent.lemeur@edrlab.org>
- Date: Wed, 22 Sep 2021 13:54:22 +0200
- To: Claudio Tubertini <claudio.tubertini@almalibri.it>
- CC: "public-tdmrep@w3.org" <public-tdmrep@w3.org>
- Message-ID: <EA1C04DC-5C3B-4490-AA00-0E958D31D8D7@edrlab.org>
Hi Claudio,
> From this point of view I do not see any difficulties and everything flows smoothly.
This is great news! Thanks a lot for the testing.
I'm wondering is we should impose the TDM Policy to be served via https (thus avoiding any man-in-the-middle attack). But for such public information, I don't think this is important. Advise welcome.
I'll do my best to update the spec by the end of the week.
The next planned date for a call is October 5th, 17:00 CEST. Let's discuss the spec + your results during this call.
> Le 18 sept. 2021 à 14:01, Claudio Tubertini <claudio.tubertini@almalibri.it> a écrit :
>
> I'm adding this comment to my message (https://lists.w3.org/Archives/Public/public-tdmrep/2021Jun/0006.html) and trying some examples of what TDM agents see when scraping a site that implements our *tdm-reservation-protocol*.
>
> After the last meeting I have done a few changes to a test server http://207.154.202.197/ that is built just following django tutorial https://docs.djangoproject.com/en/3.2/intro/tutorial01/ and it implements the tdm protocol.
>
> The nginx server is quite simple. It works as a proxy as it is customary with django applications:
> ```
> server {
> listen 80;
> server_name 207.154.202.197;
> location /static/ {
> ... .....;
> }
>
> location / {
> include proxy_params;
> proxy_pass http://... /gunicorn.sock;
> proxy_pass_request_headers on;
> }
> }
>
> ```
>
> When you visit the test site, using scrapy, puppeteer or a headless browser, you will always do a request like this one:
>
> ```
> curl --head http://207.154.202.197/
> ```
> and the response will be:
>
> ```
> HTTP/1.1 200 OK
> Server: nginx/1.18.0 (Ubuntu)
> Date: Sat, 18 Sep 2021 10:38:11 GMT
> Content-Type: text/html; charset=utf-8
> Content-Length: 272
> Connection: keep-alive
>
> ### here are the special headers
> tdm-reservation: 1
> tdm-policy: http://207.154.202.197/license
> ###
>
> X-Frame-Options: DENY
> X-Content-Type-Options: nosniff
> Referrer-Policy: same-origin
>
> ```
>
> Now you can immediately check for json pages (there is no need to specify the mime type). The server implements, copied and pasted, the license taken from https://w3c.github.io/tdm-reservation-protocol/spec/#example-14.
>
> `curl http://207.154.202.197/license`
> and the response will be:
>
> ```
> {"@context": ["http://www.w3.org/ns/odrl.jsonld", {"tdm": "http://www.w3.org/ns/tdmrep#"}], "@type": "Offer", "profile": "http://www.w3.org/ns/tdmrep", "uid": "https://provider.com/policies/policy-a", "assigner": {"uid": "https://provider.com", "vcard:fn": "Provider", "vcard:hasEmail": "mailto:contact@provider.com"}, "permission": [{"target": "https://provider.com/research-papers", "action": "tdm:mine", "constraint": [{"leftOperand": "purpose", "operator": "eq", "rightOperand": "tdm:non-research"}], "duty": [{"action": "compensate"}]}]}
> ```
> or better, using a pretty print program like `jq`:
>
> ```
> curl http://207.154.202.197/license | jq .
>
> {
> "@context": [
> "http://www.w3.org/ns/odrl.jsonld",
> {"tdm": "http://www.w3.org/ns/tdmrep#"}
> ],
>
> "@type": "Offer",
> "profile": "http://www.w3.org/ns/tdmrep",
> "uid": "https://provider.com/policies/policy-a",
> "assigner": {
> .........
> .........
> }
> ]
> }
> ```
> From this point of view I do not see any difficulties and everything flows smoothly.
>
>
> =======================
> Claudio Tubertini
> Almalibri.it
> mob +39 327 1503898
>
Received on Wednesday, 22 September 2021 11:54:38 UTC