Re: Example request/response with curl from Claudio Tubertini on 2021-09-22 (public-tdmrep@w3.org from September 2021)

From: Claudio Tubertini <claudio.tubertini@almalibri.it>
Date: Wed, 22 Sep 2021 12:48:03 +0000
To: Laurent Le Meur <laurent.lemeur@edrlab.org>
Cc: "public-tdmrep@w3.org" <public-tdmrep@w3.org>
Message-ID: <OagP5vDEVZ_H6G1LB_-s3idmvv7Yv3VP6lhNbba3DIVJFSrLspoSLkoI-T4gzVlT8S7iwRvAx9EWaRf>
Hi Laurent
you wrote:
"I'm wondering if we should impose the TDM Policy to be served via https (thus avoiding any man-in-the-middle attack). But for such public information, I don't think this is important. Advise welcome. "

I agree with you that https is not so important. TDM proposal is about http exchange of some information and sending out a few json file. Using https is better than not, but it has nothing to do with TDM proposal.
Regards

=======================
Claudio Tubertini
Almalibri.it
mob +39 327 1503898

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, September 22nd, 2021 at 1:54 PM, Laurent Le Meur <laurent.lemeur@edrlab.org> wrote:

> Hi Claudio,
>
>> From this point of view I do not see any difficulties and everything flows smoothly.
>
> This is great news! Thanks a lot for the testing.
>
> I'm wondering is we should impose the TDM Policy to be served via https (thus avoiding any man-in-the-middle attack). But for such public information, I don't think this is important. Advise welcome.
>
> I'll do my best to update the spec by the end of the week.
>
> The next planned date for a call is October 5th, 17:00 CEST. Let's discuss the spec + your results during this call.
>
>> Le 18 sept. 2021 à 14:01, Claudio Tubertini <claudio.tubertini@almalibri.it> a écrit :
>>
>> I'm adding this comment to my message (https://lists.w3.org/Archives/Public/public-tdmrep/2021Jun/0006.html) and trying some examples of what TDM agents see when scraping a site that implements our *tdm-reservation-protocol*.
>>
>> After the last meeting I have done a few changes to a test server http://207.154.202.197/ that is built just following django tutorial https://docs.djangoproject.com/en/3.2/intro/tutorial01/ and it implements the tdm protocol.
>>
>> The nginx server is quite simple. It works as a proxy as it is customary with django applications:
>> ```
>> server {
>> listen 80;
>> server_name 207.154.202.197;
>> location /static/ {
>> ... .....;
>> }
>>
>> location / {
>> include proxy_params;
>> proxy_pass http://... /gunicorn.sock;
>> proxy_pass_request_headers on;
>> }
>> }
>>
>> ```
>>
>> When you visit the test site, using scrapy, puppeteer or a headless browser, you will always do a request like this one:
>>
>> ```
>> curl --head http://207.154.202.197/
>> ```
>> and the response will be:
>>
>> ```
>> HTTP/1.1 200 OK
>> Server: nginx/1.18.0 (Ubuntu)
>> Date: Sat, 18 Sep 2021 10:38:11 GMT
>> Content-Type: text/html; charset=utf-8
>> Content-Length: 272
>> Connection: keep-alive
>>
>> ### here are the special headers
>> tdm-reservation: 1
>> tdm-policy: http://207.154.202.197/license
>> ###
>>
>> X-Frame-Options: DENY
>> X-Content-Type-Options: nosniff
>> Referrer-Policy: same-origin
>>
>> ```
>>
>> Now you can immediately check for json pages (there is no need to specify the mime type). The server implements, copied and pasted, the license taken from https://w3c.github.io/tdm-reservation-protocol/spec/#example-14.
>>
>> `curl http://207.154.202.197/license`
>> and the response will be:
>>
>> ```
>> {"@context": ["http://www.w3.org/ns/odrl.jsonld", {"tdm": "http://www.w3.org/ns/tdmrep#"}], "@type": "Offer", "profile": "http://www.w3.org/ns/tdmrep", "uid": "https://provider.com/policies/policy-a", "assigner": {"uid": "https://provider.com", "vcard:fn": "Provider", "vcard:hasEmail": "mailto:contact@provider.com"}, "permission": [{"target": "https://provider.com/research-papers", "action": "tdm:mine", "constraint": [{"leftOperand": "purpose", "operator": "eq", "rightOperand": "tdm:non-research"}], "duty": [{"action": "compensate"}]}]}
>> ```
>> or better, using a pretty print program like `jq`:
>>
>> ```
>> curl http://207.154.202.197/license | jq .
>>
>> {
>> "@context": [
>> "http://www.w3.org/ns/odrl.jsonld",
>> {"tdm": "http://www.w3.org/ns/tdmrep#"}
>> ],
>>
>> "@type": "Offer",
>> "profile": "http://www.w3.org/ns/tdmrep",
>> "uid": "https://provider.com/policies/policy-a",
>> "assigner": {
>> .........
>> .........
>> }
>> ]
>> }
>> ```
>> From this point of view I do not see any difficulties and everything flows smoothly.
>>
>> =======================
>> Claudio Tubertini
>> Almalibri.it
>> mob +39 327 1503898
Received on Wednesday, 22 September 2021 12:48:21 UTC