- From: Peter Williams <home_pw@msn.com>
- Date: Sat, 17 Dec 2011 11:55:48 -0800
- To: Henry Story <henry.story@bblfish.net>
- CC: public-xg-webid XG <public-xg-webid@w3.org>
A professor from a German university apparently invited some students to take up the offer of a zip file project. It was based on my observation that no one cares much about dotnet/windows in the semweb world. The professor contradicted this, noting project submissions out in some cec funding programme addressing the likes of webid validation on iis, specifically. The speaker knew iis specific issues and limits concerning unsigned and self signs client Certs in the native windows world, and was able to suggest that the iis process (w3svc) could be enabled with unmanaged interceptor code to circumvent the overly PKi-centric nature of native windows , on client Certs specifically. . While I don't believe the path suggested will work, private conversations with Microsoft security (partner) engineers did suggest that the underlying pkiness of the windows kernel when doing native ssl (kernel not iis, note) might be addressable with a custom kernel driver. It might remove the dependency on cert stores, that is. There are thus 2 windows related projects: just replicate my result doing an ask query, and figure how (with a signed kernel driver) to remove the limit of my result. If one recalls, because I use native windows ssl, it's pkiness means one first needs to import the root of the client cert, before the kernel will even complete the ssl handshake. This a not complete webid implementation makes, since one has to preregistration the inbound users roots (before they can even assert). This really doesn't fit, with this culture - of "community of self signers", etc Sent from my iPhone On Dec 17, 2011, at 11:33 AM, "Henry Story" <henry.story@bblfish.net> wrote: > Deep in a thread that was related about a completely different subject > Peter Williams made an offer (see below) to put his code up on some windows server. > So as that is an interesting offer I thought it would be worth making this a thread > of its own so that people who may not have been following that mile long thread could > follow up on this offer here, by perhaps noticing the title. > > Some things that may need clarification: > - the licence under which the code Peter wrote is available. > - I think there was an offer from someone from a german university on a similar topic a few > weeks ago. > > Below > > On 17 Dec 2011, at 20:05, Peter Williams wrote: > >> I'll repeat my offer addressing public endpoints. >> >> Relating to Henry's point (why not use amazon hosting etc) I'm happy to try to migrate my code to windows azure cloud (where I have some compute hours). >> >> I need someone to first build any sparql project in php, and host it on azure. >> >> I'll then (attempt to) use my Certs and iis know how on that baseline, to implement a public endpoint for webid validation. >> >> This will expose how azure supports ssl client authn in its load balanced environment, which is worth finding out. >> >> May not work (since the hosting firm control so much). But, I can try. >> >> >> Sent from my iPhone >> >> On Dec 17, 2011, at 9:59 AM, "Peter Williams" <home_pw@msn.com> wrote: >> >>> Anyone want to try to run a native windows webid responder? >>> >>> Let me know, privately or publicly. >>> >>> The goal is to mint a cert using cert server, type a blog post at blogger, test it with fans, and then retest against a local iis hosted validation agent script doing an ask query. >>> >>> First set it all up in a lab environment. Setup the lab as per the sdk for windows identity framework sample projects. Make those samples work, and be available on the public web. Then, chat to me, and we can addin webid validation to that baseline. Expect to take about 4h, the first time - if you a solid windows developer. Ideally have windows it certifications, so you really know the tool chain. >> > > Social Web Architect > http://bblfish.net/ > >
Received on Saturday, 17 December 2011 19:56:19 UTC