RE: neither FCNS nor FOAFSSL can read a new foaf card (hosted in Azure). RDFa validators at W3C and RDFachecker say its fine... from Peter Williams on 2011-12-27 (public-xg-webid@w3.org from December 2011)

From: Peter Williams <home_pw@msn.com>
Date: Tue, 27 Dec 2011 06:34:59 -0800
To: <henry.story@bblfish.net>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Message-ID: <SNT143-W348D2AB03F40FE2F1FCEC092AF0@phx.gbl>
 I concur. The fact that it the document W3C validated and the resource was readable by Toby Inkster's tester site meant nothing (to actual interworking). talis works when it fetches the document using the fragment-free URI. Arguably, talis (as a quick and nasty CGI helper app) has a bug in that it doesnt strip the fragment from the HTTP protocol level URI argument to the GET it issues, should one have posted a form to the CGI with a resource URI bearing fragment . THe MVC site Im running is strict. If presented with a GET request with URI argument bearing fragment (the likes of which a browser would correctly strip), it delivers an HTTP error status and accompanying HTML error page; correctly reported by Talis. But, to work around potential bugs in the webid validator agents, I put 2 URIs in the cert - assuming the code takes the URI from the SAN as-is (and doesnt "normalize" it as would a browser). Im a security type, recall. (I assume someone untrusted is providing data that attacks me, and all webid certs are untrusted since not from an accredited CA. The URIs in certs are just attack vectors...as is the rest of the cert) The cert has a SAN URI with fragment, and one without. Ive proven before that FCNS site WILL work with a fragment less URI in the SAN (though Henrys site rejects that URI) i guessing we are into a low level interworking assumption issue again, one that is not logical but very physical.  I eliminated that its not the "3 byte" UTF-8 header on the stream issue. The only trivial thing I see that COULD induce hangup is that there is an additional leading CRLF between the end of the HTTP Response headers and the Response body. Try as I may, I could not eliminate that from the framework Im using, noting that said practice is conforming (to browsers). But, we are not dealing with browsers.... I keep reminding myself. We are dealing with machines, running programmers all using toolkits built by folks from the same, after-market addon community - all making some assumption set that is not explicit (nor in the standard). I feel like Im 14 again. The officer teaching me rifle shooting at a posh public school could not fix my consistent miss, and got frustrated. The sergeant fixed it (knowing how little boys react to teaching stress). He didnt overthink; he just went through the checklist...and fixed a physical issue.From: henry.story@bblfish.net
Date: Tue, 27 Dec 2011 10:25:04 +0100
CC: public-xg-webid@w3.org
To: home_pw@msn.com
Subject: Re: neither FCNS nor FOAFSSL can read a new foaf card (hosted in  Azure). RDFa validators at W3C and RDFachecker say its fine...



Just looking at it like that it seems that your card is good. 
(Well except that your OpenId is a string, where it should be I think a URI  ... foaf:openid "http://yorkporc2.blogspot.com/" . should be   ... foaf:openid <http://yorkporc2.blogspot.com/> .
).
Not sure why Talis fails btw.
What is clear about the types of issues you are getting is that our test suites need to help explain better what is wrong with the profile document, or why profiles could not be fetched, and evenkeep a version of what serialisation they end up receiving around for later inspection. 
In Clerezza I spent some time putting together such detailed tests for the RDF, which I did not port to the new foafssl.  Without those types of detailed tests it is difficult to see where the error is. It couldbe a cachine error, or it could be a parsing one.
This is why I do recommend that people here get involved with Bergi's work on test suites. It is very important to have those working if we are not going to be inundated by these types of issues. Ie: these tests have to be automated.
**
On 27 Dec 2011, at 07:59, Peter Williams wrote:http://yorkporc.wordpress.com/2011/12/26/making-azure-web-role-host-a-foaf-card/
 
please run a debugger, and figure what sensitivity Im triggering.
 
The graph now present on the mentioned endpoint is a variant of that documented, as I played another hour after writing up my failure case. My new graph is a a variant of Henrys foafssl card, rather than the minimal card in the spec. It still validates, but still cannot be read by either FCNS or FOAFSSL. FCNS hangs around before failing (as if timing out, when passing through teh URI collection in the cert), whereas FOAFSSL has a fast rejection.
 
Once this works, Ill swap out the MVC3 project I built and substitute it with a Best Practices MVC3 site that leverage Azure STS (talking to openid). That will allow me to then properly expose something that has (a) claims-based patterns (b) semantic markup (c) can talk to a webid IDP (via openid auth protocol) using the Azure/ACS STS gateway.


Social Web Architect
http://bblfish.net/
Received on Tuesday, 27 December 2011 14:35:35 UTC