W3C home > Mailing lists > Public > public-xg-webid@w3.org > November 2011

Verifying the WebID Claim

From: Henry Story <henry.story@bblfish.net>
Date: Fri, 25 Nov 2011 22:23:27 +0100
Message-Id: <28FE84FA-D7BD-4A4B-8799-6DFF7538C15C@bblfish.net>
To: "public-xg-webid@w3.org XG" <public-xg-webid@w3.org>
I have just pushed into mercurial some fixes detailing the "Verifying the WebID Claim"
This part is using SPARQL, next if someone would like to add a section in how to do that whist looking for triple matches.


To check a WebID claim one has to find if the graph returned by the profile relates the WebID to the Certificate Public Key with the cert:key relation. In other words one has to check if those statements are present in the graph.

Testing for patterns in graphs is what the SPARQL query language is designed to do [RDF-SPARQL-QUERY]. We will first look at how to use this as it is also the simplest method, and then what some other programmatic options may be.

Below is the SPARQL Query Template which should be used for an RSA public key. It contains three variables ?webid, ?mod and ?exp that need to be replaced by the appropriate values:

PREFIX : <http://www.w3.org/ns/auth/cert#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
   ?webid :key [
      :modulus ?mod;
      :exponent ?exp;
   ] .
The variables to be replaced for each WebID claim are:

Variable	Details on its value.
?webid	should be replaced by the WebID Resource. In the SPARQL notation that is the URL string would be placed between <...> in the position of the ?webid variable.
?mod	should be replaced by the modulus written as a xsd:hexBinary as specified by the cert:modulus relation. All leading double 0 bytes (written "00" in hexadecimal) should be removed. The resulting hexadecmial should then be placed in the space of the XXX in "XXX"^^xsd:integer
?exp	should be replaced by the public exponent written as an xsd:integer typed literal. In SPARQL as in Turtle notation this can just be written directly as an integer.
Assuming that we received Bob's key whose modulus starts with cb24ed85d64d794b6... and whose exponent is 65537 then the following query should be used:

PREFIX : <http://www.w3.org/ns/auth/cert#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
   <https://bob.example/profile#me> :key [
      :modulus "cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1"^^xsd:hexBinary;
      :exponent 65537;
   ] .
An ASK query simply returns true or false. If it returns true, then the key was found in the graph with the proper rlation and the claim has been verified

Received on Friday, 25 November 2011 21:24:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:48 UTC