- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Mon, 28 Nov 2011 18:35:49 -0500
- To: public-xg-webid@w3.org
- Message-ID: <4ED41AD5.3050300@openlinksw.com>
On 11/28/11 6:18 PM, Andrei Sambra wrote: > Hi Kingsley, > > Yeah, it looks like I forgot to limit the test for the number of > public keys a foaf profile can have. Maybe we can have a formal > discussion on this subject. > > What would be a "best practice" in this case? > > How many keys can we have in a single profile, so that it will not > look like a DoS attack? Andrei, The relation is 1:N re. object of type: foaf:Person and associated public key components re. IdP space hosted profile. Thus, you should be placing the exponent and modulus components in the SPARQL ASK (if you are using SPARQL) pattern, or pass then as SPARQL Protocol parameters if you are using a Web Service that fronts a SPARQL endpoint etc.. Kingsley > > Andrei > > > On 11/28/11 22:01, Kingsley Idehen wrote: >> Andrei, >> >> Output from testing a latest WebID from our generator [1][2] against >> your verifier. I notice you scan all six of the public key relations >> in my graph. What happens it there were more? Wouldn't your system >> timeout? Luckily I cleaned out the 30+ relations I had prior to this >> test. What about performing an explicit lookup? >> >> >> * Checking ownership of certificate (public key matches private >> key)...PASSED(Reason: GENEROUS) >> >> * Checking if certificate contains URIs in the subjectAltName >> field...PASSED >> >> * Found 1 URIs in the certificate (a maximum of 3 will be tested). >> >> * Checking URI >> 1(http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen#this)... >> - Trying to fetch and process certificate(s) from webid profile... >> Testing if the modulus representation matches the one in the >> webid (found a modulus value)... >> >> Testing modulus...- FAILED >> WebID=f4990925e526be2.......a5c172d91fafa01 >> Cert =994d0067dd21021.......ca1e663983345d3 >> >> Testing if the modulus representation matches the one in the >> webid (found a modulus value)... >> >> Testing modulus...- FAILED >> WebID=c9cbdde371ea987.......c3d4e28dfe27423 >> Cert =994d0067dd21021.......ca1e663983345d3 >> >> Testing if the modulus representation matches the one in the >> webid (found a modulus value)... >> >> Testing modulus...- FAILED >> WebID=d633f04252a9b3f.......e719cb59227d8a7 >> Cert =994d0067dd21021.......ca1e663983345d3 >> >> Testing if the modulus representation matches the one in the >> webid (found a modulus value)... >> >> Testing modulus...- FAILED >> WebID=db0aec1b33f4909.......8ea627df06f60b3 >> Cert =994d0067dd21021.......ca1e663983345d3 >> >> Testing if the modulus representation matches the one in the >> webid (found a modulus value)... >> >> Testing modulus...- FAILED >> WebID=cd3ff1569dc66df.......e3ab848cfccd1e7 >> Cert =994d0067dd21021.......ca1e663983345d3 >> >> Testing if the modulus representation matches the one in the >> webid (found a modulus value)... >> >> Testing modulus...PASSED >> WebID=994d0067dd21021.......ca1e663983345d3 >> Cert =994d0067dd21021.......ca1e663983345d3 >> >> *Match found, ignoring futher tests!* >> >> * Authentication successful! >> >> Your certificate contains the following WebIDs: >> >> * http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen#this >> >> >> The WebID URI used to claim your identity is: >> >> * http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen#this >> (your claim wasSUCCESSFUL!) >> >> >> The WebID URL suffix (to be signed) for your service provider is: >> >> * ?webid=http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen#this&ts=2011-11-28UTC20:53:50+00:00 >> >> >> Unless both of those strings map to the same number, your >> identification experience will vary across clients. >> >> *Your certificate in PEM format:* >> -----BEGIN CERTIFICATE----- >> MIIDlDCCAv2gAwIBAgICALAwDQYJKoZIhvcNAQEFBQAwdjELMAkGA1UEBhMCVVMx >> FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEzARBgNVBAcUCkJ1cmxpbmd0b24xHjAc >> BgNVBAoUFU9wZW5saW5rIFNvZnR3YXJlIEluYzEaMBgGA1UEAxQRaWQubXlvcGVu >> bGluay5uZXQwHhcNMTExMTI4MjA1MDI4WhcNMTIxMTI3MjA1MDI4WjCBgzEtMCsG >> A1UEAxMkS2luZ3NsZXkgVXlpIElkZWhlbiAoTXlPcGVuTGluayBOZXcpMSswKQYD >> VQQKEyJPcGVuTGluayBTb2Z0d2FyZSAoTXlPcGVuTGluayBJZFApMSUwIwYJKoZI >> hvcNAQkBFhZraWRlaGVuQG9wZW5saW5rc3cuY29tMIIBIjANBgkqhkiG9w0BAQEF >> AAOCAQ8AMIIBCgKCAQEAmU0AZ90hAhmkSb6xhPIOpQ6ajKces9uLQl/1yPBW1PiK >> VZxhfk9LILVGNZEdRcYk1B+Ejmzfo62hpo9u3Iu9RbVBjsNsy7DAWtqNkdnCq16p >> P5gkuukObDMXmMLINCdgy0lMu9Mhg8E81Dy9wMInbGm85j9wkO3CCypN5E9WgAFu >> GeEgV76AAfOjMWHS/quH21o1Hn7aM+MHts1UonGg6kpHupOY1/ERGBIc7KcIYuhm >> cZj1/BmSQXHYdYsuHSd/c8d6DFjWKO/a3pdBhXVT6qTFTILEXwiy7xurj3RSrt57 >> jjgsqcJFd2XBRRXJIVLFi93arnHPxpEcoeZjmDNF0wIDAQABo4GeMIGbMB0GA1Ud >> DgQWBBQQpXFH3GrJwhziRGoN6dvlFLF0fTBLBgNVHREERDBChkBodHRwOi8vaWQu >> bXlvcGVubGluay5uZXQvZGF0YXNwYWNlL3BlcnNvbi9LaW5nc2xleVV5aUlkZWhl >> biN0aGlzMC0GCWCGSAGG+EIBDQQgFh5WaXJ0dW9zbyBHZW5lcmF0ZWQgQ2VydGlm >> aWNhdGUwDQYJKoZIhvcNAQEFBQADgYEAuL9WUixSviSQA6AeIoTguFbam7XA/med >> eoPnQ13o0erjkAjui+5UBLIMzih4r6Ma/wMrO3HsmU3Zw9/jPyJd+sWXaeYdQOPt >> 7S+rDHLoYJrafoWA1UORCp/HuOpB2JIdX4pxAO4tNKPQr29I2GdCu3RoTgVrkdNP >> HrF0JktHuj0= >> -----END CERTIFICATE----- >> >> >> *Your certificate in text format:* >> Certificate: >> Data: >> Version: 3 (0x2) >> Serial Number: 176 (0xb0) >> Signature Algorithm: sha1WithRSAEncryption >> Issuer: C=US, ST=Massachusetts, L=Burlington, O=Openlink Software Inc, CN=id.myopenlink.net >> Validity >> Not Before: Nov 28 20:50:28 2011 GMT >> Not After : Nov 27 20:50:28 2012 GMT >> Subject: CN=Kingsley Uyi Idehen (MyOpenLink New), O=OpenLink Software (MyOpenLinkIdP)/emailAddress=kidehen@openlinksw.com >> Subject Public Key Info: >> Public Key Algorithm: rsaEncryption >> RSA Public Key: (2048 bit) >> Modulus (2048 bit): >> 00:99:4d:00:67:dd:21:02:19:a4:49:be:b1:84:f2: >> 0e:a5:0e:9a:8c:a7:1e:b3:db:8b:42:5f:f5:c8:f0: >> 56:d4:f8:8a:55:9c:61:7e:4f:4b:20:b5:46:35:91: >> 1d:45:c6:24:d4:1f:84:8e:6c:df:a3:ad:a1:a6:8f: >> 6e:dc:8b:bd:45:b5:41:8e:c3:6c:cb:b0:c0:5a:da: >> 8d:91:d9:c2:ab:5e:a9:3f:98:24:ba:e9:0e:6c:33: >> 17:98:c2:c8:34:27:60:cb:49:4c:bb:d3:21:83:c1: >> 3c:d4:3c:bd:c0:c2:27:6c:69:bc:e6:3f:70:90:ed: >> c2:0b:2a:4d:e4:4f:56:80:01:6e:19:e1:20:57:be: >> 80:01:f3:a3:31:61:d2:fe:ab:87:db:5a:35:1e:7e: >> da:33:e3:07:b6:cd:54:a2:71:a0:ea:4a:47:ba:93: >> 98:d7:f1:11:18:12:1c:ec:a7:08:62:e8:66:71:98: >> f5:fc:19:92:41:71:d8:75:8b:2e:1d:27:7f:73:c7: >> 7a:0c:58:d6:28:ef:da:de:97:41:85:75:53:ea:a4: >> c5:4c:82:c4:5f:08:b2:ef:1b:ab:8f:74:52:ae:de: >> 7b:8e:38:2c:a9:c2:45:77:65:c1:45:15:c9:21:52: >> c5:8b:dd:da:ae:71:cf:c6:91:1c:a1:e6:63:98:33: >> 45:d3 >> Exponent: 65537 (0x10001) >> X509v3 extensions: >> X509v3 Subject Key Identifier: >> 10:A5:71:47:DC:6A:C9:C2:1C:E2:44:6A:0D:E9:DB:E5:14:B1:74:7D >> X509v3 Subject Alternative Name: >> URI:http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen#this >> Netscape Comment: >> Virtuoso Generated Certificate >> Signature Algorithm: sha1WithRSAEncryption >> b8:bf:56:52:2c:52:be:24:90:03:a0:1e:22:84:e0:b8:56:da: >> 9b:b5:c0:fe:67:9d:7a:83:e7:43:5d:e8:d1:ea:e3:90:08:ee: >> 8b:ee:54:04:b2:0c:ce:28:78:af:a3:1a:ff:03:2b:3b:71:ec: >> 99:4d:d9:c3:df:e3:3f:22:5d:fa:c5:97:69:e6:1d:40:e3:ed: >> ed:2f:ab:0c:72:e8:60:9a:da:7e:85:80:d5:43:91:0a:9f:c7: >> b8:ea:41:d8:92:1d:5f:8a:71:00:ee:2d:34:a3:d0:af:6f:48: >> d8:67:42:bb:74:68:4e:05:6b:91:d3:4f:1e:b1:74:26:4b:47: >> ba:3d >> >> -- >> >> Regards, >> >> Kingsley Idehen >> Founder& CEO >> OpenLink Software >> Company Web:http://www.openlinksw.com >> Personal Weblog:http://www.openlinksw.com/blog/~kidehen >> Twitter/Identi.ca handle: @kidehen >> Google+ Profile:https://plus.google.com/112399767740508618350/about >> LinkedIn Profile:http://www.linkedin.com/in/kidehen >> >> >> >> > -- Regards, Kingsley Idehen Founder& CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Monday, 28 November 2011 23:36:13 UTC