RE: struggling with ASK

in the IIS6 (see 2003 era operating systems, essentially), the SSL is tied to the notion of a web service, being amenable to "filtering" - in the sense of a webserver having a filtering chain. 

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/757a3990-d8ae-4d72-94af-70fa46edc985.mspx?mfr=true----------------

 

In later version of the product, SSL handshakes are not evaluated in user space, such as the IIS filter chain.

 

Configuring the driver is a bit of a black box, particularly how it makes use of the SSPI (IETF GSSAPI schannel providers, and then the schannel-centric crypto services providers which DO have cert/trust responsibilities... that impact the handshake).

 

We are pushing the envelope here. The OS is subject to Network level eval as part of its security certification, and this will require for secure channels a protection philosophy (such as client certs must be rooted in some store accesible to the micro-kernel tasks). Windows is not a general purpose developer tookit, like open source. Its supposed to be an operating system, delivering security ASSURANCE ...tied to hardware enforcement by the CPU/TPM etc.

 

 

------------------------
> From: martin.gaedke@informatik.tu-chemnitz.de
> Date: Wed, 30 Nov 2011 01:22:34 +0100
> CC: henry.story@bblfish.net; kidehen@openlinksw.com; public-xg-webid@w3.org; hendrik.gebhardt@informatik.tu-chemnitz.de; stefan.wild@informatik.tu-chemnitz.de; olexiy.chudnovskyy@informatik.tu-chemnitz.de
> To: home_pw@msn.com
> Subject: Re: struggling with ASK
>
> Hi Peter,
>
> just three points:
>
> 1. it is not true - there are folks interested in dot net here - at least us!
>
> 2. I do not think the W3C process is biased against windows, why should it? May be the closed source approach hinders development ;-)
>
> 3. I will forward the request re: the zip and testing to my PhD students (cf. CC)
>
>
> It is very true that my team from Chemnitz University of Technology is interested in a Windows / IIS Version / .Net Version (and linux, but that should be easy). We are currently developing a dll-IIS-extension to deal with the self-signed certs and the corresponding foaf and TLS. Right now we had to slow down development as we work on a proposal (also dealing with WebID) for the FP7 research program of the European Commission.
>
> So, looks like we should join forces and move the windows-section of the WebID community forward.
>
> Cheers
> Martin
>
>
> ---------------------------------------------------------------------
> Prof. Dr.-Ing. Martin Gaedke
> Chemnitz University of Technology
> Department of Computer Science
> Distributed and Self-organizing Systems Group
> Str. der Nationen 62
> D-09107 Chemnitz
> Germany
> E: martin.gaedke@informatik.tu-chemnitz.de
> T: @gaedke
> P: +49 371 53125530
> W: http://vsr.informatik.tu-chemnitz.de
>
>
>
>
>
>
> On Nov 30, 2011, at 00:41, Peter Williams wrote:
>
> > No interest in open source culture. The no of folks interested in dot net here is also nearly zero. The goal is merely to determine if w3c process was biased against windows.
> >
> > It's already under local source control. If someone wants a zip, I'd love someone to replicate the experiment (so I figure what dependencies I've introduced.) Perhaps try it on mono and the stp http listener stack, so one gets more control over the ssl handshake, ca dn messages etc.
> >
> > Apart from fixing working with A sparqll server endpoint, I cannot find reason to do more. Once the spec is final, perhaps for fun I'll have another look.
> >
> > Sent from my iPhone
> >
> > On Nov 29, 2011, at 3:18 PM, "Henry Story" <henry.story@bblfish.net> wrote:
> >
> >>
> >> On 30 Nov 2011, at 00:03, Peter Williams wrote:
> >>
> >>>
> >>> I fiddled around with the themes folks suggested.
> >>>
> >>>
> >>>
> >>> This works.
> >>>
> >>>
> >>> public const String webid2key2 =
> >>> "PREFIX : <http://www.w3.org/ns/auth/cert#>\n" +
> >>> "PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>\n" +
> >>> "ASK {0}\n" +
> >>> "<{1}> :key [\n" +
> >>> ":modulus \"{2}\"^^xsd:hexBinary ;\n" +
> >>> ":exponent \"{3}\"^^xsd:integer ;\n" +
> >>> "] .\n" +
> >>> "{4}\n";
> >>>
> >>>
> >>>
> >>>
> >>> Throwing darts works, typically.
> >>
> >> so it looks like the xsd:int issue then was your problem.
> >>
> >>
> >>> http://tinyurl.com/cbxbutj
> >>
> >> you should really put your code up on an open source repository like github or bitbucket. Then you won't have to point people to
> >> gifs of your source code. :-)
> >>
> >>
> >>>
> >>>
> >>> I'll perfect the use of Kingsleys sparql server later on, since using a sparql server for this seems totatlly natural. The sparql server is not only the query processor, but the document/graph cache - implementing a trusted cache. Butler Lampson may yet be proved right...
> >>>
> >>>
> >>>
> >>> Thanks folks. I think Im nearly done.
> >>>
> >>>
> >>>
> >>> Love now to see someone's (*off topic*) ideas for walking the foaf:knows link chain, using the Euler reasoner.
> >>>
> >>>
> >>>
> >>> ----------------------------------------
> >>>> Date: Tue, 29 Nov 2011 16:35:50 -0500
> >>>> From: kidehen@openlinksw.com
> >>>> To: henry.story@bblfish.net
> >>>> CC: public-xg-webid@w3.org
> >>>> Subject: Re: struggling with ASK
> >>>>
> >>>> On 11/29/11 4:24 PM, Henry Story wrote:
> >>>>> On 29 Nov 2011, at 21:58, Kingsley Idehen wrote:
> >>>>>>>>
> >>>>>> Peter,
> >>>>>>
> >>>>>> SPARQL Protocol (Query Editor) URL: http://goo.gl/06apv .
> >>>>>> SPARQL Protocol (Query Results) URL: http://goo.gl/3RTPW .
> >>>>>>
> >>>>>> SPARQL ASK text:
> >>>>>>
> >>>>>> PREFIX :<http://www.w3.org/ns/auth/cert#>
> >>>>>> PREFIX xsd:<http://www.w3.org/2001/XMLSchema#>
> >>>>>> ASK {
> >>>>>> <http://id.myopenlink.net/about/id/entity/http/twitter.com/kidehen> :key [
> >>>>>> :modulus "9d25875087cb936da55dd036b89530a2d830ce72f378a3fcc2fe07174d74ef07aff2a552ef582bb57676d377daf3732ccc7cae810522dcdfce76e823cc297bad002b0d3ea42578ec00d2ae7354247420b9d708fce870679e22e5ecd49a149b41ea2f4eafdbc767bec673d088f98d1b12cd4a4997d362a4ed2ed5215c4c21072d079abdb2cc2da1a27563b86643ab6222019ae8f667a0b3548227af0ae526b13b5ecc431c11f6896e771010c959b5e6700605f95ff7f0fd3019f8e7ef2605f99a7b0095e7c9bb6e99825fda43d30a9c8baed0e35217c2cc61a81fc21dd500974f52deb6c1f784a603a989e4d5c421003d16978c23f62b4f4e027b7e4295fb6db7"^^xsd:hexBinary;
> >>>>>> :exponent "65537"^^xsd:int;
> >>>>>> ] .
> >>>>>> }
> >>>>> If that does it, then could it be that the version of SPARQL that Peter was using was not doing D-entailment between xsd:int and xsd:integer ? Ie: it could be that Peter's Profile used xsd:int (as that is how I had written it out in the earlier spec) and the ASK query was written with the number written out with no datatype specification, i.e. that it is a pure xsd:integer.
> >>>>>
> >>>>> I should have upgraded all the RDF to use xsd:integer so that we minimise these types of issues until D-entailment works correctly everywhere. This type of thing is something Bergi should test for.
> >>>>>
> >>>>> Henry
> >>>>>
> >>>>>> --
> >>>>>>
> >>>>>> Regards,
> >>>>>>
> >>>>>> Kingsley Idehen
> >>>>>> Founder& CEO
> >>>>>> OpenLink Software
> >>>>>> Company Web: http://www.openlinksw.com
> >>>>>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> >>>>>> Twitter/Identi.ca handle: @kidehen
> >>>>>> Google+ Profile: https://plus.google.com/112399767740508618350/about
> >>>>>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>> Social Web Architect
> >>>>> http://bblfish.net/
> >>>>>
> >>>>>
> >>>> Henry,
> >>>>
> >>>> This also works:
> >>>> PREFIX : <http://www.w3.org/ns/auth/cert#>
> >>>> PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
> >>>> ASK {
> >>>> <http://id.myopenlink.net/about/id/entity/http/twitter.com/kidehen> :key [
> >>>> :modulus
> >>>> "9d25875087cb936da55dd036b89530a2d830ce72f378a3fcc2fe07174d74ef07aff2a552ef582bb57676d377daf3732ccc7cae810522dcdfce76e823cc297bad002b0d3ea42578ec00d2ae7354247420b9d708fce870679e22e5ecd49a149b41ea2f4eafdbc767bec673d088f98d1b12cd4a4997d362a4ed2ed5215c4c21072d079abdb2cc2da1a27563b86643ab6222019ae8f667a0b3548227af0ae526b13b5ecc431c11f6896e771010c959b5e6700605f95ff7f0fd3019f8e7ef2605f99a7b0095e7c9bb6e99825fda43d30a9c8baed0e35217c2cc61a81fc21dd500974f52deb6c1f784a603a989e4d5c421003d16978c23f62b4f4e027b7e4295fb6db7"^^xsd:hexBinary;
> >>>> :exponent "65537"^^xsd:integer;
> >>>> ] .
> >>>> }
> >>>>
> >>>> This works, but it makes specific use of Virtuoso's in-built functions.
> >>>> This option is useful when people copy and paste the modulus from
> >>>> keychain and other keystores with a UI front that leads to spaces in the
> >>>> modulus:
> >>>>
> >>>> PREFIX : <http://www.w3.org/ns/auth/cert#>
> >>>> PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
> >>>> ASK {
> >>>> <http://id.myopenlink.net/about/id/entity/http/twitter.com/kidehen> :key [
> >>>> :modulus ?m ;
> >>>> :exponent ?e ;
> >>>> ] .
> >>>>
> >>>> filter (str (?m) = sql:FOAF_MOD ("9D 25 87 50 87 CB 93 6D A5 5D D0 36 B8
> >>>> 95 30 A2 D8 30 CE 72 F3 78 A3 FC C2 FE 07 17 4D 74 EF 07 AF F2 A5 52 EF
> >>>> 58 2B B5 76 76 D3 77 DA F3 73 2C CC 7C AE 81 05 22 DC DF CE 76 E8 23 CC
> >>>> 29 7B AD 00 2B 0D 3E A4 25 78 EC 00 D2 AE 73 54 24 74 20 B9 D7 08 FC E8
> >>>> 70 67 9E 22 E5 EC D4 9A 14 9B 41 EA 2F 4E AF DB C7 67 BE C6 73 D0 88 F9
> >>>> 8D 1B 12 CD 4A 49 97 D3 62 A4 ED 2E D5 21 5C 4C 21 07 2D 07 9A BD B2 CC
> >>>> 2D A1 A2 75 63 B8 66 43 AB 62 22 01 9A E8 F6 67 A0 B3 54 82 27 AF 0A E5
> >>>> 26 B1 3B 5E CC 43 1C 11 F6 89 6E 77 10 10 C9 59 B5 E6 70 06 05 F9 5F F7
> >>>> F0 FD 30 19 F8 E7 EF 26 05 F9 9A 7B 00 95 E7 C9 BB 6E 99 82 5F DA 43 D3
> >>>> 0A 9C 8B AE D0 E3 52 17 C2 CC 61 A8 1F C2 1D D5 00 97 4F 52 DE B6 C1 F7
> >>>> 84 A6 03 A9 89 E4 D5 C4 21 00 3D 16 97 8C 23 F6 2B 4F 4E 02 7B 7E 42 95
> >>>> FB 6D B7") && xsd:integer(?e) = 65537)
> >>>> }
> >>>>
> >>>>
> >>>> Links:
> >>>>
> >>>> 1. http://goo.gl/hv4US -- SPARQL Protocol URL (results)
> >>>> 2. http://goo.gl/JGO6D -- SPARQL Protocol URL (query editor)
> >>>> 3. http://goo.gl/pXbQa -- SPARQL Protocol URL (results) for query using
> >>>> Virtuoso specific function
> >>>> 4. http://goo.gl/mlB4B -- SPARQL Protocol URL (query editor) for query
> >>>> using Virtuoso specific funtion.
> >>>>
> >>>> --
> >>>>
> >>>> Regards,
> >>>>
> >>>> Kingsley Idehen
> >>>> Founder& CEO
> >>>> OpenLink Software
> >>>> Company Web: http://www.openlinksw.com
> >>>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> >>>> Twitter/Identi.ca handle: @kidehen
> >>>> Google+ Profile: https://plus.google.com/112399767740508618350/about
> >>>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>
> >> Social Web Architect
> >> http://bblfish.net/
> >>
> >>
> >
> >
>
> 		 	   		  

Received on Wednesday, 30 November 2011 18:45:48 UTC