Re: WebIDRealm from Jürgen Jakobitsch on 2012-01-02 (public-xg-webid@w3.org from January 2012)

From: Jürgen Jakobitsch <j.jakobitsch@semantic-web.at>
Date: Mon, 02 Jan 2012 14:09:08 +0100 (CET)
To: Henry Story <henry.story@bblfish.net>
Cc: "public-xg-webid@w3.org XG" <public-xg-webid@w3.org>
Message-ID: <d97771ba-db7c-4edd-88df-167f2f4a7dbc@zcs>
henry,

i need to setup a beautiful server first that serve all 

   - data.turnguard.com
   - schema.turnguard.com

these urls are not dereferenced anywhere at the moment, so they are not needed 
for webIDTestServer internal use by now.

wkr http://www.turnguard.com/turnguard

----- Original Message -----
From: "Henry Story" <henry.story@bblfish.net>
To: "Jürgen Jakobitsch" <j.jakobitsch@semantic-web.at>
Cc: "public-xg-webid@w3.org XG" <public-xg-webid@w3.org>
Sent: Monday, January 2, 2012 2:02:57 PM
Subject: Re: WebIDRealm


On 2 Jan 2012, at 13:47, Jürgen Jakobitsch wrote:

> hi,
> 
> i have updated tomcat's WebIDRealm to the latest spec
> and set up a test server [1].
> 
> there are two links on this server for testing :
> 
> 1. "OnlyWithCert"
>   requires the user to be in role <http://data.turnguard.com/webid/2.0/Void>
>   since every presenter of a certificate is added to this reserved role, everybody
>   with a parseable webIDClaim should be able to see this page (some data from your profile will be displayed)
> 2. "OnlyWithCert and Role X"
>   requires the user to be in role <http://data.turnguard.com/webid/2.0/RoleX>.
>   You should get an access denied.

Just now I get a Server Not found on those two urls. I can't ping data.turnguard.com either....


> 
> 
> - please note that this is now beta (at best) and any pointer, question, comment or wish is really welcome.
> - please also note that rdfa support will follow sometimes this week.
> 
> 
> the WebIDRealm now
> 
> 1. is fully SailAPI compatible [2]
>   with a simple jndi factory it is possible to use any data-store that has a SailImplementation.
>   note : the test server uses a simple file that is imported to an OpenRDF MemoryStore.
>   note : the SailRepository is used to lookup roles needed to check tomcat's security constraints in the first place. (see below)
> 2. supports different modes
>   since there is a SailRepository at hand it is now also possible to lookup webIDClaims in that repository.
>   2.1. DEREFERENCE_ONLY
>        Tries to dereference the WebIDURI over http
>   2.2. DEREFERENCE_NO
>        Only looks up the WebIDURI in the given SailRepository, making it also possible to use any uri as a WebIDClaim (mailto:.., URNs)
>        This could be usefull in case someone wants to use WebID only "internally" without having to publish all its user profiles
>        (we want nsa and cia to use it also, right?)
>   2.3. DEREFERENCE_FIRST, DEREFERENCE_LAST
>        first try to dereference and then look into the SailRepository or the other way round.
> 3. way less interwoven with apache's tomcat (catalina) api.
>   i'm trying to make the Realm fully compatible with major servlet containers during the next couple of weeks.
> 4. capable to bringing important debug information to the user.
>   The only way to get more information to the enduser is to create a (Dummy)Principal when something fails during
>   the authentication process. The actual exception is translated to rdf and added to the (Dummy)Principals data,
>   making it possible to give the user usefull information why the login didn't work.
>   it is best to try this by
>   - making your rdf improper (add a slash where no slash belongs and try to login)
>   - remove your cert:key from you profile (and try to log in)
>   - alter the exponent and modulus
>   - remove the exponent or the modulus
>   - try it with an expired certificate
>   - try it with a certificate that is not yet valid
>   - try it with certificate with a webID that is not dereferencable.
>   it is also now possible to construct the webID testcases from these exceptions (which will be done soon)
>   ...
> 
> wkr http://www.turnguard.com/turnguard
> 
> 
> [1] http://webid.turnguard.com/WebIDTestServer
> [2] http://openrdf.org
> 
> 
> 
> --
> | Jürgen Jakobitsch,
> | Software Developer
> | Semantic Web Company GmbH
> | Mariahilfer Straße 70 / Neubaugasse 1, Top 8
> | A - 1070 Wien, Austria
> | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22
> 
> COMPANY INFORMATION
> | http://www.semantic-web.at/
> 
> PERSONAL INFORMATION
> | web   : http://www.turnguard.com
> | foaf  : http://www.turnguard.com/turnguard
> | skype : jakobitsch-punkt
> 

Social Web Architect
http://bblfish.net/



-- 
| Jürgen Jakobitsch, 
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| http://www.semantic-web.at/

PERSONAL INFORMATION
| web   : http://www.turnguard.com
| foaf  : http://www.turnguard.com/turnguard
| skype : jakobitsch-punkt
Received on Monday, 2 January 2012 13:09:42 UTC