- From: Jürgen Jakobitsch <j.jakobitsch@semantic-web.at>
- Date: Mon, 02 Jan 2012 14:14:00 +0100 (CET)
- To: Henry Story <henry.story@bblfish.net>
- Cc: "public-xg-webid@w3.org XG" <public-xg-webid@w3.org>
the URL of the WebIDTestServer is ==> http://webid.turnguard.com/WebIDTestServer you'll find all relevant links there (in the menu) wkr http://www.turnguard.com/turnguard ----- Original Message ----- From: "Jürgen Jakobitsch" <j.jakobitsch@semantic-web.at> To: "Henry Story" <henry.story@bblfish.net> Cc: "public-xg-webid@w3.org XG" <public-xg-webid@w3.org> Sent: Monday, January 2, 2012 2:09:08 PM Subject: Re: WebIDRealm henry, i need to setup a beautiful server first that serve all - data.turnguard.com - schema.turnguard.com these urls are not dereferenced anywhere at the moment, so they are not needed for webIDTestServer internal use by now. wkr http://www.turnguard.com/turnguard ----- Original Message ----- From: "Henry Story" <henry.story@bblfish.net> To: "Jürgen Jakobitsch" <j.jakobitsch@semantic-web.at> Cc: "public-xg-webid@w3.org XG" <public-xg-webid@w3.org> Sent: Monday, January 2, 2012 2:02:57 PM Subject: Re: WebIDRealm On 2 Jan 2012, at 13:47, Jürgen Jakobitsch wrote: > hi, > > i have updated tomcat's WebIDRealm to the latest spec > and set up a test server [1]. > > there are two links on this server for testing : > > 1. "OnlyWithCert" > requires the user to be in role <http://data.turnguard.com/webid/2.0/Void> > since every presenter of a certificate is added to this reserved role, everybody > with a parseable webIDClaim should be able to see this page (some data from your profile will be displayed) > 2. "OnlyWithCert and Role X" > requires the user to be in role <http://data.turnguard.com/webid/2.0/RoleX>. > You should get an access denied. Just now I get a Server Not found on those two urls. I can't ping data.turnguard.com either.... > > > - please note that this is now beta (at best) and any pointer, question, comment or wish is really welcome. > - please also note that rdfa support will follow sometimes this week. > > > the WebIDRealm now > > 1. is fully SailAPI compatible [2] > with a simple jndi factory it is possible to use any data-store that has a SailImplementation. > note : the test server uses a simple file that is imported to an OpenRDF MemoryStore. > note : the SailRepository is used to lookup roles needed to check tomcat's security constraints in the first place. (see below) > 2. supports different modes > since there is a SailRepository at hand it is now also possible to lookup webIDClaims in that repository. > 2.1. DEREFERENCE_ONLY > Tries to dereference the WebIDURI over http > 2.2. DEREFERENCE_NO > Only looks up the WebIDURI in the given SailRepository, making it also possible to use any uri as a WebIDClaim (mailto:.., URNs) > This could be usefull in case someone wants to use WebID only "internally" without having to publish all its user profiles > (we want nsa and cia to use it also, right?) > 2.3. DEREFERENCE_FIRST, DEREFERENCE_LAST > first try to dereference and then look into the SailRepository or the other way round. > 3. way less interwoven with apache's tomcat (catalina) api. > i'm trying to make the Realm fully compatible with major servlet containers during the next couple of weeks. > 4. capable to bringing important debug information to the user. > The only way to get more information to the enduser is to create a (Dummy)Principal when something fails during > the authentication process. The actual exception is translated to rdf and added to the (Dummy)Principals data, > making it possible to give the user usefull information why the login didn't work. > it is best to try this by > - making your rdf improper (add a slash where no slash belongs and try to login) > - remove your cert:key from you profile (and try to log in) > - alter the exponent and modulus > - remove the exponent or the modulus > - try it with an expired certificate > - try it with a certificate that is not yet valid > - try it with certificate with a webID that is not dereferencable. > it is also now possible to construct the webID testcases from these exceptions (which will be done soon) > ... > > wkr http://www.turnguard.com/turnguard > > > [1] http://webid.turnguard.com/WebIDTestServer > [2] http://openrdf.org > > > > -- > | Jürgen Jakobitsch, > | Software Developer > | Semantic Web Company GmbH > | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 > | A - 1070 Wien, Austria > | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 > > COMPANY INFORMATION > | http://www.semantic-web.at/ > > PERSONAL INFORMATION > | web : http://www.turnguard.com > | foaf : http://www.turnguard.com/turnguard > | skype : jakobitsch-punkt > Social Web Architect http://bblfish.net/ -- | Jürgen Jakobitsch, | Software Developer | Semantic Web Company GmbH | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 | A - 1070 Wien, Austria | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 COMPANY INFORMATION | http://www.semantic-web.at/ PERSONAL INFORMATION | web : http://www.turnguard.com | foaf : http://www.turnguard.com/turnguard | skype : jakobitsch-punkt -- | Jürgen Jakobitsch, | Software Developer | Semantic Web Company GmbH | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 | A - 1070 Wien, Austria | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 COMPANY INFORMATION | http://www.semantic-web.at/ PERSONAL INFORMATION | web : http://www.turnguard.com | foaf : http://www.turnguard.com/turnguard | skype : jakobitsch-punkt
Received on Monday, 2 January 2012 13:17:10 UTC