- From: Henry Story <henry.story@bblfish.net>
- Date: Thu, 5 Jan 2012 00:25:52 +0100
- To: Kingsley Idehen <kidehen@openlinksw.com>
- Cc: public-xg-webid@w3.org
On 5 Jan 2012, at 00:15, Kingsley Idehen wrote: > On 1/4/12 5:34 PM, Henry Story wrote: >> On 4 Jan 2012, at 23:24, Kingsley Idehen wrote: >> >>> On 1/4/12 4:22 PM, Jürgen Jakobitsch wrote: >>>> henry, if i remove all newlines i just get another error that say the keys from profile and certificate don't match. >>> Jurgen, >>> >>> At the current time, how many verifiers work and how many fail? > > Henry, > >> Yes, that would be helpful. But just the number itself might not be that useful, as there are many different types of validators, that validate very different things. It would be useful to know which validators and with which RDFA/Turtle? the spec conformat one, or the non spec confromant one? > > I asked a simple question. yes, what's the problem? I just asked for more details. Jurgen gave them. > >> >> - which validators: because some validators just validate high level rdfa syntax conformance >> - other validators translate rdfa into graphs ( UI ones or other rdf notations), so they know some of the basic high level rdf semantics but not necessarily the specific ontologies used >> - other validators try to validate webid authentication >> >> But do we have a list of validators still? >> >> Again all this would not be necessary if we had a validation test suite that worked. >> >> What is the simplest output an end points needs to give us so that we can test it thoroughly? >> I suppose we also need tests here for existing foaf cards. Perhaps a simple downloadable jar which you could point to your public/private key and that would test your certificate against a number of endpoints to check it. > > I really don't know what to say. You could say: "Good idea! Let's work on improving automatic validators. How can we do that easily?" > Testing this stuff should be dead simple. There's a spec, there are implementations, and then QA test runs. The spec is simple but as you see there are a lot of different pieces, and a lot of people joining who don't know all the pieces. You even have had trouble as witnessed on this list recently. And it even looks like you are not parsing xsd:hexBinary correctly as we discovered today. I am having other issues it seems. So clearly its not THAT simple. It's simpler than OpenId, but as we are moving to security space, things just are more complicated. > > At this point I am simply interested in how many verifiers work with Jurgen's WebID and how many fail. And I was interested in which ones worked and which ones failed. Is that ok? > > If we end up with your verifier being the sole failure point, then we can drill down and diagnose accordingly. When did I say that my verifier should be the only good one? I keep mentioning bergi's test suite as a tool to verify the verifiers. If my verifier were the only verifier then I would not be putting energy into Bergi building a verifier verifier. Security is all about verification, testing, looking at worse case scenarios. Being a little paranoid in security is considered a good thing. Henry > > Kingsley > >> >> Henry >> >> >> >>> Kingsley >>>> wkr j >>>> >>>> ----- Original Message ----- >>>> From: "Henry Story"<henry.story@bblfish.net> >>>> To: "Jürgen Jakobitsch"<j.jakobitsch@semantic-web.at> >>>> Cc: "Peter Williams"<home_pw@msn.com>, public-xg-webid@w3.org >>>> Sent: Wednesday, January 4, 2012 10:20:01 PM >>>> Subject: Re: WebIDRealm RDFa >>>> >>>> >>>> On 4 Jan 2012, at 22:14, Jürgen Jakobitsch wrote: >>>> >>>>> hi henry, >>>>> >>>>> i already changed it back, because i got the previously mentioned "keys don't match" message. >>>> Why change it back to something that is broken? >>>> We used to have a literal notation that was a lot more flexible called cert:hex which allowed white space and any other characters in the number. But recently it was thought to be better for this group and the spec to stick to standards. >>>> >>>> It seems that for the moment all those services that let you pass are flawed. They accept things they should not. >>>> >>>> >>>>> i also tried it with this uri http://eastghost.org/ghost.ttl#j but it's the same as the first screenshot : >>>> well yes, you have exactly the same problem with the turtle as you do with the rdfa >>>> >>>> $ curl http://eastghost.org/ghost.ttl >>>> @prefix rdf:<http://www.w3.org/1999/02/22-rdf-syntax-ns#> . >>>> @prefix h:<http://www.w3.org/1999/xhtml> . >>>> @prefix foaf:<http://xmlns.com/foaf/0.1/> . >>>> @prefix cert:<http://www.w3.org/ns/auth/cert#> . >>>> >>>> <http://eastghost.org/ghost.ttl> a<http://xmlns.com/foaf/0.1/PersonalProfileDocument> . >>>> >>>> <http://eastghost.org/ghost.ttl> foaf:maker<http://eastghost.org/ghost.ttl#j> . >>>> >>>> <http://eastghost.org/ghost.ttl#j> a foaf:Person ; >>>> foaf:name "jürgen" ; >>>> foaf:depiction<http://2sea.org/2sealogo.png> . >>>> >>>> <http://eastghost.org/ghost.ttl#j> cert:key _:node65lkcqx1 . >>>> >>>> _:node65lkcqx1 a cert:RSAPublicKey ; >>>> cert:modulus """e9e67c4b2b1d27c125f46b97f89f562f >>>> d36e10d825b585997340e915ca655778 >>>> 82e791dc99c4f58885184255e2762f74 >>>> d7f23553c9c6f9e8f26e0ffd8039ef24 >>>> eb5c58eb0ec53c8a2306821d4fa3ca49 >>>> 61920d262702bb942a2b4b3ada792415 >>>> ecc74de5ad7085af50cb2afacdccb793 >>>> 8b044c4cfe7ee1b36b27ff1ac6dd14c5 >>>> 1070fbbd4cd04e1e81876f72ec2c3c9c >>>> ad7f45f184833beb127f33f8c042d1f0 >>>> e24d27fa81306201eefaa7f7ec4411b4 >>>> 7a72d1aa19e76f4d1a094c6d509065b3 >>>> 7c0b71f190af2ddc051f9a2b6e93ce3d >>>> 5a478f92514bc745b6914bdf562d2a8c >>>> f71105dada7d2cbc895f7bb2f518b5c5 >>>> c0e7de200055e5985de9bdbaff5aaf27"""^^<http://www.w3.org/2001/XMLSchema#hexBinary> ; >>>> cert:exponent "65537"^^<http://www.w3.org/2001/XMLSchema#integer> . >>>> >>>> >>>> >>>>> The WebId Profile must be parseable Content and transformable to an RDF graph >>>>> >>>>> wkr j >>>>> >>>>> >>>>> ----- Original Message ----- >>>>> From: "Henry Story"<henry.story@bblfish.net> >>>>> To: "Jürgen Jakobitsch"<j.jakobitsch@semantic-web.at> >>>>> Cc: "Peter Williams"<home_pw@msn.com>, public-xg-webid@w3.org >>>>> Sent: Wednesday, January 4, 2012 10:09:45 PM >>>>> Subject: Re: WebIDRealm RDFa >>>>> >>>>> >>>>> On 4 Jan 2012, at 22:00, Jürgen Jakobitsch wrote: >>>>> >>>>>> hi henry, >>>>>> >>>>>> i don't think thats the problem. >>>>>> >>>>>> i now removed every whitespace to have one single row of characters (like here http://www.turnguard.com/turnguard) >>>>>> now the test fails because it assumes that the key from the profile and the key from the certificate are not equal. >>>>> I still get your old rdfa. >>>>> >>>>>> i attached a screeny. >>>>> yes, my foafssl does not report carefully enough what the problem is. >>>>> It looks like it finds a number (perhaps the parser just stops at the first number below, and this of course does not match the number in your rdfa profile. >>>>> >>>>>> please also take a look at the source code from http://2sea.org/sea.jsp#j to see how it looks there. >>>>> curl http://2sea.org/sea.jsp#j >>>>> >>>>> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"> >>>>> <html >>>>> xmlns="http://www.w3.org/1999/xhtml" >>>>> xmlns:skos="http://www.w3.org/2004/02/skos/core#" >>>>> xmlns:foaf="http://xmlns.com/foaf/0.1/" >>>>> xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" >>>>> xmlns:dc="http://purl.org/dc/elements/1.1/" >>>>> xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" >>>>> xmlns:dcterms="http://purl.org/dc/terms/" >>>>> xmlns:turnguard="http://www.turnguard.com/" >>>>> xmlns:cert="http://www.w3.org/ns/auth/cert#" >>>>> xmlns:xsd="http://www.w3.org/2001/XMLSchema#" >>>>> xmlns:contact="http://www.w3.org/2000/10/swap/pim/contact#"> >>>>> <head> >>>>> <title>2sea.org</title> >>>>> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> >>>>> <meta http-equiv="Pragma" content="no-cache"/> >>>>> <meta http-equiv="Cache-Control" content="no-cache,no-store"/> >>>>> </head> >>>>> <body> >>>>> <div typeof="foaf:PersonalProfileDocument" about="http://2sea.org/sea.jsp"> >>>>> <div rel="foaf:maker"> >>>>> <div typeof="foaf:Person" about="http://2sea.org/sea.jsp#j"> >>>>> <div property="foaf:name">jürgen</div> >>>>> <div rel="foaf:depiction" href="http://2sea.org/2sealogo.png"/> >>>>> <div rel="cert:key"> >>>>> <div typeof="cert:RSAPublicKey"> >>>>> <div datatype="xsd:hexBinary" property="cert:modulus">986534d06d133821f40157c15891857d >>>>> 537d20af028656ddca1caf93cd3cc910 >>>>> 4d4f172cf14d6102ddf13b16852c09b3 >>>>> fccb0a2fe2a2e895b8f5993fd87321d1 >>>>> a03b656cac78726715f7198f7c5d539b >>>>> 8197fd35bafe274ceade6694ec38c866 >>>>> 09a25d6988f6e749f401c37145ac1114 >>>>> 2d84d775f4f929dbcd6ba809ab4e39b3 >>>>> dc36087062efcf73050e313f60929b7f >>>>> 969b8b6bc80e25ef6000bbe66d6925ab >>>>> a09aed8a16271d6d9651edb27c6bb50a >>>>> 1ffc6bc7d8bfe8346965cf0b59933853 >>>>> 52157fb7df1b143a97ac7d642428c1f8 >>>>> 7dd7988364115dcfa05cfb020b595417 >>>>> feb54febaa8ac4a81c40ba9ac1dc6a09 >>>>> 7f53b379ba9850e0a45e2f1c452f3743</div> >>>>> <div datatype="xsd:integer" property="cert:exponent">65537</div> >>>>> </div> >>>>> </div> >>>>> </div> >>>>> </div> >>>>> </div> >>>>> </body> >>>>> </html> >>>>> >>>>> >>>>> I still get all the newlines in your html. Did you publish the new version? >>>>> >>>>>> please note : >>>>>> >>>>>> how to i copy the modulus from cert to profile : >>>>>> >>>>>> 1. open cert in firefox >>>>>> 2. copy the modulus >>>>>> 3. paste it into texteditor (gedit on openSuse) >>>>>> 4. replace all whitespaces by "nothing" >>>>>> 5. mark all and copy the text again to clipboard >>>>>> 6. insert it in my profile (vim on openSuse) >>>>>> 7. remove leading and trailing whitespaces from pasting >>>>> Yes, that should be ok. But did you publish your new RDFa? >>>>> >>>>> In any case foafssl.org has a problem in that it only fetches a profile every five minutes. That is something that needs to be fixed. >>>>> >>>>> >>>>>> wkr j >>>>>> >>>>>> ----- Original Message ----- >>>>>> From: "Henry Story"<henry.story@bblfish.net> >>>>>> To: "Jürgen Jakobitsch"<j.jakobitsch@semantic-web.at> >>>>>> Cc: "Peter Williams"<home_pw@msn.com>, public-xg-webid@w3.org >>>>>> Sent: Wednesday, January 4, 2012 9:51:51 PM >>>>>> Subject: Re: WebIDRealm RDFa >>>>>> >>>>>> >>>>>> On 4 Jan 2012, at 21:39, Jürgen Jakobitsch wrote: >>>>>> >>>>>>> btw, >>>>>>> >>>>>>> i just realized that http://2sea.org/sea.jsp#j >>>>>>> doesn't pass the authentication here https://foafssl.org/test/WebId >>>>>>> >>>>>>> http://validator.w3.org says its valid xhtml+rdfa >>>>>>> http://rdf-translator.appspot.com/ and http://www.w3.org/2007/08/pyRdfa/ parse without problem >>>>>> Ok, so I look at >>>>>> http://www.w3.org/2007/08/pyRdfa/ >>>>>> >>>>>> and the graph returned is >>>>>> >>>>>> @prefix cert:<http://www.w3.org/ns/auth/cert#> . >>>>>> @prefix contact:<http://www.w3.org/2000/10/swap/pim/contact#> . >>>>>> @prefix dc:<http://purl.org/dc/elements/1.1/> . >>>>>> @prefix dcterms:<http://purl.org/dc/terms/> . >>>>>> @prefix foaf:<http://xmlns.com/foaf/0.1/> . >>>>>> @prefix rdf:<http://www.w3.org/1999/02/22-rdf-syntax-ns#> . >>>>>> @prefix rdfs:<http://www.w3.org/2000/01/rdf-schema#> . >>>>>> @prefix skos:<http://www.w3.org/2004/02/skos/core#> . >>>>>> @prefix turnguard:<http://www.turnguard.com/> . >>>>>> @prefix xhv:<http://www.w3.org/1999/xhtml/vocab#> . >>>>>> @prefix xml:<http://www.w3.org/XML/1998/namespace> . >>>>>> @prefix xsd:<http://www.w3.org/2001/XMLSchema#> . >>>>>> >>>>>> >>>>>> <http://2sea.org/sea.jsp> a foaf:PersonalProfileDocument ; >>>>>> foaf:maker<http://2sea.org/sea.jsp#j> . >>>>>> >>>>>> <http://2sea.org/sea.jsp#j> a foaf:Person ; >>>>>> cert:key >>>>>> [ a cert:RSAPublicKey ; >>>>>> cert:exponent "65537"^^xsd:integer ; >>>>>> cert:modulus """ >>>>>> 986534d06d133821f40157c15891857d >>>>>> 537d20af028656ddca1caf93cd3cc910 >>>>>> 4d4f172cf14d6102ddf13b16852c09b3 >>>>>> fccb0a2fe2a2e895b8f5993fd87321d1 >>>>>> a03b656cac78726715f7198f7c5d539b >>>>>> 8197fd35bafe274ceade6694ec38c866 >>>>>> 09a25d6988f6e749f401c37145ac1114 >>>>>> 2d84d775f4f929dbcd6ba809ab4e39b3 >>>>>> dc36087062efcf73050e313f60929b7f >>>>>> 969b8b6bc80e25ef6000bbe66d6925ab >>>>>> a09aed8a16271d6d9651edb27c6bb50a >>>>>> 1ffc6bc7d8bfe8346965cf0b59933853 >>>>>> 52157fb7df1b143a97ac7d642428c1f8 >>>>>> 7dd7988364115dcfa05cfb020b595417 >>>>>> feb54febaa8ac4a81c40ba9ac1dc6a09 >>>>>> 7f53b379ba9850e0a45e2f1c452f3743 >>>>>> """^^xsd:hexBinary >>>>>> ] ; >>>>>> foaf:depiction<http://2sea.org/2sealogo.png> ; >>>>>> foaf:name "jürgen" . >>>>>> >>>>>> >>>>>> But your cert:modulus is not a well formed hexBinary. A hexBinary I believe only allows white space at the beginning and end of >>>>>> the URI, not newlines in between. >>>>>> >>>>>> So the other parsers are not conforming to spec at this level. >>>>>> >>>>>> Henry >>>>>> >>>>>>> i attached the screenshot from foafssl.org >>>>>>> >>>>>>> any idea? >>>>>>> >>>>>>> wkr http://www.turnguard.com/turnguard >>>>>>> >>>>>>> <Screenshot-WebId Tests - Mozilla Firefox.png> >>>>>> Social Web Architect >>>>>> http://bblfish.net/ >>>>>> >>>>>> >>>>>> -- >>>>>> | Jürgen Jakobitsch, >>>>>> | Software Developer >>>>>> | Semantic Web Company GmbH >>>>>> | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 >>>>>> | A - 1070 Wien, Austria >>>>>> | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 >>>>>> >>>>>> COMPANY INFORMATION >>>>>> | http://www.semantic-web.at/ >>>>>> >>>>>> PERSONAL INFORMATION >>>>>> | web : http://www.turnguard.com >>>>>> | foaf : http://www.turnguard.com/turnguard >>>>>> | skype : jakobitsch-punkt >>>>>> <Screenshot-WebId Tests - Mozilla Firefox-1.png> >>>>> Social Web Architect >>>>> http://bblfish.net/ >>>>> >>>>> >>>>> -- >>>>> | Jürgen Jakobitsch, >>>>> | Software Developer >>>>> | Semantic Web Company GmbH >>>>> | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 >>>>> | A - 1070 Wien, Austria >>>>> | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 >>>>> >>>>> COMPANY INFORMATION >>>>> | http://www.semantic-web.at/ >>>>> >>>>> PERSONAL INFORMATION >>>>> | web : http://www.turnguard.com >>>>> | foaf : http://www.turnguard.com/turnguard >>>>> | skype : jakobitsch-punkt >>>> Social Web Architect >>>> http://bblfish.net/ >>>> >>>> >>> >>> -- >>> >>> Regards, >>> >>> Kingsley Idehen >>> Founder& CEO >>> OpenLink Software >>> Company Web: http://www.openlinksw.com >>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen >>> Twitter/Identi.ca handle: @kidehen >>> Google+ Profile: https://plus.google.com/112399767740508618350/about >>> LinkedIn Profile: http://www.linkedin.com/in/kidehen >>> >>> >>> >>> >>> >>> >> Social Web Architect >> http://bblfish.net/ >> >> >> > > > -- > > Regards, > > Kingsley Idehen > Founder& CEO > OpenLink Software > Company Web: http://www.openlinksw.com > Personal Weblog: http://www.openlinksw.com/blog/~kidehen > Twitter/Identi.ca handle: @kidehen > Google+ Profile: https://plus.google.com/112399767740508618350/about > LinkedIn Profile: http://www.linkedin.com/in/kidehen > > > > > > Social Web Architect http://bblfish.net/
Received on Wednesday, 4 January 2012 23:26:24 UTC