[foaf-protocols] Lots of confusions ...

Kingsley Idehen kidehen at openlinksw.com
Tue May 18 19:04:32 CEST 2010


Melvin Carvalho wrote:
>
>
> 2010/5/18 Kingsley Idehen <kidehen at openlinksw.com 
> <mailto:kidehen at openlinksw.com>>
>
>     Story Henry wrote:
>
>         On 18 May 2010, at 17:26, Kingsley Idehen wrote:
>
>          
>
>             Story Henry wrote:
>                
>
>                 On 18 May 2010, at 15:29, Melvin Carvalho wrote:
>
>                      
>
>                             You don't know what's happening here, do
>                             you Mr Jones.
>                                              
>
>                         There are a few bugs on the foaf.me
>                         <http://foaf.me> mailing list.
>
>                                      
>
>                     Apologies for this.  There was an attempt made to
>                     refactor the library, but
>                     it seems some bugs were introduced, that have not
>                     yet been patched.  I didnt
>                     actually program this piece, but will attempt to
>                     work out what's going
>                     wrong, or see if I can roll back to the previous
>                     version of the library,
>                     which was definitely stable.
>                              
>
>                 This could be related to the bug I found last year
>                 that allowed one with Tabulator to edit other people's
>                 foaf graphs.
>                      
>
>             How can you edit someone else's FOAF graphs if FOAF+SSL
>             based ACLs are functional?
>                
>
>
>         Nobody is arguing that you could if things worked properly. We
>         are speaking of bugs here.
>
>         These are the types of bugs many people moving from tabular
>         databases and indeed any other kind of closed world
>         programming environment to RDF will make. This was my point in
>         "Are OO Languages Autistic"
>         http://blogs.sun.com/bblfish/entry/are_oo_languages_autistic
>
>         We have all been forced as programmers into bad thinking
>         habits. So we should be aware of our own mistakes, and help
>         people joining the community to avoid making them too. This
>         will be a difficult educational task.
>          
>
>
>     Yes, but I am more concerned about the Tabulator edit aspect of
>     this.  How does Tabulator enable to edit data in a space to which
>     you don't have privileges? I haven't looked at Tabulator for a
>     long time now, but I am somewhat confused re. this turn of events.
>
>
> Tabulator can edit any file that
>
> 1) Sends the requisite MS-Author-Via: SPARQL
> 2) Accepts an HTTP PUT with a SPARQL UPDATE

That I grok since I remember Virtuoso being the first server with those 
DAV extensions in place :-)

What I am concerned about is how this can happen without a space owner 
knowing that DAV should be shutdown. Note, none of these problems will 
happen with Virtuoso (since its in lock down by default). I am just 
concerned about the general case.

Doesn't Tabulator use FOAF+SSL and ACLs?

Kingsley
>
> I guess (1) should imply (2)
>
> I'm not sure we ever formally decided a rule to add foaf+ssl to the 
> mix, but simplest is that if you're authenticated as the webid that 
> 'owns' a 'protected' document. you should be allowed to edit?
>  
>
>         Henry
>          
>
>
>
>     -- 
>
>     Regards,
>
>     Kingsley Idehen       President & CEO OpenLink Software     Web:
>     http://www.openlinksw.com
>     Weblog: http://www.openlinksw.com/blog/~kidehen
>     <http://www.openlinksw.com/blog/%7Ekidehen>
>     Twitter/Identi.ca: kidehen
>
>
>
>
>


-- 

Regards,

Kingsley Idehen	      
President & CEO 
OpenLink Software     
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen 







More information about the foaf-protocols mailing list