[foaf-protocols] webid vs distributed social networks

peter williams home_pw at msn.com
Sat Mar 12 20:43:12 CET 2011


Ok. Ive confused myself.

 

Simple: http://webid.myxwiki.org/xwiki/bin/view/XWiki/homepw4#me.

This is a ref to an RDFa marked up RDF source.

 

Simple
http://linkeddata.uriburner.com/sparql?default-graph-uri=&should-sponge=&que
ry=%23+Remove+commented+out+pragma+below+if+you+want+to+override+cache%2C+ot
herwise+the+system+will+do+it+automagically+in+its+own+time+based+on+server+
settings%0D%0A%23+DEFINE+get%3Asoft+%22replace%22%0D%0APREFIX+cert%3A+%3Chtt
p%3A%2F%2Fwww.w3.org%2Fns%2Fauth%2Fcert%23%3E+%0D%0APREFIX+rsa%3A+%3Chttp%3A
%2F%2Fwww.w3.org%2Fns%2Fauth%2Frsa%23%3E+%0D%0A%0D%0Aselect++%3Fwebid+%0D%0A
FROM+%3Chttp%3A%2F%2Fwebid.myxwiki.org%2Fxwiki%2Fbin%2Fview%2FXWiki%2Fhomepw
4%3E%0D%0AWHERE+%7B%0D%0A++++%5B%5D+cert%3Aidentity+%3Fwebid+%3B%0D%0A++++++
+++rsa%3Amodulus+%3Fm+%3B%0D%0A+++++++++rsa%3Apublic_exponent+%3Fe+.%0D%0A++
++++++%3Fm+cert%3Ahex+%22b520f38479f5803a7ab33233155eeef8ad4e1f575b603f7780f
3f60ceab1%5Cn34618fbe117539109c015c5f959b497e67c1a3b2c96e5f098bb0bf2a6597%5C
n779d26f55fe8d320de7af0562fd2cd067dbc9d775b22fc06e63422717d00%5Cna6801dedafd
7b54a93c3f4e59538475673972e524f4ec2a3667d0e1ac856%5Cnd532e32bf30cef8c1adc417
18920568fbe9f793daeeaeeaa7e8367b7228a%5Cn895a6cf94545a6f6286693277a1bc775042
5ce6c35d570e89453117b88ce%5Cn24206afd216a705ad08b7c59%5Cn%22%5E%5Exsd%3Astri
ng+.%0D%0A++++++++%3Fe+cert%3Adecimal+%2265537%22%5E%5Exsd%3Astring%0D%0A%7D
%0D%0A&debug=on&timeout=&format=text%2Fhtml&CXML_redir_for_subjs=&CXML_redir
_for_hrefs=&save=display&fname=

This is call to a query engine. I can even stuff it in my cert, to help
coding of webid VAs.

 

So what is this?
http://uriburner.com/about/id/entity/http/webid.myxwiki.org/xwiki/bin/view/X
Wiki/homepw4#me

It's an element of the response to the query of course, which I took to me:
the required cert exists in the foaf card. Further metadata on this response
is available at that source (I said to myself) - thinking of that URI as an
artifact-refnum from the SAML world.

 

So lets have a look at the resource. It's a complex XML document with RDF
markup tags, which makes statements about the very same information as was
in my own foaf card.

 

So, now that said resource exists and has a name, what would it means if I
did the sparql query against it (versus the myxwiki graph)?

 

Let me treat the resources as a trusted cache copy of my foaf card, mashed
up with other content. 

 

In webid semantics, what does it mean for that source to assert: pubkey
present in resource? How does that compare with the meaning of myxwiki
asserting: pubkey present in resource? 

 

Should I now have 2 webids in my cert

http://uriburner.com/about/id/entity/http/webid.myxwiki.org/xwiki/bin/view/X
Wiki/homepw4#me

http://webid.myxwiki.org/xwiki/bin/view/XWiki/homepw4#me

 

letting the VA choose which one it wants to consume (based on the authority
in the http scheme)?

 

Well, we know that the validation agent in webidland wants to enforce: user
has control over id (and write access to id'd resource).

But should VA choose the first above, would it matter in webidland if the VA
confirms that "user trusted caching agent" . has control over id (and has
delegated write access to cached security enforcing content)?

 

I think not, so long  as the VA is reasoning with the indirection.

 

Is there any real difference between the two cases?

 

No, I think. As, after all though we assume only the user has write access
to the document (a fact being tested), in reality so does the privileged
administration (who can spoof the user). In the general case, such admin is
the owner of the portal hosting the blogsite say (Google, Yahoo, etc). As we
know, given a secret/non-secret order from USG, they would spoof me at the
drop of a hat, no questions asked. Would not even bother telling me, 99% of
the time; such is the nature of that web sub-society

 

Does this mental model sound right?

 

Feels like I should put the first form (trusted cache) in the IAN URI, and
the second form in the SAN URI - so they are "tagged" as subject-centric and
issuer-centric webids, thus signaling that there are multiple indirections
when enforcing, in the issuer case.

 

 

 

From: Kingsley Idehen [mailto:kidehen at openlinksw.com] 
Sent: Monday, February 28, 2011 4:08 AM
To: peter williams
Cc: foaf-protocols at lists.foaf-project.org
Subject: Re: [foaf-protocols] webid vs distributed social networks

 

On 2/27/11 2:51 PM, peter williams wrote: 

Now, this is what I expect the semweb to feel like. A remote agent (or an
agent down a chain of agents) does some work as specified by the user-agent,
probably teaching the user agent by its result how to do it directly the
next time.
 
If the agent provider makes a data silo or insists on being the only gateway
to a public data set, one avoids it politically. If it adds some value (not
jus control, not just wrappers, not just aggregation), then perhaps its ok.
 
Im trying to decide whether or not to boycott Microsoft's new Azure ACS v2
service when building a realty SAAS site in Azure land (because the program
managers seem to have decided to refuse to allow me to talk to my SAAS
tenants bridged by their ACS service from my wordpress IDP (or the ~3000
sites realtors have in wordpress) -  even though the Microsoft fabric
service (ACS) supports the very same protocol as wordpress uses, when
talking to upstream to Yahoo IDP).
 
I tried to alter the query, to make it an existence test. Not sure I quite
got it right. For the m and e value I supply as constants (read from the
incoming client cert), I want it now to answer essentially: exists/not-exist
 
But, it worked (as you gave it me), 99% of what I want. One last push, I
feel. (Peter starting to get that itch  that usually means "go into budget
finding mode").
 
---------
 
# Pragma for enabling Virtuoso's Sponger Middleware -- component that
performs 
#  - HTTP GETs against resources that may or my not be RDF formats based
data containers 
#  - Transform data into a 3-tuple based graph 
# Post actions above the SPARQL engine processes the SPARQL query pattern
 
DEFINE  get:soft "replace"
PREFIX cert:  <http://www.w3.org/ns/auth/cert>
<http://www.w3.org/ns/auth/cert#> 
PREFIX rsa:  <http://www.w3.org/ns/auth/rsa>
<http://www.w3.org/ns/auth/rsa#> 
 
SELECT ?webid FROM  <http://webid.myxwiki.org/xwiki/bin/view/XWiki/homepw4>
<http://webid.myxwiki.org/xwiki/bin/view/XWiki/homepw4>
WHERE {
    [] cert:identity ?webid ;
         rsa:modulus
"a520f38479f5803a7ab33233155eeef8ad4e1f575b603f7780f3f60ceab134618fbe1175391
09c015c5f959b497e67c1a3b2c96e5f098bb0bf2a6597779d26f55fe8d320de7af0562fd2cd0
67dbc9d775b22fc06e63422717d00a6801dedafd7b54a93c3f4e59538475673972e524f4ec2a
3667d0e1ac856d532e32bf30cef8c1adc41718920568fbe9f793daeeaeeaa7e8367b7228a895
a6cf94545a6f6286693277a1bc7750425ce6c35d570e89453117b88ce24206afd216a705ad08
b7c59" ;
         rsa:public_exponent "65537" .
}
 
 

Peter,

# Remove commented out pragma below if you want to override cache, otherwise
the system will do it automagically in its own time based on server settings

# DEFINE get:soft "replace"

PREFIX cert: <http://www.w3.org/ns/auth/cert#
<http://www.w3.org/ns/auth/cert> > 

PREFIX rsa: <http://www.w3.org/ns/auth/rsa# <http://www.w3.org/ns/auth/rsa>
> 

 

select  ?webid 

FROM <http://webid.myxwiki.org/xwiki/bin/view/XWiki/homepw4>

WHERE {

    [] cert:identity ?webid ;

         rsa:modulus ?m ;

         rsa:public_exponent ?e .

        ?m cert:hex
"b520f38479f5803a7ab33233155eeef8ad4e1f575b603f7780f3f60ceab1\n34618fbe11753
9109c015c5f959b497e67c1a3b2c96e5f098bb0bf2a6597\n779d26f55fe8d320de7af0562fd
2cd067dbc9d775b22fc06e63422717d00\na6801dedafd7b54a93c3f4e59538475673972e524
f4ec2a3667d0e1ac856\nd532e32bf30cef8c1adc41718920568fbe9f793daeeaeeaa7e8367b
7228a\n895a6cf94545a6f6286693277a1bc7750425ce6c35d570e89453117b88ce\n24206af
d216a705ad08b7c59\n"^^xsd:string .

        ?e cert:decimal "65537"^^xsd:string

}






-- 
 
Regards,
 
Kingsley Idehen       
President & CEO 
OpenLink Software     
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen 
 
 
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20110312/30156fec/attachment-0001.htm 


More information about the foaf-protocols mailing list