[foaf-protocols] a new webid implementation in .NET 4

peter williams home_pw at msn.com
Sun Mar 13 08:39:52 CET 2011


I spent the day building a new foaf+ssl type demonstrator. Unlike last year,
it now uses very simple .net4 code, and uses the azure Access Control
service to generate wrap tokens authorizing an http client to talk to a
trivial rest webservice - built from .NETs channel and service hosting
classes. It's actually just a 50 line modification of microsoft's teaching
code. Hosting it in the cloud is an exercise for tomorrow (once I swap
hosting containers); whether client certs work in that load-balanced,
firewalled cloud is quite another matter!

 

In two command windows, for now, an https client and https exist, with
self-signed cert support both ways.. Opera can connect too, as a client
authn client. The service host exposes an extension point, into which I
inserted the client cert validation class (having checked it for webid, for
being self-signed, for being trusted locally by windows cert stores). And,
now, rather than use any RDF libraries natively, it simply calls uriburner
as a service - asking that service to test for the existence of named
pubkeys in the webid's document. It COULD authenticate to uriburner
(assuming uriburner adopted WRAP scheme for www-authorization, too!)

 

"# DEFINE get:soft \"replace\"\r\nPREFIX cert:
<http://www.w3.org/ns/auth/cert#> \r\nPREFIX rsa:
<http://www.w3.org/ns/auth/rsa#> \r\nselect  ?webid \r\nFROM
<http://foaf.me/serverpeter34#me>\r\nWHERE {\r\n[] cert:identity ?webid
;\r\nrsa:modulus ?m ;\r\nrsa:public_exponent ?e .\r\n?m cert:hex
\"qYVMO2ngIsrCKmwRNNYq8lMMnFassZJAB+zLDZI6X+ohayakYjcaMZlnNYjb1+KWnrOsz4zJ74
OL6LGUIpCw5Sy24jCCJoOnwl4SIUYf9J9gfjmj9XcXPe8gGe3Rnx3sijuzxtUdbp3WhBF5B2V0Ly
wncpirggpAomOcD2duZn0=\"^^xsd:string .\r\n?e cert:decimal
\"AQAB\"^^xsd:string\r\n}\r\n"

 

I can only urge (and I know Im going to be ignored) that we  change the
ontology to allow the mod and exp to be base64 encoded, optionally. The
query above is incorrect in that the values supposedly in formats cert:hex
and cert:dec are actually in cert:base64 (not that this exists.) It's just
that 2 billion PC with 5 years of legacy already support RSA pubkeys in that
encoding (I got the values from some xml-sig XML code, being produced from
some weird organization called W3C); and its nuts to make folks jump through
hoops to use otherwise. The base64 of mod/exp in the xmldsig key format is
all properly specified and tested with a 100 vendors already on board;
having properly sorted the translation of ASN.1 signed INTEGER to the base64
blob.

 

If you want mass adoption, quickly, keep things to 100 line delta to stuff
folks already have. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20110312/1896ce1d/attachment.htm 


More information about the foaf-protocols mailing list