[foaf-protocols] first implementation of foaf+ssl for Drupal

Story Henry henry.story at bblfish.net
Wed Sep 30 17:40:50 CEST 2009

On 30 Sep 2009, at 17:23, Peter Williams wrote:

> Out of interest:
> 1. if the resource authority web client is configured with an https  
> proxy
> (when de-referencing an https-form webid), can/should the client  
> issue a
> CONNECT to create the (ssl) tunnel between proxy and web server of the
> claimant's foaf file?

Why is this a question for Damien?

I am not sure what the resource authority web client is. I suppose you  
mean a browser behind some firewall containing a foaf+ssl enabled  
webid, that would have to be set up to use a https proxy.

If so, then that is not a problem for Damien, as he is building a  
server application.

On the other hand I don't think we have explored the issues with HTTP  
proxies. Perhaps this should be opened up in another thread. I don't  
yet understand these issues very clearly.

> Presumably, it's up to the operator of the proxy providing the ssl  
> tunnel's
> client endpoint to configure (per subscriber?) which trust anchors are
> valid, decide if server cert _chains_ are handled (or not), decide to
> implement the dns validation checks (or not) on the server EE cert (vs
> socket info).
> 2. What rule set was used in the resource server's sparql server to  
> walk the
> trust path from the resource server's webid to the claimant's webids?

Damien did not implement this part of the foaf+ssl protocol. Only the  
minimal identification piece.

Walking the friend network is not a necessary step. It is made  
possible by deploying foaf using the Linked Data pattern. But it would  
only be required if the server wished to implement such access control  
rules. Many other access control rules are possible.

Also as the php SPARQL implementation for ARC2 only works when  
connected to a mysql database currently, and as Damian did not want to  
build something with that restriction, he used a simple programmatic  
method to walk the rdf graph. So he did not use SPARQL. Hopefully the  
arc2 implementations will improve in the near future.

> In 24h, presumably one borrowed some or other existing open source  
> rule set
> or library of sparql queries useful for walking the naming graph.
> Id foresee a hosted "trust broker" model evolving here, where those  
> with
> webids (be they resource authorities or claimants) can access a sparql
> server hosted by a TTP over https (or foaf+ssl!) to access that  
> subscriber's
> "profiled" ruleset (i.e. algorithm) for trust chaining.

There is not need for SPARQL servers at present. So I am not sure what  
you are speaking about. SPARQL is used as a convenient language to  
query the local RDF graph of the remote foaf profile. One could do  
remote SPARQL querying, but we have not yet looked at that here, and I  
don't think we need to at present, as that would introduce unnecessary  


> -----Original Message-----
> From: foaf-protocols-bounces at lists.foaf-project.org
> [mailto:foaf-protocols-bounces at lists.foaf-project.org] On Behalf Of  
> Story
> Henry
> Sent: Wednesday, September 30, 2009 5:09 AM
> To: foaf-protocols at lists.foaf-project.org
> Cc: Tournoud Damien
> Subject: [foaf-protocols] first implementation of foaf+ssl for Drupal
> Damien Tournoud from http://af83.com in Paris implemented foaf+ssl for
> Drupal this weekend in under 24 hours.
> The code is currently here:
> 	 http://github.com/damz/foafssl-drupal/
> and it is running here:
> 	http://foaf.damz.org/
> Damien tells me there is still some work to do packaging this
> correctly for Drupal, and removing the dependency on openssl, for
> parsing the ASN.1 certificate. He has nearly finished  writing an ASN.
> 1 parser in php for that, which should be useful for all the other php
> apps.
> 	If other people are here with Drupal experience it may be worth
> asking Damien how you can help test this code, improve the user
> interface, and more. I'll keep you posted.
> 	Henry
> Social Web Architect
> Sun Microsystems		
> Blog: http://blogs.sun.com/bblfish
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols

More information about the foaf-protocols mailing list