detailed out the SPARQL section.
authorHenry Story <>
Fri, 25 Nov 2011 22:17:26 +0100
changeset 214 a9a7bade97d5
parent 213 6ede212ba102
child 215 d1c18d822e98
detailed out the SPARQL section.
--- a/spec/index-respec.html	Fri Nov 25 12:59:02 2011 +0100
+++ b/spec/index-respec.html	Fri Nov 25 22:17:26 2011 +0100
@@ -410,13 +410,13 @@
 <dd>Alice is an agent who owns a Server which runs a Service which Bob wishes to Access</dd>
+<dd>Bob is an agent who uses a <tref>Client</tref> to connect to <tref>Alice</tref>'s Service, and who controls the private key the client uses to access the resource.</dd>
 <dd>The Subject is the Agent that is identified by the <tref>WebID</tref>. When used correctly it is the Subject who wishes to authenticate to a <tref>Service</tref>.
 When speaking of a particular agent, and in order to improve lisibility in this spec, we will name him <tref>Bob</tref>. The Subject is distinct from the <tref>Client</tref> which is used to connect to the <tref>Server</tref>.</dd>
-<dd>Bob is an agent who uses a <tref>Client</tref> to connect to <tref>Alice</tref>'s Service, and who controls the private key the client uses to access the resource.</dd>
 <dd>The Client initiates a request to a Service listening on a specific port using a given protocol on a given Server.</dd>
@@ -660,7 +660,7 @@
    &lt;title&gt;Welcome to Bob's Home Page&lt;/title&gt;
-&lt;!-- WebID HTML snippet--&gt;
+&lt;!-- WebID HTML snippet. The xmlns declarations above can be moved into the div below if needed--&gt;
 &lt;div about="#me" typeof="foaf:Person"&gt;
   &lt;span property="foaf:name"&gt;Bob&lt;/span&gt;
   &lt;h2&gt;My Good Friends&lt;/h2&gt;
@@ -677,7 +677,7 @@
       &lt;dt&gt;Modulus (hexadecimal)&lt;/dt&gt;
       &lt;dd property="cert:modulus" datatype="xsd:hexBinary"&gt;cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1&lt;/dd&gt;
       &lt;dt&gt;Exponent (decimal)&lt;/dt&gt;
-      &lt;dd property="cert:exponent" datatype="xsd:int"&gt;65537&lt;/dd&gt;
+      &lt;dd property="cert:exponent" datatype="xsd:integer"&gt;65537&lt;/dd&gt;
@@ -853,23 +853,52 @@
 <section class='normative'>
-<h2>Verifying the WebID is identified by that public key</h2>
+<h2>Verifying the WebID Claim</h2>
-There are number of different ways to check that the public key given in the X.509 certificate against the one provided by the <tref>WebID Profile</tref>, but the simplest way to explain it is to say that they all have to be equivalent to the following SPARQL queries.
-<p>Assuming the public key is an RSA key, and that its modulus is "9D79BFE2498..." and exponent "65537" then the following query should be used:
+To check a WebID claim one has to find if the graph returned by the profile  relates the <tref>WebID</tref> to the  <tref>Certificate</tref> <tref>Public Key</tref> with the <code>cert:key</code> relation. In other words one has to check if those statements are present in the graph.</p>
+<p>Testing for patterns in graphs is what the SPARQL query language is designed to do [[!RDF-SPARQL-QUERY]]. We will first look at how to use this as it is also the simplest method, and then what some other programmatic options may be.</p>
+<p>Below is the SPARQL Query Template which should be used for an RSA public key. It contains three  with three variables <code>?webid</code>, <code>?mod</code> and <code>?exp</code> that need to be replaced by the appropriate values:</p>
+<pre style="word-wrap: break-word; white-space: pre-wrap;">
+PREFIX : &lt;;
+PREFIX xsd: &lt;;
+ASK {
+   ?webid :key [
+      :modulus ?mod;
+      :exponent ?exp;
+   ] .
+<p>The variables to be replaced for each WebID claim are:</p>
+<table  style="text-align: left; border-color: rgb(0, 0, 0); border-collapse: collapse; word=wrap: break-word; white-psace: pre-wrap" border="1" cellpadding="5">
+ <tr>
+   <th>Variable</th>
+   <th>Details on its value.</th>
+ </tr>
+<tr><td><code>?webid</code></td><td>should be replaced by the WebID Resource. In the SPARQL notation that is the URL string would be placed between <code>&lt;...&gt;</code> in the position of the <code>?webid</code> variable. </td></tr>
+<tr><td><code>?mod</code></td><td>should be replaced by the modulus written as a xsd:hexBinary as specified by the <a href="">cert:modulus</a> relation. All leading double 0 bytes (written  "00" in hexadecimal) should be removed. The resulting hexadecmial should then be placed in the space of the XXX in <code>"XXX"^^xsd:integer</code> </td></tr>
+<tr><td><code>?exp</code></td><td>should be replaced by the public exponent written as an xsd:integer typed literal. In SPARQL as in Turtle notation this can just be written directly as an integer.</td></tr>
+<p>Assuming that we received Bob's key whose modulus starts with <code>cb24ed85d64d794b6...</code> and whose exponent is <code>65537</code> then the following query should be used:
 <pre class='example' style="word-wrap: break-word; white-space: pre-wrap;">
 PREFIX : &lt;;
+PREFIX xsd: &lt;;
 ASK {
-   &lt;https://bob.example/webid#public&gt; :key [
-      :modulus "00cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1"^^xsd:hexBinary;
-    "^^xsd:hexBinary;
+   &lt;https://bob.example/profile#me&gt; :key [
+      :modulus "cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1"^^xsd:hexBinary;
       :exponent 65537;
    ] .
+<p>An ASK query simply returns true or false. If it returns true, then the key was found in the graph with the proper rlation and the claim has been verified</p>
 <p class="issue"> The public key could be a DSA key. We need to add an ontology
 for DSA too.</p>