Shared publicly  - 
 
Simple WebID Exploitation via Amazon S3 based Linked Data Deployment

In my last two posts [1][2], I used a simple Turtle document to demonstrate how anyone deploy Linked Data without any of the following hurdles:

1. Domain Ownership
2. Web Server Access and Administrator Privileges
3. Content Negotiation
4. de-referencabe URI (Hyperlink) style selection.

My initial post focused on the task of producing a simple profile document where you make some very basic claims about yourself. In this post, I am going a step further by incorporating additional personal profile claims, en route to demonstrating how Linked Data enables you control your identity via verification of identity claims that you make about yourself. 

Steps

1. Create a simple Turtle based profile document and upload it to your S3 bucket -- as outlined in my simple Linked Data Deployment post

2. Use an X.509 Certificate Generator [3][4] to produce a certificate with a WebID (Personal de-referencable URI) in the SubjectAlternativeName (SAN) field -- this is simply a URI that denotes (names) entity "You", the primary topic of the Turtle profile document you've created e.g., <https://s3.amazonaws.com/webid-sandbox/kingsley.ttl#this

3. Create a triple (3-tuple) based relationship in your profile document that associates your WebID (Personal URI) with the newly generated certificate's public key components (modulus and exponent)

4. Do the same thing with the certificate's fingerprint (the SHA1 or MD5 hash of the entire certificate).

Certificate Generation Notes

Certificate Generation

For this exercise I deliberately used the Certificate Generator component of the Mac OS X Keychain application. I've attached screenshots and a link to a Google Drive folder [5], but they might not be in perfect sequence to to G+ limitations in this regard. 

I've also included screenshots from our Web hosted Certificate Generator which is also an option for producing X.509 certificates that carry an WebID watermark, with the WebI authentication protocol in mind. 

Actual Profile Document Tweaks

Here are two excerpts from my Turtle based profile document [6] highlighting the relationships that enable your profile document serve as a mirror of identity claims matching those imprinted into the X.509 certificate stored in the local keystore of your personal computing device (desktop, notebook, tablet, or phone).

WebID Protocol Requirements

## WebID Authentication Protocol Requirements Start Here ##

:this cert:key :pubKey .
:pubKey a cert:RSAPublicKey;

# Public Key Exponent -- copy and paste this from your X.509 Certificate viewer

cert:exponent "65537"^^xsd:integer;

# Public Key Modulus -- copy and paste this from your X.509 Certificate viewer

cert:modulus "D2 CC FA D9 79 34 21 87 F8 A3 F7 4E FC 8B 13 BC BB AD 86 19 E3 6C D1 1E 1E 59 8C 9F DD 3E D3 18 10 90 D4 7A EE 0C 75 84 C1 2C 5E 17 E3 20 75 04 61 0C 5D 34 40 7E DA C6 6E 58 72 00 3A 6D 77 BC 59 99 DF B2 36 F4 1F 1A A2 2B BB DA 8C D5 C5 EB 92 0D 7B 5A 35 25 F5 70 99 63 2E 40 DF 7C 3F 6E 5D 8B 64 66 04 18 53 48 88 EB E2 56 89 63 76 B8 96 AE C2 30 F4 B6 C4 53 5A DB E3 FB DA 1A B5 32 FE 4B EE 95 0A 98 93 AF 8A CC 29 E0 14 CC 10 2A ED 05 45 3F 29 7C F2 BB 80 0C C4 B2 C4 43 39 B5 0E B9 96 0D AF D0 D1 0A 0D 94 9C 80 9A 69 74 3D B2 F0 88 7E 51 6A 5A 1A 9B 34 A0 82 7F B0 89 F6 43 2E 4A EF 24 14 BA F7 07 8F 00 DD F4 03 1A 61 8C 59 27 C4 30 B1 31 C7 E2 CA 8E BA CB 07 EF AA 54 32 F8 8C 04 87 96 4B EC 76 56 19 3A FC F8 45 45 14 15 24 06 0C B5 BD 27 4F 3F 62 DB 58 D2 79"^^xsd:hexBinary .

## WebID Authentication Protocol Requirements End Here ##

NetID / YouID Protocol Requirements

## NetID / YouID Authentication Protocol Requirements Start Here ##

# Note: NetID / YouID are WebID authentication protocol derivatives that use a Fingerprint (certificate hash) for complete "claims mirror" between your profile document and the X.509 certificate in your local keystore. Thus, instead of looking up public key components it looks up the certificate fingerprint instead. 

:this opl:hasCertificate :cert .

# Certificate Fingerprint -- copy and paste from your X.509 Certificate viewer (remove the spaces).

:cert opl:fingerprint "9BA11059D6EE8C10CF2050DF4091F71D55A81ACF"^^xsd:hexBinary;
opl:fingerprint-digest "sha1" .

## NetID / YouID Authentication Protocol Requirements End Here ##

Identity Verification

Now that your Turtle based profile document has been enhanced with identity claims that mirror those in your local WebID watermarked X.509 certificate, you can verify the effects of this endeavor by performing a simple identity verification check via any of the following:

1. http://bit.ly/PyqHqe -- our simple Identity Claims Verification Service -- just click on the "check" button, then select your WebID watermarked X.509 certificate and you'll get success of failure

2. http://bit.ly/P3YbZM -- our simple OpenID+WebID proxy service that enables you experience how WebID eliminates the use of passwords when authenticating against any functional OpenID site, just use the URL pattern: 
http://id.myopenlink.net/openid-proxy/id.vsp?w={WebID}

3. http://delicious.com/kidehen/webid_demo -- test against other WebID compliant applications and services. 

Links

1. http://bit.ly/NYwGCd -- Very simple Linked Data Deployment via a Turtle Document  

2. http://bit.ly/LNIeLj -- Detailed guided to Linked Data Deployment via a Turtle Document 

3. http://bit.ly/Mrzhpz -- YouID X.509 Certificate Generator

4. http://bit.ly/P3QMJX -- Other X.509 Certificate Generators

5. http://bit.ly/P3VJ5q -- Google Drive Folder holding screenshots re. use of the Keychain Certificate Generator Assistant and our Web based Generator 

6. http://bit.ly/LQnyCt -- My actual Turtle based Profile Document published to an Amazon S3 bucket .
 

#LinkedData #WebID #Web30 #SemanticWeb #Identity #Nymwars #Privacy #PDS
1
Nathan Rixham's profile photoKingsley Idehen's profile photo
8 comments
 
+Nathan Rixham I am getting application/octet-stream for mime type as per:

curl -I http://s.webr3.org/nathan HTTP/1.1 200 OK
x-amz-id-2: 4m4QKXgYVJDEoKXfHsgOqLVgeqnGtzmo2cJOMVXzRcBFOsfY8YflwZUb8k0T5O7H
x-amz-request-id: 796E24882D9F20CB
Date: Fri, 27 Jul 2012 00:42:34 GMT
Last-Modified: Fri, 27 Jul 2012 00:19:31 GMT
ETag: "4bb29fd755db096abdd63b9aa077fda7"
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 942
Server: AmazonS3 

Just realized that I set mime type: text/turtle, via ODS-Briefcase mount. Hmm this could be a critical oversight in my guide. 

I am going to repeat this exercise using DropBox and then revisit Amazon which might have an issue when ODS-Briefcase isn't in the picture. 

BTW -- try an HTTP PUT against yourr S3 bucket after configuring it to operate as an HTTP server. Then see if it retains mime type that you set. 
 
text/turtle now:

# curl -i http://s.webr3.org/nathan HTTP/1.1 200 OK
x-amz-id-2: J9VbXh7U3gUF5xVIFCsVyLYi6/o6yvyXVcmN/TuhncJQ1B7iFOsYLktFa5Y4nEUG
x-amz-request-id: 496B7B2F44923EAB
Date: Fri, 27 Jul 2012 15:18:35 GMT
Last-Modified: Fri, 27 Jul 2012 15:18:01 GMT
ETag: "4bb29fd755db096abdd63b9aa077fda7"
Accept-Ranges: bytes
Content-Type: text/turtle
Content-Length: 942
Server: AmazonS3

still failing..
 
+Nathan Rixham -- I see: 

@prefix: <http://s.webr3.org/nathan#> .
@prefix cert: <http://www.w3.org/ns/auth/cert#> .
@prefix contact: <http://www.w3.org/2000/10/swap/pim/contact#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .
@prefix geo: <http://www.w3.org/2003/01/geo/wgs84_pos#> .
@prefix iana: <http://www.iana.org/assignments/relation/> .
@prefix log: <http://www.w3.org/2000/10/swap/log#> .
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix rsa: <http://www.w3.org/ns/auth/rsa#> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .

: a foaf:Person;
 owl:sameAs <http://webr3.org/nathan#me> ;
 foaf:knows <http://foaf.me/melvincarvalho#me>,
<http://kingsley.idehen.name/dataspace/person/kidehen#this>,
<http://sw-app.org/mic.xhtml#i>,
        <http://tobyinkster.co.uk/#i>,
<http://mamund.com/foaf.rdf#me>;
 foaf:mbox <mailto:nathan@webr3.org>;
 foaf:name "Nathan";
 foaf:nick "webr3";

Note: you have ";" instead of "." in the last line, so a turtle parser will fault on this. 
 
whoops! also fixed, def parses now, content type correct, public, but still 'Could not retrieve data from URL' - maybe a caching thing?
 
+Nathan Rixham -- there's something amiss somewhere. Our browsers show no triples. Please check if Tabulator does the same, while we investigate further. 
Add a comment...