W3C

- DRAFT -

WebID Incubator Group Teleconference

27 Jun 2011

See also: IRC log

Attendees

Present
Deiu, bblfish, bergi, domel, MacTed
Regrets
Chair
SV_MEETING_CHAIR
Scribe
bblfish

Contents

<trackbot> Date: 27 June 2011

what is on the agenda

agendum next

<Deiu> +1

+1

<MacTed> +1

<bergi> +1

<domel> +0 (I was apsent)

RESOLUTION: Minutes approved

agendum next

<Deiu> http://www.w3.org/wiki/WebID_and_Crawlers <- this one?

So as a result of last weeks discussion on LinedData Mailing list

http://www.w3.org/2005/Incubator/webid/wiki/Test_Suite

the tests suite wiki page

webid is easy to use curl -H "Accept: application/rdf+xml" --cert your-WebID-cert:password https://bblfish.net:8443/test/WebId

any news from anybody else?

bergi, started with tests suite, and found some issues

bergi we talked about criticial certificate extensions in Berlin

can you add info about that in http://www.w3.org/2005/Incubator/webid/wiki/Berlin_meetup_2011

bergi was Apache in front of a java server

all the ssl layers if very that client certificate public decodes the private key encoded token from server

then it can pass the certificate on to the servelet, or php

code

<mike> just in via sip -- on mute -- sorry late

<mike> yes

we were already in there

the default apache implementations drop certificate that have critical extensions

<mike> If a server doesn't understand critical it MUST not authenticate

we should client test suites, and of the servers that are more flexible, to tell a problematic certificate

<mike> yes agreed! for the test service

<Deiu> Can we submit a feature request to Apache to request more flexibility? Or maybe some sort of verbose option?

+1

<bergi> +1

<domel> +1

<Deiu> +1

<domel> are you testing it on nginx or lighttpd servers?

<Deiu> On standard Apache servers

if you can find the mail that explains how one can get Apache to be more flexible, then if it is a compilation option we should ask them to make it a configurable one

<mike> how much detail is there in the SSL Alert messages?

I think they just send a number back

and there are 4 messages or so

http://www.w3.org/2005/Incubator/webid/wiki/Test_Suite

http://dvcs.w3.org/hg/WebID/file/55f18239ed1a/tests/earl

http://dvcs.w3.org/hg/WebID/file/55f18239ed1a/tests/earl/test.n3

<mike> my feeling that SSL alert should be handled better by the browsers rathern that forcing service software to allow failed authn to continue inorder to show info on why SSL layer failed (notwithstanding test services which we can do what we like) so -1 for earlier Apache

wit: certificateCriticalExtensionsOk a earl:TestRequirement;

50 dct:title "The certificate contains no unecessary critical extension";

51 dct:description "Critical Extensions are not a direct problem for WebID, but can cause many servers to reject the certificate before the WebID code gets to see the certificate. These tests should not generate errors but only warnings" .

52

<mike> for testing yes

<mike> yes browser side interpretation, but don't break SSL protocol?

<mike> harder to get buyin if promoting use of diviation from SSL standard

https://github.com/bblfish/TLS_test

that will allow set different tLS responses and see the how browsers react

here are the error response messages https://github.com/bblfish/TLS_test/blob/master/src/main/java/net/bblfish/test/SSLTestServer.java

<mike> looking.

<mike> http://en.wikipedia.org/wiki/Transport_Layer_Security

<mike> under Alert protocol

<mike> many errors

<mike> no indeed ...

http://openid4.me/

<mike> for shibboleth

mike is writer enhancer for shiboleth

what is the issue with WebID on https://webid.fcns.eu/ when using Safari on OSX

?

<mike> not at the mo

<mike> need to understand the issue more

<mike> which webid provider is breaking with fcns?

<mike> any webid then

Connecting With Safari on OSX

<mike> not got a safari to hand

<mike> Should be able to see this on the wire then (I thought with SNI)

<Deiu> https://github.com/WebID-Tools/CertGen

<Deiu> http://www.w3.org/wiki/Foaf%2Bssl#Implementation_Links

http://www.w3.org/2005/Incubator/webid/wiki/Implementations

mischat?

<domel> bblfish: When we plan to rebuild the specification? I mean ontology etc? http://www.w3.org/2005/Incubator/webid/wiki/images/3/3e/20110306_3d_webid.jpg

<domel> I can do it :)

<domel> OK

<domel> I can do also some small part like http://www.w3.org/2005/Incubator/webid/spec/#in-rdf-xml

bye everybody

<mike> ttfn

trackbot, end meeting

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.136 (CVS log)
$Date: 2011/06/27 16:14:02 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.136  of Date: 2011/05/12 12:01:43  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

No ScribeNick specified.  Guessing ScribeNick: bblfish
Inferring Scribes: bblfish

WARNING: No "Topic:" lines found.

Default Present: Deiu, bblfish, bergi, domel, MacTed
Present: Deiu bblfish bergi domel MacTed

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 27 Jun 2011
Guessing minutes URL: http://www.w3.org/2011/06/27-webid-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report
[End of scribe.perl diagnostic output]