[Debwebid-discuss] Reference debian project members WebID profiles generated with Django-webid-provider - Was:Re: About userdir-ldap rewrite (again)

Olivier Berger olivier.berger at telecom-sudparis.eu
Wed Nov 6 12:42:09 UTC 2013 

Hi.

I hope I'm not bothering you with details of my experiment.

FYI, here's an example of the kind of output I get by querying LDAP,
with the code at [4] (which reuses a custom branch of
django-webid-provider I'm working on, at [5]), abbreviated, in Turtle format :

$ curl -s -v -k -H 'Accept: text/turtle' http://localhost:8000/olivier#me 
< HTTP/1.0 200 OK
< Date: Wed, 06 Nov 2013 12:30:42 GMT
< Server: WSGIServer/0.1 Python/2.7.5+
< Vary: Accept
< Content-Type: text/turtle
< 
@prefix cert: <http://www.w3.org/ns/auth/cert#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix wot: <http://xmlns.com/wot/0.1/> .
@prefix xml: <http://www.w3.org/XML/1998/namespace> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

<> a foaf:PersonalProfileDocument ;
    foaf:primaryTopic <http://db.debian.org/olivier#me> .

<#gpgkey> a wot:Pubkey ;
    wot:fingerprint "ACE46EBD89F6656D6642660BE941DEDA7C5BB6A5" ;
    wot:pubkeyAddress <https://db.debian.org/fetchkey.cgi?fingerprint=ACE46EBD89F6656D6642660BE941DEDA7C5BB6A5> .

<http://db.debian.org/olivier#me> a foaf:Person ;
    cert:key [ a cert:RSAPublicKey ;
            rdfs:label "key made on [...] on my laptop" ;
            cert:exponent 65537 ;
            cert:modulus "b078[...]b84cff97"^^xsd:hexBinary ],
        [ a cert:RSAPublicKey ;
            rdfs:label "key made on [...] on my laptop" ;
            cert:exponent 65537 ;
            cert:modulus "bb7d[...]dd8f65"^^xsd:hexBinary ] ;
    foaf:homepage <http://www.olivierberger.org/> ;
    foaf:mbox "mailto:obergix at debian.org" ;
    foaf:name "Olivier Berger" ;
    foaf:nick "obergix" ;
    wot:hasKey <#gpgkey> .

The same can be produced as XML, but that doesn't matter much, I think.
The HTML version would ideally be RDFa including the same RDF bits (on
my TODO). This could replace results from
https://db.debian.org/search.cgi.


The missing bit, for the moment, is the binding of the local Django user
account (here 'olivier') to the LDAP user ('obergix'), which would
require some sort of LDAP binding Django auth. I may look into this, but
I'm sure you may have ideas re. Django authentication in the context of
the UD rewrite.


Note that the cert:key resources correspond to the TLS client certs that
could be used for WebID + TLS, but which aren't necessary for now, as
previously explained.

Also, we could think of a way for the user to sign a static version of
the same WebID profile with her GPG key, so that the WebID becomes
trustable in the GPG WoT (which can't be done on a dynamically generated
document for the moment). As an alternative, the document could be
signed by some Debian service key, to make it a bit more official.

There could be lots of other details added, like the publisher of this
profile being Debian, etc. But this is not really important, and RDF is
quite extensible ;)

As I'm doing a mixin of the 'common' Django app of the ud from Luca, and
of the webid_provider of my GitHub clone (an a particular branch), the
setup is a bit experimental for now, but anyone interested in testing
could in principle replicate my setup give that I provide enough details
(just ask).

I hope this makes my project a bit more concrete, with some such
example.

Best regards,

Olivier Berger <olivier.berger at telecom-sudparis.eu> writes:

> Martin Zobel-Helas <zobel at debian.org> writes:
>
>> Hi, 
>>
>> What do you want to achieve with WebID? Authentication of users inside Debian
>> for websites is done by the web-password ldap field and we use DACS as server
>> side software. That can also do (in the next incarnation) x509 client
>> authentication.
>>
>
> WebID + TLS [2] for authentication could be one use, but that's not my main
> goal for now.
>
>
> My idea is to provide a WebID [3] profile that could serve as a
> reference profile/identity for a Debian project member, which could be
> used to interlink profiles of people contributing to Debian, with other
> sources of meta-data about the project/distro, on the Semantic Web
> (i.e. in a machine processable way, aka Linked Data). I've previously
> worked on such meta-data about packages, in the PTS, for instance (see
> [0]).
>
>

[4] http://anonscm.debian.org/gitweb/?p=users/obergix/userdir-ldap_and_webid.git
[5] https://github.com/olberger/django-webid-provider/tree/use_rdflib
-- 
Olivier BERGER 
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)

More information about the Debwebid-discuss mailing list