See also: IRC log
<trackbot> Date: 27 June 2011
what is on the agenda
agendum next
<Deiu> +1
+1
<MacTed> +1
<bergi> +1
<domel> +0 (I was apsent)
RESOLUTION: Minutes approved
agendum next
<Deiu> http://www.w3.org/wiki/WebID_and_Crawlers <- this one?
So as a result of last weeks discussion on LinedData Mailing list
http://www.w3.org/2005/Incubator/webid/wiki/Test_Suite
the tests suite wiki page
webid is easy to use curl -H "Accept: application/rdf+xml" --cert your-WebID-cert:password https://bblfish.net:8443/test/WebId
any news from anybody else?
bergi, started with tests suite, and found some issues
bergi we talked about criticial certificate extensions in Berlin
can you add info about that in http://www.w3.org/2005/Incubator/webid/wiki/Berlin_meetup_2011
bergi was Apache in front of a java server
all the ssl layers if very that client certificate public decodes the private key encoded token from server
then it can pass the certificate on to the servelet, or php
code
<mike> just in via sip -- on mute -- sorry late
<mike> yes
we were already in there
the default apache implementations drop certificate that have critical extensions
<mike> If a server doesn't understand critical it MUST not authenticate
we should client test suites, and of the servers that are more flexible, to tell a problematic certificate
<mike> yes agreed! for the test service
<Deiu> Can we submit a feature request to Apache to request more flexibility? Or maybe some sort of verbose option?
+1
<bergi> +1
<domel> +1
<Deiu> +1
<domel> are you testing it on nginx or lighttpd servers?
<Deiu> On standard Apache servers
if you can find the mail that explains how one can get Apache to be more flexible, then if it is a compilation option we should ask them to make it a configurable one
<mike> how much detail is there in the SSL Alert messages?
I think they just send a number back
and there are 4 messages or so
http://www.w3.org/2005/Incubator/webid/wiki/Test_Suite
http://dvcs.w3.org/hg/WebID/file/55f18239ed1a/tests/earl
http://dvcs.w3.org/hg/WebID/file/55f18239ed1a/tests/earl/test.n3
<mike> my feeling that SSL alert should be handled better by the browsers rathern that forcing service software to allow failed authn to continue inorder to show info on why SSL layer failed (notwithstanding test services which we can do what we like) so -1 for earlier Apache
wit: certificateCriticalExtensionsOk a earl:TestRequirement;
50 dct:title "The certificate contains no unecessary critical extension";
51 dct:description "Critical Extensions are not a direct problem for WebID, but can cause many servers to reject the certificate before the WebID code gets to see the certificate. These tests should not generate errors but only warnings" .
52
<mike> for testing yes
<mike> yes browser side interpretation, but don't break SSL protocol?
<mike> harder to get buyin if promoting use of diviation from SSL standard
https://github.com/bblfish/TLS_test
that will allow set different tLS responses and see the how browsers react
here are the error response messages https://github.com/bblfish/TLS_test/blob/master/src/main/java/net/bblfish/test/SSLTestServer.java
<mike> looking.
<mike> http://en.wikipedia.org/wiki/Transport_Layer_Security
<mike> under Alert protocol
<mike> many errors
<mike> no indeed ...
<mike> for shibboleth
mike is writer enhancer for shiboleth
what is the issue with WebID on https://webid.fcns.eu/ when using Safari on OSX
?
<mike> not at the mo
<mike> need to understand the issue more
<mike> which webid provider is breaking with fcns?
<mike> any webid then
Connecting With Safari on OSX
<mike> not got a safari to hand
<mike> Should be able to see this on the wire then (I thought with SNI)
<Deiu> https://github.com/WebID-Tools/CertGen
<Deiu> http://www.w3.org/wiki/Foaf%2Bssl#Implementation_Links
http://www.w3.org/2005/Incubator/webid/wiki/Implementations
mischat?
<domel> bblfish: When we plan to rebuild the specification? I mean ontology etc? http://www.w3.org/2005/Incubator/webid/wiki/images/3/3e/20110306_3d_webid.jpg
<domel> I can do it :)
<domel> OK
<domel> I can do also some small part like http://www.w3.org/2005/Incubator/webid/spec/#in-rdf-xml
bye everybody
<mike> ttfn
trackbot, end meeting
This is scribe.perl Revision: 1.136 of Date: 2011/05/12 12:01:43 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) No ScribeNick specified. Guessing ScribeNick: bblfish Inferring Scribes: bblfish WARNING: No "Topic:" lines found. Default Present: Deiu, bblfish, bergi, domel, MacTed Present: Deiu bblfish bergi domel MacTed WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 27 Jun 2011 Guessing minutes URL: http://www.w3.org/2011/06/27-webid-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report[End of scribe.perl diagnostic output]