Remoting an ASK query, to a sparql endpoint; doing a SELECT; programmer tools for query management


http://uriburner.com/c/IAMR5Z is the following query:

 

image

 

i.e.  at this url we will execute a query:

PREFIX : <http://www.w3.org/ns/auth/cert#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>

ASK FROM <http://rdf-translator.appspot.com/parse?url=http%3a%2f%2fid.myopenlink.net%3a80%2fdataspace%2fperson%2fhome_pw&of=xml> WHERE {
?s  :key [
         :modulus   “c531b19280ed0e1a64d9cf327801296366657325ff08a35c93b406293429415430d6d832fa3694f05d05ace8a2ac95db5147feb1c19bc5eb7a80aedc510b79bbbe2ddce7badd9d00a36566445bba5065f66478ac2c4c24e1e8869f0a6eb7b9feef54a194c4f1e77d1918662967f02878e0f27e6880f93a1c32feac1a0861f349″^^xsd:hexBinary ;
         :exponent ?exp ;
    ] .
}

To leverage this, one obtains the client cert in the midst of performing the SSL3 handshake protocol, pulling the URIs from the SAN extension of the cert (once verified, etc). for each, value, the SAN URI goes into the url argument of the http://rdf-translator.appspot.com/parse?url=http%3a%2f%2fid.myopenlink.net%3a80%2fdataspace%2fperson%2fhome_pw&of=xml.

In that example, the original SAN URI was http://id.myopenlink.net/dataspace/person/home_pw#this. Note how the argument’s value was then url-encoded (and the port made explicit). One must normalize the URI and remove the #fragment (normally supplied in the SAN URI). We could be using such a URI just as is in the sparql query. But, at our choice we have chosen to “wrap it”, using the service of a site producing a “proxy URI”. This site is http://rdf-translator.appspot.com/ and we are using its “parse” service. This adds some value to the original profile, translating formats into the form that the sparql engine will consume.

 

A nicer translation for It administrators doing cut&paste is

http://rdf-translator.appspot.com/parse?url=http%3a%2f%2fid.myopenlink.net%3a80%2fdataspace%2fperson%2fhome_pw&of=n3&html=1.

image

Here one notes a single cert (modulus) but also a foaf:knows cross reference.

Having formulated such a URI (where the translator translates into XML), one uses it in the FROM clause of the sparql query shown above.  The =modulus from the cert (in hex printable string) goes into the modulus value, as shown. Obviously, “c531…” has been used in the example, above.

To invoke the ASK, remotely, one formulates a sparql protocol request, to be delivered to a standard sparql protocol endpoint, at http://uriburner.com/sparql. The query is self-contained, and thus we supply a value-less default-graph-uri argument (default-graph-uri=). Next, the query fashioned above is URL-encoded (not HTML encoded) and becomes the value of the “query” argument (or the “qtxt” argument, if one wants an interactive viewer). Other arguments control output format, and pragmas that might OTHERWISE be used in the query text. The url-decoded form of the uri’s query string (the guts of the “sparql protocol request”) is

?default-graph-uri=

&qtxt=
PREFIX : <http://www.w3.org/ns/auth/cert#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>

ASK FROM <http://rdf-translator.appspot.com/parse?url=http%3a%2f%2fid.myopenlink.net%3a80%2fdataspace%2fperson%2fhome_pw&of=xml> WHERE {
?s  :key [
:modulus “c531b19280ed0e1a64d9cf327801296366657325ff08a35c93b406293429415430d6d832fa3694f05d05ace8a2ac95db5147feb1c19bc5eb7a80aedc510b79bbbe2ddce7badd9d00a36566445bba5065f66478ac2c4c24e1e8869f0a6eb7b9feef54a194c4f1e77d1918662967f02878e0f27e6880f93a1c32feac1a0861f349″^^xsd:hexBinary ;
:exponent ?exp ;
] .
}

 

&should-sponge=

&format=text/html

&CXML_redir_for_subjs=121

&CXML_redir_for_hrefs=

&timeout=0

&debug=on

&fname=

 

Lots of articles exist on using this sparql server to act as a very “command-line driven” “linked data client” – able to do more than be a mere remote execution engine for SPARQL queries against local data sets. once one throws in the term “linked data” if the query’s response  has references  that could to be followed up, they are.

one example is a select query:

image

which is

define get:soft “add”
PREFIX : <http://www.w3.org/ns/auth/cert#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>

SELECT * FROM <http://rdf-translator.appspot.com/parse?url=http%3a%2f%2fid.myopenlink.net%3a80%2fdataspace%2fperson%2fhome_pw&of=xml> WHERE {
?s  :key [
:modulus ?mod ;
:exponent ?exp ;
] .
}

Note the select query doesn’t work (as it renders with some bugs, in the dots of domain names). But, see below how to do it properly!

So how do we make such a query? The /isparql tool helps (though it took me 3 years to learn how to use it):

start with a model query, in advanced mode. Yes, its just like the form in Microsoft Excel… for sql!

 

image

 

Then paste in our query (without any of the “linked data” instructions), and open the “sponger” tab at the bottom.

 

image

By choosing middleware “sponging” feature, one is making this simple sparql query into a linked data client (query). And, one is adding unseen markup to the query, that induces the sparql _server_ to act as a linked data _client_.

We can now execute the query, and see the result set.

image

 

One the  params tab (of the result-set, note), one can see what markup was actually delivered by the authoring tab to the execution tab.

image

Now, my data source actually no longer has two certs. So what’s going on, when the result set shows 2 value (when only 1 is in the named data set)? Perhaps the one came from the “nth” document to which I invited the engine to seeAlso.

Sigh. For so long I was SO CLOSE (but so far) to something that is actually VERY SIMPLE. If one turns on the permalink feature, one can save such queries as tinyURIs: Query Permalink

 

Now, one can start to play with the https hosted card, here. For example:

PREFIX : <http://www.w3.org/ns/auth/cert#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>

SELECT * FROM <http://rdf-translator.appspot.com/parse?url=https%3A%2F%2Frapstr1.blob.core.windows.net%2Fods%2Fuser.ttl&if=n3&of=xml&gt; WHERE {
?s :key [
:modulus ?mod ;
:exponent ?exp ;
] .
}

What happens if the sameAs URI is an https scheme (and the linked data client doesn’t have the server root)? How does it learn it? Perhaps, linked data client could be using a distributed certificate store?

 

Anyways, here are a couple of cards that point at each other, using owl:sameAs predicates:

 

image

 

 

image

About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in webid. Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s