Skip to content

Dexagod/Blank-Node-Graphs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

75 Commits
client
client
 
 
docs
docs
 
 
keys
keys
 
 
server
server
 
 
software
software
 
 
spec
spec
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Running the containment software

git clone [email protected]:Dexagod/RDF-containment.git

cd RDF-containment/
cd software/
npm install; 
npm test;

This will run the available tests, and output a console log of a flow located at /software/test/flow.test.ts This executes the following flow:

  1. retrieving https://pod.rubendedecker.be/profile/card
    • content graph (_:n3-0)
    • provenance graph (_:n3-2)
    • policy graph (_:n3-8)
  2. retrieving https://josd.github.io/card.ttl
    • content graph (_:n3-1)
    • provenance graph (_:n3-3)
    • policy graph (_:n3-13)
  3. creating an RDF:Dataset (_:n3-14) that contains these 6 graphs (_:n3-0, _:n3-2, _:n3-8, _:n3-1, _:n3-3, _:n3-13)
  4. creating a signature graph of this RDF:Dataset instance (_:n3-17)
    • This creates a signature of the hash of the canonicalized quads of all graphs that are contained in the dataset object WIHTOUT including the dataset and its contains triples!

Running the containment software

I included a proxy server that when used to retrieve an RDF resource, will add provenance, policy and signature information to the retrieved RDF data. (currently using a set of test private keys hosted by me).

Make sure to clone the repository and run npm install in the software folder first!

cd server/
npm install; 
bash runProxy.sh

An example retrieval can be done as follows from the locally hosted proxy server

curl http://localhost:7846?url=https://pod.rubendedecker.be/profile/card

live proxy server

A live proxy will soon be available on proxy.rubendedecker.be/

An example retrieval can be done as follows (if the service is running!)

curl http://proxy.rubendedecker.be?url=https://pod.rubendedecker.be/profile/card

Running the Builder and Evaluator tool

An example of a custom client to build and evaluate packages can be run with the following: (we assume you have already done an npm install in the software directory!)

cd client;
npm install;
ts-node src/testfile.ts

I will add more documentation on this later

Running the Evaluator CLI tool

Requirements:

Clone the repo if you have not already

git clone [email protected]:Dexagod/RDF-containment.git
cd RDF-containment

run npm install in the software folder

cd software/
npm install;
cd ..

install the client

cd client/
npm install;

Now you can run the evaluator CLI interface!

Loading a packaged resource

First we take a look at a packaged resource:

npx ts-node bin/evaluator.ts \
   http://proxy.rubendedecker.be?url=https://pod.rubendedecker.be/profile/card

This resource contains my profile and a signature of my profile image. This information is then packaged in a dataset, over which signature, policy and provenance information is added. This metadata is then added in another metadata dataset, which is then in turn again signed.

Signatures and policies

Say we only trust information that is explicitly signed by the WebID in question, we require the evaluator to only include content signed by that WebID. Additionally, we want to evaluate any policies set over the data, as our purpose for the use of the data is to provide a service! We want this policy information to be trusted (this requires us to validate signatures, after which the policy will only succeed if the graph in which the policy is situated was verified as trusted in this signature verification process!)

npx ts-node bin/evaluator.ts \
   http://proxy.rubendedecker.be?url=https://pod.rubendedecker.be/profile/card \
   --trusted-verification \
   --validate-signatures https://pod.rubendedecker.be/profile/card#me \
   --validate-policies https://w3id.org/dpv#ServiceProvision

We see here that the only remaining data is our profile and the signature. All data over which no policy was set was discarded, as we explicitly want to process data for the purpose of service provision, and this was the only data for which this was explicitly allowed!

Provenance

Say you don't do signatures, but you want to place trust in provenance! We will validate signatures again, as we only trust data and metadata! that was explicitly signed by the WebID. Then we enforce that any data provided must be tagged as coming from the profile card, as packaged by the WebID, and this packaging has to have happened after 2024, as we do not want stale data!

npx ts-node bin/evaluator.ts \
   http://proxy.rubendedecker.be?url=https://pod.rubendedecker.be/profile/card \
   --trusted-verification \
   --validate-signatures https://pod.rubendedecker.be/profile/card#me \
   --retrieved-from https://pod.rubendedecker.be/profile/card \
   --retrieved-by https://pod.rubendedecker.be/profile/card#me \
   --retrieved-after 2024-01-01T00:00:00.000Z \
   --flatten

All together

We can mix this all together, and use the --flatten option to flatten any graphs in the output that are not explicitly referenced, as by now you can trust your data enough to assert it! If the graph containing a triple is referenced, the triple is output both in that graph and in the default graph to not break any assumptions!

npx ts-node bin/evaluator.ts \
   http://proxy.rubendedecker.be?url=https://pod.rubendedecker.be/profile/card \
   --trusted-verification \
   --validate-signatures https://pod.rubendedecker.be/profile/card#me \
   --validate-policies https://w3id.org/dpv#ServiceProvision \
   --retrieved-from https://pod.rubendedecker.be/profile/card \
   --retrieved-by https://pod.rubendedecker.be/profile/card#me \
   --retrieved-after 2024-01-01T00:00:00.000Z \
   --flatten

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages