This HTML5 document contains 33 embedded RDF statements represented using HTML+Microdata notation.

The embedded RDF content will be recognized by any processor of HTML5 Microdata.

PrefixNamespace IRI
n13http://ods.openlinksw.com/dataspace/person/dav#
dctermshttp://purl.org/dc/terms/
n7http://ods.openlinksw.com/dataspace/owiki/wiki/
atomhttp://atomowl.org/ontologies/atomrdf#
foafhttp://xmlns.com/foaf/0.1/
oplhttp://www.openlinksw.com/schema/attribution#
n17http://ods.openlinksw.com/wiki/main/ODS/VirtWTDACLTesting/trace_sql_cert_logins.
n19http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/WebIDTLSDelegationWhatWhyHow#ODBC%20
n10http://ods.openlinksw.com/dataspace/owiki#
dchttp://purl.org/dc/elements/1.1/
rdfshttp://www.w3.org/2000/01/rdf-schema#
n11http://rdfs.org/sioc/services#
n16http://ods.openlinksw.com/wiki/main/ODS/VirtWTDACLTesting/VirtWTDACLTesting-01.
n2http://ods.openlinksw.com/dataspace/owiki/wiki/ODS/
siocthttp://rdfs.org/sioc/types#
n9http://ods.openlinksw.com/dataspace/person/owiki#
rdfhttp://www.w3.org/1999/02/22-rdf-syntax-ns#
n12http://ods.openlinksw.com/dataspace/services/wiki/
n5http://ods.openlinksw.com/dataspace/owiki/wiki/ODS/VirtWTDACLTesting/sioc.
xsdhhttp://www.w3.org/2001/XMLSchema#
n18http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/WebIDTLSDelegationWhatWhyHow#ODBC%20CPPDemo%20Interactive%20SQL%20
n14http://ods.openlinksw.com/dataspace/dav#
siochttp://rdfs.org/sioc/ns#
Subject Item
n13:this
foaf:made
n2:VirtWTDACLTesting
Subject Item
n12:item
n11:services_of
n2:VirtWTDACLTesting
Subject Item
n10:this
sioc:creator_of
n2:VirtWTDACLTesting
Subject Item
n7:ODS
sioc:container_of
n2:VirtWTDACLTesting
atom:entry
n2:VirtWTDACLTesting
atom:contains
n2:VirtWTDACLTesting
Subject Item
n2:VirtWTDACLTesting
rdf:type
atom:Entry sioct:Comment
dcterms:created
2017-06-13T06:09:35.171848
dcterms:modified
2017-06-29T07:33:40.094520
rdfs:label
VirtWTDACLTesting
foaf:maker
n9:this n13:this
dc:title
VirtWTDACLTesting
opl:isDescribedUsing
n5:rdf
sioc:has_creator
n10:this n14:this
sioc:attachment
n16:png n17:png
sioc:content
%META:TOPICPARENT{name="VirtWTDStepByStepConfigGuide"}% ---+ <nop>WebID+TLS+Delegation ACL Testing A basic <nop>WebID+TLS+Delegation connection can now be made as detailed below. First the Public Key (PEM file) for the Virtuoso self-signed certificate created previously when performing the [[VirtWTDServerSetup][Virtuoso TLS Setup]] needs to be downloaded from the <code>dba</code> user account. In the Conductor, a <b>download</b> link for each available cryptographic key may be found in the <b>System Admin -> User Accounts -> Users</b> tab: %BR%%BR% <img src="%ATTACHURLPATH%/VirtWTDACLTesting-01.png" style="wikiautogen" height="350" width="640"/> %BR%%BR% Once downloaded, the PEM file may be loaded into an Operating System Keystore such that it is automatically available when needed, or passed in the connect string as the server public key (<code>-T</code> parameter), to provide a full chain of trust for the connection. Note the public key (PEM file) for the <nop>YouID generated certificate (e.g., <code><nowiki>ca_list_shop_2016.pem</nowiki></code>) and the Virtuoso PEM file can be combined into a single PEM file, which may then be passed to Virtuoso as part of the TLS connect string. The <code>isql</code> command line tool may be used to verify the <nop>WebID+TLS+Delegation connection, as shown below: <verbatim> C:\Program Files\OpenLink Software\Virtuoso 7.2\database>..\bin\isql 1113 "" 1 -X WebIDTlsDelegation_id_myopenlink_net.p12 -T ca_list_shop_2016.pem -W http://id.myopenlink.net/DAV/home/wtd/YouID/WebIDTlsDelegation_id_myopenlink_net/profile.ttl#wtd Connected to OpenLink Virtuoso Driver: 07.20.3217 OpenLink Virtuoso ODBC Driver OpenLink Interactive SQL (Virtuoso), version 07.20.3217. Type HELP; for help and EXIT; to exit. SQL> sparql SELECT COUNT (*) FROM <OpenPermID-bulk-assetClass-20151111_095807.ttl.gz> WHERE {?s ?p ?o}; callret-0 INTEGER _______________________________________________________________________________ 2 1 Rows. -- 16 msec. SQL> sparql SELECT COUNT (*) FROM <penPermID-bulk-industry-20151111_095806.ttl.gz> WHERE {?s ?p ?o}; callret-0 INTEGER _______________________________________________________________________________ 0 1 Rows. -- 16 msec. SQL> SELECT * FROM sys_users; *** Error 42000: [OpenLink][Virtuoso ODBC Driver][Virtuoso Server]ACL01: Statement is prohibited at line 3 of Top-Level: SELECT * FROM sys_users SQL> </verbatim> <code>isql</code> can also be used to verify that connections using another user's <nop>WebID profile document (<code>-W</code> parameter) that has not been configured to allow the delegation of connections <nop>OnBehalfOf the Software agent, cannot execute SPARQL queries: <verbatim> C:\Program Files\OpenLink Software\Virtuoso 7.2\database>..\bin\isql 1113 "" 1 -X WebIDTlsDelegation_id_myopenlink_net.p12 -T ca_list_shop_2016.pem -W http://kingsley.idehen.net/public_home/kidehen/profile.ttl#i Connected to OpenLink Virtuoso Driver: 07.20.3217 OpenLink Virtuoso ODBC Driver OpenLink Interactive SQL (Virtuoso), version 07.20.3217. Type HELP; for help and EXIT; to exit. SQL> sparql SELECT COUNT (*) FROM <OpenPermID-bulk-assetClass-20151111_095807.ttl.gz> WHERE {?s ?p ?o}; *** Error 42000: [OpenLink][Virtuoso ODBC Driver][Virtuoso Server]SQ033: SELECT access denied for column G of table DB.DBA.RDF_QUAD, user ID 5 at line 1 of Top-Level: sparql SELECT COUNT (*) FROM <OpenPermID-bulk-assetClass-20151111_095807.ttl.gz> WHERE {?s ?p ?o} SQL> </verbatim> ---++ ODBC Connection Details on how to configure and make and ODBC Connections can be found at: * [[http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/WebIDTLSDelegationWhatWhyHow#ODBC%20Connection][ODBC DSN Configuration]] * [[http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/WebIDTLSDelegationWhatWhyHow#ODBC%20CPPDemo%20Interactive%20SQL%20Application][CPPDemo Sample Application]] ---++Tracing The VAL Configuration UI, accessible through the Conductor menus and links "System Admin > Packages > VAL Configure", includes a tracing option to debug SQL client connections made using certificates. <img src="%ATTACHURLPATH%/trace_sql_cert_logins.png" style="wikiautogen"/> When enabled, console trace output similar to that below shows the progress of the login and delegation. <verbatim> isql localhost:2113 "" 1 -X ./keys/software_agent.p12 -T ./keys/ca_list_shop_2016_with_localhost.pem -W http://id.myopenlink.net/DAV/home/jsmith/youid_profile.ttl#i </verbatim> <verbatim> DB.DBA.USER_CERT_LOGIN: Checking VAL ACLs for Query scope in SQL realm DB.DBA.WEBID_CHECK_DELEGATE: Looking for existence of: <http://kingsley.idehen.net/DAV/home/kidehen/agent-profile-document.ttl#i> cert:onBehalfOf <http://id.myopenlink.net/DAV/home/jsmith/youid_profile.ttl#i> in <http:59FB336FB5FA814F086C2AD38D37D53C> DB.DBA.WEBID_CHECK_DELEGATE: Found onBehalfOf relation. Loading profile document http://id.myopenlink.net/DAV/home/jsmith/youid_profile.ttl DB.DBA.WEBID_CHECK_DELEGATE: Found public key of software agent in delegating user's profile document DB.DBA.USER_CERT_LOGIN: Agent/WebID <http://id.myopenlink.net/DAV/home/jsmith/youid_profile_160420.ttl#i> has SPARQL permissions: read: 1, write: 0, sponge: 0 DB.DBA.USER_CERT_LOGIN: Setting graph security callback </verbatim>
sioc:id
51f2d216958babb0e18f689bc68438f4
sioc:link
n2:VirtWTDACLTesting
sioc:has_container
n7:ODS
n11:has_services
n12:item
atom:title
VirtWTDACLTesting
sioc:links_to
n18:Application n19:Connection
atom:source
n7:ODS
atom:author
n13:this
atom:published
2017-06-13T06:09:35Z
atom:updated
2017-06-29T07:33:40Z
sioc:topic
n7:ODS
Subject Item
n14:this
sioc:creator_of
n2:VirtWTDACLTesting