Log of the #duraspace-ff channel on chat.freenode.net

Using timezone: Eastern Standard Time
* daniellamb joins00:27
* daniellamb leaves00:31
* ksclarke leaves00:57
* kaarefc leaves01:43
* edInCo leaves02:08
* daniellamb joins02:15
* daniellamb leaves02:20
* daniellamb joins04:03
* daniellamb leaves04:08
* daniellamb joins05:52
* daniellamb leaves05:56
* daniellamb joins07:40
* daniellamb leaves07:44
* edInCo joins08:35
* daniellamb joins08:52
* awoods joins09:31
* gregjansen joins09:49
* ksclarke joins09:50
<pivotal-bot__>Gregory Jansen added comment: "This will help with injection of a PEP into our resources. I think it might work as a ReaderInterceptor: ..." https://www.pivotaltracker.com/story/show/5220082310:19
* ajs6f joins10:36
<cbeer>ajs6f: can you tell me all the ways I've done this wrong: https://github.com/futures/fcrepo4/pull/10511:03
<ajs6f>Doesn't look like it's building...?11:05
<gregjansen>hmm, how to incorporate this JBOSS pdp.war into a fcrepo authz module with fedora specific config.. It is in maven and it is a war, but we'd want to customize some of the files inside it and add custom classes for things like attribute locators.. I don't know of a "maven approach" to do this. Could fork and build their git repo, but that definitely seems like overkill.11:13
<awoods>gregjansen: standup?11:14
<gregjansen>oh hey, sorry be right there
* jongibson joins11:24
* osmandin joins11:29
<gregjansen>thanks awoods, maven overlays seems like the answer to my question above..
<awoods>gregjansen: have you looked at apache shiro as another security framework... http://shiro.apache.org/index.html11:31
<gregjansen>awoods: I will read up on it. I haven't look at it yet. Do we know anyone who has used it?11:33
<awoods>I do not... but it looked promising during an evaluation from a previous project.11:34
It might be worth investigating alternatives.11:35
<gregjansen>Defining permissions according to a framework might help us and it does a lot of authN. You end up delegating authZ decisions to a Realm class which can call out to whatever. The callbacks in the Realm class are simple and drop a lot of JCR context we might need to authorize. For instance, if roles change w/respect to objects. (http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/AuthorizingRealm.html)11:55
<ajs6f>Those contracts look more suitable for a PEP than a PDP.12:16
<cbeer>awoods/ gregjansen: have you guys seen https://github.com/ModeShape/modeshape/pull/849#discussion_r5507859 (and whatever part of the JCR spec that implements)?12:24
<ajs6f>Does JCR spec access control?12:34
<osmandin>for oauth, getting a NPE when calling path /authorization. (using embedded jetty). is this just a matter or using correct spring file?13:01
<ajs6f>Can you Gist the complete error / stack trace?13:06
<gregjansen>From that thread on MODE-1920 it sounds like a JCR thing.. looking into it13:13
It is JCR http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html And this gives us a standard place to put privileges on nodes. Now I have a standard to read...13:15
<ajs6f>Yay! Things we don't have to decide for oursevles!
<gregjansen>Indeed, they give us a place to put node policies and a set of standard privs.13:17
does MODE document pending features like this one?13:18
<ajs6f>There's some back-and-forth about docs in that PR's comments.
rhauch wanted more docs. I don't know if he got them.
MODE roles would be combinations of permissions granted to a particular user/group on a node (and children) They would not pivot on the basis of things like fcrepo mixin types or properties.. Note that the structure of the ACL is implementation dependent and not JCR13:30
<ajs6f>So not a policy in the sense in which we're accustomed to thinking of them.13:33
<gregjansen>In the MODE implemention, no.
<ajs6f>Hm. Could we widen their contracts and offer just that as a PR? Then we could do our own impl (presumably).13:38
<cbeer>ajs6f: do you know much about relative uri handling in e.g. text/turtle?13:39
<ajs6f>Not much. Confusion about our URIs?
<cbeer>(and i know i need to harass you again about the PR i mentioned this morning.)
ajs6f: i'm confused about the LDP spec
<ajs6f>Does it build now?
(The PR.)
<gregjansen>Yeah, it would be great to use an AccessControlManager to store user/group roles (permission sets) I will try to find them in chat later.13:40
<cbeer>ajs6f: doesn't it? i think travis just killed it for taking too long
<ajs6f>M. Can we retrigger it? Or do you assure me that it builds, 'cause I would believe you.
<cbeer>i assure you.. and even if it doesn't, just looking at the code should be enough to make you cringe. but i didn't have any better ideas yesterday afternoon13:41
ajs6f: back to my paging/relative uri thing. so, here's the LDP paging spec: https://dvcs.w3.org/hg/ldpwg/raw-file/default/ldp.html#ldpr-Paging
<ajs6f>Okay, I'll go take a gander. Or a gawk. Or a gibber. Can't really take a gibber, can you.
<cbeer>and all is well and good. you take your request URI, resolve it to the ldp:Page object, and find the ldp:pageOf, and get your real resource
4.10.1 Introduction13:42
This section is non-normative.
Love that.
<cbeer>and now i'm even more confused. so a couple other bits of background:
4.2.12 LDPR servers must assign the default base-URI for [RFC3987] relative-URI resolution to be the HTTP Request-URI when the resource already exists
so, in text/turtle, you also do things like..13:43
<ajs6f>Hang on— 4.2.12 is talking about creation?
(Or updating, I guess.)
<cbeer>or reading. creation is the 2nd clause of 4.2.12, but not relevant, i think
<cbeer>so, when you have paging and relative URIs, you get something like..13:44
but, i think, they mean for that to resolve relative to the resource, not the Request URI13:45
<ajs6f>That would definitely be my inclination.
<cbeer>and if they do.. there's some a priori knowledge required to figure out what the ?firstPage is, right?
<ajs6f>It's RDF, after all. It just happens to be on the Web.
Or some querying/requesting.13:46
It looks like their paging is not absolutely adressable, more of a linked list?
<cbeer>hm. i guess you could resolve the graph relative to the Request URI
and then re-parse the graph relative to the pageOf
<ajs6f>Which, ideally, will be pretty much the same as resolving relative to the resource.
Actually, if it isn't, that's kind of crappy LD.13:47
<cbeer>ajs6f: yes, paging is not absolutely addressable.
(i think there was a thread about that whole thing earlier, and they said it was someone elses problem to do different paging)
<ajs6f>cbeer; Well, as an "enhancement", we could mint URIs for pages and make them "random-accessible".
<cbeer>LDP doesn't care what the URIs are.13:48
so we're still fine doing <> <ldp:nextPage> some/resource?limit=10&offset=40
there just happen to be some semantics in there
<ajs6f>Yeah, I meant we could go all the way to reifying the pages as resources (in the REST sense) for:13:49
<> <ldp:nextPage> some/resource/mypages/4
* gregjansen leaves
<ajs6f>kind of thing
I'm not really suggesting that.
That would be work.
<cbeer>oh. could, not sure it makes a difference, does it?13:51
<ajs6f>I thought the confusion was about against what to resolve relative URIs?
* gregjansen joins13:52
<cbeer>ajs6f: well, how to figure out what to resolve relative URIs to (when you need the relative URI to figure it out in the first place)13:53
but through some oddity of relative URI parsing, i guess i've figured it out.
with a base URI of http://example.com/something?firstPage
and a graph of : <> <b> <c> .\n <?firstPage> <d> <e>13:54
<ajs6f>Right, and I'm saying that if we make pages resources, then that decides us to resolve against the resource, whereas if we don't, we're inclined to resolve against the request.
<cbeer><?firstPage> <b> <c> . <?firstPage> <d> <e>
oh, hm.
<ajs6f>Wait— the base URI is going to be the URI of the firs page?!?
Now I'm totally confused.13:55
<cbeer>don't worry about it. my tests will pass and i'll flag it as an issue for LDP
<ajs6f>k. Glad I could help. :)
* gregjansen leaves13:57
<cbeer>oh. but i AM wrong, and maybe that's why you're confused
this may be impossible to parse right: <?firstPage> ldp:pageOf <>;
<osmandin><ajs6f> gist for npe : https://gist.github.com/osmandin/612446514:08
<ajs6f>I think I need to get a handle on the meaning of pageOf.
I keep wanting to make it into a relationship between resources, but I think they may be doing something different.14:09
* edInCo leaves
<ajs6f>osmandin: that's an error on initialization, at a point at which the OAuth gear is creating the space in which to record tokens, etc.14:10
Why? No idea.
Perhaps something changed in our repo config?
<osmandin>i think it's just not getting instantiated with AbstractResource sessionfactory14:11
<ajs6f>You mean the sessionfactory isn't getting injected? That would do it
<osmandin>yes. i think i'm doing something wrong because it's the same with /fcr:transform14:12
<ajs6f>Hm. But you're running the code as cloned (which implies that you're not doing anything wrong)? Or you've made changes?
<osmandin>I didn't change the oauth module.. i could try refereshing14:14
* gregjansen joins14:18
<ajs6f>I'm more wondering about changes to the repo that would make it difficult for the oauth gear to set up. Although, I must admit, I can't think of anythign obvious14:25
If you want to push your problematic setup to a branch, I'd be happy to pull and run it, just to see if anything happens to be obvious to me.
* jongibson leaves14:28
* edInCo joins14:41
* jongibson joins14:56
* ajs6f leaves15:14
* ajs6f joins15:18
* ajs6f leaves15:34
* ajs6f joins15:38
Seems like we're having more and more problems with builds failing against Travis because of timeouts. Is it time to think about paying for a more full-featured Travis service?15:42
* gregjansen leaves15:43
* gregjansen joins
<cbeer>ajs6f: is it actually a timeout, or do they just cut us off at 10k lines?15:44
<ajs6f>cbeer: right. I should have been more general: resource limitations...15:45
<cbeer>i remember having to make something more verbose.. maybe it's time to make that less verbose now
<ajs6f>But isn't that part of the pay-Travis enhancement package?
<cbeer>i don't think so.. i think that's just for private repo builds
<ajs6f>I'd really rather not adjust our logging for the sake of CI.
is that what you mean/
<cbeer>let's try that.15:48
* github-ff joins
[fcrepo4] cbeer pushed 1 new commit to master: http://git.io/GNBZjA
fcrepo4/master e9eb515 Chris Beer: Update .travis.yml...
* github-ff leaves
<cbeer>but first, lunch.15:49
<ajs6f>Try what? Turning down logging to keep Travis happy?
Oh, you mean that the pay-Travis is just for private repos?
* ajs6f leaves16:06
* osmandin leaves16:13
<bljenkins>Project fcrepo-fixity-corrupter build #215: SUCCESS in 3 min 3 sec: http://ci.fcrepo.org/jenkins/job/fcrepo-fixity-corrupter/215/16:26
<pivotal-bot__>Gregory Jansen edited "Watcher for federated BagIt filesystem that triggers events" https://www.pivotaltracker.com/story/show/4738061916:34
<bljenkins>Project fcrepo-kitchen-sink build #482: STILL UNSTABLE in 8 min 16 sec: http://ci.fcrepo.org/jenkins/job/fcrepo-kitchen-sink/482/16:35
* gregjansen leaves16:38
* jongibson leaves18:10
<pivotal-bot__>Andrew Woods added "OAuth endpoint throwing NPE" https://www.pivotaltracker.com/story/show/5440826618:46
Andrew Woods started "OAuth endpoint throwing NPE" https://www.pivotaltracker.com/story/show/54408266
* github-ff joins18:53
[fcrepo4] awoods pushed 1 new commit to master: http://git.io/TyZ-Cg
fcrepo4/master d232e13 Andrew Woods: Add component scanning for OAuth....
* github-ff leaves
<pivotal-bot__>Andrew Woods added comment: "Resolved with: http://git.io/TyZ-Cg" https://www.pivotaltracker.com/story/show/54408266
Andrew Woods delivered "OAuth endpoint throwing NPE" https://www.pivotaltracker.com/story/show/5440826618:54
* ksclarke leaves18:56
<bljenkins>Project fcrepo-fixity-corrupter build #216: SUCCESS in 1 min 33 sec: http://ci.fcrepo.org/jenkins/job/fcrepo-fixity-corrupter/216/19:14
* edInCo leaves19:17
<pivotal-bot__>Andrew Woods added "Correct/Improve documentation of OAuth recipe" https://www.pivotaltracker.com/story/show/54410010
<bljenkins>Project fcrepo-kitchen-sink build #483: STILL UNSTABLE in 4 min 30 sec: http://ci.fcrepo.org/jenkins/job/fcrepo-kitchen-sink/483/19:19
* edInCo joins19:59
* ksclarke joins22:18
* ksclarke leaves23:14

Generated by Sualtam