Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
Installing TAAC: 1. Get the TAAC source code from http://dig.csail.mit.edu/hg/taac (You already did this!) 2. Get the tmswap directory needed for TAAC to properly operate and copy it into the directory in which proxy.py sits. - You may clone from http://dig.csail.mit.edu/hg/air-reasoner, take the airreasoner/ directory, and copy that into the taac source code directory under the name tmswap/. If the airreasoner/ directory does not exist, then take the contents of the root of the repository. 3. Install rdflib (http://www.rdflib.net/) if you want RDFa support. Otherwise (right now) you'll get a mod_python error if you try to access with an RDFa-based subjectAltUrl. You should now have a directory layout which looks something like the following: taac/ proxy.py tmswap/ [copied from the air-reasoner repository] policyrunner.py ... taac/ __init__.py ... 4. Configure TAAC. The primary configuration for TAAC is in taac/config.py. You most probably don’t need to change any of the settings, but you should be aware of their setting, as it impacts the remainder of this installation process. POLICY_FILE is the relative path from proxy.py to the file that links your protected files to the corresponding policy files governing access. POLICY_TYPE is the MIME type of POLICY_FILE (‘text/rdf+n3′ or ‘application/rdf+xml’ most likely). LOG_FILE is the relative path from proxy.py to the file to log access information to. The other settings are not terribly relevant to FOAF+SSL and can be left alone. 5. Setup your policy file. Your policy file (at the path specified by POLICY_FILE, defaulting to ‘./policies.n3′) is the key to protecting your URIs with FOAF+SSL. The policy file is an RDF file that links resources representing the protected URIs to their corresponding policy files. This is most easily done with the rein:access-policy (http://dig.csail.mit.edu/2005/09/rein/network#access-policy) property (subject to change in future TAAC releases). Here’s a very simple policies.n3 that protects my_file.html: @prefix rein: <http://dig.csail.mit.edu/2005/09/rein/network#> . <./my_file.html> rein:access-policy <./my_file.policy.n3> . 6. Create a policy. The policy is the access-policy attached by policies.n3. This policy is written in the AIR language, may be somewhat daunting for someone trying to write their first policy. A couple of sample policies include http://www.pipian.com/rdf/tami/juliette.policy.n3#JulietteLocationDissemPolicy, which permits any valid authentication via FOAF+SSL, and http://www.pipian.com/rdf/tami/juliette.policy.n3#JulietteFOAFDissemPolicy, which allows only friends and friends of friends of Juliette access. NOTE: The above policies may use outdated AIR syntax. You will need to use the version of the AIR language supported by the version of the air-reasoner you copied. You should probably take a look at the example/ directory in the air-reasoner repository for the general format of a rule. 7. Create your log file with mode 0666. This is usually ‘log.n3′. 8. Edit your .htaccess file. In order to actually enable the protection, you need to create a .htaccess file that actually adds proxy.py as a mod_python proxy and explicitly enables SSL client certificates to be passed to proxy.py. http://mr-burns.w3.org/taac/htaccess is a good example for Apache 1.3 SSL servers. Apache 2.0′s mod_ssl requires somewhat different flags to enable passing SSL client certificates (melvin carvalho says that SSLOptions should be set to +StdEnvVars and +ExportCertData). NOTE: Make sure to update the PythonPath directive to include the TAAC directory! 9. TAAC should now be set up and running