OpenLink Structured Data Sniffer — New Features Update

Kingsley Uyi Idehen
OpenLink Software Blog
4 min readJun 7, 2016

Here’s a quick note about some exciting new features added to the latest release of OSDS, the OpenLink Structured Data Sniffer browser extension.

Web Services Console

OSDS deconstructs URIs presented in your Browser’s address input area, and presents the components in a simple form that enables you to:

  • Understand the composition of the current URI
  • Alter the URI parameter values
  • Submit the altered URI to the server
Editor for the Query portion of a URI

This functionality works equally well with simple and complex URI patterns.

For instance, you can use it to demystify SPARQL — a powerful Query Language for performing structured queries against structured data represented as entity relationship graphs using the RDF Abstract Language — via the following features:

  • Decomposer for SPARQL Query Results URIs — including exposure of the SPARQL Query alongside data retrieval parameters and their values
  • Embedded Editor for the SPARQL Query itself — revealed when you click on the expansion icon in the field associated with the &Query parameter
  • Re-submission of altered SPARQL Queries for new Execution, leading to new SPARQL Query Results pages — useful for paging through data, or creating result variations “on the fly”
Visualizing the SPARQL Query Text component of a SPARQL Query Results Page URI
Expanded Query view, in the SPARQL Query Editor that is integrated into OSDS

Live SPARQL Query Results Page Examples:

Distinguishing Browser (User Agent) Identity from User Identity

You can now explicitly identify yourself to OSDS. This allows OSDS to identify you distinctly from the Web Browser that you are using when presenting data requests to HTTP services. In turn, this allows you to take advantage of open standards like URIs, URLs, HTTP, X.509 Certificates, PKI, and TLS, without such challenges as:

  • The need to restart your browser whenever your User Identity changes — because the x.509 certificate used in TLS has been scoped to your User Agent (a piece of Software) rather than to yourself (a Person)
  • The need to acquire an X.509 certificate for each user who may operate OSDS in this manner — you simply need to register an HTTP-based User ID (a/k/a, a WebID) per Identity

How does this work?

OSDS inserts a custom HTTP request header, “onBehalfOf:”, (that takes your WebID as its value) into resource access requests, thereby providing servers with vital information for testing resource access controls.

For instance, an HTTP server that understands the nature of a WebID and of Entity Relationship Type semantics expressed using RDF Language statements in a User Profile document (a/k/a, a WebID-Profile document) could look up the information associated with a User ID and (in a verifiable manner using PKI):

  • Determine how a User is related to a Browser — for instance, discovering that the User’s authentication has been delegated to the Browser
  • Determine how a Browser is related to a User — e.g., discovering that the Browser has one or more registered Users on whose behalf it operates
  • Test resource access controls (ACLs) based on the Identity of the User — that is, resource access controls are evaluated for the User "onBehalfOf" whom the Browser is operating, rather than for the Browser itself.
Illustrating the use of Entity Relationship Type Semantics, combined with distinct User and User Agent Identities, to facilitate fine-grained Attribute-Based Access Control (ABAC)

In such scenarios, these access controls (or policies) take the form of sophisticated entity relationship graphs, represented as sentences comprehensible by both humans and machines.

To take advantage of this powerful functionality, you need only to add one or more preferred User IDs to OSDS through its Settings area.

Setting the User ID (a/k/a WebID) OSDS will add to HTTP Requests against Protected Documents

Live examples of SPARQL Query Results pages where queries target Documents protected using fine-grained Attributed-Based Access Controls:

  • SPARQL Query page — click login link to experience effects [in this case an empty query result] of access controls scoped to a specific list of identities, applied to the document (or named graph) identified by URI: <OpenPermID-bulk-assetClass-20151111_095806.ttl.gz>
  • SPARQL Query page — click login link to experience effects [in this case a visible query results] of access controls scoped to identities authenticated using any of the supported protocols presented at challenge time, applied to the document (or named graph) identified by URI: <OpenPermID-bulk-assetClass-20151111_095807.ttl.gz>

Live variants of the above examples, using a Faceted Browsing interface to explore sentences/statements against the same Documents:

  • Faceted Browser page showcasing the effect of access controls scoped to a select list of identities, applied to the document (or named graph) identified by URI: <OpenPermID-bulk-assetClass-20151111_095806.ttl.gz>
  • Faceted Browser page showcasing the effect of access controls scoped to identities authenticated using any of the supported protocols presented at challenge time, applied to the document (or named graph) identified by URI: <OpenPermID-bulk-assetClass-20151111_095807.ttl.gz>

Additional Information

--

--

Kingsley Uyi Idehen
OpenLink Software Blog

CEO, OpenLink Software —High-Performance Data Centric Technology Providers.