1. SparqlPuSH Server

Checkout the SparqlPuSH Server php project from the FilteredPush Sourceforge svn:

$svn checkout svn://svn.code.sf.net/p/filteredpush/svn/trunk/FP-HTTP/FP-SparqlPuSH/spqlpsh-server/

Copy the spqlpsh-server PHP includes to your php include path (i.e. /usr/share/php5/). These are simplepie.inc for parsing rss feeds and xmlseclibs.php for xml digital signature authentication of annotations:

$ cp spqlpsh-server/lib/includes/* /usr/share/php/

Edit build.properties to configure the deployment. Replace /var/www in the server.home property value with your document root, replace sparql.endpoint with the fuseki url or other endpoint url, replace the value for pubsubhubbub.hub with the hub host. The urls for sparql.endpoint and pubsubhubbub.hub must end in a trailing slash (see the example build.properties provided) however server.home should not. The properties prefixed with db are specific to the ARC2 triplestore. You only need to configure these if you are using ARC2 instead of fuseki. Otherwise you can leave the defaults.

Each client that should be authorized to load annotation rdf/xml into the triplestore via the hub needs to supply a generated certificate to the adminstrator of SparqlPuSH. These certificates should be a .pem file that contains the public key and clients should sign outgoing rdf/xml with the corresponding private key (the PHP libraries for fp contain a class that a client can use for doing this: fp/common/XmlSign.php).

Generate public/private key pairs for each client you wish to be authorized to load annotations into the triple store:

$ openssl req -x509 -nodes -newkey rsa:2048 -out newcert.pem -outform PEM -days 1825

The above will generate two files: privkey.pem (which should reside with the client and be placed somewhere outside the directory root of the server) and newcert.pem (contains public key, a copy of this should be stored on the same server as SparqlPuSH somewhere the application can access it)

Create the keystore:

$ openssl pkcs12 -export -in newcert.pem -inkey privkey.pem -out keystore.p12 -name keystore

Configure SparqlPuSH with a list of clients who are authorized to load data into the triple store by editing the certs.txt (in the spqlpsh-server project) file and adding an alias (such as symbiota) paired with the path to the pem file that contains the client's public key.

Run the ant build script to deploy and create directories that are prerequisite to deploying the spqlpsh-client project:

$ cd spqlpsh-server vi build.properties (make changes or use defaults) $ gedit certs.txt (add alias,certificate pem file pairs for authorized clients) $ant deploy

2. Client Helper Libraries and Configuration

The FilteredPush libraries for php clients can be checked out from the sourceforge svn:

$ svn checkout svn://svn.code.sf.net/p/filteredpush/svn/FP-Tools/FP-PHP-Library/ FP-PHP-Library

Clients must be configured (via edits to fp/FPConfig.php) to use the network components. Edit this file and set the X509_CERTIFICATE, PRIVATE_KEY and NETWORK_FACADE properties.

X509_CERTIFICATE should be set to the file path of the certificate (pem file) containing the public key for the client and PRIVATE_KEY should be set to the file path of the pem file containing the client's private key. Set the NETWORK_FACADE property to either FPLiteFacade (for FP-Lite deployments) or FPMediumFacade (for FP-Medium deployments).

The rest of the defaults should work with the default single-node deployment of FilteredPush. A summary of all the configuration options can be found below:

RDFHANDLER_ENDPOINT- the url for the annotation webservice, used for creating new identification annotation rdf/xml
FPNODE_ENDPOINT- this is the AccessPoint SOAP webservice as part of FP-Medium (for an FP-Lite deployment the default can be used for now)
SPARQLPUSH_SERVER - sparqlpush server uri
SPARQLPUSH_CLIENT - sparqlpush client uri
DS - the dataset that fuseki was started with in the startup script
SPARQL_ENDPOINT - the uri to the fuseki endpoint
RESULT_XSLT - the xsl for styling query results and the annotations shown on the Annotations tab in Symbiota (on the Occurrence Record form).
X509_CERTIFICATE - the pem file (newcert.pem from the example above) that contains the public key for this client
PRIVATE_KEY - the pem file used by this client (privkey.pem) for signing the rdf/xml
NETWORK_FACADE - Current network implementation to use (see classes/fp/facades), choices are FPLiteFacade and FPMediumFacade

Once configured, we can deploy the fp directory containing the config and the libraries in FP-PHP-Library/fp to /usr/share/php. Clients (such as Symbiota and Morphbank) will use these libraries when interacting with both FP-Medium and FP-Lite

$ cp -r FP-PHP-Library/fp /usr/share/php

With the libraries and configuration deployed you must enable FilteredPush in the symbini.php configuration file of Symbiota (i.e. /var/www/symbiot/config/symbini.php) by setting the $fpEnabled variable to true. To obtain the modifications to Morphbank for FilteredPush use git and clone the morphbank project from the FilteredPush sourceforge repository:

$ git clone git://git.code.sf.net/p/filteredpush/morphbank filteredpush-morphbank

For FilteredPush integration for all other clients, see Client Integration