WebID Protocol Support in OpenLink Data Spaces
- What is the WebID? Protocol?
- Why use the WebID? Protocol?
- How can I use the WebID? Protocol?
- Prerequisites
- Configure your ODS Account to use the WebID? Protocol
- Test the setup
- WebID? Protocol ACLs
- Setup ACL for ODS Applications
- Related
What is the WebID Protocol?
The WebID Protocol is an authentication and authorization protocol that links a ''Web ID'' or "Personal URI" to a public key to create a global, decentralized, distributed, and secure authentication system that functions with existing browsers.
The WebID Protocol uses PKI standards — usually thought of as hierarchical trust management tools — in a decentralized web-of-trust way. The web of trust is built using semantic web vocabularies (particularly FOAF) published in RESTful manner to form Linked Data?.
Based on well known existing standards, the WebID Protocol is currently in development, and is being discussed on the FOAF protocols mailing list.
For the most recent description of the protocol, read the one-page WebID Protocol: Adding Security to Open Distributed Social Networks. For a more detailed explanation of how the authentication works, see WebID Protocol: Creating a Web of Trust without Key Signing Parties.
Why use the WebID Protocol?
Automatic discovery of interpersonal trust relationships enables automatic application of appropriate permissions.
In other words, data owners can set fuzzy permissions like "only let my friends see this" or "only let my family edit this." Applications can discover the relationships between the data owner and the data requester/user, and permit (or disallow) any attempted actions, without needing the data owner to explicitly set permissions for each potential user.
One example might be a parent setting permissions on a photo gallery, to permit viewing only by "immediate family". The parent need not list each and every such relative specifically for this application -- and need not add new permissions for a new family member (whether by marriage, birth, or otherwise), though they do need to be added to the owner's FOAF. When a new user comes and asks to see the pictures, the gallery application would check the relationships declared by each person (the owner and the visitor), and if they matched up (in other words, the visitor could not get in simply by claiming a family relationship; the relationship must be confirmed by the owner's FOAF data), the pictures would be shown.
How can I use the WebID Protocol?
Prerequisites
Configure your ODS Account to use the WebID Protocol
- Log in to your ODS account, and edit your profile.
- Click to the Security Tab, and scroll to the bottom, where you will find the X.509 certificate entry area.
- Copy & paste the PEM format of the certificate (i.e., the content of
mykey.pem
, from earlier). - Press "Save Certificate" button, and you are set.
Test the setup
To test, we recommend Virtuoso WebID Verification Proxy Service:
- Go to Virtuoso WebID Verification Proxy Service Endpoint:
- Note: Optionally you can hatch the "Check Certificate Expiration" check-box.
- Note: Optionally you can hatch the "Check Certificate Expiration" check-box.
- Click the "Check" button.
- Should be challenged to choose a certificate to present as identification.
Select the certificate generated from above and click "Ok":
- Should be presented the extracted WebID? value, the subject, MD5, SHA1 and Timestamp in ISO 8601 format:
WebID Protocol ACLs
You can set WebID Protocol ACLs (Access Control Lists) through the Virtuoso Authentication Server UI, for which there is a tutorial.
Setup ACL for ODS Applications
- ODS Briefcase WebID based ACL Guide
- ODS Feed Manager WebID based ACL Guide
- ODS Calendar WebID based ACL Guide
- ODS Bookmark Manager WebID based ACL Guide
- ODS Addressbook WebID based ACL Guide
Related
- Safeguarding your Virtuoso-hosted SPARQL Endpoint
- SPARQL Endpoint Protection Methods Collection
- Virtuoso documentation
- Virtuoso Tips and Tricks Collection
- SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint
- Virtuoso Authentication Server UI
- Manage a SPARQL-WebID based Endpoint
- WebID Protocol Support in OpenLink Data Spaces.
- Manage ODS Datadspaces Objects WebID? Access Control Lists (ACLs):
- Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates.
- Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener
- Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener
- Setting up PubSubHub in ODS
- PubSubHubBub Demo Client Example
- Feed subscription via PubSubHub protocol Example
- Setting Up PubSubHub to use WebID Protocol or IP based control lists
- CA Keys Import using Conductor
- Generate an X.509 Certificate hosted WebID Guide
- Generate an X.509 Certificate (with a WebID watermark) to be managed by host operating system keystore
- Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore
- Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate
- Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate
- ODS Briefcase WebID Protocol Share File Guide
- WebID Protocol Specification
- Test WebID Protocol Certificate page
- WebID Protocol Certificate Generation page