| Attributes | Values |
|---|
| type
| |
| Date Created
| |
| Date Modified
| |
| label
| - VirtWTDStepByStepConfigGuide
|
| maker
| |
| Title
| - VirtWTDStepByStepConfigGuide
|
| isDescribedUsing
| |
| has creator
| |
| attachment
| |
| content
| - ---++ Virtuoso <nop>WebID+TLS+Delegation Step by Step Configuration Guide
<nop>WebID+TLS+Delegation provides <nop>WebID authentication delegation whereby a user accessing a Virtuoso resource delegates identity authentication to an actual software agent that interacts with the resource. In all cases the software agent is identified by a <nop>WebID. The semantics of this kind of delegated identity authentication is expressed through reciprocal relationship types <code>hasIdentityDelegate</code> and <code>onBehalfOf</code> represented by RDF statements stored in <nop>WebID profile documents of user(s) and software agents.
---+++How it works
The process is as follows:
1 Delegate's credentials (X.509 certificate and private key) are used to complete the basic TLS-handshake
1 Following successful TLS-handshake the reciprocal relationships in the users profile documents are verified by using them to locate the public key that was used successfully in the TLS-handshake
1 Resource access is granted following successful evaluation of Attribute-based based ACLs (ABAC) associated with the <nop>WebID of a given user (e.g. if connecting through isql, the user is identified by the <nop>WebID provided as the value of the -W option used with ISQL or /delegate connection attribute.
The primary benefit of <nop>WebID authentication delegation is that a single X.509 certificate can function as the identity card for a software agent used by many users, each of which is uniquely identified by their own <nop>WebIDs which are the targets of ABAC-based ACLs.
The following notes detail how to configure and test <nop>WebID+TLS+Delegation.
* [[VirtWTDServerSetup][Virtuoso Server WebID+TLS+Delegation Setup]]
* [[VirtWTDSoftwareAgentDocCreation][Software Agent & WebID Profile Document Creation]]
* [[VirtWTDVALACLCreation][WebID+TLS+Delegation VAL ACL Creation]]
* [[VirtWTDACLTesting][WebID+TLS+Delegation ACL Testing]]
---+++Related
* [[WebIDTLSDelegationWhatWhyHow][Virtuoso WebID+TLS+Delegation Usage Guide]]
* [[ValWhatWhyHow][Virtuoso Authentication Layer (VAL) - What, Why and How]]
* [[ValQuickStartGuide][Virtuoso Authentication Layer - ACL System QuickStart Guide]]
* [[http://docs.openlinksw.com/virtuoso/odbcimplementation.html#secureodbcx509][Using X509 Certificates With ODBC Connection]]
|
| id
| - 8043c8c9dfccdd8d6191bb9cd7e4a655
|
| link
| |
| has container
| |
| http://rdfs.org/si...ices#has_services
| |
| atom:title
| - VirtWTDStepByStepConfigGuide
|
| links to
| |
| atom:source
| |
| atom:author
| |
| atom:published
| |
| atom:updated
| |
| topic
| |
| is made
of | |
| is container of
of | |
| is link
of | |
| is http://rdfs.org/si...vices#services_of
of | |
| is creator of
of | |
| is atom:entry
of | |
| is atom:contains
of | |
![[RDF Data]](/fct/images/sw-rdf-blue.png)
![[cxml]](/fct/images/cxml_doc.png)
![[csv]](/fct/images/csv_doc.png)
![[text]](/fct/images/ntriples_doc.png)
![[turtle]](/fct/images/n3turtle_doc.png)
![[ld+json]](/fct/images/jsonld_doc.png)
![[rdf+json]](/fct/images/json_doc.png)
![[rdf+xml]](/fct/images/xml_doc.png)
![[atom+xml]](/fct/images/atom_doc.png)
![[html]](/fct/images/html_doc.png)