Attributes | Values |
---|
type
| |
Date Created
| |
Date Modified
| |
label
| - VirtWTDStepByStepConfigGuide
|
maker
| |
Title
| - VirtWTDStepByStepConfigGuide
|
isDescribedUsing
| |
has creator
| |
attachment
| |
content
| - ---++ Virtuoso <nop>WebID+TLS+Delegation Step by Step Configuration Guide
<nop>WebID+TLS+Delegation provides <nop>WebID authentication delegation whereby a user accessing a Virtuoso resource delegates identity authentication to an actual software agent that interacts with the resource. In all cases the software agent is identified by a <nop>WebID. The semantics of this kind of delegated identity authentication is expressed through reciprocal relationship types <code>hasIdentityDelegate</code> and <code>onBehalfOf</code> represented by RDF statements stored in <nop>WebID profile documents of user(s) and software agents.
---+++How it works
The process is as follows:
1 Delegate's credentials (X.509 certificate and private key) are used to complete the basic TLS-handshake
1 Following successful TLS-handshake the reciprocal relationships in the users profile documents are verified by using them to locate the public key that was used successfully in the TLS-handshake
1 Resource access is granted following successful evaluation of Attribute-based based ACLs (ABAC) associated with the <nop>WebID of a given user (e.g. if connecting through isql, the user is identified by the <nop>WebID provided as the value of the -W option used with ISQL or /delegate connection attribute.
The primary benefit of <nop>WebID authentication delegation is that a single X.509 certificate can function as the identity card for a software agent used by many users, each of which is uniquely identified by their own <nop>WebIDs which are the targets of ABAC-based ACLs.
The following notes detail how to configure and test <nop>WebID+TLS+Delegation.
* [[VirtWTDServerSetup][Virtuoso Server WebID+TLS+Delegation Setup]]
* [[VirtWTDSoftwareAgentDocCreation][Software Agent & WebID Profile Document Creation]]
* [[VirtWTDVALACLCreation][WebID+TLS+Delegation VAL ACL Creation]]
* [[VirtWTDACLTesting][WebID+TLS+Delegation ACL Testing]]
---+++Related
* [[WebIDTLSDelegationWhatWhyHow][Virtuoso WebID+TLS+Delegation Usage Guide]]
* [[ValWhatWhyHow][Virtuoso Authentication Layer (VAL) - What, Why and How]]
* [[ValQuickStartGuide][Virtuoso Authentication Layer - ACL System QuickStart Guide]]
* [[http://docs.openlinksw.com/virtuoso/odbcimplementation.html#secureodbcx509][Using X509 Certificates With ODBC Connection]]
|
id
| - 97cf6eb2fe7763c01d7ca869b37d6a66
|
link
| |
has container
| |
http://rdfs.org/si...ices#has_services
| |
atom:title
| - VirtWTDStepByStepConfigGuide
|
links to
| |
atom:source
| |
atom:author
| |
atom:published
| |
atom:updated
| |
topic
| |
is made
of | |
is container of
of | |
is link
of | |
is http://rdfs.org/si...vices#services_of
of | |
is links to
of | |
is creator of
of | |
is atom:entry
of | |
is atom:contains
of | |