VirtSPARQLSecurityWebID Securing your SPARQL Endpoint via WebID Securing your SPARQL Endpoint via WebID SPARQL endpoints are easy for random visitors to accidentally overload. Virtuoso allows you to secure your SPARQL endpoint against such abuses in various ways, including the WebID Protocol. The WebID Protocol links a Web ID to a public key, to create a global, decentralized/distributed, and open -- yet secure! -- authentication system that functions with existing browsers. Virtuoso lets you set WebID Protocol-based ACLs (Access Control Lists) to restrict and permit various levels of activity based on the visitor's WebID, through the SPARQL-WebID endpoint, <https://<cname>:<port>/sparql-webid>, e.g., https://virtuoso.example.com:8889/sparql-webid. Accessing Virtuoso's WebID Protocol ACLs Load the Conductor in your browser, http://<cname>:<port>/conductor, e.g., http://virtuoso.example.com:8889/conductor. Log in as a DBA-privileged user, e.g., dba. Drill down to to Linked Data -> Access Controls -> SPARQL-WebID.
Sample scenario The following sample scenario demonstrates setting WebID Protocol ACLs using the Virtuoso Authentication Server UI: Download and install the conductor_dav.vad package. Generate an X.509 Certificate hosted WebID. Create SPARQL-WebID based Endpoint. Go to http://<cname>:<port>/conductor, where <cname>:<port> are replaced by your local server values. Log in as user "dba" or another user with DBA privileges Go to Linked Data -> Access Controls -> SPARQL-WebID
In the shown form: Enter for Web ID for ex.: http://id.myopenlink.net/dataspace/person/demo#this Select "SPARQL Role" for ex. "Sponge".
Click the "Register" button. As result the WebID Protocol ACLs will be created.
Go to the SPARQL+WebID endpoint https://<cname>:<port>/sparql-webid Select the user's certificate from above:
As result the SPARQL Query UI will be presented:
Execute sample query and view the results:
More Examples More examples with the ACL engine rules for using SPARQL ASK to make sophisticated data access policies based on social entity relationship semantics: Using Social Relationship Semantics & WebID to Drive Resource Access Control Confining Resource (Data) Access to a Group Entity Related Safeguarding your Virtuoso-hosted SPARQL Endpoint SPARQL Endpoint Protection Methods Collection Virtuoso documentation SPARQL Service Endpoint Service Endpoint Security Managing a SPARQL Web Service Endpoint SPARQL Virtuoso Tips and Tricks Collection SPARQL Endpoint DET Configuration Guide SPARQL OAuth Tutorial Securing SPARQL endpoints SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint Virtuoso Authentication Server UI Manage a SPARQL-WebID based Endpoint Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener WebID Protocol Support in OpenLink Data Spaces. Manage ODS Datadspaces Objects WebID Access Control Lists (ACLs): ODS Briefcase WebID based ACL Guide Person Entity WebID based ACL Guide Group Entity WebID based ACL Guide Public WebID based ACL Guide ODS Feed Manager WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID ODS Calendar WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID ODS Bookmark Manager WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID ODS Addressbook WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates. Setting up PubSubHub in ODS PubSubHubBub Demo Client Example Feed subscription via PubSubHub protocol Example Setting Up PubSubHub to use WebID Protocol or IP based control lists CA Keys Import using Conductor Generate an X.509 Certificate hosted WebID Guide Generate an X.509 Certificate (with a WebID watermark) to be managed by host operating system keystore Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate ODS Briefcase WebID Protocol Share File Guide WebID Protocol Specification Test WebID Protocol Certificate page WebID Protocol Certificate Generation page CategoryWebID CategoryVirtuoso CategoryODS CategoryRDF