Virtuoso Open-Source Edition

  • Topic
  • Discussion
  • VOS.VirtSPARQLSecurityWebIDSocialRelationshipSPARQLASKExample(Last) -- Owiki? , 2018-04-13 12:07:36 Edit owiki 2018-04-13 12:07:36

    Constraining Resource Access Using Social Relationship Semantics and WebID

    Introduction

    The following example demonstrates how you can leverage the combined power of a SPARQL ASK Query, Social Relationship Semantics, and Web-accessible Linked Data to constrain access to a protected resource. Basically, you need to:

    • Set a foaf:knows relationship in your user's profile
    • Set an ACL rule that requires you to prove (via WebID protocol and a Linked Data based profile resource) that you have a WebID that's in a knows relation with our example user
    • Create a protected resource accessible from a location on the Web via its URL

    Prerequisites

    The following packages should be installed, prior to performing this exercise:

    Steps

    Step 1 -- Set a foaf:knows relationship in your profile

    1. Assuming John has the following WebID:

      http://id.myopenlink.net/dataspace/person/john#this

    2. Assuming Kate is friend of John and John wants to only share a resource with 1 person -- Kate. To be able to view this resource, Kate needs to make sure John is added as friend in her profile's data with the following relation:

      <foaf:knows> <http://id.myopenlink.net/dataspace/person/john#this>

    3. Go to http://host:port/ods -> Sign In and enter Kate's credentials:



    4. Go to Profile->Edit:



    5. Go to "Annotations":



    6. In the presented form enter:
    7. Click "Add":



    Step 2 -- Create a Web Resource that should only be accessible to people that are friends to John

    1. Go to http://host:port/ods and log in with John's credentials:



    2. Click on the Briefcase application link and click on the "New Folder" menu item to create the sub-folder: "WebIDPlayground":



    3. Click "Create".
    4. The new created folder should be presented in the list of folders and resources for user John:



    5. Go to "WebIDPlayground" folder and using the "Upload" feature upload a resource, ex. an image "OpenLink.png" from above:







    Step 3 -- Share the Web Resource URL with people that are friends of John

    1. For the create folder "WebIDPlayground" from above, click its "Update Properties" link:







    2. Go to "Sharing":



    3. In "WebID users" section click the green "plus" button with label "Add":



    4. In the presented form:
      1. Change "Access type" to "Advanced";
      2. For "Criteria" click the green "plus" button and select "Certificate - SPARQL ASK"



      3. Should appear a drop-down menu list with 2 values: "equal to" and "not equal to". Select the "equal to" value:



      4. Should appear a drop-down menu list with 2 values: "yes" and "no". Leave the default presented value "yes" as selected:



      5. Modify the SPARQL ASK statement by replacing it with this one:

        prefix sioc: <http://rdfs.org/sioc/ns#> prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> prefix foaf: <http://xmlns.com/foaf/0.1/> ASK where {^{webid}^ rdf:type foaf:Person; foaf:knows <http://id.myopenlink.net/dataspace/person/john#this>}





    5. Click "Update":



    Step 4 -- View the shared document

    1. As per the sharing done from above, Kate should be able to see the Web resource https://host:port/DAV/home/John/WebIDPlayground/ if she authenticates with her X 509. WebID Watermarked Certificate
    2. Navigate to https://host:port/DAV/home/John/WebIDPlayground/
    3. When prompted for authentication, select for Kate's X 509 WebID Watermarked Certificate:



    4. Kate should successfully view the shared Web document --



    Related