465a465
< * [[http://docs.openlinksw.com/virtuoso/odbcimplementation.html#secureodbcx509][Using X509 Certificates With ODBC Connection]]
\ No newline at end of file
464d465
> * [[http://docs.openlinksw.com/virtuoso/odbcimplementation.html#secureodbcx509][Using X509 Certificates With ODBC Connection]]
459a459
< 1 [[http://tinyurl.com/hj9rjeq][SPARQL Query Results page]] where the query targets entity relationships in a protected database (a/k/a Named Graph or Document) that's only accessible to specific Users identified by a WebID (HTTP URI or Hyperlink that identifies a Person, Organization, or Software Agent), i.e., specific WebID ACL for <code><OpenPermID-bulk-assetClass-20151111_095806.ttl.gz></code>. Returns no results, as the ACLs do not allow it.
458d459
> 1 [[http://tinyurl.com/hj9rjeq][SPARQL Query Results page]] where the query targets entity relationships in a protected database (a/k/a Named Graph or Document) that's only accessible to specific Users identified by a <nop>WebID (HTTP URI or Hyperlink that identifies a Person, Organization, or Software Agent), i.e., specific <nop>WebID ACL for <code><OpenPermID-bulk-assetClass-20151111_095806.ttl.gz></code>. Returns no results, as the ACLs do not allow it.
451a451
< 1 From the presented VAL Login Dialog, select the <code>WebID-TLS</code> icon to make a WebID login.
450d451
> 1 From the presented VAL Login Dialog, select the <b><nop>WebID-TLS</b> icon to make a <nop>WebID login.
445a445
< * [[http://tinyurl.com/zbcqvfz][SPARQL Query Results page]] where the query targets entity relationships in a protected database (a/k/a Named Graph or Document) that's only accessible to specific Users identified by a WebID (HTTP URI or Hyperlink that identifies a Person, Organization, or Software Agent), i.e., specific WebID ACL for <code><OpenPermID-bulk-assetClass-20151111_095806.ttl.gz></code>. Returns no results as the ACLs do not allow it.
444d445
> * [[http://tinyurl.com/zbcqvfz][SPARQL Query Results page]] where the query targets entity relationships in a protected database (a/k/a Named Graph or Document) that's only accessible to specific Users identified by a <nop>WebID (HTTP URI or Hyperlink that identifies a Person, Organization, or Software Agent), i.e., specific <nop>WebID ACL for <code><OpenPermID-bulk-assetClass-20151111_095806.ttl.gz></code>. Returns no results as the ACLs do not allow it.
437a437
< 1 From the presented VAL Login Dialog select the <code>WebID-TLS</code> icon to make a WebID login.
436d437
> 1 From the presented VAL Login Dialog select the <b><nop>WebID-TLS</b> icon to make a <nop>WebID login.
425a425
< The [[http://osds.openlinksw.com][OpenLink Structured Data Sniffer]] (OSDS) version 2.10.8+ can be used as a vehicle for injecting <code>On-Behalf-Of:</code> request header with the value from the configured and selected WebID into HTTP requests. The is passed by setting the <b>Preferred User ID</b> value in the <b>Options</b> configuration dialog of OSDS as indicated in the following dialog:
424d425
> The [[http://osds.openlinksw.com][OpenLink Structured Data Sniffer]] (OSDS) version 2.10.8+ can be used as a vehicle for injecting <code>On-Behalf-Of:</code> request header with the value from the configured and selected <nop>WebID into HTTP requests. The is passed by setting the <b>Preferred User ID</b> value in the <b>Options</b> configuration dialog of OSDS as indicated in the following dialog:
396a396
< request header. The value of this header takes the form of a WebID that
395d396
> request header. The value of this header takes the form of a <nop>WebID that
336a338
< (application/agent/bot) are distinct i.e., you have a WebID for the
< software and a WebID for the software user. In this test scenario the
< WebID of the user (identified by value of -W parameter) is the only
335d336
> (application/agent/bot) are distinct, i.e., you have a <nop>WebID for the
> software and a <nop>WebID for the software user. In this test scenario, the
> <nop>WebID of the user (identified by value of the <code>-W</code> parameter) is the only
257a257
< * WebID for which access has been granted to the resource identified
256d257
> * <nop>WebID for which access has been granted to the resource identified
251a251
< * LODConnectivity Cert — required for WebID+TLS testing using our
250d251
> * LODConnectivity Cert — required for <nop>WebID+TLS testing using our
247a247
< Graph accessible to a specific WebID list via SQL or HTTP Realm scoped ACLs
246d247
> Graph accessible to a specific <nop>WebID list via SQL or HTTP Realm scoped ACLs
239a239
< * An X.509 Certificate is only created for the software agent (e.g., cURL, Web Browser, ODBC compliant app etc.) used to access the protected document
238d239
> * An X.509 Certificate is only created for the software agent (e.g., cURL, Web Browser, ODBC compliant app, etc.) used to access the protected document
233a233
< The OpenLink [[http://linkeddata.uriburner.com][URIBurner]] services has been setup with WebID+TLS+Delegation support enabled, with a number of ACLs in place to control access to resources by software agents and there associated delegated users.
232d233
> The OpenLink [[http://linkeddata.uriburner.com][URIBurner]] services has been set up with <nop>WebID+TLS+Delegation support enabled, with a number of ACLs in place to control access to resources by software agents and there associated delegated users.
214a214
< In this usage scenario we make use of the "OnBehalfOf:" custom HTTP request header. The value of this header takes the form of a WebID that identifies the user of an application/agent/bot accessing a protected resource via the HTTP protocol.
213d214
> In this usage scenario we make use of the "OnBehalfOf:" custom HTTP request header. The value of this header takes the form of a <nop>WebID that identifies the user of an application/agent/bot accessing a protected resource via the HTTP protocol.
166a166
< In this scenario the identity of the software user and the software (application/agent/bot) are distinct i.e., you have a WebID for the software and a WebID for the software user. In this test scenario the WebID of the user (identified by value of -W parameter) is the only identity to which protected resource access has been granted.
165d166
> In this scenario the identity of the software user and the software (application/agent/bot) are distinct, i.e., you have a <nop>WebID for the software and a <nop>WebID for the software user. In this test scenario the <nop>WebID of the user (identified by value of -W parameter) is the only identity to which protected resource access has been granted.
162a162
< WebID+TLS+Delegation connections can be tested with various client application to verify the ACLs applied are being enforced.
161d162
> <nop>WebID+TLS+Delegation connections can be tested with various client application to verify the ACLs applied are being enforced.
155a155
< 1 Select the <b>Public key authentication protocol</b> of the Authentication Method drop down list box; set the name of the <b>p12</b> certificate of the software agent to be used and <b>password</b>; set the <code><nowiki>AppUser</nowiki></code> to the name of the WebID profile document of the used the connection delegation is to be on behalf of.
154d155
> 1 Select the <b>Public key authentication protocol</b> of the Authentication Method drop down list box; set the name of the <b>p12</b> certificate of the software agent to be used and <b>password</b>; set the <code><nowiki>AppUser</nowiki></code> to the name of the <nop>WebID profile document of the used the connection delegation is to be on behalf of.
149a149
< An ODBC WebID+TLS+Delegation DSN can be configured as detailed below. In this test scenario the WebID of the user (identified by value of <code><nowiki>AppUser</nowiki></code> parameter) is the only identity to which protected resource access has been granted.
148d149
> An ODBC <nop>WebID+TLS+Delegation DSN can be configured as detailed below. In this test scenario the <nop>WebID of the user (identified by value of <code><nowiki>AppUser</nowiki></code> parameter) is the only identity to which protected resource access has been granted.
104a106
< * http://kingsley.idehen.net/DAV/home/kidehen/agent-profile-document.ttl -- WebID-Profile Document .
< * http://kingsley.idehen.net/DAV/home/kidehen/profile.ttl -- User WebID-Profile .
< * Sample WebID-Profile Document TTL snippet —
103d104
> * http://kingsley.idehen.net/DAV/home/kidehen/agent-profile-document.ttl -- <nop>WebID-Profile Document
> * http://kingsley.idehen.net/DAV/home/kidehen/profile.ttl -- User <nop>WebID-Profile
> * Sample <nop>WebID-Profile Document TTL snippet —
102a102
< ---++++ Examples documents:
101d102
> ---++++ Example documents
96a98
< * Add <code><nowiki>oplcert:onBehalfOf</nowiki></code> relations to the Agent's WebID-Profile Document that associates it with authorized Users
< * Add an entry in the WebID-Profile doc of each User that associates them with the Agent
< * Load WebID-Profile Documents into Virtuoso's Quad Store (using the variout options it supports: Sponger, SPARQL Load, ODS-Briefcase etc..) .
95d96
> * Add <code><nowiki>oplcert:onBehalfOf</nowiki></code> relations to the Agent's <nop>WebID-Profile Document that associates it with authorized Users
> * Add an entry in the <nop>WebID-Profile doc of each User that associates them with the Agent
> * Load <nop>WebID-Profile Documents into Virtuoso's Quad Store (using the various options it supports: Sponger, SPARQL Load, ODS-Briefcase, etc.)
92a92
< WebID profile documents need to be generate for the software agent and user connections are to be delegated on behalf of and accessible from suitably accessible URI.
91d92
> <nop>WebID profile documents need to be generate for the software agent and user connections are to be delegated on behalf of and accessible from suitably accessible URI.
84a84
< A Software agent server certificate needs to be generated or provided and associated with a suitable WebID as its <code>SAN</code> (Subject Alternate Name). The OpenLink [[http://id.myopenlink.net/youid/][YouID Certificate Generation]] service can be used for the create of such certificates, or any other suitable external service can be used.
83d84
> A Software agent server certificate needs to be generated or provided and associated with a suitable <nop>WebID as its <code>SAN</code> (Subject Alternate Name). The OpenLink [[http://id.myopenlink.net/youid/][YouID Certificate Generation]] service can be used for the create of such certificates, or any other suitable external service can be used.
68a68
< A Virtuoso Server instance with the WebID+TLS+Delegation feature available needs to be installed on any OS it is available for. Once installed the Virtuoso server needs to be configured to Listen on Secure SSL HTTP (i.e. https) and SQL ports using your own as detailed at:
67d68
> A Virtuoso Server instance with the <nop>WebID+TLS+Delegation feature available needs to be installed on any OS it is available for. Once installed the Virtuoso server needs to be configured to Listen on Secure SSL HTTP (i.e., https) and SQL ports using your own as detailed at:
8a8
< WebID+TLS+Delegation is an open standards based multi-protocol authentication
7d8
> <nop>WebID+TLS+Delegation is an open standards based multi-protocol authentication
2a2
< ---+ WebID+TLS+Delegation Usage Guide
1d2
> ---+ <nop>WebID+TLS+Delegation Usage Guide