%META:TOPICPARENT{name="VirtSPARQLSecurityWebID"}% ---+ Constraining Resource Access Using Social Relationship Semantics and WebID %TOC% ---++ Introduction The following example demonstrates how you can leverage the combined power of a SPARQL ASK Query, Social Relationship Semantics, and Web-accessible Linked Data to constrain access to a protected resource. Basically, you need to: * Set a foaf:knows relationship in your user's profile * Set an ACL rule that requires you to prove (via WebID protocol and a Linked Data based profile resource) that you have a WebID that's in a knows relation with our example user * Create a protected resource accessible from a location on the Web via its URL ---++ Prerequisites The following packages should be installed, prior to performing this exercise: * [[https://virtuoso.openlinksw.com/download/][ods_framework_dav.vad]] * [[https://virtuoso.openlinksw.com/download/][ods_briefcase_dav.vad]] ---++ Steps ---+++ Step 1 -- Set a foaf:knows relationship in your profile 1 Assuming John has the following [[http://ods.openlinksw.com/wiki/ODS/ODSGenerateX509Certificate][WebID]]: http://id.myopenlink.net/dataspace/person/john#this 1 Assuming Kate is friend of John and John wants to only share a resource with 1 person -- Kate. To be able to view this resource, Kate needs to make sure John is added as friend in her profile's data with the following relation: 1 Go to http://host:port/ods -> Sign In and enter Kate's credentials: %BR%%BR%%BR%%BR% 1 Go to Profile->Edit: %BR%%BR%%BR%%BR% 1 Go to "Annotations": %BR%%BR%%BR%%BR% 1 In the presented form enter: * "Relation": foaf:knows ; * "URI": http://id.myopenlink.net/dataspace/person/john#this ; * "Label": John %BR%%BR%%BR%%BR% 1 Click "Add": %BR%%BR%%BR%%BR% ---+++ Step 2 -- Create a Web Resource that should only be accessible to people that are friends to John 1 Go to http://host:port/ods and log in with John's credentials: %BR%%BR%%BR%%BR% 1 Click on the Briefcase application link and click on the "New Folder" menu item to create the sub-folder: "WebIDPlayground": %BR%%BR%%BR%%BR% 1 Click "Create". 1 The new created folder should be presented in the list of folders and resources for user John: %BR%%BR%%BR%%BR% 1 Go to "WebIDPlayground" folder and using the "Upload" feature upload a resource, ex. an image "OpenLink.png" from above: %BR%%BR%%BR%%BR% %BR%%BR%%BR%%BR% ---+++ Step 3 -- Share the Web Resource URL with people that are friends of John 1 For the create folder "WebIDPlayground" from above, click its "Update Properties" link: %BR%%BR%%BR%%BR% %BR%%BR%%BR%%BR% 1 Go to "Sharing": %BR%%BR%%BR%%BR% 1 In "WebID users" section click the green "plus" button with label "Add": %BR%%BR%%BR%%BR% 1 In the presented form: 1 Change "Access type" to "Advanced"; 1 For "Criteria" click the green "plus" button and select "Certificate - SPARQL ASK" %BR%%BR%%BR%%BR% 1 Should appear a drop-down menu list with 2 values: "equal to" and "not equal to". Select the "equal to" value: %BR%%BR%%BR%%BR% 1 Should appear a drop-down menu list with 2 values: "yes" and "no". Leave the default presented value "yes" as selected: %BR%%BR%%BR%%BR% 1 Modify the SPARQL ASK statement by replacing it with this one: prefix sioc: prefix rdfs: prefix foaf: ASK where {^{webid}^ rdf:type foaf:Person; foaf:knows } %BR%%BR%%BR%%BR% 1 Click "Update": %BR%%BR%%BR%%BR% ---+++ Step 4 -- View the shared document 1 As per the sharing done from above, Kate should be able to see the Web resource https://host:port/DAV/home/John/WebIDPlayground/ if she authenticates with her [[http://ods.openlinksw.com/wiki/ODS/ODSGenerateX509Certificate][X 509. WebID Watermarked Certificate]] 1 Navigate to https://host:port/DAV/home/John/WebIDPlayground/ 1 When prompted for authentication, select for Kate's X 509 WebID Watermarked Certificate: %BR%%BR%%BR%%BR% 1 Kate should successfully view the shared Web document -- %BR%%BR%%BR%%BR% ---++ Related * [[https://plus.google.com/112399767740508618350/posts/7A3Kgs4HMHk][Using Social Relationship Semantics and WebID to Drive Resource Access Control]] * [[VirtSPARQLSecurityWebIDSPARQLASKExample][Constraining Resource Access To Group Members]] * [[https://plus.google.com/112399767740508618350/posts/i1WnaThyy2u][Confining Resource (Data) Access to a Group Entity]] * [[http://www.youtube.com/watch?v=gzqHVUb3qrw&feature=share][Power of WebID + OpenID Hybrid Protocol via Internet Explorer & Windows]] * [[http://www.youtube.com/watch?v=eXoxUo7Py4M&feature=share][Using Safari to Demonstrate WebID + OpenID Hybrid Protocol Power!]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLEndpointProtection][Safeguarding your Virtuoso-hosted SPARQL Endpoint]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtTipsAndTricksGuideSPARQLEndpointProtection][SPARQL Endpoint Protection Methods Collection]] * [[http://docs.openlinksw.com/virtuoso/][Virtuoso documentation]] * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpoint][SPARQL Service Endpoint]] * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpointuri][Service Endpoint Security]] * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#sparqwebservicetbl][Managing a SPARQL Web Service Endpoint]] * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html][SPARQL]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtTipsAndTricksGuide][Virtuoso Tips and Tricks Collection]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLDET][SPARQL Endpoint DET Configuration Guide]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLSecurityWebID][WebID Protocol & SPARQL Endpoint ACLs Tutorial]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtOAuthSPARQL][SPARQL OAuth Tutorial]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtTipsAndTricksGuideSPARQLEndpoints][Securing SPARQL endpoints]] * [[http://ods.openlinksw.com/wiki/ODS/OdsSPARQLAuth][SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtAuthServerUI][Virtuoso Authentication Server UI]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLSSL][Manage a SPARQL-WebID based Endpoint]] * [[http://ods.openlinksw.com/wiki/ODS/VirtODSSecurityWebID][WebID Protocol Support in OpenLink Data Spaces]]. * Manage ODS Datadspaces Objects WebID Access Control Lists (ACLs): * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebID][ODS Briefcase WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDPerson][Person Entity WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDGroup][Group Entity WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDPublic][Public WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACL][ODS Feed Manager WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLPerson][Person Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLGroup][Group Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLPublic][Public Specific ACL for anyone with a WebID]] * [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACL][ODS Calendar WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLPerson][Person Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLGroup][Group Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLPublic][Public Specific ACL for anyone with a WebID]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACL][ODS Bookmark Manager WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLPerson][Person Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLGroup][Group Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLPublic][Public Specific ACL for anyone with a WebID]] * [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACL][ODS Addressbook WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLPerson][Person Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLGroup][Group Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLPublic][Public Specific ACL for anyone with a WebID]] * [[http://ods.openlinksw.com/wiki/ODS/ODSPkiSetup][Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates]] * [[http://ods.openlinksw.com/wiki/ODS/ODSSetupSSL][Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSetupSSL][Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener]] * [[http://ods.openlinksw.com/wiki/ODS/VirtODSPubSubHub][Setting up PubSubHub in ODS]] * [[http://ods.openlinksw.com/wiki/ODS/VirtPubSubHub][PubSubHub Demo Client Example]] * [[http://ods.openlinksw.com/wiki/ODS/VirtFeedPubSubHub][Feed subscription via PubSubHub protocol Example ]] * [[http://ods.openlinksw.com/wiki/ODS/VirtPubSubHubACL][Setting Up PubSubHub to use WebID Protocol or IP based control lists]] * [[http://ods.openlinksw.com/wiki/ODS/OdsKeyImport][CA Keys Import using Conductor]] * [[http://ods.openlinksw.com/wiki/ODS/ODSGenerateWebIDX509CertOSKeystore][Generate an X.509 Certificate (with a WebID watermark) to be managed by host operating system keystore]] * [[http://ods.openlinksw.com/wiki/ODS/ODSGenerateWebIDX509CertBrsKeystore][Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore]] * [[http://ods.openlinksw.com/wiki/ODS/ODSWebIDIdP][Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate]] * [[http://ods.openlinksw.com/wiki/ODS/ODSWebIDIdpProxy][Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDShareFile][ODS Briefcase WebID Protocol Share File Guide]] * [[http://esw.w3.org/topic/foaf+ssl][WebID Protocol Specification]] * [[https://foaf.me/simpleLogin.php][Test WebID Protocol Certificate page]] * [[http://test.foafssl.org/cert/][WebID Protocol Certificate Generation page]]