%META:TOPICPARENT{name="VirtWTDStepByStepConfigGuide"}% ---++ Using Named Graph for hosting WebID Profile Document Data This document details how a RDF Named Graph can be used for storing the WebID Profile Document data directly in the RDF Quad Store rather than in a TTL file. 1 Generate a Software Agent X509 Certificate using [[http://ods.openlinksw.com/dataspace/doc/dav/wiki/ODS/ODSGenerateWebIDX509CertOSKeystore][OpenLink Data Spaces (ODS) X509 certificate generator]]. The OpenLink public ODS instance http://id.myopenlink.net/ods , could be used for example or a local ODS instance can be setup. 1 The generated certificate will have a WebID of http://{cname}/dataspace/person/{userid} i.e. http://id.myopenlink.net/dataspace/person/u2990 using the OpenLink public ODS instance for a created userid of u2990. The generated X509 certificate p12 file can be saved to disk or loaded into target OS or Browser Key store as appropriate. 1 The :onBehalfOf relations can then be added as triples to the http://{cname}/dataspace named graph for the ODS instance to force the generation of the required RDF statements for the ODS user i.e. http://id.myopenlink.net/dataspace for the OpenLink public ODS instance for example. *Note this named graph is not the WebID of the created ODS user* 1 For example, with a X509 generated ODS certificate with WebID of http://id.myopenlink.net/dataspace/person/u2990#this and a single delegation user of wtd, its required TTL profile document entries would be: ## Profile Document combining credentials of Software Agent and Registered Users ## ## This document leverages the portability of relative hash-based HTTP URIs as Entity Identifiers ## @prefix foaf: . @prefix oplcert: . @prefix cert: . @prefix acl: . @prefix oplacl: ## Software Agent Credentials ## foaf:name "A Software Agent" ; oplcert:onBehalfOf ; cert:key [ cert:exponent "65537"^^xsd:integer ; cert:modulus "d515694af35ab5e39219c23271d46746c9c0ccb2e2ddef11f003a3cceb563038da2fb76c2851b86eac83800130bb5b98664fe1b1909535707111bf2f25104b9152b05ea47d750f9ceecae4f625aa0c0bea69ec3771c6fe8ae9a23965e58282f7c5b041dfb640c7562af8cad1a77ee099eabd2dab339ad9f8ed3871b6214e513cc9f8d6a70ecab42d54e9b79f0dc31aa28999af3924bda802e51f7e98dff5f9208e06151b6c6d78bd9af4580011bcfe7743969f418ee5f89c36f7f9a212afc450c36e32a431aa1590c69b720512cc25abb603ad31ed43929cc100a3271319ea9a5a54d926a8013b6b031f2c6909fbb4e7a3d18b536acff10709946e7a2047562"^^xsd:hexBinary ] . ## User Credentials (OnBehalfOf relation participants) ## oplacl:hasIdentityDelegate . %BR% Requiring the following equivalent triple entries be inserted into the http://id.myopenlink.net/dataspace ODS instance named graph: %BR% insert into { } insert into { [] 65537 } insert into { [] "d515694af35ab5e39219c23271d46746c9c0ccb2e2ddef11f003a3cceb563038da2fb76c2851b86eac83800130bb5b98664fe1b1909535707111bf2f25104b9152b05ea47d750f9ceecae4f625aa0c0bea69ec3771c6fe8ae9a23965e58282f7c5b041dfb640c7562af8cad1a77ee099eabd2dab339ad9f8ed3871b6214e513cc9f8d6a70ecab42d54e9b79f0dc31aa28999af3924bda802e51f7e98dff5f9208e06151b6c6d78bd9af4580011bcfe7743969f418ee5f89c36f7f9a212afc450c36e32a431aa1590c69b720512cc25abb603ad31ed43929cc100a3271319ea9a5a54d926a8013b6b031f2c6909fbb4e7a3d18b536acff10709946e7a20475621"^^ } insert into { } 1 Then assuming the p12 file was downloaded to a name of u2990_ods_cert.p12 with a password of 1, a WebID+TLS+Delegation connection with isql can be made

onBehalfOf the wtd designated delation user, with the command:

$ ./isql opllinux6.usnet.private:1113 "" 1 -X u2990_ods_cert.p12 -T ca_list_shop_2016.pem -W http://id.myopenlink.net/dataspace/person/u2990#wtd
Connected to OpenLink Virtuoso
Driver: 07.20.3217 OpenLink Virtuoso ODBC Driver
OpenLink Interactive SQL (Virtuoso), version 07.20.3217.
Type HELP; for help and EXIT; to exit.
SQL> sparql SELECT * FROM  WHERE {?s ?p ?o};
s                                                                                 p                                                                                 o
LONG VARCHAR                                                                      LONG VARCHAR                                                                      LONG VARCHAR
_______________________________________________________________________________

#this                                                                             #relatedTo                                                                        #that
#kingsley                                                                         #knows                                                                            #hugh

2 Rows. -- 95 msec.
SQL>

   1 The VAL debug trace output of the delegation connection request is as follows:

DB.DBA.USER_CERT_LOGIN: Checking VAL ACLs for Query scope in SQL realm
DB.DBA.WEBID_CHECK_DELEGATE: Looking for existence of:  cert:onBehalfOf  in 
DB.DBA.WEBID_CHECK_DELEGATE: Found onBehalfOf relation. Loading profile document http://id.myopenlink.net/dataspace/person/u2990
DB.DBA.WEBID_CHECK_DELEGATE: Found public key of software agent in delegating user's profile document
DB.DBA.USER_CERT_LOGIN: Agent/WebID 
			has SPARQL permissions: read: 1, write: 0, sponge: 0
DB.DBA.USER_CERT_LOGIN: Setting graph security callback


---+++Related

   * [[VirtWTDSoftwareAgentDocCreation][Virtuoso WebID+TLS+Delegation Step by Step Configuration Guide]]
   * [[VirtWTDServerSetup][Virtuoso Server WebID+TLS+Delegation Setup]]
   * [[VirtWTDSoftwareAgentDocCreation][Software Agent & WebID Profile Document Creation]]
   * [[VirtWTDVALACLCreation][WebID+TLS+Delegation VAL ACL Creation]]
   * [[VirtWTDACLTesting][WebID+TLS+Delegation ACL Testing]]