Securing your SPARQL Endpoint via WebID

SPARQL endpoints are easy for random visitors to accidentally overload. Virtuoso allows you to secure your SPARQL endpoint against such abuses in various ways, including the WebID Protocol.

The WebID Protocol links a Web ID to a public key, to create a global, decentralized/distributed, and open -- yet secure! -- authentication system that functions with existing browsers.

Virtuoso lets you set WebID Protocol-based ACLs (Access Control Lists) to restrict and permit various levels of activity based on the visitor's WebID, through the SPARQL-SSL endpoint, <https://<cname>:<port>/sparql-ssl>, e.g., https://virtuoso.example.com:8889/sparql-ssl.

Accessing Virtuoso's WebID Protocol ACLs

1. Load the Conductor in your browser, http://<cname>:<port>/conductor, e.g., http://virtuoso.example.com:8889/conductor.
2. Log in as a DBA-privileged user, e.g., dba.
3. Drill down to to Linked Data -> Access Controls -> SPARQL-SSL.
   
   
   
   

Sample scenario

The following sample scenario demonstrates setting WebID Protocol ACLs using the Virtuoso Authentication Server UI:

1. Download and install the conductor_dav.vad package.
2. Generate an X.509 Certificate hosted WebID.
3. Go to http://<cname>:<port>/conductor, where <cname>:<port> are replaced by your local server values.
4. Log in as user "dba" or another user with DBA privileges
5. Go to Linked Data -> Access Controls -> SPARQL-SSL
   
   
   
   
6. In the shown form:
   1. Enter for Web ID for ex.:
      

      
      http://id.myopenlink.net/dataspace/person/demo#this
      

      
      
   2. Select "SPARQL Role" for ex. "Sponge".
      
      
      
      
7. Click the "Register" button.
8. As result the WebID Protocol ACLs will be created.
   
   
   
   
9. Go to the SPARQL+SSL endpoint https://<cname>:<port>/sparql-ssl
10. Select the user's certificate from above:
    
    
    
    
11. As result the SPARQL Query UI will be presented:
    
    
    
    
12. Execute sample query and view the results:
    
    
    
    

Related

• Setting up PubSubHub in ODS
• PubSubHubBub Demo Client Example
• Feed subscription via PubSubHub protocol Example
• Setting Up PubSubHub to use WebID Protocol or IP based control lists
• Creating and Using a SPARQL-SSL based Endpoint
• Set WebID Protocol ACLs using the Virtuoso Authentication Server UI
• SPARQL OAuth Tutorial
• WebID Protocol Support in OpenLink Data Spaces
• Guide to Setting up a X.509 certificate issuer and HTTPS listener and Generating ODS user certificates
• CA Keys Import using Conductor
• Generate an X.509 Certificate hosted WebID Guide
• ODS Briefcase WebID Protocol Share File Guide
• WebID Protocol Specification
• Test WebID Protocol Certificate page
• WebID Protocol Certificate Generation page
• Virtuoso Demo SPARQL-SSL Endpoint