Constraining Resource Access Using Social Relationship Semantics and WebID?

Introduction

The following example demonstrates how you can leverage the combined power of a SPARQL ASK Query, Social Relationship Semantics, and Web-accessible Linked Data to constrain access to a protected resource. Basically, you need to:

  • Set a foaf:knows relationship in your user's profile
  • Set an ACL rule that requires you to prove (via WebID? protocol and a Linked Data based profile resource) that you have a WebID? that's in a knows relation with our example user
  • Create a protected resource accessible from a location on the Web via its URL

Prerequisites

The following packages should be installed, prior to performing this exercise:

Steps

Step 1 -- Set a foaf:knows relationship in your profile

  1. Assuming John has the following WebID:

    http://id.myopenlink.net/dataspace/person/john#this

  2. Assuming Kate is friend of John and John wants to only share a resource with 1 person -- Kate. To be able to view this resource, Kate needs to make sure John is added as friend in her profile's data with the following relation:

    <foaf:knows> <http://id.myopenlink.net/dataspace/person/john#this>

  3. Go to http://host:port/ods -> Sign In and enter Kate's credentials:



  4. Go to Profile->Edit:



  5. Go to "Annotations":



  6. In the presented form enter:
  7. Click "Add":



Step 2 -- Create a Web Resource that should only be accessible to people that are friends to John

  1. Go to http://host:port/ods and log in with John's credentials:



  2. Click on the Briefcase application link and click on the "New Folder" menu item to create the sub-folder: "WebIDPlayground?":



  3. Click "Create".
  4. The new created folder should be presented in the list of folders and resources for user John:



  5. Go to "WebIDPlayground?" folder and using the "Upload" feature upload a resource, ex. an image "OpenLink.png" from above:







Step 3 -- Share the Web Resource URL with people that are friends of John

  1. For the create folder "WebIDPlayground?" from above, click its "Update Properties" link:







  2. Go to "Sharing":



  3. In "WebID? users" section click the green "plus" button with label "Add":



  4. In the presented form:
    1. Change "Access type" to "Advanced";
    2. For "Criteria" click the green "plus" button and select "Certificate - SPARQL ASK"



    3. Should appear a drop-down menu list with 2 values: "equal to" and "not equal to". Select the "equal to" value:



    4. Should appear a drop-down menu list with 2 values: "yes" and "no". Leave the default presented value "yes" as selected:



    5. Modify the SPARQL ASK statement by replacing it with this one:

      prefix sioc: <http://rdfs.org/sioc/ns#> prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> prefix foaf: <http://xmlns.com/foaf/0.1/> ASK where {^{webid}^ rdf:type foaf:Person; foaf:knows <http://id.myopenlink.net/dataspace/person/john#this>}





  5. Click "Update":



Step 4 -- View the shared document

  1. As per the sharing done from above, Kate should be able to see the Web resource https://host:port/DAV/home/John/WebIDPlayground/ if she authenticates with her X 509. WebID Watermarked Certificate
  2. Navigate to https://host:port/DAV/home/John/WebIDPlayground/
  3. When prompted for authentication, select for Kate's X 509 WebID? Watermarked Certificate:



  4. Kate should successfully view the shared Web document --



Related