From e3dae313e9bf55d0cc6971221d43050dd8afa647 Mon Sep 17 00:00:00 2001 From: sneakers-the-rat Date: Fri, 23 Feb 2024 21:59:18 -0800 Subject: [PATCH] webit --- src/comparison/index.md | 2 ++ src/comparison/ld/index.md | 1 + src/comparison/ld/webid.md | 64 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+) create mode 100644 src/comparison/ld/webid.md diff --git a/src/comparison/index.md b/src/comparison/index.md index 437decf..ca73f48 100644 --- a/src/comparison/index.md +++ b/src/comparison/index.md @@ -42,6 +42,8 @@ data/index - [Willow Protocol](https://willowprotocol.org/) - [neurobagel](https://neurobagel.org/overview/) - [ActivityPods](https://github.com/assemblee-virtuelle/activitypods) - SOLID and ActivityPub +- [Data Treehouse](https://www.data-treehouse.com/) - ?? +- [Cambria](https://www.inkandswitch.com/cambria/) ## See also diff --git a/src/comparison/ld/index.md b/src/comparison/ld/index.md index b6ee2f0..80b5f01 100644 --- a/src/comparison/ld/index.md +++ b/src/comparison/ld/index.md @@ -10,6 +10,7 @@ ld_fragments hdt ld_platform nanopubs +webid ``` Linked data was born to be p2p. Many of the [initial, lofty visions](https://jon-e.net/surveillance-graphs/#semantic-web-priesthoods) of the [semantic web](https://jon-e.net/infrastructure/#linked-data-has-an-ambivalent-history-of-thought-regarding-the-l) are only possible with p2p systems - fluid, languagelike ontologies, portable personal data, truly decentralized information structuring on the web and so on {cite}`saundersSurveillanceGraphs2023,saundersDecentralizedInfrastructureNeuro2022`. That's one of the central goals of this project --- as might be obvious from its placeholder name: p2p-ld. diff --git a/src/comparison/ld/webid.md b/src/comparison/ld/webid.md new file mode 100644 index 0000000..d95b1d9 --- /dev/null +++ b/src/comparison/ld/webid.md @@ -0,0 +1,64 @@ +# WebID + +{index}`RDF`-based decentralized {index}`identity` protocol. + +> The WebID-TLS protocol enables secure, efficient and maximally user friendly authentication on the Web. It enables people to authenticate onto any site by simply choosing one of the certificates proposed to them by their browser. These certificates can be created by any Web Site for their users. This specification extends the WebID Identity [WEBID] specification which defines many of the core concepts used in WebID-TLS, such as the identifier, known as the WebID, as well as the associated Profile Document. +> +> WebIDs can be used to build a Web of trust using vocabularies such as [FOAF] by allowing people to link together their profiles in a public or protected manner. Such a web of trust can then be used by a Service to make authorization decisions, by allowing access to resource depending on the properties of an agent, such that he/she is known by some relevant people, works at a given company, is a family member, is part of some group, ... + +## WebID Profile Document + +```{index} Ontology; cert +``` + +You're identified by your [WebID Profile Document](https://www.w3.org/2005/Incubator/webid/spec/tls/#the-webid-profile-document). The primary purpose of the profile document is to map a URI to public keys using the [`cert` ontology](https://www.w3.org/ns/auth/cert). + +Example: + +```turtle +@prefix cert: . +@prefix xsd: . +@prefix foaf: . +@prefix rdfs: . + +<#me> a foaf:Person; + foaf:name "Bob"; + foaf:knows ; + foaf:img ; + cert:key [ a cert:RSAPublicKey; + rdfs:label "made on 23 November 2011 on my laptop"; + cert:modulus "LONG HASH STRING"^^xsd:hexBinary; + cert:exponent 65537 ; + ] . +``` + +## Certificate Generation + +The protocol works by using a profile document to generate a TLS certificate. + +- A user initiates certificate generation by creating a new public/private keypair +- the server then issues a certificate that indicates that it belongs to a particular Profile Document + +The certificate issuing server is intended to also be the same one that hosts the profile document, so it might then add the public key to the document that was used to generate the certificate. + +## Authentication + +The certificate is used to authenticate you when connecting to other servers. + +- The other server requests that you provide a certificate, this seems to be imagined as a browser popup prompting you to select from any certificate that has been previously generated by your or other servers. +- The client then proves that it has the private key that is paired with the public key, which is also listed in the profile document. +- The other server [verifies the certificate](https://www.w3.org/2005/Incubator/webid/spec/tls/#verifying-the-webids) by dereferencing the profile URL to the profile document and comparing the public key to the one in the profile with SPARQL. + + +```{todo} +Write comparison and summary re: beacons and other ID verification systems +``` + + + + +## References + +- https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html +- https://www.w3.org/2005/Incubator/webid/spec/tls/ +