Put together by the WebID Incubator Group chaired by Henry Story.
Keio, Beihang), All Rights Reserved.
document use rules apply.
A global distributed Social Web requires distributed identity. Following up on an earlier paper by An identity system that fits the philosophy of the web must have the following properties:
- agents should be able to control their identity,
- this identity should be linkable across sites - placing each agent in a Web of relationships,
- the web of relationships should build a web of trust that allows each agent to determine for himself what trust anchors he wishes to be guided by,
- it should be possible to describe each agent flexibly,
- it should enable global authentication,
- it should allow flexible access control that is both easy for humans and machines to use and understand,
- it should be respectful of privacy,
- the whole lifecycle of an identity, from setting up a profile, to editing it, to possibly deleting it should require nothing more than HTTP, extended by the Linked Data Platform.
The following specs have been put together by the WebID Incubator Group with those properties in mind, and following on Tim Berners Lee's Socially Aware Cloud Storage note.
- WebID 1.0 - Web Identity and Discovery
- This specification outlines a simple universal identification mechanism that is distributed, openly extensible, enabling each person to control their identity, and to build a decentralised web of trust, which can be used to allow fine grained access control.
It does this by applying the best practices of Web Architecture whilst building on well established widely deployed protocols and standards including HTML, URIs, HTTP, and RDF Semantics.
- WebID-TLS - WebID Authentication over TLS
- The WebID-TLS protocol enables secure, efficient and user friendly authentication on the Web using TLS and X.509 Certificates.
It enables people to authenticate onto any site by simply choosing one of the certificates proposed to them by their browser.
These certificates can be created by any Web Site for their users.
It is also very effective means for software agents to authenticate.
This specification extends the WebID Identity specification which defines many of the core concepts used in WebID-TLS.
- Certificate Ontology
- WebID Profile documents can be used to publish public keys that identify the referent of the WebID as the owner of the corresponding private key.
The Certificate Ontology defines the vocabulary to use to publish this information.
The benefits of WebID become even more evident if the following prototype specifications are taken
into account. These are currently published on a wiki. Please implement them, send feedback, and help us turn them into
widely implemented well reviewed specifications.
- Web Access Control
- Every resource on the Web can link to a resource describing in RDF the Access Control Restrictions on that resource: i.e. which agent or groups of agents (listed by WebID ) are allowed Read, Write or Control access on a resource.
This allows clients to understand what they need to do to get access to a resource, using the same vocabulary the server uses to give access to resources.
It also allows the Access Control rules to be editable using the same protocol defined by the Linked Data Platform.
The Linked Data Platform is putting together a set of requirements for Access Control
- Agents can be identified in many more ways than via WebIDs.
A WebID is a direct identifier: it refers directly to an agent. There are also a large number of indirect identifiers, that is identifiers that refer to things ( usually not agents ) directly, but that only indirectly refer to an agent.
For example the initial http OpenIds, directly identify a web page, and indirectly an agent.
An account name is a string that refers to itself, but indirectly identifies an account, which itself identifies a person.
A public key identifies a set of numbers, but indirectly an agent that knows the private key, etc....
Each of the identifiers then come with methods of verifying the referent.
The Identity Interoperability document should aim to show how one can transfer trust gained via one authentication procedure to another identifier, by relying on relations published between these identifiers in a Linked Data space tied potentially to a WebID.