From W3C Wiki

OpenLink Data Spaces (ODS) & WebID Protocol

Note: The WebID Protocol was previously referred to as the FOAF+SSL Protocol.

Scenario 1

You have a basic ODS FOAF profile (what you get by opening an ODS account) but no Certificate associated with your WebID (a Personal Entity URI bound to an X.509 Certificate). If you have ever registered with OpenLink (as a customer, partner, technology evaluator, or otherwise), an account was automatically created for you on the ODS service.

  1. Log in to an ODS instance, e.g.,
  2. Go to your profile page.
  3. Visit security tab.
  4. Click "Generate" button in the X509 area and a Certificate is generated and exported to your browser.
  5. Click "Save Certificate" button which then writes the Certificate data to our ODS hosted FOAF Space.
  6. Attempt an HTTPS GET against an information resource URL (i.e., load that URL with your web browser) that's served up from a Web space that supports the WebID Protocol.

Scenario 2

You have an ODS account (meaning you have a FOAF profile), you've self-signed a certificate outside ODS, and you want to bind that certificate to your ODS hosted FOAF profile.

  1. Register at
  2. Go to profile page.
  3. Visit security tab, and scroll down to the X.509 area.
  4. Paste in the exported cert (including ---Begin Certificate--- and ---End Certificate--- parts).
  5. Click on "Save Certificate" button.
  6. Bound certificate is generated and added to the FOAF profile of your ODS account, and exported to your browser.
  7. Visit a secure resource in a data space that supports the WebID Protocol.

Scenario 3

You have a Virtuoso based SPARQL endpoint, and you want to control whether users can READ-ONLY, SPONGE (specific writes to the Quad Store), or SPARQL/Update ("SPARUL"; full CRUD in the Quad Store).

  1. Send a message to @kidehen on Twitter.
  2. Your URI will be registered.
  3. Visit the WebID Protocol-based SPARQL endpoint (note: you can scope Graph IRI access to specific WebIDs).

Verifying your ODS-based Certificate with 3rd Party WebID Services

Visit any of these pages --

Making Use of the WebID Protocol via ODS


  1. Go to your profile page
  2. Pick one of the Fields in the profile page that has a drop-down for setting access privileges (e.g. email address)
  3. Set privilege to "Friends".

Data Space ACL (TBD)

  1. Go to your ODS application instance
  2. Use the Preferences option to set ACL
  3. Set privilege to "Friends".

Related documentation