Added a non-normative description about protecting a WebID profile document.
authorAndrei Sambra <andrei@fcns.eu>
Tue, 20 Nov 2012 16:20:11 -0500
changeset 309 bf5566303a91
parent 308 ed5049b7ca3c
child 310 40508035594a
Added a non-normative description about protecting a WebID profile document.
spec/identity-respec.html
--- a/spec/identity-respec.html	Tue Nov 20 22:01:17 2012 +0100
+++ b/spec/identity-respec.html	Tue Nov 20 16:20:11 2012 -0500
@@ -364,8 +364,9 @@
 <p><a href="#introduction">This section</a> gives a high level overview of WebID, and presents the organization of the specification and the conventions used throughout the document.</p>
 <p><a href="#terminology">Section 2</a> provides a short description for the most commonly used terms in this document.</p>
 <p><a href="#the-http-uri">Section 3</a> describes what a WebID URI is.</p>
-<p><a href="#publishing-the-webid-profile-document">Section 4</a> deals with the publishing of a <tref>WebID Profile</tref>.</p>
-<p><a href="#processing-the-webid-profile">Section 5</a> describes how a request for a <tref>WebID Profile</tref> should be handled.</p>
+<p><a href="#overview">Section 4</a> presents an overview of WebID.</p>
+<p><a href="#publishing-the-webid-profile-document">Section 5</a> deals with the publishing of a <tref>WebID Profile</tref>.</p>
+<p><a href="#processing-the-webid-profile">Section 6</a> describes how a request for a <tref>WebID Profile</tref> should be handled.</p>
 </section>
 </section>
 
@@ -414,7 +415,6 @@
 </section>
 </section>
 
-
 <section class='normative'>
 <h1>The HTTP URI</h1>
 
@@ -426,15 +426,23 @@
 
 </section>
 
+<section class='informative'>
+<h1>Overview</h1>
+
+<p>The relation between the <tref>WebID</tref> URI and the <tref>WebID Profile</tref> document can be presented in a graphical notation as follows.</p>
+<img id='webid-diagram' alt="WebID overview" src="img/WebID-overview.png"/>
+
+<p>The WebID URI - <em>http://www.w3.org/People/Berners-Lee/card<strong>#i</strong></em> - is an abstract representation which provides a reference to a person or to an agent.
+<p>The WebID Profile URI - <em>http://www.w3.org/People/Berners-Lee/card</em> - denotes the document describing the person or agent to which the WebID URI refers.
+The document can publish many more relations than are of interest to the WebID profile, as shown in the above graph. 
+For example a user can publish a depiction or logo, so that sites he authenticates to can personalize the user experience. He can post links to people he knows, who in turn have WebIDs published on other sites, in order to create a distributed Social Web. 
+He can also publish one or more relations to different authentication protocols. More information on WebID and other authentication protocols can be found on the <a href="http://www.w3.org/2005/Incubator/webid/wiki/Identity_Interoperability">WebID Identity Interoperability</a> page.
+</p>
+</section>
+
 <section class='normative'>
 <h1>Publishing the WebID Profile Document</h1>
 
-<p>The set of relations to be published in the <tref>WebID Profile</tref> document can be presented in a graphical notation as follows.</p>
-<img id='webid-diagram' alt="WebID overview" src="img/WebID-overview.png"/>
-<p>The document can publish many more relations than are of interest to the WebID profile, as shown in the above graph. 
-For example Bob can publish a depiction or logo, so that sites he authenticates to can personalize the user experience. He can post links to people he knows, who in turn have WebIDs published on other sites, in order to create a distributed Social Web. 
-He can also publish one or more relations to different authentication protocols. More information on WebID and other authentication protocols can be found on the <a href="http://www.w3.org/2005/Incubator/webid/wiki/Identity_Interoperability">WebID Identity Interoperability</a> page.
-</p>
 <p>
 WebID requires that servers MUST at least be able to provide Turtle representation of profile documents, but other serialization formats of the graph are allowed, provided that agents are able to parse that serialization and obtain the graph automatically.  
 Technologies such as GRDDL [[!GRDDL-PRIMER]] for example permit any XML format to be transformed automatically to a graph of relations.
@@ -480,15 +488,16 @@
     Turtle profile documents should be served with the <code>text/turtle</code> content type.
 </p>
 <pre class="example" style="word-wrap: break-word; white-space: pre-wrap;">
+ @prefix rdf: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt; .
  @prefix foaf: &lt;http://xmlns.com/foaf/0.1/&gt; .
 
- &lt;https://bob.example/profile#me&gt; a foaf:Person;
+ &lt;https://bob.example/profile#me&gt; rdf:type foaf:Person;
    foaf:name "Bob";
    foaf:knows &lt;https://example.edu/p/Alice#MSc&gt;;
    foaf:weblog &lt;http://bob.example/blog&gt;.
 </pre>
 </section>
-<section>
+<section class="informative">
 <h1>Publishing a WebID Profile using the RDFa HTML notation</h1>
 <p>RDFa in HTML [[!RDFA-CORE]] is a way to markup HTML with relations that have a well defined semantics and
     mapping to an RDF graph.  There are many ways of writing out the above graph using RDFa in
@@ -519,6 +528,45 @@
 &lt;/html&gt;
 </pre>
 </section>
+
+<section class="informative">
+<h1>Protecting parts of a WebID Profile</h1>
+<p>A WebID Profile document does not need to be a public resource. A possible way of protecting its contents can be achieved by separating parts of the profile information into separate documents, each protected by access control policies. In the following example, Bob is limiting access to his list of friends, by placing all foaf:knows relations into a separate document.</p>
+
+<pre class="example" style="word-wrap: break-word; white-space: pre-wrap;">
+ @prefix rdf: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt; .
+ @prefix foaf: &lt;http://xmlns.com/foaf/0.1/&gt; .
+ @prefix s: &lt;http://www.w3.org/2000/01/rdf-schema#&gt; .
+ 
+ &lt;https://bob.example/profile#me&gt; rdf:type foaf:Person;
+   foaf:name "Bob";
+   <strong>s:seeAlso &lt;https://bob.example/friends&gt;;</strong>
+   foaf:weblog &lt;http://bob.example/blog&gt;.
+</pre>
+
+<p>Where https://bob.example/friends is a reference to an ACL protected document containing:</p>
+
+<pre class="example" style="word-wrap: break-word; white-space: pre-wrap;">
+ @prefix rdf: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt; .
+ @prefix foaf: &lt;http://xmlns.com/foaf/0.1/&gt; .
+ 
+ &lt;https://bob.example/profile#me&gt; rdf:type foaf:Person;
+   foaf:knows &lt;https://example.edu/p/Alice#MSc&gt;.
+</pre>
+
+<p>Having the following corresponding ACL rule, expressed using the <a href="http://www.w3.org/wiki/WebAccessControl">WebAccessControl</a> ontology:</p>
+
+<pre class="example" style="word-wrap: break-word; white-space: pre-wrap;">
+ @prefix rdf: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt; .
+ @prefix acl: &lt;http://www.w3.org/ns/auth/acl#&gt; .
+ 
+ &lt;#FriendsOnly&gt;
+    &lt;acl:accessTo&gt; &lt;https://bob.example/friends&gt;;
+    &lt;acl:agent&gt; &lt;http://example.edu/p/Alice#Msc&gt;, &lt;http://example.com/people/Mary/card#me&gt;;
+    &lt;acl:mode&gt; &lt;acl:Read&gt;.
+</pre>
+</section>
+
 </section>
 
 <section class='normative'>
@@ -533,39 +581,6 @@
 <p>If the <tref>Requesting Agent</tref> wishes to have the most up-to-date Profile document for an HTTPS URL, it can use the HTTP cache control headers to get the latest versions.</p>
 </section>
 
-<section class='appendix informative' id="history">
-<h1>Change History</h1>
-<p><a href="https://dvcs.w3.org/hg/WebID/rev/46e0aadef7b6">2012-11-18</a>
-First radical change in the WebID spec, which now deals exclusively with identity.
-</p>
-<p><a href="https://dvcs.w3.org/hg/WebID/rev/46e0aadef7b6">2011-12-12</a>
-Fixed several errors in examples and diagrams, clarified TLS-Light, added SSL renegotiation, key chain and cache control, updated list people in acknowledgments.
-</p>
-<p><a href="http://www.w3.org/2005/Incubator/webid/spec/drafts/ED-webid-20111123/">2011-11-23</a>
-Wide ranging changes: Rewrote the Verification algorithm now enhanced with a detailed sequence diagram.  Moved to new ontology using xsd:hexBinary datatypes and removed rsa: ontology. Rewrote vocabulary section using clearer names. All these changes required serious rewriting everywhere.
-</p>
-<p><a href="https://dvcs.w3.org/hg/WebID/rev/6b60d7335151">2011-02-10</a>
-Move to <a href="http://www.w3.org/2005/Incubator/webid/">W3C WebID XG</a>.
-Updates from previous unofficial WebID group include changes on
-RDF/XML publishing in HTML, clarification on multiple SAN URIs and
-WebID verification steps.
-</p>
-<p><a href="https://dvcs.w3.org/hg/WebID/rev/dc93b6bbc538">2010-08-09</a>
-Updates from WebID community: moved OpenID/OAuth sections to separate document,
-switched to the URI terminology instead of URL, added "Creating the certificate"
-and "Publishing the WebID Profile document" sections with a WebID graph and
-serializations in Turtle and RDFa, improved SPARQL queries using literal
-notation with cert datatypes, updated list of contributors,
-and many other fixes.</p>
-<p><a href="https://dvcs.w3.org/hg/WebID/rev/4aef27947dec">2010-07-25</a>
-Added WebID Profile section.</p>
-<p><a href="https://dvcs.w3.org/hg/WebID/rev/805d44635286">2010-07-18</a>
-Updates from WebID community related to RDF/XML support, authentication sequence
-corrections, abstract and introduction updates.</p>
-<p><a href="https://dvcs.w3.org/hg/WebID/rev/25ba7f596f07">2010-07-11</a>
-Initial version.</p>
-</section>
-
 <section class='informative' id="acknowledgements">
 <h1>Acknowledgments</h1>