• W3C Recommendation (end of February 2015)
• an architecture for read-write Linked Data on the Web
• defines a set of rules for RESTful HTTP operations on Web resources
  • RDF
  • non-RDF (e.g. text, binary)
• filesytem-like structure for data
  • containers (folders)
    • basic ("contains" resources)
    • direct (different membership relations)
    • indirect (at risk)
  • resources within containers (files)

Note: containers are also RDF resources!

GET /c1/ HTTP/1.1
Host: example.org
Accept: text/turtle

HTTP/1.1 200 OK
Content-Type: text/turtle
ETag: "8caab0784220148bfe98b738d5bb6d13"
Link: <http://www.w3.org/ns/ldp#BasicContainer>; rel="type"

@prefix dcterms: <http://purl.org/dc/terms/>.
@prefix ldp: <http://www.w3.org/ns/ldp#>.

<http://example.org/c1/>
   a ldp:BasicContainer;
   dcterms:title "A very simple container";
   ldp:contains <r1>, <r2>, <r3>.

POST alice/ HTTP/1.1
Host: example.org
Content-Type: text/turtle
Link: <http://www.w3.org/ns/ldp/BasicContainer>; rel="type"
Slug: photos

@prefix ldp: <http://www.w3.org/ns/ldp#> .
@prefix dcterms: <http://purl.org/dc/terms/> .

<> a ldp:Container, ldp:BasicContainer;
   dcterms:title "Photos of Alice" ;
   dcterms:description "This container will contain photos of Alice." .

HTTP/1.1 201 Created
Location: http://example.org/alice/photos/
ETag: "fffab0784220148bfe98b738d5bb6a00"
Content-Length: 0

POST /alice/ HTTP/1.1
Host: example.org
Content-Type: text/turtle
Link: <http://www.w3.org/ns/ldp#Resource>; rel="type"

@prefix foaf: <http://xmlns.com/foaf/0.1/> .

<> a foaf:PersonalProfileDocument;
    foaf:primaryTopic <#me> .
<#me> a foaf:Person;
    foaf:name 'Alice Smith'  .

HTTP/1.1 201 Created
Location: http://example.org/alice/b0da1
ETag: "8caab0784220148bfe98b738d5bb6d13"
Link: <http://www.w3.org/ns/ldp#Resource>; rel="type"

DELETE /alice/foaf HTTP/1.1
Host: example.org
If-Match: "8caab0784220148bfe98b738d5bb6d13"

HTTP/1.1 204 No Content

Note: non-empty containers will not be deleted!

OPTIONS /alice/ HTTP/1.1
Host: example.org

HTTP/1.1 200 OK
Allow: GET, PUT, POST, OPTIONS, HEAD, DELETE, PATCH
Accept-Post: text/turtle;charset=utf-8,text/n3;charset=utf-8,text/nt;charset=utf-8,text/css;charset=utf-8,text/html;charset=utf-8,text/javascript;charset=utf-8,text/plain;charset=utf-8,application/rdf+xml;charset=utf-8,application/json;charset=utf-8,multipart/form-data,image/jpeg,image/jpeg,image/png,image/gif,font/otf
Link: <http://www.w3.org/ns/ldp#BasicContainer>; rel="type"

Optional headers:

Link: <http://example.org/alice/,acl>; rel="acl"
User: https://alice.example.org/profile/card#me
Access-Control-Allow-Methods: GET, PUT, POST, OPTIONS, HEAD, DELETE, PATCH
Access-Control-Allow-Origin: *

LDP 1.0

• full CRUD support through RESTful HTTP operations
• interation model driven by HTTP headers
• filesytem-like structure for data

Planned extensions (LDP 1.1)

• simple way of patching resources - LD Patch (REC track)
• paging (REC track)
• resource quering and filtering

• decentralized access control system
• applies to Web resources (at the document level)
• integrates well with LDP
• users and groups identified by HTTP URIs (i.e. WebIDs)
• vocabulary: http://www.w3.org/ns/auth/acl
• access modes: Read / Write / Append / Control
• access can be restricted based on Origin

More info on WAC

HEAD /alice/ HTTP/1.1
Host: example.org

HTTP/1.1 200 OK
. . .
Link: <http://www.w3.org/ns/ldp#BasicContainer>; rel="type", <http://example.org/alice/,acl>; rel="acl"

GET /alice/,acl HTTP/1.1
Host: example.org
Accept: text/turtle

@prefix acl: <http://www.w3.org/ns/auth/acl#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .

<#readall> a acl:Authorization ;
           acl:accessTo <.> ;
           acl:mode acl:Read ; 
           acl:agentClass foaf:Agent .
<#acl> a acl:Authorization ;
           acl:accessTo <> ;
           acl:mode acl:Read, acl:Write ; 
           acl:agent <foaf#me>; .

• user-controlled identification mechanism
• decentralized (Web scale)
• openly extensible
• standards-based interoperability (HTTP, LDP, RDF)
• components:
  • the WebID (URI)
  • the WebID profile (RDF)
• in the process of standardization (Community Group)

WebID spec

• decentralized, secure and efficient authentication on the Web
• uses client certificates to avoid insecure passwords
• certificates do not depend on PKIs and Certification Authorities
• easy to implement - reuses existing technologies (TLS, HTTP, RDF)
• components:
  • WebID
  • X.509 client certificate
• also a work-in-progress open standard

WebID spec

• happens during the initial HTTPS (TLS) handshake
• bootstraps the identification process (discovery)
• X509v3 extension - Subject Alternative Name (contains the WebID)
• can be self-signed (but classic PKI can still be used)
• uses HTML5's <keygen> element to generate keys locally in the browser

Widget:

WebIDAuth : { details: { 
                auth: string, // type of auth method (e.g. WebID-TLS)
                success: bool, // true if auth was successful
                user: string // the WebID of the user
              } }

App:

window.addEventListener('WebIDAuth',function(e) {
  if (e.details.success === true) {
    webid = e.datails.user; // set some App-specific user variable
  } else {
    console.log("Auth failed!");
  }
},false);

• a personal (Linked) Data space -- e.g https://user.example.org/
• WebID -- e.g. https://user.example.org/profile/card#me
• WebID profile
• default workspaces -- e.g. Public, Private, Work, Family, etc.
• preferences file; may contain all kinds of useful data (e.g. preferred language, date format, apps, etc.

• run locally, browser extension or anywhere on the Web
• privacy-aware* -- p2p between browser and data spaces
• takes advantage of social graphs
• does not trap data within silos
• very extensible (leads to feature-rich apps)
• uses the Web as an OS:
  • file system-like storage (LDP)
  • data reused in multiple apps

* if it passes (your) privacy/security audits

• extend LDP with:
  • indexing & search
  • filtering
• real-time notifications!
• app store
  • privacy audits for apps
  • easy discovery & recommendations
• and finally...

• Our MIT general Linked Data Github repository
• GOLD (LDP server written in Go)
• node-ldp-httpd (LDP server based on node.js)
• ldphp (LDP server written in php)
• WebID Login/Signup
• WARP LDP resource browser
• CIMBA Microblogging app
• Boilerplate app (generic LD starter app using Angular)