Table of contents

  1. Introduction
  2. Architecture
    1. Authentication
    2. Triplestore
    3. Filestoretodo
    4. Authorization
    5. Interfacetodo
  3. Implementation
    1. Authentication Modules
      1. WebID
      2. OAuth
      3. Facebook
      4. Google+
      5. Basic
      6. SCookie
    2. Triplestore Implementations
      1. XmlRdfTriplestoretodo
      2. TurtleTriplestoretodo
      3. PdoTriplestoretodo
      4. SparqlTriplestoretodo
    3. Filestore Implementations
      1. FsFilestoretodo
    4. Triplestore Authorization Implementations
      1. WacAuthZTriplestoretodo
    5. Filestore Authorization Implementions
      1. WacAuthZFilestoretodo
    6. Interfaces
      1. HTMLtodo
      2. RDF/XMLtodo
      3. Turtletodo
      4. SPARQLtodo

Introduction

ResourceMe is framework to build Semantic Web enabled applications. Different authentication mechanism are supported with the main focus on decentralized identities. Authorization can be granted in a fine-granular way for anything that fullfills the requirement of being a RDF triple or file. Wherever possible established standards are used. Great emphasis is placed on a modular design and PHP code that runs nearly everywhere. Only a small number of core compontents are tied to specific ontologies. Utils for well established social network ontologies are deliverd within the framework.

Architecture

Overview of the ResourceMe architecture

Authentication

Authentication is handled via modules which return lists of FOAF Agent URLs. These modules must implement the LoginModule interface. The AuthenticationManager controls the configured modules and also has the possibility to store verified URLs. The extended interface LoginCacheModule contains a set method that allows the module to persist URLs and bind it to any kind of session information.

Triplestore

Triples should be managed with an implementation of a Triplestore. Triplestores are also known as graphs. The Triplestore interface provides method to find, insert, update and delete triples. A TripleFilter is needed for the insert, update and delete method to define the set of triples the method should work with. For the update method also a TripleUpdater is needed which controls the real update after filtering the set of triples to update. A TriplestoreManager manages multiple Triplestores. This is also known as quadstore.

Filestore

todo

Authorization

Access is granted based on the FOAF Agent URLs the AuthenticationManager returns. Also the AgentManager takes the URLs from the AuthenticationManager and checks on demand if the FOAF Agent is member of a group. A class that implements the AuthZTriplestore interface uses the information provided by the AgentManager to grant access to the individial triples. The AuthZTriplestore interface extends the Triplestore interface, the underlying Triplestore can be used transpancy. AuthZTriplestore and AuthZFilestore provide a hasAccess method to check whether an agent has access to a triple or file in the definied mode. The method must not provide information about the existence of the triple or file.

Interface

todo

Implementation

As RME uses namespaces PHP version 5.3 or greater is required. The WebID and SCookie authentification modules are based on PHP OpenSSL extension. For the PDOTriplesStore implementation the PDO and the corresponding database extension is required.

Authentication Modules

WebID

WebID is an open standard for decentralized identities and logins. It's based on client certificates and therefore supported by all standard browser. The profile, that represents the identity, can be stored on any HTTP server. ResourceMe has it's own library for WebID authentication. ResourceMe is also the perfect hosting software for WebID Profiles. The authorization can be used to protect parts of your profile which should not be visible to everybody.

This modules depends on the PHP OpenSSL extension.

OAuth

OAuth 2.0 login modules just use the access token once to fetch the user profile. It's provider dependent where the URL for the identity can be extracted. Therefore an OAuth login module implementation must use a class that extends OAuthApplication.

Facebook

The Facebook authentication module uses OAuth 2.0 to get the ID of the https://graph.facebook.com/me Open Graph object.

Google+

The Google+ authentication module uses OAuth 2.0 to get the URL of the https://www.googleapis.com/plus/v1/people/me API object. Beside the access token an API key is required to get access to the API interface.

Basic

The basic login module allows to use the http basic access authentication to login via a local account. The local account is mapped to an URL.

This module avoids the idea behind the semantic web and should be only used for administrative tasks.

SCookie

The SCooke login module stores already verified agents in a cookie on the client. To avoid manipulations the cookie is signed by the server. The content itself is a JSON string. Applications on other subdomains or pathes can also create SCookies. Therefore the public key of the other applications must be added to the list of trusted keys.

This modules depends on the PHP OpenSSL extension.

Triplestore Implementations

XmlRdfTriplestore

todo

TurtleTriplestore

todo

PdoTriplestore

todo

SparqlTriplestore

todo

Filestore Implementations

todo

Triplestore Authorization Implementations

todo

Filestore Auhtorization Implementations

todo

Interfaces

HTML

todo

RDF/XML

todo

Turtle

todo

SPARQL

todo

A. References

HTML
List of HTML specifications
JSON
JavaScript Object Notation home page
RDF4627 - The application/json Media Type for JavaScript Object Notation (JSON)
FOAF
Friend of a Friend project page
Friend of a Friend vocabulary
OpenID
Offical OpenID site
RDF
RDF specification
RDFa
RDFa specification
SPARQL
SPARQL query language specification
WebID
WebID specification
WebID wiki