Bob Ferris wrote:
Hi,
is there a best practice on how to handle personal authentication (not
the API key itself), e.g. OAuth, on Web Services? I need this for
personalisation.
Cheers,
Bob
------------------------------------------------------------------------------
_______________________________________________
Virtuoso-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/virtuoso-users
Ideally, use FOAF+SSL.
Virtuoso supports: OAuth, OpenID, FOAF+SSL, and FOAF+SSL+OpenID (so
OpenID gets FOAF+SSL authentication patter whereby username and pwd
verification is removed and you simply present Cert).
FOAF+SSL can replace the concept of an API Key too :-)
Links:
1.
http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtEC2AMIDBpediaInstall
-- DBpedia instance guide re. securing your sparql endpoint (see the
lower part of the page)
2.
http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtOAuthSPARQL
-- OAuth
3.
http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtAuthFOAFSSLACL
- FOAF+SSL
4.
http://docs.openlinksw.com/virtuoso/rdfgraphsecurity.html#rdfgraphsecurityintconfsec
-- Graph Level Security
5. http://esw.w3.org/Foaf%2Bssl -- FOAF+SSL
6.
http://ods.openlinksw.com/dataspace/dav/wiki/ODS/ODSBriefcaseFOAFSSLPerson
-- FOAF+SSL ACL example using ODS-Briefcase
--
Regards,
Kingsley Idehen
President & CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
