What is a WebID?

Hi my name is Yulia and I'm a curriculum engineer at Inrupt.

In this video we'll talk about WebID, and a WebID Profile. To get our own WebID and Solid Pod we'll use PodSpaces, which is an Inrupt hosted version of ESS for testing and evaluation.

According to the Solid specification, a WebID is a URL that identifies an agent. And an agent is a person, organization or device. We can think of a WebID as an entity's or agent's digital ID, like a passport number. And just like when looking up a passport number, we should be able to verify the identity of the passport holder. 

This is why the WebID URL resolves or dereferences to the WebID Profile, which is a public document that holds important information about the agent like the identity provider they trust and location of their Pods. 

The ESS WebID service ensures that the WebID Profile document is a valid RDF document. Let's create a WebID using this service, and take a look at the WebID Profile document to see how it works for authenticating an agent on the web.

To get a WebID we navigate to https://start.inrupt.com/.

Here we see that this is a space for developers to test out working with ESS and writing Solid applications. Currently, there are a few  regions where PodSpaces is available: the EU & US and Asia-Pacific. Choose your option based on your location. I'm based in the EU & US region, so that's my choice. I agree to the terms of service and proceed to make an account by clicking on the "sign up" option in this form.

We can then check our email to confirm our account, and voila, the registration has been confirmed. We can hit “continue” and log in with our credentials.

Looking at the URL, we have now moved to another ESS service which is hosted on https://login.inrupt.com/. So far we've interacted with the start services which created our WebID and provisioned us with a Solid Pod.

We're now interacting with the authentication part of the service, and it is asking that we share our WebID with this application for authentication purposes. Allowing access to our newly created WebID results in a welcome message which states our WebID and Solid Pod URLs.

If you've been following along, then congratulations! You now have a WebID and a Pod! Before we go and browse the contents of our Pod, let's take a look at the WebID URL and see what we find. 

WebID should resolve in a WebID Profile document, let's see if that happens. 

https://id.inrupt.com/foundtrtest

We see a publicly available page with some information, formatted as basic HTML. This page is the WebID Profile document, and according to the specification, this should be an RDF resource about the agent, which is me in this case. Since web browsers default to rendering resources as HTML, that's what we're getting in this window. And since it is a publicly available document, if you pause the video and follow the WebID that you're seeing on the screen, you should see the same exact WebID Profile Document in your browser as you are seeing in this video. 

Let's see if we can view this document in Turtle or JSON-LD form. If you're unfamiliar with these terms, check out the Linked Data series linked in the video description below. To get this resource in Turtle we can change the URL to end with .ttl, and to view it in JSON-LD, change the URL ending to .jsonld.

We'll stick with JSON-LD for this video since JSON is a more familiar data representation format for most developers than Turtle. We'll also copy this document into a code editor, so that we can benefit from some syntax highlighting, making it easier to read.

The subject of this RDF file is the WebID in question, all the following key-value pairs are the properties and values of this agent. We can see that this resource describes an agent because it is of type agent. Since this is RDF, a machine or a person can look up what type, or agent means in this case by following the URLs provided.

We also see an important note about the storage URL that this entity owns. This is the URL of the Pod that was provisioned earlier. We can compare this to the information that was provided to us by the start service at the end of our registration process, and verify it is indeed the same.

Another important bit of information in this document is the OIDC issuer, meaning the authority that confirms the identity of this agent on the Web. In this case we can see that https://login.inrupt.com/ is the authority on the matter of identity. However, don't take my word for it, there is a URL that defines each and every one of these terms. Looking at the objects under @context, we see that OIDC issuer is defined by https://www.w3.org/. 

Last but not least is the "primaryTopicOf" key, which is also defined within the context field of this document. primaryTopicOf has the value of a URL that contains more detailed info about this agent. The URL leads to the extended profile resource which is stored on the Pod and is private by default. This extended profile resource usually holds profile information about the entity like the name of the person or organization.

All of this information within the WebID Profile document is sufficient for an application that wants to interact with the Pod owner and request access to the data in the Pod that is necessary for the application to work for this Pod owner. 

Notice that if we try to access the Pod root or the extended profile resource within the Pod by going directly to the provided URLs, we get a 401 unauthorized access error. This is because the permissions on these resources are private by default, and the server is returning the standard HTTP error message when you try to access a resource without authorization. Instead of using a WebBrowser, a specialized application to log in and interact with the Pod is one way to proceed, if you're curious to look around. For now we'll recap what we learned about the WebID and WebID Profile document.

WebID is a URL that identifies an agent, where an agent is a person, organization or device. A WebID dereferences to a WebID Profile document which is a public document.

This document contains relevant information for any other agent to be able to interact with this agent. Which can be their Pod URL, and where to find additional information about them upon request.

This powerful tool enables entities to identify themselves across the Solid ecosystem without additional barriers.