Verifiable Identity controlled by You, at Web-Scale

Kingsley Uyi Idehen
OpenLink Software Blog
6 min readNov 16, 2016


Situation Analysis

The 2016 US Election is over. It showcased the influence of social media stalwarts like Facebook, Google, and Twitter, and in the process magnified the fact that information provenance, privacy, security, and society are collectively being challenged like no other time in our history.

In my personal opinion, these challenges are the product of development and deployment of applications and services that follow flawed Web 2.0 development patterns.

Web 2.0 Problem?

Fundamentally, Web 2.0 applications do not take a granular approach to identity and do not leverage the nature of entity relationship type semantics with regards to fundamental design.

For instance, a majority of Web 2.0 applications do not recognize Application Users as distinct entities from the Applications they use. None of them adapt open standards (such as X.509 Certificates) as Identity Claims bearing tokens due to misunderstandings that arise with PKI (Public Key Infrastructure) in the areas of UI (User Interface) and UX (User Interaction).

Surprisingly, though X.509 certificates drive eCommerce globally, via its role as the token used to verify the identities of retailers, we fail to reuse this standard to distinctly identify Applications and their Users. Net effect, individual identity is controlled by application and service providers rather than end-users.

How do we solve this problem?

Fix the problem head-on, as I will demonstrate in this post using our newly released YouID Browser Extension. Fundamentally, this is about taking the tedium out of creating and using an X.509 Certificate (Digital Identity Card) and complementing that with the same ease of use when authenticating against applications and services that support TLS (which already includes functionality for Client Authentication Challenges).

What is the YouID Browser Extension?

The new YouID Browser Extension lets you take full control of your Identity in cyberspace using existing open standards. It distinguishes the identity of a Web Application from the identity of an Application User, and as a result, it solves the UI/UX paradox that has challenged Web Application development and deployment since the inception of the World Wide Web.

Why is it important?

Every aspect of the Web — from Email to Social Media and beyond — has been challenged by identity and privacy for years. The rise of social media behemoths, hosted email services, and increasingly myopic desktop email apps have only made matters worse.

There is no escaping the need for verifiable identity in all of these. This is a classic example of a power that must be taken, rather than expecting it to ever be given.

Unknown to most, we already have open standards that can enable one to take full control over their online identity. Unfortunately, demonstrating this reality in a user-friendly form is all but impossible with existing browsers, without adding one or more browser extensions.

How do I use it?

Simply download and install our new YouID browser extension for Chrome, Opera, Vivaldi, or Firefox (a build for Edge is coming soon) to experience what’s previously been deemed impossible — i.e., you can now create, control, and use your own ID cards with existing open standards, such as:

  • HTTP URIs — used for Agent (Person, Organization, Software) Identification (also known as WebIDs)
  • RDF Language Sentences — used for the Agent Description (including how a Person is associated with Software Applications [User Agents]) i.e., profile document creation
  • HTTPS — used for Secure Transmission of Agent Profile and other Data
  • WebID+TLS — used to verify Agent Identity Claims, this extension of HTTPS extends its handshake scope beyond HTTPS Server Machines to include various other Agents
  • WebID+TLS+Delegation — used to distinguish between Software and its Users, this extends WebID+TLS to allow the evaluation of these and other delegate relationships types

WebID Registration

Here is a collection of screenshots that outline the process of registering a WebID with this extension:

Location in Chrome Extensions Toolbar

Initial dialog prior to existence of any registered WebID

Entering an actual WebID

Registered a WebID following successful lookup

Registering another WebID

Successful registration of additional WebID

Two registered WebIDs available for use

Selecting a WebID for use across HTTPS sessions

Using WebID Extension to log into HTTPS-based Web Applications

The following collection of screenshots demonstrates how to make use of WebIDs registered in your browser, courtesy of the YouID Browser Extension.

Go to the homepage of an HTTPS Application (e.g., the SPARQL Query Service endpoint we provide at: ):

Log in to your HTTPS application, and then authenticate using the WebID+TLS protocol (that is, authenticate using your Software Agent’s credentials, by selecting its X.509 certificate):

Following selection of and successful authentication through the WebID+TLS protocol, you can see that you are logged in under the identity associated with the WebID that you selected via the YouID Browser Extension:

Click on the YouID icon in your Browser’s Toolbar, and select a different WebID as the default:

Then return to your application and click on the “Change Login” link. This lets you log in to the same application using a different WebID, without restarting your browser:

Following authentication using WebID+TLS, note that you’ve been successfully logged in using a different WebID — the one you selected as your new default via the YouID Browser Extension:

What’s novel about any of this?

I’ve just demonstrated how the nature (semantics) of the relationship between an application and its user has been successfully integrated into an existing protocol for secure interaction between Web applications (the browser and the query service provider), using existing open standards. All of this has been achieved without compromising UI and UX, too!

Now that the identity of an application and its users are distinguishable, you can interact with applications that implement fine-grained access controls (or data access policies) that are scoped to specific user identities, user groups defined by lists, or user groups defined by sophisticated rules expressed in query languages like SPARQL. This flexibility replaces today’s common weak conflation of user and application identities that does nothing but compromise privacy (and eventually security) for all.




Kingsley Uyi Idehen
OpenLink Software Blog

CEO, OpenLink Software —High-Performance Data Centric Technology Providers.