WebID & Solid

A WebID is just an IRI that, when dereferenced, returns an RDF profile document containing the user's public key(s) and basic profile triples:

<https://alice.example/#me> a foaf:Person ;
  foaf:name "Alice" ;
  cert:key [ a cert:RSAPublicKey ; cert:modulus "..." ; cert:exponent 65537 ] .

Authentication (WebID-TLS or WebID-OIDC) proves the user controls that IRI. Combined with Solid pods, the user owns both their identifier and their data.

Your WebID is your home address and your signature, fused into a single URL. Anyone can look it up; only you can prove you're the one behind it.

Email gets close to this — a public address everyone can write to — but without the cryptographic proof of control. A WebID adds that proof: dereferencing the URL retrieves the public key, and the handshake verifies the holder of the matching private key. One IRI = identity + auth, no separate sign-up table required.

Worked example — a complete WebID profile document.

When a client dereferences <https://alice.example/#me>, the server returns an RDF document like this:

@prefix foaf: <http://xmlns.com/foaf/0.1/> .
@prefix cert: <http://www.w3.org/ns/auth/cert#> .

<https://alice.example/#me> a foaf:Person ;
  foaf:name "Alice" ;
  foaf:knows <https://bob.example/#me> ;
  cert:key [ a cert:RSAPublicKey ;
    cert:modulus "00c2c4b7e9..." ;
    cert:exponent 65537
  ] .

Three things to notice:

• The subject is the full IRI (including #me) — this is the identity.
• a foaf:Person declares the kind of thing it is.
• cert:key [ ... ] holds the public key inline as a blank node. The handshake verifies the client holds the matching private key.

For the playground below, you only need foaf:name and a cert:key blank node — use this template as a starting point.