Extending the WebID protocol with access delegation

The WebID protocol enables the global identification and authentication of agents in a distributed manner by combining asymmetric cryptography and Linked Data. In order to decide whether access should be granted or denied to a particular WebID, the authenticating web server may need to retrieve other profiles and linked resources to work out if the requesting agent is member of an authorized group (e.g. friends of the resource owner's friends). If it were required for such resources to be publicly available, this would be a major privacy limitation on a linked Social Network. In this paper we explore different ways in which an agent can act on behalf of a user and we propose an extension to the WebID protocol which allows for delegation of access authorization. This extends the range of application scenarios where WebID authentication can be efficiently deployed while increasing privacy.