@prefix : . @prefix schema: . @prefix owl: . @prefix xsd: . @prefix rdfs: . @prefix rdf: . @prefix xml: . @prefix dcterms: . @prefix vann: . @prefix vs: . @prefix prov: . @prefix foaf: . @prefix dc: . :authorization a owl:ObjectProperty ; rdfs:comment "URI of the authorization server."@en ; rdfs:label "authorization" ; schema:domainIncludes :OAuth2SecurityScheme , :PoPSecurityScheme , :BearerSecurityScheme . :in a owl:DatatypeProperty ; rdfs:comment "Specifies the location of security authentication information."@en ; rdfs:label "in" ; schema:domainIncludes :PoPSecurityScheme , :BearerSecurityScheme , :APIKeySecurityScheme , :DigestSecurityScheme , :BasicSecurityScheme . :BasicSecurityScheme a owl:Class , rdfs:Class ; rdfs:comment "Basic authentication security configuration identified by the term basic (i.e., \"scheme\": \"basic\"), using an unencrypted username and password. This scheme should be used with some other security mechanism providing confidentiality, for example, TLS."@en ; rdfs:label "BasicSecurityScheme" ; rdfs:subClassOf :SecurityScheme . :SecurityScheme a owl:Class , rdfs:Class ; rdfs:comment "Metadata describing the configuration of a security mechanism. The value assigned to the name scheme MUST be defined within a vocabulary included in the Thing Description, either in the present vocabulary or in a TD context extension." ; rdfs:label "SecurityScheme" . :PoPSecurityScheme a owl:Class , rdfs:Class ; rdfs:comment "Proof-of-possession (PoP) token authentication security configuration identified by the term pop (i.e., \"scheme\": \"pop\"). Here jwt indicates conformance with !RFC7519, jws indicates conformance with !RFC7797, cwt indicates conformance with !RFC8392, and jwe indicates conformance with RFC7516, with values for alg interpreted consistently with those standards. Other formats and algorithms for PoP tokens MAY be specified in vocabulary extensions." ; rdfs:label "PoPSecurityScheme" ; rdfs:subClassOf :SecurityScheme . :format a owl:DatatypeProperty ; rdfs:comment "Specifies format of security authentication information."@en ; rdfs:label "format" ; schema:domainIncludes :PoPSecurityScheme , :BearerSecurityScheme . :scopes a owl:DatatypeProperty ; rdfs:comment "Set of authorization scope identifiers provided as an array. These are provided in tokens returned by an authorization server and associated with forms in order to identify what resources a client may access and how. The values associated with a form should be chosen from those defined in an OAuth2SecurityScheme active on that form.
This feature is at risk."@en ; rdfs:label "scopes" ; schema:domainIncludes :OAuth2SecurityScheme . :CertSecurityScheme a owl:Class , rdfs:Class ; rdfs:comment "Certificate-based asymmetric key security configuration conformant with X509V3 identified by the term cert (i.e., \"scheme\": \"cert\")." ; rdfs:label "CertSecurityScheme" ; rdfs:subClassOf :SecurityScheme . : a owl:Ontology ; dc:title "Security mechanisms for the Web of Things"@en ; dcterms:contributor ; dcterms:creator ; dcterms:license ; vann:preferredNamespacePrefix "wotsec" ; vann:preferredNamespaceUri "https://www.w3.org/2019/wot/security#" ; owl:versionInfo "0.0.1" . :qop a owl:DatatypeProperty ; rdfs:comment "Quality of protection.
This feature is at risk." ; rdfs:label "qop" ; schema:domainIncludes :DigestSecurityScheme . :alg a owl:DatatypeProperty ; rdfs:comment "Encoding, encryption, or digest algorithm."@en ; rdfs:label "alg" ; schema:domainIncludes :PoPSecurityScheme , :BearerSecurityScheme . :DigestSecurityScheme a owl:Class , rdfs:Class ; rdfs:comment "Digest authentication security configuration identified by the term digest (i.e., \"scheme\": \"digest\"). This scheme is similar to basic authentication but with added features to avoid man-in-the-middle attacks." ; rdfs:label "DigestSecurityScheme" ; rdfs:subClassOf :SecurityScheme . :APIKeySecurityScheme a owl:Class , rdfs:Class ; rdfs:comment "API key authentication security configuration identified by the term apikey (i.e., \"scheme\": \"apikey\"). This is for the case where the access token is opaque and is not using a standard token format."@en ; rdfs:label "APIKeySecurityScheme" ; rdfs:subClassOf :SecurityScheme . :refresh a owl:ObjectProperty ; rdfs:comment "URI of the refresh server."@en ; rdfs:label "refresh" ; schema:domainIncludes :OAuth2SecurityScheme . :token a owl:ObjectProperty ; rdfs:comment "URI of the token server."@en ; rdfs:label "token" ; schema:domainIncludes :OAuth2SecurityScheme . :name a owl:DatatypeProperty ; rdfs:comment "Name for query, header, or cookie parameters." ; rdfs:label "name" ; schema:domainIncludes :PoPSecurityScheme , :BearerSecurityScheme , :APIKeySecurityScheme , :DigestSecurityScheme , :BasicSecurityScheme . :proxy a owl:ObjectProperty ; rdfs:comment "URI of the proxy server this security configuration provides access to. If not given, the corresponding security configuration is for the endpoint.
This feature is at risk."@en ; rdfs:label "proxy" ; schema:domainIncludes :SecurityScheme . :OAuth2SecurityScheme a owl:Class , rdfs:Class ; rdfs:comment "OAuth2 authentication security configuration for systems conformant with !RFC6749 and !RFC8252, identified by the term oauth2 (i.e., \"scheme\": \"oauth2\"). For the implicit flow authorization MUST be included. For the password and client flows token MUST be included. For the code flow both authorization and token MUST be included. If no scopes are defined in the SecurityScheme then they are considered to be empty."@en ; rdfs:label "OAuth2SecurityScheme" ; rdfs:subClassOf :SecurityScheme . :flow a owl:DatatypeProperty ; rdfs:comment "Authorization flow."@en ; rdfs:label "flow" ; schema:domainIncludes :OAuth2SecurityScheme . :NoSecurityScheme a owl:Class , rdfs:Class ; rdfs:comment "A security configuration corresponding to identified by the term nosec (i.e., \"scheme\": \"nosec\"), indicating there is no authentication or other mechanism required to access the resource."@en ; rdfs:label "NoSecurityScheme" ; rdfs:subClassOf :SecurityScheme . :identity a owl:DatatypeProperty ; rdfs:comment "Identifier providing information which can be used for selection or confirmation." ; rdfs:label "identity" ; schema:domainIncludes :PublicSecurityScheme , :PSKSecurityScheme , :CertSecurityScheme . :BearerSecurityScheme a owl:Class , rdfs:Class ; rdfs:comment "Bearer token authentication security configuration identified by the term bearer (i.e., \"scheme\": \"bearer\"). This scheme is intended for situations where bearer tokens are used independently of OAuth2. If the oauth2 scheme is specified it is not generally necessary to specify this scheme as well as it is implied. For format, the value jwt indicates conformance with RFC7519, jws indicates conformance with RFC7797, cwt indicates conformance with RFC8392, and jwe indicates conformance with !RFC7516, with values for alg interpreted consistently with those standards. Other formats and algorithms for bearer tokens MAY be specified in vocabulary extensions." ; rdfs:label "BearerSecurityScheme" ; rdfs:subClassOf :SecurityScheme . :PSKSecurityScheme a owl:Class , rdfs:Class ; rdfs:comment "Pre-shared key authentication security configuration identified by the term psk (i.e., \"scheme\": \"psk\")." ; rdfs:label "PSKSecurityScheme" ; rdfs:subClassOf :SecurityScheme . :PublicSecurityScheme a owl:Class , rdfs:Class ; rdfs:comment "Raw public key asymmetric key security configuration identified by the term public (i.e., \"scheme\": \"public\")." ; rdfs:label "PublicSecurityScheme" ; rdfs:subClassOf :SecurityScheme .