Advanced search
1 file | 614.34 KB Add to list

A policy-oriented architecture for enforcing consent in solid

Author
Organization
Abstract
The Solid project aims to restore end-users' control over their data by decoupling services and applications from data storage. To realize data governance by the user, the Solid Protocol 0.9 relies onWeb Access Control, which has limited expressivity and interpretability. In contrast, recent privacy and data protection regulations impose strict requirements on personal data processing applications and the scope of their operation. The Web Access Control mechanism lacks the granularity and contextual awareness needed to enforce these regulatory requirements. Therefore, we suggest a possible architecture for relating Solid's low-level technical access control rules with higher-level concepts such as the legal basis and purpose for data processing, the abstract types of information being processed, and the data sharing preferences of the data subject. Our architecture combines recent technical efforts by the Solid community panels with prior proposals made by researchers on the use of ODRL and SPECIAL policies as an extension to Solid's authorization mechanism. While our approach appears to avoid a number of pitfalls identified in previous research, further work is needed before it can be implemented and used in a practical setting.
Keywords
Access Control, ODRL, Semantic Web, Consent, Solid

Downloads

  • (...).pdf
    • full text (Published version)
    • |
    • UGent only
    • |
    • PDF
    • |
    • 614.34 KB

Citation

Please use this url to cite or link to this publication:

MLA
Debackere, Laurens, et al. “A Policy-Oriented Architecture for Enforcing Consent in Solid.” COMPANION PROCEEDINGS OF THE WEB CONFERENCE 2022, WWW 2022 COMPANION, edited by Frédérique Laforest et al., Association for Computing Machinery (ACM), 2022, pp. 516–24, doi:10.1145/3487553.3524630.
APA
Debackere, L., Colpaert, P., Taelman, R., & Verborgh, R. (2022). A policy-oriented architecture for enforcing consent in solid. In F. Laforest, R. Troncy, & L. Médini (Eds.), COMPANION PROCEEDINGS OF THE WEB CONFERENCE 2022, WWW 2022 COMPANION (pp. 516–524). https://doi.org/10.1145/3487553.3524630
Chicago author-date
Debackere, Laurens, Pieter Colpaert, Ruben Taelman, and Ruben Verborgh. 2022. “A Policy-Oriented Architecture for Enforcing Consent in Solid.” In COMPANION PROCEEDINGS OF THE WEB CONFERENCE 2022, WWW 2022 COMPANION, edited by Frédérique Laforest, Raphaël Troncy, and Lionel Médini, 516–24. Association for Computing Machinery (ACM). https://doi.org/10.1145/3487553.3524630.
Chicago author-date (all authors)
Debackere, Laurens, Pieter Colpaert, Ruben Taelman, and Ruben Verborgh. 2022. “A Policy-Oriented Architecture for Enforcing Consent in Solid.” In COMPANION PROCEEDINGS OF THE WEB CONFERENCE 2022, WWW 2022 COMPANION, ed by. Frédérique Laforest, Raphaël Troncy, and Lionel Médini, 516–524. Association for Computing Machinery (ACM). doi:10.1145/3487553.3524630.
Vancouver
1.
Debackere L, Colpaert P, Taelman R, Verborgh R. A policy-oriented architecture for enforcing consent in solid. In: Laforest F, Troncy R, Médini L, editors. COMPANION PROCEEDINGS OF THE WEB CONFERENCE 2022, WWW 2022 COMPANION. Association for Computing Machinery (ACM); 2022. p. 516–24.
IEEE
[1]
L. Debackere, P. Colpaert, R. Taelman, and R. Verborgh, “A policy-oriented architecture for enforcing consent in solid,” in COMPANION PROCEEDINGS OF THE WEB CONFERENCE 2022, WWW 2022 COMPANION, Online, 2022, pp. 516–524.
@inproceedings{8752108,
  abstract     = {{The Solid project aims to restore end-users' control over their data by decoupling services and applications from data storage. To realize data governance by the user, the Solid Protocol 0.9 relies onWeb Access Control, which has limited expressivity and interpretability. In contrast, recent privacy and data protection regulations impose strict requirements on personal data processing applications and the scope of their operation. The Web Access Control mechanism lacks the granularity and contextual awareness needed to enforce these regulatory requirements. Therefore, we suggest a possible architecture for relating Solid's low-level technical access control rules with higher-level concepts such as the legal basis and purpose for data processing, the abstract types of information being processed, and the data sharing preferences of the data subject. Our architecture combines recent technical efforts by the Solid community panels with prior proposals made by researchers on the use of ODRL and SPECIAL policies as an extension to Solid's authorization mechanism. While our approach appears to avoid a number of pitfalls identified in previous research, further work is needed before it can be implemented and used in a practical setting.}},
  author       = {{Debackere, Laurens and Colpaert, Pieter and Taelman, Ruben and Verborgh, Ruben}},
  booktitle    = {{COMPANION PROCEEDINGS OF THE WEB CONFERENCE 2022, WWW 2022 COMPANION}},
  editor       = {{Laforest, Frédérique and Troncy, Raphaël and Médini, Lionel}},
  isbn         = {{9781450391306}},
  keywords     = {{Access Control,ODRL,Semantic Web,Consent,Solid}},
  language     = {{eng}},
  location     = {{Online}},
  pages        = {{516--524}},
  publisher    = {{Association for Computing Machinery (ACM)}},
  title        = {{A policy-oriented architecture for enforcing consent in solid}},
  url          = {{http://doi.org/10.1145/3487553.3524630}},
  year         = {{2022}},
}

Altmetric
View in Altmetric
Web of Science
Times cited: