Using the ODRL Profile for Access Control for Solid Pod Resource Governance

Esteves, Beatriz; Rodrı́guez-Doncel, Victor; Pandit, Harshvardhan J.; Mondada, Nicolas; McBennett, Pat

doi:10.1007/978-3-031-11609-4_3

Cited by 11 publications

(12 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…That is, a policy should explicitly reflect the legal basis for a Processor accessing data in a pod, as recorded by their respective Controller. There has been work on explicitly recording the purpose of a data as part of the access control logs [9,12,13,19]. An authorisation request should record the reason why the access is requested, explaining what the user will do with the data.…”

Section: Identification Of Eventual Legal Basis (Req_05)mentioning

confidence: 99%

Assessing the Solid Protocol in Relation to Security & Privacy Obligations

Esposito¹,

Hartig²,

Horne³

et al. 2022

Preprint

View full text Add to dashboard Cite

The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be addressed. By analyzing the relevant legislation, notably GDPR, and international standards, namely ISO/IEC 27001:2011 and 15408, we formulate the primary security and privacy requirements for such a framework. Furthermore, we survey the current Solid protocol specifications regarding how they cover the highlighted requirements, and draw attention to potential gaps between the specifications and requirements. We also point out the contribution of recent academic work presenting novel approaches to increase the security and privacy degree provided by the Solid project. This paper has a twofold contribution to improve user awareness of how Solid can help protect their data and to present possible future research lines on Solid security and privacy enhancements.

show abstract

Section: Identification Of Eventual Legal Basis (Req_05)mentioning

confidence: 99%

Assessing the Solid Protocol in Relation to Security & Privacy Obligations

Esposito¹,

Hartig²,

Horne³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Researchers have proposed and explored the extension of Solid specifications to support policy management and its use in exercising more complex constraints over use of consent and data in Pods [16][17][18][19], as well as using them to control the subsequent use of data beyond access [20]. Further extensions of Solid Pods have explored mechanisms through which possession of data (e.g.…”

Section: State Of the Art Regarding Analysis Applications And Explora...mentioning

confidence: 99%

“…In such cases, the ability for data subjects to exercise their right to rectify information (Art.16) can be facilitated by providing a communication mechanism which uses the Pod to store and share the rectified information with the Data Controller as well as any other parties (Art. 19). Note that under GDPR, a Data Controller is obliged to accept a data subject's changes to their data, which effectively makes the data within a Solid Pod that is under control of the data subject an authoritative representation of their data.…”

Section: Accuracymentioning

confidence: 99%

“…In creating these concepts, existing vocabularies can be utilised or extended to avoid re-creating entirely new terms with unknown interpretations. Sources for these can be ISO standards such as those related to cloud service, or legal thesauri such as that established within EU and based on GDPR, or community efforts such as Data Privacy Vocabulary 19 (DPV) [17,59,60]. This step will enable common approaches to be discussed and developed by relevant communities, and is a precursor to enable approaches mentioned in following paragraphs that require machine-readable information for automation.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Making Sense of Solid for Data Governance and GDPR

Pandit¹

2022

Preprint

View full text Add to dashboard Cite

Solid is a new radical paradigm based on decentralising data from central organisations to individuals, that seeks to empower individuals to have active control of who and how their data is being used. In order to realise this vision, the use-cases and implementations of Solid also require to be consistent with the relevant privacy and data protection regulations such as the GDPR. However, to do so requires prior understanding of all actors, roles, and processes involved in a use-case, which then need to be aligned with GDPR's concepts to identify relevant obligations and only then investigate their compliance. To assist with this process, we apply the existing standardised terminologies and paradigms from ISO/IEC standards to describe the actors and implementations of Solid as `cloud technologies'. We then investigate the applicability of GDPR's requirements to Solid-based implementations, along with an exploration of how existing issues arising from GDPR enforcement also apply to Solid. Finally, we outline the path forward through specific extensions to Solid's specifications that mitigates known issues and enables the realisation of its benefits.

show abstract

“…If a specific set of personal data categories is specified along with the access request then only those categories will be returned. However, it must be noted that for this feature to work, the resources in the Pod need to include a RDF statement, using for instance the Extended Personal Data concepts for DPV 8 , to specify which type of data they contain. Finally, in case the user only wants to access data that is being used for a particular purpose, access control policies that define the purpose for processing the stored resources need to be defined and kept in their Pod.…”

Section: Api Developmentmentioning

confidence: 99%

Automating the Response to GDPR’s Right of Access

Esteves

Rodrı́guez-Doncel

Longares

2022

Frontiers in Artificial Intelligence and Applications

View full text Add to dashboard Cite

With the enforcement of the European Union’s General Data Protection Regulation, users of Web services – the ‘data subjects’ –, which are powered by the intensive usage of personal data, have seen their rights be incremented, and the same can be said about the obligations imposed on the ‘data controllers’ responsible for these services. In particular, the ‘Right of Access’, which gives users the option to obtain a copy of their personal data as well as relevant details such as the categories of personal data being processed or the purposes and duration of said processing, is putting increasing pressure on controllers as their execution often requires a manual response effort, and the wait time is negatively affecting the data subjects. In this context, the main goal of this work is the development of an API, which builds on the previously mentioned structured information, to assist controllers in the automation of replies to right of access requests. The implemented API method is then used in the implementation of a Solid application whose main goal is to assist users in exercising their right of access to data stored in Solid Pods.

show abstract

Using the ODRL Profile for Access Control for Solid Pod Resource Governance

Cited by 11 publications

References 2 publications

Assessing the Solid Protocol in Relation to Security & Privacy Obligations

Assessing the Solid Protocol in Relation to Security & Privacy Obligations

Making Sense of Solid for Data Governance and GDPR

Automating the Response to GDPR’s Right of Access

Contact Info

Product

Resources

About