Assessing the Solid Protocol in Relation to Security and Privacy Obligations

Inf. Comput. Pub Date : 2023-07-16 DOI:10.3390/info14070411
C. Esposito, Ross Horne, L. Robaldo, B. Buelens, Elfi Goesaert
{"title":"Assessing the Solid Protocol in Relation to Security and Privacy Obligations","authors":"C. Esposito, Ross Horne, L. Robaldo, B. Buelens, Elfi Goesaert","doi":"10.3390/info14070411","DOIUrl":null,"url":null,"abstract":"The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be addressed. By analysing the relevant legislation, with an emphasis on GDPR and officially approved documents such as codes of conduct and relevant security ISO standards, we formulate the primary security and privacy requirements for such a framework. The legislation places some obligations on pod providers, much like cloud services. However, what is more interesting is that Solid has the potential to support GDPR compliance of Solid apps and data users that connect, via the protocol, to Solid pods containing personal data. A Solid-based healthcare use case is illustrated where identifying such controllers responsible for apps and data users is essential for the system to be deployed. Furthermore, we survey the current Solid protocol specifications regarding how they cover the highlighted requirements, and draw attention to potential gaps between the specifications and requirements. We also point out the contribution of recent academic work presenting novel approaches to increase the security and privacy degree provided by the Solid project. This paper has a twofold contribution to improve user awareness of how Solid can help protect their data and to present possible future research lines on Solid security and privacy enhancements.","PeriodicalId":13622,"journal":{"name":"Inf. Comput.","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Inf. Comput.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/info14070411","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

Abstract

The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be addressed. By analysing the relevant legislation, with an emphasis on GDPR and officially approved documents such as codes of conduct and relevant security ISO standards, we formulate the primary security and privacy requirements for such a framework. The legislation places some obligations on pod providers, much like cloud services. However, what is more interesting is that Solid has the potential to support GDPR compliance of Solid apps and data users that connect, via the protocol, to Solid pods containing personal data. A Solid-based healthcare use case is illustrated where identifying such controllers responsible for apps and data users is essential for the system to be deployed. Furthermore, we survey the current Solid protocol specifications regarding how they cover the highlighted requirements, and draw attention to potential gaps between the specifications and requirements. We also point out the contribution of recent academic work presenting novel approaches to increase the security and privacy degree provided by the Solid project. This paper has a twofold contribution to improve user awareness of how Solid can help protect their data and to present possible future research lines on Solid security and privacy enhancements.
评估与安全和隐私义务相关的固态协议
Solid规范旨在通过赋予数据主体跨多个应用程序对其数据的直接访问控制来增强数据主体的能力。随着各国政府对公民赋权和电子政务服务的框架表现出兴趣,安全和隐私成为需要解决的关键问题。通过分析相关立法,重点是GDPR和官方批准的文件,如行为准则和相关的安全ISO标准,我们制定了该框架的主要安全和隐私要求。这项立法对豆荚供应商施加了一些义务,就像云服务一样。然而,更有趣的是,Solid有可能支持通过协议连接到包含个人数据的Solid pod的Solid应用程序和数据用户的GDPR合规性。本文介绍了一个基于solid的医疗保健用例,在该用例中,识别负责应用程序和数据用户的控制器对于部署系统至关重要。此外,我们调查了当前的Solid协议规范,了解它们如何覆盖突出显示的需求,并提请注意规范和需求之间的潜在差距。我们还指出了最近学术工作的贡献,提出了新的方法来提高Solid项目提供的安全和隐私程度。本文有两个方面的贡献,一是提高用户对Solid如何帮助保护他们的数据的认识,二是提出了Solid安全性和隐私增强方面可能的未来研究方向。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信