ODRL Profile for Expressing Consent through Granular Access Control Policies in Solid

Solid, the emerging technology for organizing data in decentralized stores, relies on a simple authorization mechanism for granting access to data. Solid's personal online datastores (Pods) are ideal for keeping personal data, as they allow individuals to represent the access permissions in a v...

Full description

Saved in:
Bibliographic Details
Main Authors: Esteves, Beatriz, Pandit, Harshvardhan J., Rodriguez-Doncel, Victor
Format: Conference Proceeding
Language:English
Subjects:
access control
Authorization
consent
Data privacy
data protection
decentralized datastores
DPV
GDPR
privacy
regulatory compliance
Shape
Solids
Vocabulary
W3C
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Solid, the emerging technology for organizing data in decentralized stores, relies on a simple authorization mechanism for granting access to data. Solid's personal online datastores (Pods) are ideal for keeping personal data, as they allow individuals to represent the access permissions in a very simple manner using Access Control Language (ACL) expressions. Whereas these expressions suffice for yes/no and read/write permissions, they cannot represent more complex rules nor invoke regulation-specific concepts. This paper describes an extension of the ACL language and algorithm to implement consent and data requests. The extension is based on the Open Digital Rights Language (ODRL) policy language, which allows expressing rich rules, and the Data Privacy Vocabulary (DPV), which permits invoking privacy and data protection-specific terms. Some usage examples illustrate this proposal.
ISSN:2768-0657
DOI:10.1109/EuroSPW54576.2021.00038