Assessing the Solid Protocol in Relation to Security and Privacy Obligations-Reference-Cited by-同舟云学术

Assessing the Solid Protocol in Relation to Security and Privacy Obligations

Published:2023-07-16 Issue:7 Volume:14 Page:411
ISSN:2078-2489
Container-title:Information
language:en
Short-container-title:Information

Author:

Esposito Christian¹^ORCID,Horne Ross²^ORCID,Robaldo Livio³^ORCID,Buelens Bart⁴^ORCID,Goesaert Elfi⁴

Affiliation:

1. Computer Science Department, University of Salerno, 84084 Fisciano, Italy

2. Department of Computer Science, University of Luxembourg, 4365 Esch-sur-Alzette, Luxembourg

3. Legal Innovation Lab Wales, Hillary Rodham Clinton School of Law, University of Swansea, Swansea SA2 8PP, UK

4. VITO, 2400 Mol, Belgium

Abstract

The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be addressed. By analysing the relevant legislation, with an emphasis on GDPR and officially approved documents such as codes of conduct and relevant security ISO standards, we formulate the primary security and privacy requirements for such a framework. The legislation places some obligations on pod providers, much like cloud services. However, what is more interesting is that Solid has the potential to support GDPR compliance of Solid apps and data users that connect, via the protocol, to Solid pods containing personal data. A Solid-based healthcare use case is illustrated where identifying such controllers responsible for apps and data users is essential for the system to be deployed. Furthermore, we survey the current Solid protocol specifications regarding how they cover the highlighted requirements, and draw attention to potential gaps between the specifications and requirements. We also point out the contribution of recent academic work presenting novel approaches to increase the security and privacy degree provided by the Solid project. This paper has a twofold contribution to improve user awareness of how Solid can help protect their data and to present possible future research lines on Solid security and privacy enhancements.

Funder

European Cooperation in Science and Technology

Publisher

MDPI AG

Subject

Information Systems

Link

https://www.mdpi.com/2078-2489/14/7/411/pdf

Reference66 articles.

1. Sambra, A.V., Mansour, E., Hawke, S., Zereba, M., Greco, N., Ghanem, A., Zagidulin, D., Aboulnaga, A., and Berners-Lee, T. (2016). Solid: A Platform for Decentralized Social Applications Based on Linked Data, MIT CSAIL & Qatar Computing Research Institute. Technical Report.

2. Capadisli, S., Berners-Lee, T., Verborgh, R., and Kjernsmo, K. (2023, July 12). Solid Protocol, 2023. Version 0.11.0, Editor’s Draft. Available online: https://solidproject.org/ED/protocol.

3. The European legal taxonomy syllabus: A multi-lingual, multi-level ontology framework to untangle the web of European legal terminology;Ajani;Appl. Ontol.,2016

4. Introduction for artificial intelligence and law: Special issue “natural language processing for legal texts”;Robaldo;Artif. Intell. Law,2019

5. Large-scale Legal Reasoning with Rules and Databases;Robaldo;J. Appl. Log.,2021

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Is Automated Consent in Solid GDPR-Compliant? An Approach for Obtaining Valid Consent with the Solid Protocol;Information;2023-11-24

2. PRICAR: Privacy Framework for Vehicular Data Sharing with Third Parties;2023 IEEE Secure Development Conference (SecDev);2023-10-18

3. Assessing the Solid Protocol in Relation to Security and Privacy Obligations;Information;2023-07-16