Skip to main content

AuthApp – Portable, Reusable Solid App for GDPR-Compliant Access Granting

  • Conference paper
  • First Online:
Web Engineering (ICWE 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14629))

Included in the following conference series:

  • 828 Accesses

Abstract

The Solid (Social Linked Data) technology family was developed to provide the foundation for Data Sovereignty in the context of web applications. The advantage of this innovative approach is the opportunity to dynamically bind an identity to a Solid application and a user-specific Solid data store (Solid Pod). These three basic components can be combined dynamically, allowing users to share their data with an application while retaining full control of the data in self-managed Solid Pods. This paper presents a prototype of a web-based user interface to grant access to data in a Solid Pod. To enable a dynamic binding into Solid-driven environments, we made the implementation available as a Solid application – AuthApp – with a specific focus on allowing users to configure the data access granting efficiently. To comply with data protection regulations, in particular Europe’s GDPR, we extended the standard to include the validation of the purpose of data sharing. Unlike previous work, we also make full use of robust technologies to avoid the need to copy or store data outside the personal context, meaning all data remains under the user’s control and so does the AuthApp.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    cf. https://solidproject.org/.

  2. 2.

    W3C RDF Working Group.

  3. 3.

    PREFIX interop: <http://www.w3.org/ns/solid/interop#>.

  4. 4.

    cf. https://solidproject.org/.

  5. 5.

    cf. https://solidproject.org/apps.

  6. 6.

    cf. https://www.w3.org/wiki/WebID.

  7. 7.

    cf. https://solid.github.io/specification/.

  8. 8.

    cf. https://shapetrees.org/.

  9. 9.

    Editor’s Draft, 7 November 2023, https://solid.github.io/data-interoperability-panel/specification/.

  10. 10.

    https://github.com/DATEV-Research/Solid-authorization-app.

  11. 11.

    currently: Version 1.0.0, Editor’s Draft, 2023-11-06.

  12. 12.

    https://github.com/CommunitySolidServer.

  13. 13.

    https://github.com/nodeSolidServer.

  14. 14.

    Editor’s Draft, 7 November 2023.

  15. 15.

    https://github.com/solid/data-interoperability-panel/issues/280.

  16. 16.

    https://solid.github.io/data-interoperability-panel/specification/#access-request.

  17. 17.

    @prefix pod : <https://sme.solid.aifb.kit.edu/> .

  18. 18.

    Note, that we used the same text labels as specified in the INTEROP specification.

References

  1. Shape trees specification. https://shapetrees.org/TR/specification/

  2. Solid WebID profile. https://solid.github.io/webid-profile/

  3. Linked data platform 1.0 (2015). https://www.w3.org/TR/2015/REC-ldp-20150226/

  4. Abid, A., Cheikhrouhou, S., Kallel, S., Jmaiel, M.: Novidchain: blockchain-based privacy-preserving platform for COVID-19 test/vaccine certificates. Softw. Pract. Experience 52(4), 841–867 (2022)

    Google Scholar 

  5. Bailly, H., Papanna, A., Brennan, R.: Prototyping an end-user user interface for the solid application interoperability specification under GDPR. In: Pesquita, C., et al. The Semantic Web, ESWC 2023, LNCS, vol. 13870, pp. 557–573. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-33455-9_33

  6. Berners-Lee, T., Story, H., Capadisli, S.: Web access control. Version 1.0.0, Editor’s Draft, 2023-11-06 (2023). https://solid.github.io/web-access-control-spec/

  7. Braun, C.HJ., Käfer, T.: Self-verifying web resource representations using solid, rdf-star and signed URIs. In: Groth, P., et al. (eds.) The Semantic Web: ESWC 2022 Satellite Events, ESWC 2022, LNCS, vol. 13384, pp. 138–142. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-11609-4_26

  8. Braun, C.HJ., Käfer, T.: Web push notifications from solid pods. In: Di Noia, T., Ko, IY., Schedl, M., Ardito, C. (eds.) Web Engineering, ICWE 2022, LNCS, vol. 13362, pp. 487–490. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-09917-5_41

  9. Capadisli, S., Guy, A., Lange, C., Auer, S., Sambra, A., Berners-Lee, T.: Linked data notifications: a resource-centric communication protocol. In: Blomqvist, E., Maynard, D., Gangemi, A., Hoekstra, R., Hitzler, P., Hartig, O. (eds.) The Semantic Web, ESWC 2017, LNCS, vol. 10249, pp 537–553. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58068-5_33

  10. Dedecker, R., et al.: What’s in a Pod?–a knowledge graph interpretation for the solid ecosystem. In: 6th Workshop on Storing, Querying and Benchmarking Knowledge Graphs (QuWeDa) at ISWC 2022, pp. 81–96 (2022)

    Google Scholar 

  11. Justin Bingham, Eric PrudH́ommeaux, E.P.: Solid application interoperability. W3C Editor’s Draft. November 2023. https://solid.github.io/data-interoperability-panel/specification

  12. Mansour, E., et al.: A demonstration of the solid platform for social web applications. In: Proceedings of the 25th International Conference Companion on World Wide Web, pp. 223–226. WWW ’16 Companion (2016). https://doi.org/10.1145/2872518.2890529

  13. Ramachandran, M., Chowdhury, N., Third, A., Domingue, J., Quick, K., Bachler, M.: Towards complete decentralised verification of data with confidentiality: different ways to connect solid pods and blockchain. In: Companion Proceedings of the Web Conference 2020, pp. 645–649. WWW ’20, Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3366424.3385759

  14. Sambra, A.V., et al.: Solid: a platform for decentralized social applications based on linked data. MIT CSAIL & Qatar Computing Research Institute, Technical Report (2016)

    Google Scholar 

  15. Seneviratne, O., van der Hiel, A., Kagal, L.: Tim berners-lee’s research at the decentralized information group at MIT, p. 201-213. ACM, 1 edn. (2023)

    Google Scholar 

  16. Shore, M., Zeadally, S., Keshariya, A.: Zero trust: the what, how, why, and when. Computer 54(11), 26–35 (2021). https://doi.org/10.1109/MC.2021.3090018

  17. Stafford, V.: Zero trust architecture. NIST special publication 800, 207 (2020). https://doi.org/10.6028/NIST.SP.800-207

  18. The European Parliament and the Council of the European Union: Regulation (EU) 2016/679 (General Data Protection Regulation) GDPR. https://gdpr-info.eu/

  19. Verborgh, R.: Re-decentralizing the Web, For Good This Time, pp. 215-230. ACM, 1 edn. (2023). https://doi.org/10.1145/3591366.3591385

  20. Wang, X., Braun, C.H.J., Both, A., Käfer, T.: Using schema.org and solid for linked data-based machine-to-machine sales contract conclusion. In: Companion Proceedings of the Web Conference 2022, pp. 269–272. WWW ’22, Association for Computing Machinery (2022). https://doi.org/10.1145/3487553.3524268

  21. Werbrouck, J., Pauwels, P., Beetz, J., van Berlo, L.: Towards a decentralised common data environment using linked building data and the Solid ecosystem. In: Advances in ICT in Design, Construction and Management in Architecture, Engineering, Construction and Operations (AECO) : Proceedings of the 36th CIB W78 2019 Conference, pp. 113–123 (2019)

    Google Scholar 

Download references

Acknowledgments

This work has been supported in part by the German ministry BMBF under grant 16DTM107B (MANDAT).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Andreas Both .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Both, A. et al. (2024). AuthApp – Portable, Reusable Solid App for GDPR-Compliant Access Granting. In: Stefanidis, K., Systä, K., Matera, M., Heil, S., Kondylakis, H., Quintarelli, E. (eds) Web Engineering. ICWE 2024. Lecture Notes in Computer Science, vol 14629. Springer, Cham. https://doi.org/10.1007/978-3-031-62362-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-62362-2_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-62361-5

  • Online ISBN: 978-3-031-62362-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics