Assessing the solid protocol in relation to security and privacy obligations

Esposito, Christian and Horne, Ross and Robaldo, Livio and Buelens, Bart and Goesaert, Elfi (2023) Assessing the solid protocol in relation to security and privacy obligations. Information, 14 (7). 411. ISSN 2078-2489 (https://doi.org/10.3390/info14070411)

Preview

Text. Filename: Esposito_etal_Information_2023_Assessing_the_solid_protocol_in_relation_to_security_and_privacy.pdf Final Published Version License: Download (847kB)| Preview

Abstract

The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be addressed. By analysing the relevant legislation, with an emphasis on GDPR and officially approved documents such as codes of conduct and relevant security ISO standards, we formulate the primary security and privacy requirements for such a framework. The legislation places some obligations on pod providers, much like cloud services. However, what is more interesting is that Solid has the potential to support GDPR compliance of Solid apps and data users that connect, via the protocol, to Solid pods containing personal data. A Solid-based healthcare use case is illustrated where identifying such controllers responsible for apps and data users is essential for the system to be deployed. Furthermore, we survey the current Solid protocol specifications regarding how they cover the highlighted requirements, and draw attention to potential gaps between the specifications and requirements. We also point out the contribution of recent academic work presenting novel approaches to increase the security and privacy degree provided by the Solid project. This paper has a twofold contribution to improve user awareness of how Solid can help protect their data and to present possible future research lines on Solid security and privacy enhancements.

ORCID iDs

Horne, Ross ORCID: https://orcid.org/0000-0003-0162-1901

• Share and Export
  

  RDF+XMLBibTeXRIOXX2 XMLRDF+N-TriplesJSONDublin CoreAtomSimple MetadataReferMETSHTML CitationASCII CitationOpenURL ContextObjectEndNoteOpenURL ContextObject in SpanMODSMPEG-21 DIDLEP3 XMLData Cite XMLRIS (EndNote Online, Zotero, Ref manager, etc)RDF+N3Multiline CSV
• Item metadata

  Item type:	Article
  ID code:	86790
  Dates:	Date Event 16 July 2023 Published 13 July 2023 Accepted
  Subjects:	Science > Mathematics > Electronic computers. Computer science > Other topics, A-Z
  Department:	Faculty of Science > Computer and Information Sciences
  Depositing user:	Pure Administrator
  Date deposited:	28 Sep 2023 09:31
  Last modified:	11 Nov 2024 14:04
  URI:	https://strathprints.strath.ac.uk/id/eprint/86790