Enforcing usage control policies in solid using rule-based web agents

Abstract

A core feature of the Solid ecosystem is enabling the sharing of data resources with other agents using access control policies. However, the decision of allowing access (or not) to a given data resource may not be final and might need to change over time. The Solid authorization specifications do not allow expressing and thus neither enforcing complex constraints (e.g., temporal) on access or more generally, usage policies. A policy language that does have the expressivity to declare permission rules, including temporal constraints, is the Open Digital Rights Language (ODRL) W3C standard. To support and enforce ODRL policies over Solid resources, we design and implement a Web agent-based solution where an agent (i) decomposes ODRL policies into actionable tasks (such as granting and retracting access to resources) using declarative condition-action rules and; (ii) takes care of

executing such tasks. Usage control within Solid can be delegated to agents such that neither applications nor users within the ecosystem need to ensure that access permissions over their data resources are valid and up to date. We show how the expressivity limitations for usage control of the current Solid specifications could be addressed by supporting ODRL via long-running Web agents with the task of enforcement. Since currently all data-sharing actions within the Solid ecosystem are manually executed by the owner of the resource, future work includes automating policy-based negotiation processes among actors through Web agents.