Förderjahr 2019 / Science Call #3 / ProjektID: / Projekt: PENNI: Richtlinienbasiertes Internet der nächsten Generation
Davide Basile recently presented our joint work with Claudio Di Ciccio and Valerio Goretti on 'A Blockchain-driven Architecture for Usage Control in Solid' at the 1st Workshop on Fintech and Decentralized Finance (FiDeFix) @ the 43rd IEEE International Conference on Distributed Computing Systems.
Decentralized projects like Solid and Digi.me seek to increase data owners’ control over their data while also giving people and small organizations access to information that is typically managed by centralized platforms. The Solid community aims to achieve this objective by building web standards and best practices that make data integration simple and encourage the creation of decentralized social apps based on Linked Data concepts. However, Solid currently only supports basic access control, and thus it is not possible to ensure that data consumers adhere to usage restrictions specified by data owners. To overcome this limitation, we propose a decentralized usage control architecture that resorts to a blend of blockchain applications and trusted execution environments. We extend the state of the art by demonstrating (i) how blockchain oracles allow for seamless communication between these entities, and (ii) how Solid applications can be enhanced with usage control mechanisms. In the proposed architecture, users’ data are kept in Solid personal online datastores. Access is administered through a component named pod manager. The usage control is handled by blockchain executable applications that are capable of (i) recording where data resides, (ii) declaring what the usage restrictions are, and (iii) monitoring compliance with these policies. Applications that leverage data stored in Solid pods run in a trusted execution environment, which enables users to revoke access if data consumers do not adhere to the usage policies. Finally, blockchain oracles enable pod managers and trusted execution environments to communicate with the blockchain and vice versa. We illustrate the application of our architecture and highlight its effectiveness in the in the context of data markets.