๐ค AI Summary
To address the lack of fine-grained, dynamic permission control in personal data ecosystems, this paper proposes a user-centric access control mechanism based on an extended User-Managed Access (UMA) protocolโspecifically adapted to the Solid architecture for the first time. Methodologically, it integrates OAuth 2.0, a lightweight RESTful policy engine, and Solid POD interoperability interfaces to enable context-aware authorization decisions, real-time policy revocation, and cross-domain delegation management. The core contribution lies in bridging critical standard gaps in UMA regarding dynamic permission revocation and contextual binding. Evaluation shows >90% GDPR compliance coverage, policy deployment latency under 200 ms, and millisecond-level cross-application policy synchronization. These advances significantly enhance trustworthiness and interoperability within decentralized data ecosystems such as Solid.
๐ Abstract
The User-Managed Access (UMA) extension to OAuth 2.0 is a promising candidate for increasing Digital Trust in personal data ecosystems like Solid. With minor modifications, it can achieve many requirements regarding usage control and transaction contextualization, even though additional specification is needed to address delegation of control and retraction of usage policies.