| Summary: | In today’s digital landscape, the Web has become increasingly centralized, raising concerns about user privacy violations. Decentralized Web architectures, such as Solid, offer a promising solution by
empowering users with better control over their data in their personal ‘Pods’. However, a significant challenge remains: users must
navigate numerous applications to decide which application can be
trusted with access to their data Pods. This often involves reading
lengthy and complex Terms of Use agreements, a process that users
often find daunting or simply ignore. This compromises user autonomy and impedes detection of data misuse. We propose a novel
formal description of Data Terms of Use (DToU), along with a DToU
reasoner. Users and applications specify their own parts of the DToU
policy with local knowledge, covering permissions, requirements,
prohibitions and obligations. Automated reasoning verifies compliance, and also derives policies for output data. This constitutes a
“perennial” DToU language, where the policy authoring only occurs
once, and we can conduct ongoing automated checks across users,
applications and activity cycles. Our solution is built on Turtle,
Notation 3 and RDF Surfaces, for the language and the reasoning
engine. It ensures seamless integration with other semantic tools
for enhanced interoperability. We have successfully integrated this
language into the Solid framework, and conducted performance
benchmark. We believe this work demonstrates a practicality of a
perennial DToU language and the potential of a paradigm shift to
how users interact with data and applications in a decentralized
Web, offering both improved privacy and usability.
|
|---|