Decentralization initiatives such as Solid and ActivityPub aim to give data owners more control over their data and to level the playing field by enabling small companies and individuals to gain access to data, thus stimulating innovation. However, these initiatives typically employ access control mechanisms that cannot verify compliance with usage conditions after access has been granted to others. In this paper, we extend the state of the art by proposing a resource governance conceptual framework, entitled ReGov, that facilitates usage control in decentralized web environments. We subsequently demonstrate how our framework can be instantiated by combining blockchain and trusted execution environments. Through blockchain technologies, we record policies expressing the usage conditions associated with resources and monitor their compliance. Our instantiation employs trusted execution environments to enforce said policies, inside data consumers' devices.} We evaluate the framework instantiation through a detailed analysis of requirements derived from a data market motivating scenario, as well as an assessment of the security, privacy, and affordability aspects of our proposal.
翻译:分散化倡议(例如Solid和ActivityPub)旨在使数据所有者更多地控制其数据,并通过使小公司和个人获得数据访问权限来促进创新,从而实现公平竞争。 但是,这些倡议通常采用访问控制机制,在向他人授予访问权限后无法验证合规使用条件。 本文通过提出一个资源治理概念框架(ReGov),扩展了现有技术,以便在分布式Web环境中促进使用控制。 然后,我们演示了如何通过结合区块链和受信任执行环境来实现我们的框架。 通过区块链技术,我们记录表达与资源相关的使用条件的政策,以及监视它们的合规性。 我们的实例化采用了受信任执行环境,在数据消费者的设备内强制执行这些政策。 通过从数据市场的激励场景导出的详细需求分析以及我们提议的安全性,隐私和可负担性方面的评估,我们评估了框架实例化。