The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be addressed. By analyzing the relevant legislation, notably GDPR, and international standards, namely ISO/IEC 27001:2011 and 15408, we formulate the primary security and privacy requirements for such a framework. Furthermore, we survey the current Solid protocol specifications regarding how they cover the highlighted requirements, and draw attention to potential gaps between the specifications and requirements. We also point out the contribution of recent academic work presenting novel approaches to increase the security and privacy degree provided by the Solid project. This paper has a twofold contribution to improve user awareness of how Solid can help protect their data and to present possible future research lines on Solid security and privacy enhancements.
翻译:实实在在的规格旨在赋予数据主体权力,使其通过多种应用对其数据进行直接访问控制;由于各国政府正在表明对增强公民权能和电子政务服务框架的兴趣,安全和隐私是需要解决的关键问题;通过分析相关立法,特别是GDPR和国际标准,即ISO/IEC 27001:2011和15408,我们为这样一个框架制定了基本的安全和隐私要求;此外,我们调查目前的《可靠议定书》规格如何涵盖突出的要求,并提请注意规格和要求之间的潜在差距;我们还指出最近学术著作为增加固体项目提供的安全和隐私程度提供了新办法,对提高用户对固体能如何帮助保护其数据的认识,以及提出今后可能开展的关于固体安全和增强隐私的研究线作出了双重贡献。