Abstract
This paper describes prototy** of the draft Solid application interoperability specification (INTEROP). We developed and evaluated a dynamic user interface (UI) for the new Solid application access request and authorization extended with the Data Privacy Vocabulary. Solid places responsibility on users to control their data. INTEROP adds new declarative access controls. Solid applications to date have provided few policy interfaces with high usability. GDPR controls on usage are rarely addressed. Implementation identified specification and Semantic Web tool issues and also in the understandability of declarative policies, a key concern under GDPR or data ethics best practices. The prototype was evaluated in a usability and task accuracy experiment, where the UI enabled users to create access and usage control policies with an accuracy of between 72 and 37%. Overall, the UI had a poor usability rating, with a median SUS (system usability scale) score of 37.67. Experimental participants were classified according to the Westin privacy scale to investigate the impact of user attitudes to privacy on the results. The paper discusses the findings of the study and their consequences for future data sovereignty access request and authorization UI designs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
Source Code: https://github.com/HBailly/solid-auth-ui/.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
There was not enough data to evaluate the unconcerned.
References
Beznosov, K., et al.: Usability meets access control, vol. 2807, p. 73. ACM Press (2009). https://doi.org/10.1145/1542207.1542220
Bingham, J., Prud’Hommeaux, E., Pavlik, E.: Solid Application Interoperability. W3C Editor’s Draft (2022). https://solid.github.io/data-interoperability-panel/specification/
Bosquet, M.: Access Control Policy (ACP). Solid Editor’s Draft (2022). https://solid.github.io/authorization-panel/acp-specification/
Brooke, J.: SUS: a quick and dirty usability scale. In: Usability Evaluation In Industry. CRC Press (1996). Chap. Off-the-Shelf Evaluation Methods. https://doi.org/10.1201/9781498710411-35
Cao, X., Iverson, L.: Intentional access management: making access control usable for end-users. In: Proceedings of the Second Symposium on Usable Privacy and Security, SOUPS 2006, Pittsburgh, Pennsylvania, USA, pp. 20–31. Association for Computing Machinery (2006). https://doi.org/10.1145/1143120.1143124
Capadisli, S., Berners-Lee, T.: Web Access Control. Version 1.0.0. Editor’s Draft (2022). https://solid.github.io/web-access-control-spec/
Capadisli, S., et al.: Solid Protocol. Version 0.9.0 (2021). https://solidproject.org/TR/protocol
Esteves, B.: Solid ODRL access control Policies Editor. GitHub (2022). https://github.com/besteves4/solid-sope
Esteves, B., et al.: Using the ODRL profile for access control for solid pod resource governance. In: Extended Semantic Web Conference (ESWC) (2022). https://doi.org/10.5281/zenodo.6614777
Hamid, E., Jaafar, A., Choo, A.M.: A review of ‘human-computer interaction’ influence to home network. Jurnal Teknologi 75, 21–27 (2015). https://doi.org/10.11113/jt.v75.5038
Iannella, R., Villata, S.: ODRL Information Model. Version 2.2. W3C Recommendation (2018). https://www.w3.org/TR/odrl-model
Inrupt Inc., Access Policies: Universal API (2022). https://docs.inrupt.com/developer-tools/javascript/client-libraries/tutorial/manage-access-policies/
Jensen, C., Potts, C., Jensen, C.: Privacy practices of Internet users: self-reports versus observed behavior. Int. J. Hum.-Comput. Stud. 63(1–2), 203–227 (2005). https://doi.org/10.1016/j.ijhcs.2005.04.019
Kirrane, S., De Vos, M., Padget, J.: ODRL Regulatory Compliance Profile. Version 0.2. W3C Unofficial Draft (2020). https://ai.wu.ac.at/policies/orcp/regulatory-model.html
Kirrane, S., Mileo, A., Decker, S.: Access control and the resource description framework: a survey. In: Grau, B.C. (ed.) Semantic Web 8, pp. 311–352 (2016). https://doi.org/10.3233/SW-160236
Kumaraguru, P., Cranor, L.: Privacy indexes: a survey of Westin’s studies. Technical report, Carnegie Mellon University, Pittsburgh, PA (2005). https://www.cs.cmu.edu/ ponguru/CMU-ISRI-05-138.pdf
Liu, Y., Osvalder, A.-L., Karlsso, M.A.: Considering the importance of user profiles in interface design. In: User Interfaces, p. 270 (2010). https://doi.org/10.5772/8903
Mansour, E., et al.: A demonstration of the solid platform for social web applications. In: Proceedings of the 25th International Conference Companion on World Wide Web, WWW 2016, Companion, pp. 223–226. ACM Press, New York (2016). https://doi.org/10.1145/2872518.2890529
Meier, Y., Schäwel, J., Krämer, N.C.: The shorter the better? Effects of privacy policy length on online privacy decision- making. Media Commun. 8, 291–301 (2020). https://doi.org/10.17645/mac.v8i2.2846
Nielsen, J.: Thinking Aloud: The #1 Usability Tool. Nielsen Norman Group (2012). https://www.nngroup.com/articles/thinking-aloud-the-1-usability-tool/
Official Journal of the European Union. General Data Protection Regulation (2016/679). Brussels (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
Pandit, H.J., et al.: Creating a vocabulary for data privacy. In: Panetto, H., Debruyne, C., Hepp, M., Lewis, D., Ardagna, C.A., Meersman, R. (eds.) OTM 2019. LNCS, vol. 11877, pp. 714–730. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-33246-4_44
Poveda-Villalón, M., Gómez-Pérez, A., Suárez-Figueroa, M.C.: OOPS! (OntOlogy Pitfall Scanner!): an on-line tool for ontology evaluation. Int. J. Semant. Web Inf. Syst. (IJSWIS) 10(2), 7–34 (2014)
Rainie, L., Duggan, M.: Americans’ Opinions on Privacy and Information Sharing. Pew Research Center (2016). https://www.pewresearch.org/internet/2016/01/14/privacy-and-informationsharing/
Reichheld, F.F.: The One Number You Need to Grow. Growth Strategy (2003). https://hbr.org/2003/12/the-one-number-youneed-to-grow
Rissanen, E.: eXtensible Access Control Markup Language (XACML). Committee Draft 03. Version 3.0. Oasis (2010). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cd-03-en.pdf
Sandhu, R., Park, J.: Usage control: a vision for next generation access control. In: Gorodetsky, V., Popyack, L., Skormin, V. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45215-7_2
Thomas, R.K., Sandhu, R.S.: Conceptual foundations for a model of task-based authorizations. In: Proceedings of the Computer Security Foundations Workshop, pp. 66–79 (1995). https://doi.org/10.1109/CSFW.1994.315946
Vaniea, K., et al.: Access control policy analysis and visualization tools for security professionals. In: SOUPS Workshop on Usable IT Security Management (USM) 2008, Pittsburgh, PA, USA, pp. 7–15 (2008). https://cups.cs.cmu.edu/soups/2008/USM/vaniea.pdf
Verborgh, R.: Re-decentralizing the Web, for good this time. In: Seneviratne, O., Hendler, J. (eds.) Linking the World’s Information: A Collection of Essays on the Work of Sir Tim Berners-Lee. ACM (2022). https://ruben.verborgh.org/articles/redecentralizing-the-web/
Zaki, M., et al.: The Fallacy of the Net Promoter Score: Customer Loyalty Predictive Model. University of Cambridge (2016). https://cambridgeservicealliance.eng.cam.ac.uk/system/files/documents/2016OctoberPaper_FallacyoftheNetPromoterScore.pdf
Acknowledgement
This research had the financial support of Science Foundation Ireland under the ADAPT Centre for AI-driven Digital Content Technology, SFI Research Centres Programme (Grant 13/RC/2106_P2). For the purpose of Open Access, the authors have applied a CC-BY public copyright license to any author accepted manuscript version arising from this submission.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bailly, H., Papanna, A., Brennan, R. (2023). Prototy** an End-User User Interface for the Solid Application Interoperability Specification Under GDPR. In: Pesquita, C., et al. The Semantic Web. ESWC 2023. Lecture Notes in Computer Science, vol 13870. Springer, Cham. https://doi.org/10.1007/978-3-031-33455-9_33
Download citation
DOI: https://doi.org/10.1007/978-3-031-33455-9_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33454-2
Online ISBN: 978-3-031-33455-9
eBook Packages: Computer ScienceComputer Science (R0)