SpringerLink
Log in

Prototy** an End-User User Interface for the Solid Application Interoperability Specification Under GDPR

  • Conference paper
  • First Online:
The Semantic Web (ESWC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13870))

Included in the following conference series:

Abstract

This paper describes prototy** of the draft Solid application interoperability specification (INTEROP). We developed and evaluated a dynamic user interface (UI) for the new Solid application access request and authorization extended with the Data Privacy Vocabulary. Solid places responsibility on users to control their data. INTEROP adds new declarative access controls. Solid applications to date have provided few policy interfaces with high usability. GDPR controls on usage are rarely addressed. Implementation identified specification and Semantic Web tool issues and also in the understandability of declarative policies, a key concern under GDPR or data ethics best practices. The prototype was evaluated in a usability and task accuracy experiment, where the UI enabled users to create access and usage control policies with an accuracy of between 72 and 37%. Overall, the UI had a poor usability rating, with a median SUS (system usability scale) score of 37.67. Experimental participants were classified according to the Westin privacy scale to investigate the impact of user attitudes to privacy on the results. The paper discusses the findings of the study and their consequences for future data sovereignty access request and authorization UI designs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (France)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 93.08
Price includes VAT (France)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 116.04
Price includes VAT (France)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.w3.org/TR/shacl/.

  2. 2.

    https://shex.io/shex-semantics/index.html.

  3. 3.

    https://shapetrees.org/TR/specification/.

  4. 4.

    https://github.com/solid/data-interoperability-panel/blob/main/proposals/primer/images/authorization-screen.svg.

  5. 5.

    Source Code: https://github.com/HBailly/solid-auth-ui/.

  6. 6.

    https://github.com/ludwigschubi/shex-codegen.

  7. 7.

    https://github.com/ludwigschubi/shex-methods.

  8. 8.

    https://github.com/ludwigschubi/shex-codegen/pull/139

    https://github.com/ludwigschubi/shex-codegen/pull/140.

  9. 9.

    https://www.w3.org/TR/turtle/.

  10. 10.

    https://github.com/linkeddata/rdflib.js/pull/523

    https://github.com/linkeddata/rdflib.js/pull/557.

  11. 11.

    https://github.com/HBailly/solid-auth-ui/blob/main/pom.xml#942.

  12. 12.

    https://cost-dkg.eu/.

  13. 13.

    https://github.com/HBailly/solid-auth-ui/tree/main/tutorials/.

  14. 14.

    https://github.com/HBailly/solid-auth-ui/tree/main/docs/questionnaires.

  15. 15.

    There was not enough data to evaluate the unconcerned.

References

  1. Beznosov, K., et al.: Usability meets access control, vol. 2807, p. 73. ACM Press (2009). https://doi.org/10.1145/1542207.1542220

  2. Bingham, J., Prud’Hommeaux, E., Pavlik, E.: Solid Application Interoperability. W3C Editor’s Draft (2022). https://solid.github.io/data-interoperability-panel/specification/

  3. Bosquet, M.: Access Control Policy (ACP). Solid Editor’s Draft (2022). https://solid.github.io/authorization-panel/acp-specification/

  4. Brooke, J.: SUS: a quick and dirty usability scale. In: Usability Evaluation In Industry. CRC Press (1996). Chap. Off-the-Shelf Evaluation Methods. https://doi.org/10.1201/9781498710411-35

  5. Cao, X., Iverson, L.: Intentional access management: making access control usable for end-users. In: Proceedings of the Second Symposium on Usable Privacy and Security, SOUPS 2006, Pittsburgh, Pennsylvania, USA, pp. 20–31. Association for Computing Machinery (2006). https://doi.org/10.1145/1143120.1143124

  6. Capadisli, S., Berners-Lee, T.: Web Access Control. Version 1.0.0. Editor’s Draft (2022). https://solid.github.io/web-access-control-spec/

  7. Capadisli, S., et al.: Solid Protocol. Version 0.9.0 (2021). https://solidproject.org/TR/protocol

  8. Esteves, B.: Solid ODRL access control Policies Editor. GitHub (2022). https://github.com/besteves4/solid-sope

  9. Esteves, B., et al.: Using the ODRL profile for access control for solid pod resource governance. In: Extended Semantic Web Conference (ESWC) (2022). https://doi.org/10.5281/zenodo.6614777

  10. Hamid, E., Jaafar, A., Choo, A.M.: A review of ‘human-computer interaction’ influence to home network. Jurnal Teknologi 75, 21–27 (2015). https://doi.org/10.11113/jt.v75.5038

  11. Iannella, R., Villata, S.: ODRL Information Model. Version 2.2. W3C Recommendation (2018). https://www.w3.org/TR/odrl-model

  12. Inrupt Inc., Access Policies: Universal API (2022). https://docs.inrupt.com/developer-tools/javascript/client-libraries/tutorial/manage-access-policies/

  13. Jensen, C., Potts, C., Jensen, C.: Privacy practices of Internet users: self-reports versus observed behavior. Int. J. Hum.-Comput. Stud. 63(1–2), 203–227 (2005). https://doi.org/10.1016/j.ijhcs.2005.04.019

    Article  Google Scholar 

  14. Kirrane, S., De Vos, M., Padget, J.: ODRL Regulatory Compliance Profile. Version 0.2. W3C Unofficial Draft (2020). https://ai.wu.ac.at/policies/orcp/regulatory-model.html

  15. Kirrane, S., Mileo, A., Decker, S.: Access control and the resource description framework: a survey. In: Grau, B.C. (ed.) Semantic Web 8, pp. 311–352 (2016). https://doi.org/10.3233/SW-160236

  16. Kumaraguru, P., Cranor, L.: Privacy indexes: a survey of Westin’s studies. Technical report, Carnegie Mellon University, Pittsburgh, PA (2005). https://www.cs.cmu.edu/ ponguru/CMU-ISRI-05-138.pdf

  17. Liu, Y., Osvalder, A.-L., Karlsso, M.A.: Considering the importance of user profiles in interface design. In: User Interfaces, p. 270 (2010). https://doi.org/10.5772/8903

  18. Mansour, E., et al.: A demonstration of the solid platform for social web applications. In: Proceedings of the 25th International Conference Companion on World Wide Web, WWW 2016, Companion, pp. 223–226. ACM Press, New York (2016). https://doi.org/10.1145/2872518.2890529

  19. Meier, Y., Schäwel, J., Krämer, N.C.: The shorter the better? Effects of privacy policy length on online privacy decision- making. Media Commun. 8, 291–301 (2020). https://doi.org/10.17645/mac.v8i2.2846

    Article  Google Scholar 

  20. Nielsen, J.: Thinking Aloud: The #1 Usability Tool. Nielsen Norman Group (2012). https://www.nngroup.com/articles/thinking-aloud-the-1-usability-tool/

  21. Official Journal of the European Union. General Data Protection Regulation (2016/679). Brussels (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

  22. Pandit, H.J., et al.: Creating a vocabulary for data privacy. In: Panetto, H., Debruyne, C., Hepp, M., Lewis, D., Ardagna, C.A., Meersman, R. (eds.) OTM 2019. LNCS, vol. 11877, pp. 714–730. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-33246-4_44

    Chapter  Google Scholar 

  23. Poveda-Villalón, M., Gómez-Pérez, A., Suárez-Figueroa, M.C.: OOPS! (OntOlogy Pitfall Scanner!): an on-line tool for ontology evaluation. Int. J. Semant. Web Inf. Syst. (IJSWIS) 10(2), 7–34 (2014)

    Article  Google Scholar 

  24. Rainie, L., Duggan, M.: Americans’ Opinions on Privacy and Information Sharing. Pew Research Center (2016). https://www.pewresearch.org/internet/2016/01/14/privacy-and-informationsharing/

  25. Reichheld, F.F.: The One Number You Need to Grow. Growth Strategy (2003). https://hbr.org/2003/12/the-one-number-youneed-to-grow

  26. Rissanen, E.: eXtensible Access Control Markup Language (XACML). Committee Draft 03. Version 3.0. Oasis (2010). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cd-03-en.pdf

  27. Sandhu, R., Park, J.: Usage control: a vision for next generation access control. In: Gorodetsky, V., Popyack, L., Skormin, V. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45215-7_2

    Chapter  Google Scholar 

  28. Thomas, R.K., Sandhu, R.S.: Conceptual foundations for a model of task-based authorizations. In: Proceedings of the Computer Security Foundations Workshop, pp. 66–79 (1995). https://doi.org/10.1109/CSFW.1994.315946

  29. Vaniea, K., et al.: Access control policy analysis and visualization tools for security professionals. In: SOUPS Workshop on Usable IT Security Management (USM) 2008, Pittsburgh, PA, USA, pp. 7–15 (2008). https://cups.cs.cmu.edu/soups/2008/USM/vaniea.pdf

  30. Verborgh, R.: Re-decentralizing the Web, for good this time. In: Seneviratne, O., Hendler, J. (eds.) Linking the World’s Information: A Collection of Essays on the Work of Sir Tim Berners-Lee. ACM (2022). https://ruben.verborgh.org/articles/redecentralizing-the-web/

  31. Zaki, M., et al.: The Fallacy of the Net Promoter Score: Customer Loyalty Predictive Model. University of Cambridge (2016). https://cambridgeservicealliance.eng.cam.ac.uk/system/files/documents/2016OctoberPaper_FallacyoftheNetPromoterScore.pdf

Download references

Acknowledgement

This research had the financial support of Science Foundation Ireland under the ADAPT Centre for AI-driven Digital Content Technology, SFI Research Centres Programme (Grant 13/RC/2106_P2). For the purpose of Open Access, the authors have applied a CC-BY public copyright license to any author accepted manuscript version arising from this submission.

Author information

Authors and Affiliations

  1. Dublin City University, Glasnevin Campus, Dublin 9, Ireland

    Hadrien Bailly & Anoop Papanna

  2. ADAPT, University College Dublin, Belfield, Dublin 4, Ireland

    Rob Brennan

Authors
  1. Hadrien Bailly
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anoop Papanna
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rob Brennan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hadrien Bailly .

Editor information

Editors and Affiliations

  1. Universidade de Lisboa, Lisbon, Portugal

    Catia Pesquita

  2. University of London, London, UK

    Ernesto Jimenez-Ruiz

  3. Rensselaer Polytechnic Institute, Troy, MI, USA

    Jamie McCusker

  4. Universidade de Lisboa, Lisbon, Portugal

    Daniel Faria

  5. Fondazione Bruno Kessler, Povo, Trento, Italy

    Mauro Dragoni

  6. KU Leuven, Sint-Katelijne-Waver, Belgium

    Anastasia Dimou

  7. EURECOM, Biot, France

    Raphael Troncy

  8. University of Mannheim, Mannheim, Germany

    Sven Hertling

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bailly, H., Papanna, A., Brennan, R. (2023). Prototy** an End-User User Interface for the Solid Application Interoperability Specification Under GDPR. In: Pesquita, C., et al. The Semantic Web. ESWC 2023. Lecture Notes in Computer Science, vol 13870. Springer, Cham. https://doi.org/10.1007/978-3-031-33455-9_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-33455-9_33

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-33454-2

  • Online ISBN: 978-3-031-33455-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation