Skip to content

SolidLab access & usage control artefacts for use in the Solid ecosystem.

License

Notifications You must be signed in to change notification settings

SolidLabResearch/user-managed-access

Repository files navigation

SolidLab's User Managed Access

This repository contains SolidLab research artefacts on use of UMA in the Solid ecosystem.

Packages

Getting started

In order to run this project you need to perform the following steps.

  1. Ensure that you are using Node.js 20 or higher, e.g. by running nvm use. (see .nvmrc)
  2. Enable Node.js Corepack with corepack enable.
  3. Run yarn install in the project root (this will automatically call yarn build:all).
  4. Run yarn start:all.

This will boot up a UMA server and compatible Community Solid Server instance.

You can then execute the following flows:

  • yarn script:public: GET the public /alice/profile/card without redirection to the UMA server;
  • yarn script:private: PUT some text to the private /alice/private/resource.txt, protected by a simple WebID check;
  • yarn script:uma-ucp: PUT some text to the private /alice/other/resource.txt, protected by a UCP enforcer checking WebIDs according to policies in packages/uma/config/rules/policy/.
  • yarn script:registration: POST, GET and DELETE some text to/from /alice/public/resource.txt to test the correct creation and deletion of resource registrations on the UNA server.
  • yarn script:ucp-enforcement: Run the UCP enforcer in a script (scripts/test-ucp-enforcement.ts). This does not need the servers to be started.

yarn script:flow runs all flows in sequence.

Demonstration

A more extensive example of a real life use case has been implemented as described in ./demo/README.md.

Implemented features

The packages in this project currently only support a fixed UMA AS per CSS RS, and contain only the trivial AllAuthorizer that allows all access. More useful features are coming soon ...

Usage control policy enforcement

Used for creating a modular engine that calculates which access modes are granted based on:

  • Usage Control Rules
  • Interpretation of those rules
  • The request of the Requested Party together with all its claims

For more information, you can check out its own repository which has three engines that use ODRL rules.

A test script is provided for a CRUD ODRL engine: yarn script:ucp-enforcement. In the script a read Usage Control Rule (in ODRL) is present together with N3 interpretation rules. Then a read request is performed using the engine, which results in a list of grants. This list is then printed to the console.

Next steps

Have a look at the milestones we set for ourselves, and other issues we would like to solve.