Abstract
This paper explains how to avoid certain unintended information flows between apps connected to the same Solid pod. We draw attention to threats faced if security policies for Solid pods omit the identities of clients, resulting in confidential information intended for one app leaking to other apps. We also explain good practice usage of ACP for avoiding such insecure configurations and draw parallels with the famous Clark-Wilson policy model for enterprise security. We propose that trusted apps enforcing security policy models should be developed so that pod owners need not be policy experts to operate secure pods.
| Original language | English |
|---|---|
| Pages (from-to) | 100-108 |
| Number of pages | 9 |
| Journal | CEUR Workshop Proceedings |
| Volume | 3947 |
| Publication status | Published - 7 Apr 2025 |
| Event | 2024 Posters and Privacy Session of the Solid Symposium, SoSy 2024 - Leuven, Belgium Duration: 2 May 2024 → 3 May 2024 |
Funding
This article is partially funded by the COST (European Cooperation in Science and Technology) Action on Distributed Knowledge Graphs (CA19134).
Keywords
- information flows
- trusted apps
- security policy models