Authentication and authorization in Data Spaces: A relationship-based access control approach for policy specification based on ODRL

• URL: http://arxiv.org/abs/2505.24742v1
• Date: Fri, 30 May 2025 16:00:24 GMT
• Title: Authentication and authorization in Data Spaces: A relationship-based access control approach for policy specification based on ODRL
• Authors: Irene Plaza-Ortiz, Andres Munoz-Arcentales, Joaquín Salvachúa, Carlos Aparicio, Gabriel Huecas, Enrique Barra,
• Abstract summary: This paper proposes an extension of the Open Digital Rights Language (ODRL) standard, the ODRL Data Spaces (ODS) profile.<n>The approach is validated through a use case involving OpenFGA, demonstrating its applicability to relationship-based access control scenarios.
• Score: 0.0
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Data has become a crucial resource in the digital economy, fostering initiatives for secure and sovereign data sharing frameworks such as Data Spaces. However, these distributed environments require fine-grained access control mechanisms that balance openness with sovereignty and security. This paper proposes an extension of the Open Digital Rights Language (ODRL) standard, the ODRL Data Spaces (ODS) profile, aimed at supporting authorization and complementing existing authentication mechanisms throughout the data lifecycle. Additionally, a policy execution engine is introduced to translate ODRL policies into executable formats, enabling effective enforcement. The approach is validated through a use case involving OpenFGA, demonstrating its applicability to relationship-based access control scenarios.

Related papers

• Next Generation Authentication for Data Spaces: An Authentication Flow Based On Grant Negotiation And Authorization Protocol For Verifiable Presentations (GNAP4VP) [0.0]
  This paper presents an identity verification protocol tailored for shared data environments within Data Spaces.<n>The proposed solution adheres to the principles of Self-Sovereign Identity (SSI) to facilitate decentralized, user-centric identity management.
  arXiv  Detail & Related papers  (2025-05-30T15:20:39Z)
• Access control for Data Spaces [4.265773997354608]
  We design and implement an access control mechanism that ensures continuous evaluation of access control policies.<n>We extend to allow data owners to maintain their own Policy Administration Points.
  arXiv  Detail & Related papers  (2025-04-18T16:09:53Z)
• SPoRt -- Safe Policy Ratio: Certified Training and Deployment of Task Policies in Model-Free RL [54.022106606140774]
  We present theoretical results that provide a bound on the probability of violating a safety property for a new task-specific policy in a model-free, episodic setup.<n>We also present SPoRt, which enables the user to trade off safety guarantees in exchange for task-specific performance.
  arXiv  Detail & Related papers  (2025-04-08T19:09:07Z)
• Secure Computation and Trustless Data Intermediaries in Data Spaces [0.44998333629984877]
  This paper explores the integration of advanced cryptographic techniques for secure computation in data spaces. We exploit the introduced secure methods, i.e. Secure Multi-Party Computation (MPC) and Fully Homomorphic Encryption (FHE) We present solutions through real-world use cases, including air traffic management, manufacturing, and secondary data use.
  arXiv  Detail & Related papers  (2024-10-21T19:10:53Z)
• Open Digital Rights Enforcement Framework (ODRE): from descriptive to enforceable policies [1.3927943269211591]
  This paper introduces the Open Digital Rights Enforcement (ODRE) framework, whose goal is to provide ODRL with enforcement capabilities. The framework includes an enforcement algorithm for ODRL policies and two open-source implementations in Python and Java.
  arXiv  Detail & Related papers  (2024-09-26T07:36:49Z)
• Quantum Resistant Ciphertext-Policy Attribute-Based Encryption Scheme with Flexible Access Structure [0.0]
  We present a novel ciphertext-policy based encryption (CP-ABE) scheme that offers a flexible access structure. Our scheme incorporates an access tree as its access control policy, enabling fine-grained access control over encrypted data. The security of our scheme is provable under the hardness assumption of the decisional Ring-Learning with Errors (R-LWE) problem.
  arXiv  Detail & Related papers  (2024-01-25T10:55:23Z)
• Sparsity-Aware Intelligent Massive Random Access Control in Open RAN: A Reinforcement Learning Based Approach [61.74489383629319]
  Massive random access of devices in the emerging Open Radio Access Network (O-RAN) brings great challenge to the access control and management. reinforcement-learning (RL)-assisted scheme of closed-loop access control is proposed to preserve sparsity of access requests. Deep-RL-assisted SAUD is proposed to resolve highly complex environments with continuous and high-dimensional state and action spaces.
  arXiv  Detail & Related papers  (2023-03-05T12:25:49Z)
• Domain-Agnostic Prior for Transfer Semantic Segmentation [197.9378107222422]
  Unsupervised domain adaptation (UDA) is an important topic in the computer vision community. We present a mechanism that regularizes cross-domain representation learning with a domain-agnostic prior (DAP) Our research reveals that UDA benefits much from better proxies, possibly from other data modalities.
  arXiv  Detail & Related papers  (2022-04-06T09:13:25Z)
• Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
  Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data. FL and related techniques are often described as privacy-preserving. We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
  arXiv  Detail & Related papers  (2021-12-21T08:44:05Z)
• SMT-Based Safety Verification of Data-Aware Processes under Ontologies (Extended Version) [71.12474112166767]
  We introduce a variant of one of the most investigated models in this spectrum, namely simple artifact systems (SASs) This DL, enjoying suitable model-theoretic properties, allows us to define SASs to which backward reachability can still be applied, leading to decidability in PSPACE of the corresponding safety problems.
  arXiv  Detail & Related papers  (2021-08-27T15:04:11Z)
• National Access Points for Intelligent Transport Systems Data: From Conceptualization to Benefits Recognition and Exploitation [55.41644538483948]
  The European Union has proposed the development of a National Access Point (NAP) by each individual Member State. This paper aims to ascertain the role of a NAP within the ITS ecosystem, to investigate methodologies used in designing such platforms, and, through the drafting of an extended use case, showcase a NAP operational process and associate possible benefits with specific steps of it.
  arXiv  Detail & Related papers  (2020-10-14T17:13:00Z)
• Towards Inheritable Models for Open-Set Domain Adaptation [56.930641754944915]
  We introduce a practical Domain Adaptation paradigm where a source-trained model is used to facilitate adaptation in the absence of the source dataset in future. We present an objective way to quantify inheritability to enable the selection of the most suitable source model for a given target domain, even in the absence of the source data.
  arXiv  Detail & Related papers  (2020-04-09T07:16:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.