Papers
Topics
Authors
Recent
Search
2000 character limit reached

From Access Control to Usage Control with User-Managed Access

Published 26 Jan 2026 in cs.ET | (2601.18761v1)

Abstract: Recent data protection and data governance regulations have intensified the demand for interoperable, decentralized data ecosystems that can support not only access control but also legally-aligned governance over data use. Existing Web-based data storage platforms increasingly struggle to meet these regulatory and practical requirements, as their authorization mechanisms rely on tightly coupled, document-centric access control models that lack expressiveness for legal constraints and fail to separate data management from authorization concerns. In parallel, widely adopted authorization standards remain poorly aligned with decentralized, semantically rich usage-control scenarios. To bridge this gap, this work introduces an architecture that replaces Solid's native access control mechanisms with a UMA authorization flow, enabling the enforcement of usage control policies expressed with the W3C ODRL standard. This article details the conceptual background motivating this approach, presents the proposed UMA-based architecture, and describes a prototype implementation that integrates an ODRL-enabled Authorization Server with a Solid-compatible Resource Server. The prototype demonstrates that decoupling authorization from storage enables more flexible, interoperable, and legally expressive control over data use, while remaining compatible with existing Solid infrastructure. It also highlights practical design choices required to evaluate ODRL policies in the absence of a fully standardized evaluation semantics. Moreover, this work shows how usage control can be operationalized using existing Web standards, offering a concrete path beyond permission-based access control toward policy-aware, legally informed data governance. Future research will focus on policy management interfaces, richer claim verification mechanisms, and techniques for communicating and enforcing obligations over time.

Summary

No one has generated a summary of this paper yet.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Continue Learning

We haven't generated follow-up questions for this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.