SolidLab's User Managed Access

This repository contains SolidLab research artefacts on use of UMA in the Solid ecosystem.

Packages

• @solidlab/uma: Experimental and opinionated implementation of UMA Grants and UMA Federation.

• @solidlab/uma-css: UMA modules for the Community Solid Server.

• @solidlab/ucp: Usage Control Policy utility component.

Getting started

In order to run this project you need to perform the following steps.

1. Ensure that you are using Node.js 20 or higher, e.g. by running nvm use. (see .nvmrc)
2. Enable Node.js Corepack with corepack enable.
3. Run yarn install in the project root (this will automatically call yarn build).
4. Run yarn start.

This will boot up a UMA server and compatible Community Solid Server instance.

You can then execute the following flows:

• yarn script:public: GET the public /alice/profile/card without redirection to the UMA server;
• yarn script:private: PUT some text to the private /alice/private/resource.txt, protected by a simple WebID check;
• yarn script:uma-ucp: PUT some text to the private /alice/other/resource.txt, protected by a UCP enforcer checking WebIDs according to policies in packages/uma/config/rules/policy/.
• yarn script:registration: POST, GET and DELETE some text to/from /alice/public/resource.txt to test the correct creation and deletion of resource registrations on the UNA server.

yarn script:flow runs all flows in sequence.

As we are still in the progress of documenting everything, the above scripts are the best way to learn about how everything works.

Demonstration

Instead of running yarn start, you can run yarn start:demo to start the server with an alternative configuration. With this configuration you can run the script:demo, which runs with experimental contracts.

Implemented features

The packages in this project currently only support a fixed UMA AS per CSS RS. Authorization can be done with a simple, unverified, WebID embedded in the ticket using the WebIdAuthorizer or the OdrlAuthorizer which supports simple ODRL policies. A NamespacedAuthorizer is used to apply different authorizers to different containers.

ODRL

A variant of the server that only uses ODRL for authorization can be started with yarn start:odrl. A corresponding script can then be executed with yarn script:uma-odrl. The test policies can be found in packages/uma/config/rules/odrl.