You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+8-20Lines changed: 8 additions & 20 deletions
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ This repository contains SolidLab research artefacts on use of UMA in the Solid
9
9
10
10
-[`@solidlab/uma-css`](packages/css): UMA modules for the [Community Solid Server](https://github.com/CommunitySolidServer/CommunitySolidServer/).
11
11
12
-
-[`@solidlab/ucp`](packages/ucp): Usage Control Policy decision/enforcement component.
12
+
-[`@solidlab/ucp`](packages/ucp): Usage Control Policy utility component.
13
13
14
14
## Getting started
15
15
@@ -28,7 +28,6 @@ You can then execute the following flows:
28
28
-`yarn script:private`: `PUT` some text to the private `/alice/private/resource.txt`, protected by a simple WebID check;
29
29
-`yarn script:uma-ucp`: `PUT` some text to the private `/alice/other/resource.txt`, protected by a UCP enforcer checking WebIDs according to policies in `packages/uma/config/rules/policy/`.
30
30
-`yarn script:registration`: `POST`, `GET` and `DELETE` some text to/from `/alice/public/resource.txt` to test the correct creation and deletion of resource registrations on the UNA server.
31
-
-`yarn script:ucp-enforcement`: Run the UCP enforcer in a script (`scripts/test-ucp-enforcement.ts`). This does not need the servers to be started.
32
31
33
32
`yarn script:flow` runs all flows in sequence.
34
33
@@ -46,24 +45,13 @@ which runs with experimental contracts.
46
45
The packages in this project currently only support a fixed UMA AS per CSS RS.
47
46
Authorization can be done with a simple, unverified, WebID embedded in the ticket
48
47
using the [WebIdAuthorizer](packages/uma/src/policies/authorizers/WebIdAuthorizer.ts)
49
-
or the [PolicyBasedAuthorizer](packages/uma/src/policies/authorizers/PolicyBasedAuthorizer.ts)
48
+
or the [OdrlAuthorizer](packages/uma/src/policies/authorizers/OdrlAuthorizer.ts)
50
49
which supports simple ODRL policies.
50
+
A [NamespacedAuthorizer](packages/uma/src/policies/authorizers/NamespacedAuthorizer.ts)
51
+
is used to apply different authorizers to different containers.
51
52
52
-
### Usage control policy enforcement
53
+
##ODRL
53
54
54
-
Used for creating a modular engine that calculates which access modes are granted based on:
55
-
56
-
- Usage Control Rules
57
-
- Interpretation of those rules
58
-
- The request of the Requested Party together with all its claims
59
-
60
-
For more information, you can check out its [own repository](https://github.com/woutslabbinck/ucp-enforcement) which has three engines that use [ODRL rules](https://www.w3.org/TR/odrl-model/).
61
-
62
-
A test script is provided for a CRUD ODRL engine: `yarn script:ucp-enforcement`.
63
-
In the [script](./scripts/test-ucp-enforcement.ts) a read Usage Control Rule (in ODRL) is present together with N3 interpretation rules.
64
-
Then a read request is performed using the engine, which results in a list of grants. This list is then printed to the console.
65
-
66
-
67
-
## Next steps
68
-
69
-
More advanced ODRL evaluation can be found in the `feat/ODRL-evaluator` branch.
55
+
A variant of the server that only uses ODRL for authorization can be started with `yarn start:odrl`.
56
+
A corresponding script can then be executed with `yarn script:uma-odrl`.
57
+
The test policies can be found in [packages/uma/config/rules/odrl](packages/uma/config/rules/odrl).
0 commit comments