|
1 | | -# Pacsoi POC |
| 1 | +# SolidLab's User Managed Access |
2 | 2 |
|
3 | | -This repository contains a demonstrator for the [SolidLab project](https://solidlab.be/) on managing trust-flows in decentralized data storage systems such as Solid. |
| 3 | +This repository contains SolidLab research artefacts on use of UMA in the Solid ecosystem. |
4 | 4 |
|
5 | 5 |
|
6 | | -## Cloning the repository |
| 6 | +## Packages |
7 | 7 |
|
8 | | -To run the demonstrator, you will have to clone the repository. |
9 | | -``` |
10 | | -git clone -b project/pacsoi-poc1 git@github.com:SolidLabResearch/user-managed-access.git |
| 8 | +- [`@solidlab/uma`](packages/uma): Experimental and opinionated implementation of [UMA Grants](https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html) and [UMA Federation](https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-federated-authz-2.0.html). |
11 | 9 |
|
12 | | -cd user-managed-access/ |
13 | | -``` |
| 10 | +- [`@solidlab/uma-css`](packages/css): UMA modules for the [Community Solid Server](https://github.com/CommunitySolidServer/CommunitySolidServer/). |
14 | 11 |
|
15 | | -## Getting started |
16 | | - |
17 | | -### Setting up the Authorization Server |
| 12 | +- [`@solidlab/ucp`](packages/ucp): Usage Control Policy decision/enforcement component. |
18 | 13 |
|
19 | | -Before starting, make sure you are on the correct branch (pacsoi-poc1). |
20 | | -See the above command to clone only the relevant branch for the demonstrator. |
| 14 | +## Getting started |
21 | 15 |
|
22 | | -In order to run the demonstrator you need to perform the following steps. |
| 16 | +In order to run this project you need to perform the following steps. |
23 | 17 |
|
24 | 18 | 1. Ensure that you are using Node.js 20 or higher, e.g. by running `nvm use`. (see [.nvmrc](./.nvmrc)) |
25 | 19 | 2. Enable Node.js Corepack with `corepack enable`. |
26 | | -3. Run `yarn install` in the project root to install the requirements. |
27 | | -4. Run `yarn build` in the project root to build. |
28 | | -5. Run `yarn run start:demo` in the project root to start all services. |
| 20 | +3. Run `yarn install` in the project root (this will automatically call `yarn build`). |
| 21 | +4. Run `yarn start`. |
| 22 | + |
| 23 | +This will boot up a UMA server and compatible Community Solid Server instance. |
| 24 | + |
| 25 | +You can then execute the following flows: |
| 26 | + |
| 27 | +- `yarn script:public`: `GET` the public `/alice/profile/card` without redirection to the UMA server; |
| 28 | +- `yarn script:private`: `PUT` some text to the private `/alice/private/resource.txt`, protected by a simple WebID check; |
| 29 | +- `yarn script:uma-ucp`: `PUT` some text to the private `/alice/other/resource.txt`, protected by a UCP enforcer checking WebIDs according to policies in `packages/uma/config/rules/policy/`. |
| 30 | +- `yarn script:registration`: `POST`, `GET` and `DELETE` some text to/from `/alice/public/resource.txt` to test the correct creation and deletion of resource registrations on the UNA server. |
| 31 | +- `yarn script:ucp-enforcement`: Run the UCP enforcer in a script (`scripts/test-ucp-enforcement.ts`). This does not need the servers to be started. |
| 32 | + |
| 33 | +`yarn script:flow` runs all flows in sequence. |
| 34 | + |
| 35 | +As we are still in the progress of documenting everything, |
| 36 | +the above scripts are the best way to learn about how everything works. |
| 37 | + |
| 38 | +## Demonstration |
| 39 | + |
| 40 | +Instead of running `yarn start`, you can run `yarn start:demo` to start the server with an alternative configuration. |
| 41 | +With this configuration you can run the `script:demo`, |
| 42 | +which runs with experimental contracts. |
| 43 | + |
| 44 | +## Implemented features |
| 45 | + |
| 46 | +The packages in this project currently only support a fixed UMA AS per CSS RS. |
| 47 | +Authorization can be done with a simple, unverified, WebID embedded in the ticket |
| 48 | +using the [WebIdAuthorizer](packages/uma/src/policies/authorizers/WebIdAuthorizer.ts) |
| 49 | +or the [PolicyBasedAuthorizer](packages/uma/src/policies/authorizers/PolicyBasedAuthorizer.ts) |
| 50 | +which supports simple ODRL policies. |
| 51 | + |
| 52 | +### Usage control policy enforcement |
| 53 | + |
| 54 | +Used for creating a modular engine that calculates which access modes are granted based on: |
| 55 | + |
| 56 | +- Usage Control Rules |
| 57 | +- Interpretation of those rules |
| 58 | +- The request of the Requested Party together with all its claims |
| 59 | + |
| 60 | +For more information, you can check out its [own repository](https://github.com/woutslabbinck/ucp-enforcement) which has three engines that use [ODRL rules](https://www.w3.org/TR/odrl-model/). |
| 61 | + |
| 62 | +A test script is provided for a CRUD ODRL engine: `yarn script:ucp-enforcement`. |
| 63 | +In the [script](./scripts/test-ucp-enforcement.ts) a read Usage Control Rule (in ODRL) is present together with N3 interpretation rules. |
| 64 | +Then a read request is performed using the engine, which results in a list of grants. This list is then printed to the console. |
29 | 65 |
|
30 | 66 |
|
31 | | -### Docker |
| 67 | +## Next steps |
32 | 68 |
|
33 | | -The docker is not working atm. |
34 | | -I am trying to get it working, but there seem to be some problems with the internal networking. |
| 69 | +More advanced ODRL evaluation can be found in the `feat/ODRL-evaluator` branch. |
0 commit comments