After Brazil’s General Data Protection Law: Authorization in Decentralized Web Applications
Decentralized web applications do not offer fine-grained access controls to users’ data, which potentially creates openings for data breaches. For software companies that need to comply with Brazil’s General Data Protection Law (LGPD), data breaches not only might harm application users but also cou...
محفوظ في:
| المؤلفون الرئيسيون: | , , |
|---|---|
| التنسيق: | Artigos Científicos |
| اللغة: | Inglês |
| منشور في: |
2024
|
| الموضوعات: | |
| الوصول للمادة أونلاين: | https://bibliotecadigital.acervo.nic.br/handle/123456789/2217 https://doi.org/10.1145/3308560.3316461 |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
إضافة وسم | الملخص: | Decentralized web applications do not offer fine-grained access
controls to users’ data, which potentially creates openings for data
breaches. For software companies that need to comply with Brazil’s General Data Protection Law (LGPD), data breaches not only might harm application users but also could expose the companies to hefty fines. In this context, engineering fine-grained authorization controls (that comply with the LGPD) to decentralized web application requires creating audit trails, possibly in the source code.
Although the literature offers some solutions, they are scattered.
We present Esfinge Guardian, an authorization framework that
completely separates authorization from other concerns, which
increases compliance with the LGPD. We conclude the work with a
brief discussion. |
|---|