{"id":"https://openalex.org/W7125771826","doi":"https://doi.org/10.48550/arxiv.2601.18761","title":"From Access Control to Usage Control with User-Managed Access","display_name":"From Access Control to Usage Control with User-Managed Access","publication_year":2026,"publication_date":"2026-01-26","ids":{"openalex":"https://openalex.org/W7125771826","doi":"https://doi.org/10.48550/arxiv.2601.18761"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2601.18761","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.18761","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2601.18761","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123907899","display_name":"Wout Slabbinck","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Slabbinck, Wout","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123927160","display_name":"Wouter Termont","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Termont, Wouter","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124048094","display_name":"Ruben Dedecker","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dedecker, Ruben","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5025661674","display_name":"Beatriz Esteves","orcid":"https://orcid.org/0000-0003-0259-7560"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Esteves, Beatriz","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5123907899"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.8679999709129333,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.8679999709129333,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.01080000028014183,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.00989999994635582,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.7322999835014343},{"id":"https://openalex.org/keywords/data-access","display_name":"Data access","score":0.5013999938964844},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.4650000035762787},{"id":"https://openalex.org/keywords/computer-access-control","display_name":"Computer access control","score":0.4108000099658966},{"id":"https://openalex.org/keywords/operationalization","display_name":"Operationalization","score":0.3937999904155731},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.39169999957084656},{"id":"https://openalex.org/keywords/corporate-governance","display_name":"Corporate governance","score":0.3783000111579895},{"id":"https://openalex.org/keywords/discretionary-access-control","display_name":"Discretionary access control","score":0.37470000982284546},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.36480000615119934}],"concepts":[{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.7322999835014343},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6704999804496765},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5515999794006348},{"id":"https://openalex.org/C47487241","wikidata":"https://www.wikidata.org/wiki/Q5227230","display_name":"Data access","level":2,"score":0.5013999938964844},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.4650000035762787},{"id":"https://openalex.org/C44415380","wikidata":"https://www.wikidata.org/wiki/Q17008721","display_name":"Computer access control","level":3,"score":0.4108000099658966},{"id":"https://openalex.org/C9354725","wikidata":"https://www.wikidata.org/wiki/Q286017","display_name":"Operationalization","level":2,"score":0.3937999904155731},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.39169999957084656},{"id":"https://openalex.org/C39389867","wikidata":"https://www.wikidata.org/wiki/Q380767","display_name":"Corporate governance","level":2,"score":0.3783000111579895},{"id":"https://openalex.org/C48814466","wikidata":"https://www.wikidata.org/wiki/Q1228590","display_name":"Discretionary access control","level":4,"score":0.37470000982284546},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.36480000615119934},{"id":"https://openalex.org/C2779886121","wikidata":"https://www.wikidata.org/wiki/Q288682","display_name":"XACML","level":3,"score":0.3580000102519989},{"id":"https://openalex.org/C2777407602","wikidata":"https://www.wikidata.org/wiki/Q1888932","display_name":"Mandatory access control","level":4,"score":0.3517000079154968},{"id":"https://openalex.org/C1668388","wikidata":"https://www.wikidata.org/wiki/Q1149776","display_name":"Data management","level":2,"score":0.3400999903678894},{"id":"https://openalex.org/C196879817","wikidata":"https://www.wikidata.org/wiki/Q872685","display_name":"Data governance","level":4,"score":0.32190001010894775},{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.3125},{"id":"https://openalex.org/C69360830","wikidata":"https://www.wikidata.org/wiki/Q1172237","display_name":"Data Protection Act 1998","level":2,"score":0.3052999973297119},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.3009999990463257},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.30059999227523804},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2913999855518341},{"id":"https://openalex.org/C2777710495","wikidata":"https://www.wikidata.org/wiki/Q5527195","display_name":"Gateway (web page)","level":2,"score":0.2847000062465668},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.2797999978065491},{"id":"https://openalex.org/C100776233","wikidata":"https://www.wikidata.org/wiki/Q2532492","display_name":"Bridge (graph theory)","level":2,"score":0.26820001006126404},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2669999897480011},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.2630999982357025},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.2621999979019165},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.26159998774528503},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.25839999318122864},{"id":"https://openalex.org/C1304207","wikidata":"https://www.wikidata.org/wiki/Q7189582","display_name":"Physical access","level":3,"score":0.2531999945640564},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.2517000138759613},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.2517000138759613}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2601.18761","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.18761","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2601.18761","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.18761","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.5410222411155701}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Recent":[0],"data":[1,4,14,28,32,66,167,222],"protection":[2],"and":[3,41,62,134,162,236,240],"governance":[5,26],"regulations":[6],"have":[7],"intensified":[8],"the":[9,108,116,123,130,188],"demand":[10],"for":[11,59,238],"interoperable,":[12,161],"decentralized":[13],"ecosystems":[15],"that":[16,56,95,139,153],"can":[17,203],"support":[18],"not":[19],"only":[20],"access":[21,53,99,216],"control":[22,54,100,112,165,202,217],"but":[23],"also":[24,177],"legally-aligned":[25],"over":[27,166,243],"use.":[29],"Existing":[30],"Web-based":[31],"storage":[33,157],"platforms":[34],"increasingly":[35],"struggle":[36],"to":[37,64,183],"meet":[38],"these":[39],"regulatory":[40],"practical":[42,179],"requirements,":[43],"as":[44],"their":[45],"authorization":[46,69,75,105,155],"mechanisms":[47,101],"rely":[48],"on":[49,228],"tightly":[50],"coupled,":[51],"document-centric":[52],"models":[55],"lack":[57],"expressiveness":[58],"legal":[60],"constraints":[61],"fail":[63],"separate":[65],"management":[67,230],"from":[68,156],"concerns.":[70],"In":[71],"parallel,":[72],"widely":[73],"adopted":[74],"standards":[76],"remain":[77],"poorly":[78],"aligned":[79],"with":[80,102,115,145,172],"decentralized,":[81],"semantically":[82],"rich":[83],"usage-control":[84],"scenarios.":[85],"To":[86],"bridge":[87],"this":[88,90,127,197],"gap,":[89],"work":[91,198],"introduces":[92],"an":[93,141],"architecture":[94],"replaces":[96],"Solid's":[97],"native":[98],"a":[103,136,146,191,211],"UMA":[104],"flow,":[106],"enabling":[107],"enforcement":[109],"of":[110,190],"usage":[111,201],"policies":[113,186],"expressed":[114],"W3C":[117],"ODRL":[118,185],"standard.":[119],"This":[120],"article":[121],"details":[122],"conceptual":[124],"background":[125],"motivating":[126],"approach,":[128],"presents":[129],"proposed":[131],"UMA-based":[132],"architecture,":[133],"describes":[135],"prototype":[137,151],"implementation":[138],"integrates":[140],"ODRL-enabled":[142],"Authorization":[143],"Server":[144],"Solid-compatible":[147],"Resource":[148],"Server.":[149],"The":[150],"demonstrates":[152],"decoupling":[154],"enables":[158],"more":[159],"flexible,":[160],"legally":[163,220],"expressive":[164],"use,":[168],"while":[169],"remaining":[170],"compatible":[171],"existing":[173,207],"Solid":[174],"infrastructure.":[175],"It":[176],"highlights":[178],"design":[180],"choices":[181],"required":[182],"evaluate":[184],"in":[187],"absence":[189],"fully":[192],"standardized":[193],"evaluation":[194],"semantics.":[195],"Moreover,":[196],"shows":[199],"how":[200],"be":[204],"operationalized":[205],"using":[206],"Web":[208],"standards,":[209],"offering":[210],"concrete":[212],"path":[213],"beyond":[214],"permission-based":[215],"toward":[218],"policy-aware,":[219],"informed":[221],"governance.":[223],"Future":[224],"research":[225],"will":[226],"focus":[227],"policy":[229],"interfaces,":[231],"richer":[232],"claim":[233],"verification":[234],"mechanisms,":[235],"techniques":[237],"communicating":[239],"enforcing":[241],"obligations":[242],"time.":[244]},"counts_by_year":[],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2026-01-28T00:00:00"}