LAUSR

To satisfy the requirement of data portability, current service providers (or resource servers) usually provide OAuth-based schemes for third party applications (or clients) to access user data with the user's consent. To shoulder the costs of maintaining relationships with potential third party applications, a service provider may adopt delegate the task of authentication and authorization to an authorization server. However, current OAuth specification does not specify the interactions between an authorization server and a resource server. To address this limitation, this study proposes the MyDataChain framework to enhance the existing OAuth specification with blockchain technology. The proposed framework utilizes smart contracts to establish the standard interface to support the processes of authorization requesting, granting, and revocation. As blockchain technologies can ensure data integrity, the framework can use the data stored in the blockchain to resolve disputes among different parities. Moreover, as the proposed framework uses the Non-Interactive Zero-Knowledge (NIZK) scheme, the proposed framework can achieve its purpose without storing any personal identifiable or traceable data in the blockchain. Therefore, people cannot utilize information stored in the blockchain to compromise user privacy. Furthermore, this study implements a prototype system using Quorum blockchain technology. The experimental results show that the framework can be realized with existing blockchain technologies. Therefore, this study can provide a feasible privacy preserving means of achieving data portability and providing individuals the rights to be forgotten considering dispute resolution.