As personal health and sensitive data increasingly moves online, ensuring that individuals retain genuine ownership and control over their information is a central challenge for privacy-first infrastructure. The Solid specification provides a foundation for Personal Online Datastores (PODs) — decentralised data vaults where individuals hold their own data — but storing data in a POD alone does not guarantee it remains private from the server operator or any other party with access to the infrastructure.
A Trust-No-One environment means data stored in PODs is encrypted by default, decrypted only locally on the user's own device, and shared with others using public-key infrastructure.
This work from the ANU Software Innovation Institute addresses that gap by implementing a Trust-No-One (TNO) security model for Solid PODs. Under this zero-trust architecture, no party — not even the POD server operator — is automatically trusted. Data is encrypted at rest using a master key derived from the user's credentials, and encryption secrets are never transmitted or stored in plaintext. Decryption happens exclusively on the user's local device, meaning the server sees only ciphertext at all times.
Secure data sharing without exposing keys
A key challenge in any end-to-end encrypted system is enabling controlled, selective sharing — allowing a user to share specific files with a clinician or researcher without compromising the broader security of their vault. This work solves the problem using a public-key infrastructure layered over Solid's existing Access Control Lists (ACLs). Each file is encrypted with a unique random session key; that session key is then encrypted with the recipient's public key and stored in the sharer's POD. The recipient uses their private key to recover the session key and decrypt only the files they have been granted access to.
The team developed a Secure POD Data Model (SPDM) — a formal
ontology capturing the concepts and relationships of the TNO security model,
including the Person, POD DataFile, and
SharedKey classes. This data model underpins all encryption,
key management, and sharing operations in the system, and is designed to
be reusable across different Solid-based applications.
Real-world application: Indigenous health care in Yarrabah
The encryption framework was developed in direct response to a real deployment need: a digital health platform built in collaboration with Gurriny Yealamucka Health Service and the Yarrabah community in Far North Queensland — traditional country of the Gunggandji and Yidinji peoples. For Indigenous patients managing diabetes, it was essential that individuals could be confident their health data in the cloud was entirely private, and that they — not the health service or the platform — decided who could see it.
This work was partially funded by the Australian Government's Medical Research Future Fund National Critical Infrastructure Initiative Grant MRFCRI000138, and by Universities Australia and the German Academic Exchange Service (DAAD) grant 57701258.