RuleML2015: Towards Formal Semantics for ODRL Policies
0 likes1,672 views
The document discusses formal semantics for Open Digital Rights Language (ODRL) policies, focusing on their application in policy-driven data markets and compliance checking. It covers the formulation of expressive policies, evaluation procedures, and conflict resolution strategies among ODRL policies. Key contributions include defining abstract syntax, formalizing policy semantics, and addressing dependencies among policies for effective evaluation.
![PAGE 9
@prefix odrl: <http://w3.org/ns/odrl/2/> .
@prefix : <http://www.example.com/> .
:policy1 a odrl:Agreement ;
odrl:permission [
a odrl:Permission;
odrl:assigner :owner;
odrl:assignee :alice;
odrl:action odrl:read;
odrl:target :dataset1;
odrl:constraint [
a odrl:Constraint;
odrl:operator odrl:lteq;
odrl:dateTime "2016-12-31"^^xsd:date
] .
Listing 1
Policy Examples 1/3
Permitting access only in specific time frames](https://image.slidesharecdn.com/ruleml2015-towardsformalsemanticsforodrlpolicies-150729141338-lva1-app6892/85/RuleML2015-Towards-Formal-Semantics-for-ODRL-Policies-9-320.jpg)
![PAGE 10
@prefix odrl: <http://w3.org/ns/odrl/2/> .
@prefix : <http://www.example.com/> .
:policy2 a odrl:Set;
odrl:permission [
a odrl:Permission;
odrl:action odrl:reproduce,
odrl:distribute,
odrl:derive;
odrl:duty odrl:attribution,
odrl:attachPolicy,
odrl:shareAlike
] .
odrl:prohibiton odrl:commercialize .
Listing 2
Policy Examples 2/3
Representing license information (CC-BY-NC-SA)
Villata et al. (ESWC 2014)](https://image.slidesharecdn.com/ruleml2015-towardsformalsemanticsforodrlpolicies-150729141338-lva1-app6892/85/RuleML2015-Towards-Formal-Semantics-for-ODRL-Policies-10-320.jpg)
![PAGE 11
@prefix gr: <http://purl.org/goodrel/v1#> .
@prefix odrl: <http://w3.org/ns/odrl/2/> .
@prefix gn: <http://www.geonames.org/ontology#">.
@prefix : <http://www.example.com/> .
:policy3 a odrl:Set;
odrl:permission [
a odrl:Permission;
odrl:action odrl:read;
odrl:target :dataset;
odrl:duty [
a odrl:Duty;
odrl:action odrl:pay;
odrl:constraint [
a odrl:Constraint ;
odrl:payAmount 50.00 ;
odrl:operator odrl:eq ;
odrl:unit
<http://cvx.iptc.org/iso4217a:EUR>
] .
Listing 3
Policy Examples 3/3
Combining prohibitions and permissions
odrl:prohibtion [
a odrl:Prohibition;
odrl:action odrl:distribute;
odrl:target :dataset;
odrl:constraint [
a odrl:Constraint;
odrl:operator odrl:eq;
odrl:spatial [
a gn:Feature.
gn:countryCode “AT”
] .
] .
] .](https://image.slidesharecdn.com/ruleml2015-towardsformalsemanticsforodrlpolicies-150729141338-lva1-app6892/85/RuleML2015-Towards-Formal-Semantics-for-ODRL-Policies-11-320.jpg)
RuleML2015: Towards Formal Semantics for ODRL Policies
- 1. Towards Formal Semantics for ODRL Policies Simon Steyskal and Axel Polleres web: http://steyskal.info mail: simon.steyskal@wu.ac.at twitter: @simonsteys
- 2. Agenda 1. Motivation Policy-driven Data Markets Compliance Checking in BPM Requirements for Policy Language 2. Formulating Expressive Policies using ODRL Open Digital Rights Language (ODRL) Policy Examples Implicit/Explicit Dependencies among ODRL Policies 3. Formal Semantics of ODRL General Evaluation Procedure Abstract Syntax of ODRL Conflict Resolution PAGE 2
- 3. Agenda 1. Motivation Policy-driven Data Markets Compliance Checking in BPM Requirements for Policy Language 2. Formulating Expressive Policies using ODRL Open Digital Rights Language (ODRL) Policy Examples Implicit/Explicit Dependencies among ODRL Policies 3. Formal Semantics of ODRL General Evaluation Procedure Abstract Syntax of ODRL Conflict Resolution PAGE 3
- 5. Compliance Checking in BPM PAGE 5 http://ssrg.nicta.com.au/projects/bpc https://ai.wu.ac.at/shape-project/
- 6. Requirements for Policy Language Expressivity It should be possible to model complex policies. Such complex policies may include obligations, constraints or specific conflict resolution strategies. Extensibility If required, it should be easy to add additional concepts to the policy language. Flexibility The policy language should be flexible enough to be used within different scenarios. PAGE 6
- 7. Agenda 1. Motivation Policy-driven Data Markets Compliance Checking in BPM Requirements for Policy Language 2. Formulating Expressive Policies using ODRL Open Digital Rights Language (ODRL) Policy Examples Implicit/Explicit Dependencies among ODRL Policies 3. Formal Semantics of ODRL General Evaluation Procedure Abstract Syntax of ODRL Conflict Resolution PAGE 7
- 8. Open Digital Rights Language (ODRL) PAGE 8 https://www.w3.org/community/odrl/model/2.1/
- 9. PAGE 9 @prefix odrl: <http://w3.org/ns/odrl/2/> . @prefix : <http://www.example.com/> . :policy1 a odrl:Agreement ; odrl:permission [ a odrl:Permission; odrl:assigner :owner; odrl:assignee :alice; odrl:action odrl:read; odrl:target :dataset1; odrl:constraint [ a odrl:Constraint; odrl:operator odrl:lteq; odrl:dateTime "2016-12-31"^^xsd:date ] . Listing 1 Policy Examples 1/3 Permitting access only in specific time frames
- 10. PAGE 10 @prefix odrl: <http://w3.org/ns/odrl/2/> . @prefix : <http://www.example.com/> . :policy2 a odrl:Set; odrl:permission [ a odrl:Permission; odrl:action odrl:reproduce, odrl:distribute, odrl:derive; odrl:duty odrl:attribution, odrl:attachPolicy, odrl:shareAlike ] . odrl:prohibiton odrl:commercialize . Listing 2 Policy Examples 2/3 Representing license information (CC-BY-NC-SA) Villata et al. (ESWC 2014)
- 11. PAGE 11 @prefix gr: <http://purl.org/goodrel/v1#> . @prefix odrl: <http://w3.org/ns/odrl/2/> . @prefix gn: <http://www.geonames.org/ontology#">. @prefix : <http://www.example.com/> . :policy3 a odrl:Set; odrl:permission [ a odrl:Permission; odrl:action odrl:read; odrl:target :dataset; odrl:duty [ a odrl:Duty; odrl:action odrl:pay; odrl:constraint [ a odrl:Constraint ; odrl:payAmount 50.00 ; odrl:operator odrl:eq ; odrl:unit <http://cvx.iptc.org/iso4217a:EUR> ] . Listing 3 Policy Examples 3/3 Combining prohibitions and permissions odrl:prohibtion [ a odrl:Prohibition; odrl:action odrl:distribute; odrl:target :dataset; odrl:constraint [ a odrl:Constraint; odrl:operator odrl:eq; odrl:spatial [ a gn:Feature. gn:countryCode “AT” ] . ] . ] .
- 12. Policies govern execution of actions over assets. Does permission of one action interfere with prohibition of another action? Direct Dependency Implicit Dependency Explicit Dependency Dependencies among ODRL Policies PAGE 12 :ex1 a odrl:Set; odrl:permission odrl:read. :ex2 a odrl:Set; odrl:prohibition odrl:read. :ex1 a odrl:Set; odrl:permission odrl:share. :ex2 a odrl:Set; odrl:prohibition odrl:distribute. :ex1 a odrl:Set; odrl:permission odrl:use. :ex2 a odrl:Set; odrl:prohibition odrl:display. ? ? ?
- 13. ODRL explicitly defines a hierarchy among its actions e.g. odrl:present is a broader term/action for odrl:display Governing execution of a more general action, influences execution of its narrower ones too. Explicit Dependencies among ODRL Policies PAGE 13 odrl:present odrl:display odrl:play odrl:print skos:broaderTransitive
- 14. Implicit Dependencies among ODRL Policies PAGE 14 Other dependencies are only implicitly expressed as part of the natural language description of ODRL actions. e.g. odrl:share Prohibition of either odrl:reproduce/odrl:copy or odrl:distribute would cause a conflict, if odrl:share would be permitted at the same time.
- 15. Agenda 1. Motivation Policy-driven Data Markets Compliance Checking in BPM Requirements for Policy Language 2. Formulating Expressive Policies using ODRL Open Digital Rights Language (ODRL) Policy Examples Implicit/Explicit Dependencies among ODRL Policies 3. Formal Semantics of ODRL General Evaluation Procedure Abstract Syntax of ODRL Conflict Resolution PAGE 15
- 16. General Evaluation Procedure PAGE 16 Data Consumer Data Provider Request (party,action,asset) Check applicable policies 1 2 1. A query request consists of: optional information about requesting party, the requested action to be performed, and asset the requested action should be performed on. Evaluation result3 Policy Store
- 17. 2. A policy is applicable, if at least one of its rules is applicable. A rule is applicable, if its action, asset, and party (if specified) information match those of the request, its constraints hold (if specified), and its duties are fulfilled (if specified). General Evaluation Procedure PAGE 17 Data Consumer Data Provider Request (party,action,asset) Policy Store Check applicable policies 1 2Evaluation result3
- 18. 3. Result of a query request evaluation can either be: permission – query request is permitted prohibition – query request is prohibited conditional prohibition – query request is prohibited due to open obligation(s) condition permission – query request is permitted since all its obligation(s) are fulfilled not applicable – there is no applicable nor active policy for the query request General Evaluation Procedure PAGE 18 Data Consumer Data Provider Request (party,action,asset) Policy Store Check applicable policies 1 2Evaluation result3
- 19. Abstract Syntax of ODRL PAGE 19
- 20. Conflict Resolution How to deal with conflicting evaluation results? PAGE 20 ODRL defines three different conflict resolution strategies perm, prohibit, invalid @prefix odrl: <http://w3.org/ns/odrl/2/> . @prefix : <http://www.example.com/> . :policy1 a odrl:Agreement ; odrl:permission [ a odrl:Permission; odrl:assigner :owner; odrl:assignee :alice; odrl:action odrl:read; odrl:target :dataset1; @prefix odrl: <http://w3.org/ns/odrl/2/> . @prefix : <http://www.example.com/> . :policy2 a odrl:Agreement ; odrl:prohibition [ a odrl:Prohibition; odrl:assigner :owner; odrl:assignee :alice; odrl:action odrl:read; odrl:target :dataset1;
- 21. Permission Overrides (perm) Semantics Whenever there are two rules in conflict with each other, the one granting permission to execute an action a on a particular asset overrules the one prohibiting its execution. PAGE 21
- 22. Prohibition Overrides (prohibit) Semantics Whenever there are two rules in conflict with each other, the one prohibiting execution of an action a on a particular asset overrules any permission of a. PAGE 22
- 23. No Conflicts Allowed (invalid) Semantics Whenever there are two rules in conflict with each other, no answer can be returned. invalid is ODRL’s default conflict resolution strategy. PAGE 23
- 24. Conclusion Contributions Definition of an abstract syntax for expressing ODRL policies. Formalization of a possible interpretation of ODRL policy semantics. Discussion of a solution proposal for considering dependencies among ODRL actions for policy evaluation. Future Work Introducing the concept of Policy Sets as container for policies which allows to combine the evaluation results of policies independently of their respective chosen conflict resolution strategy. Formalizing and extending the mapping between ODRL policies and logic programs, which enables basic, rule-based reasoning Addressing the elaborate provision of proofs for constraints and duties which are currently assumed to be provided by the requester itself. PAGE 24