ruleml2015: towards formal semantics for odrl policies
TRANSCRIPT
![Page 1: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/1.jpg)
Towards Formal Semantics for ODRL PoliciesSimon Steyskal and Axel Polleres
web: http://steyskal.info
mail: [email protected]
twitter: @simonsteys
![Page 2: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/2.jpg)
Agenda
1. Motivation Policy-driven Data Markets Compliance Checking in BPM Requirements for Policy Language
2. Formulating Expressive Policies using ODRL Open Digital Rights Language (ODRL) Policy Examples Implicit/Explicit Dependencies among ODRL Policies
3. Formal Semantics of ODRL General Evaluation Procedure Abstract Syntax of ODRL Conflict Resolution
PAGE 2
![Page 3: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/3.jpg)
Agenda
1. Motivation Policy-driven Data Markets Compliance Checking in BPM Requirements for Policy Language
2. Formulating Expressive Policies using ODRL Open Digital Rights Language (ODRL) Policy Examples Implicit/Explicit Dependencies among ODRL Policies
3. Formal Semantics of ODRL General Evaluation Procedure Abstract Syntax of ODRL Conflict Resolution
PAGE 3
![Page 4: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/4.jpg)
Policy-driven Data Markets
PAGE 4
![Page 5: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/5.jpg)
Compliance Checking in BPM
PAGE 5
http://ssrg.nicta.com.au/projects/bpc
https://ai.wu.ac.at/shape-project/
![Page 6: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/6.jpg)
Requirements for Policy Language
Expressivity It should be possible to model complex policies. Such complex policies may include obligations, constraints or
specific conflict resolution strategies.
Extensibility If required, it should be easy to add additional concepts to the
policy language.
Flexibility The policy language should be flexible enough to be used within
different scenarios.
PAGE 6
![Page 7: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/7.jpg)
Agenda
1. Motivation Policy-driven Data Markets Compliance Checking in BPM Requirements for Policy Language
2. Formulating Expressive Policies using ODRL Open Digital Rights Language (ODRL) Policy Examples Implicit/Explicit Dependencies among ODRL Policies
3. Formal Semantics of ODRL General Evaluation Procedure Abstract Syntax of ODRL Conflict Resolution
PAGE 7
![Page 8: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/8.jpg)
Open Digital Rights Language (ODRL)
PAGE 8https://www.w3.org/community/odrl/model/2.1/
![Page 9: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/9.jpg)
PAGE 9
@prefix odrl: <http://w3.org/ns/odrl/2/> .@prefix : <http://www.example.com/> .
:policy1 a odrl:Agreement ;odrl:permission [
a odrl:Permission;odrl:assigner :owner;odrl:assignee :alice; odrl:action odrl:read;odrl:target :dataset1;odrl:constraint [
a odrl:Constraint;odrl:operator odrl:lteq;odrl:dateTime "2016-12-31"^^xsd:date
] .
Listing 1
Policy Examples 1/3Permitting access only in specific time frames
![Page 10: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/10.jpg)
PAGE 10
@prefix odrl: <http://w3.org/ns/odrl/2/> .@prefix : <http://www.example.com/> .
:policy2 a odrl:Set;odrl:permission [
a odrl:Permission;odrl:action odrl:reproduce,
odrl:distribute, odrl:derive;
odrl:duty odrl:attribution, odrl:attachPolicy, odrl:shareAlike
] .odrl:prohibiton odrl:commercialize .
Listing 2
Policy Examples 2/3Representing license information (CC-BY-NC-SA)
Villata et al. (ESWC 2014)
![Page 11: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/11.jpg)
PAGE 11
@prefix gr: <http://purl.org/goodrel/v1#> .@prefix odrl: <http://w3.org/ns/odrl/2/> .@prefix gn: <http://www.geonames.org/ontology#">.@prefix : <http://www.example.com/> .
:policy3 a odrl:Set;odrl:permission [
a odrl:Permission;odrl:action odrl:read;odrl:target :dataset;odrl:duty [
a odrl:Duty;odrl:action odrl:pay;odrl:constraint [a odrl:Constraint ;odrl:payAmount 50.00 ;odrl:operator odrl:eq ;odrl:unit
<http://cvx.iptc.org/iso4217a:EUR>] .
Listing 3
Policy Examples 3/3Combining prohibitions and permissions
odrl:prohibtion [a odrl:Prohibition;odrl:action odrl:distribute;odrl:target :dataset;odrl:constraint [
a odrl:Constraint;odrl:operator odrl:eq; odrl:spatial [
a gn:Feature.gn:countryCode “AT”
] .] .
] .
![Page 12: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/12.jpg)
Policies govern execution of actions over assets. Does permission of one action interfere with prohibition
of another action?
Direct Dependency
Implicit Dependency
Explicit Dependency
Dependencies among ODRL Policies
PAGE 12
:ex1 a odrl:Set;odrl:permission odrl:read.
:ex2 a odrl:Set;odrl:prohibition odrl:read.
:ex1 a odrl:Set;odrl:permission odrl:share.
:ex2 a odrl:Set;odrl:prohibition odrl:distribute.
:ex1 a odrl:Set;odrl:permission odrl:use.
:ex2 a odrl:Set;odrl:prohibition odrl:display.
?
?
?
![Page 13: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/13.jpg)
ODRL explicitly defines a hierarchy among its actions e.g. odrl:present is a broader term/action for odrl:display
Governing execution of a more general action, influences execution of its narrower ones too.
Explicit Dependencies among ODRL Policies
PAGE 13
odrl:present
odrl:display odrl:play
odrl:print
skos:broaderTransitive
![Page 14: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/14.jpg)
Implicit Dependencies among ODRL Policies
PAGE 14
Other dependencies are only implicitly expressed as part of the natural language description of ODRL actions.
e.g. odrl:share Prohibition of either odrl:reproduce/odrl:copy or odrl:distribute
would cause a conflict, if odrl:share would be permitted at the same time.
![Page 15: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/15.jpg)
Agenda
1. Motivation Policy-driven Data Markets Compliance Checking in BPM Requirements for Policy Language
2. Formulating Expressive Policies using ODRL Open Digital Rights Language (ODRL) Policy Examples Implicit/Explicit Dependencies among ODRL Policies
3. Formal Semantics of ODRL General Evaluation Procedure Abstract Syntax of ODRL Conflict Resolution
PAGE 15
![Page 16: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/16.jpg)
General Evaluation Procedure
PAGE 16
Data Consumer Data ProviderRequest(party,action,asset)
Check applicablepolicies
1
2
1. A query request consists of: optional information about requesting party, the requested action to be performed, and asset the requested action should be performed on.
Evaluation result3
Policy Store
![Page 17: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/17.jpg)
2. A policy is applicable, if at least one of its rules is applicable. A rule is applicable, if its action, asset, and party (if specified) information match those of the request,
its constraints hold (if specified), and
its duties are fulfilled (if specified).
General Evaluation Procedure
PAGE 17
Data Consumer Data ProviderRequest(party,action,asset)
Policy Store
Check applicablepolicies
1
2Evaluation result3
![Page 18: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/18.jpg)
3. Result of a query request evaluation can either be: permission – query request is permitted
prohibition – query request is prohibited
conditional prohibition – query request is prohibited due to open obligation(s)
condition permission – query request is permitted since all its obligation(s) arefulfilled
not applicable – there is no applicable nor active policy for the query request
General Evaluation Procedure
PAGE 18
Data Consumer Data ProviderRequest(party,action,asset)
Policy Store
Check applicablepolicies
1
2Evaluation result3
![Page 19: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/19.jpg)
Abstract Syntax of ODRL
PAGE 19
![Page 20: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/20.jpg)
Conflict Resolution
How to deal with conflicting evaluation results?
PAGE 20
ODRL defines three different conflict resolution strategies perm, prohibit, invalid
@prefix odrl: <http://w3.org/ns/odrl/2/> .@prefix : <http://www.example.com/> .
:policy1 a odrl:Agreement ;odrl:permission [
a odrl:Permission;odrl:assigner :owner;odrl:assignee :alice; odrl:action odrl:read;odrl:target :dataset1;
@prefix odrl: <http://w3.org/ns/odrl/2/> .@prefix : <http://www.example.com/> .
:policy2 a odrl:Agreement ;odrl:prohibition [
a odrl:Prohibition;odrl:assigner :owner;odrl:assignee :alice; odrl:action odrl:read;odrl:target :dataset1;
![Page 21: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/21.jpg)
Permission Overrides (perm)
Semantics Whenever there are two rules in conflict with each other, the one
granting permission to execute an action a on a particular asset overrules the one prohibiting its execution.
PAGE 21
![Page 22: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/22.jpg)
Prohibition Overrides (prohibit)
Semantics Whenever there are two rules in conflict with each other, the one
prohibiting execution of an action a on a particular asset overrules any permission of a.
PAGE 22
![Page 23: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/23.jpg)
No Conflicts Allowed (invalid)
Semantics Whenever there are two rules in conflict with each other, no
answer can be returned. invalid is ODRL’s default conflict resolution strategy.
PAGE 23
![Page 24: RuleML2015: Towards Formal Semantics for ODRL Policies](https://reader034.vdocuments.mx/reader034/viewer/2022042702/55d0d614bb61eb686b8b45fb/html5/thumbnails/24.jpg)
Conclusion
Contributions Definition of an abstract syntax for expressing ODRL policies. Formalization of a possible interpretation of ODRL policy semantics. Discussion of a solution proposal for considering dependencies
among ODRL actions for policy evaluation. Future Work Introducing the concept of Policy Sets as container for policies which
allows to combine the evaluation results of policies independently of their respective chosen conflict resolution strategy.
Formalizing and extending the mapping between ODRL policies and logic programs, which enables basic, rule-based reasoning
Addressing the elaborate provision of proofs for constraints and duties which are currently assumed to be provided by the requester itself.
PAGE 24