RuleML2015: Towards Formal Semantics for ODRL Policies

Towards Formal Semantics for ODRL PoliciesSimon Steyskal and Axel Polleres

web: http://steyskal.info

mail: [email protected]

twitter: @simonsteys

Agenda

1. Motivation Policy-driven Data Markets Compliance Checking in BPM Requirements for Policy Language

2. Formulating Expressive Policies using ODRL Open Digital Rights Language (ODRL) Policy Examples Implicit/Explicit Dependencies among ODRL Policies

3. Formal Semantics of ODRL General Evaluation Procedure Abstract Syntax of ODRL Conflict Resolution

PAGE 2

Agenda




PAGE 3

Policy-driven Data Markets

PAGE 4

Compliance Checking in BPM

PAGE 5

http://ssrg.nicta.com.au/projects/bpc

https://ai.wu.ac.at/shape-project/

Requirements for Policy Language

Expressivity It should be possible to model complex policies. Such complex policies may include obligations, constraints or

specific conflict resolution strategies.

Extensibility If required, it should be easy to add additional concepts to the

policy language.

Flexibility The policy language should be flexible enough to be used within

different scenarios.

PAGE 6

Agenda




PAGE 7

Open Digital Rights Language (ODRL)

PAGE 8https://www.w3.org/community/odrl/model/2.1/

PAGE 9

@prefix odrl: <http://w3.org/ns/odrl/2/> .@prefix : <http://www.example.com/> .

:policy1 a odrl:Agreement ;odrl:permission [

a odrl:Permission;odrl:assigner :owner;odrl:assignee :alice; odrl:action odrl:read;odrl:target :dataset1;odrl:constraint [

a odrl:Constraint;odrl:operator odrl:lteq;odrl:dateTime "2016-12-31"^^xsd:date

] .

Listing 1

Policy Examples 1/3Permitting access only in specific time frames

PAGE 10


:policy2 a odrl:Set;odrl:permission [

a odrl:Permission;odrl:action odrl:reproduce,

odrl:distribute, odrl:derive;

odrl:duty odrl:attribution, odrl:attachPolicy, odrl:shareAlike

] .odrl:prohibiton odrl:commercialize .

Listing 2

Policy Examples 2/3Representing license information (CC-BY-NC-SA)

Villata et al. (ESWC 2014)

PAGE 11

@prefix gr: <http://purl.org/goodrel/v1#> .@prefix odrl: <http://w3.org/ns/odrl/2/> .@prefix gn: <http://www.geonames.org/ontology#">.@prefix : <http://www.example.com/> .

:policy3 a odrl:Set;odrl:permission [

a odrl:Permission;odrl:action odrl:read;odrl:target :dataset;odrl:duty [

a odrl:Duty;odrl:action odrl:pay;odrl:constraint [a odrl:Constraint ;odrl:payAmount 50.00 ;odrl:operator odrl:eq ;odrl:unit

<http://cvx.iptc.org/iso4217a:EUR>] .

Listing 3

Policy Examples 3/3Combining prohibitions and permissions

odrl:prohibtion [a odrl:Prohibition;odrl:action odrl:distribute;odrl:target :dataset;odrl:constraint [

a odrl:Constraint;odrl:operator odrl:eq; odrl:spatial [

a gn:Feature.gn:countryCode “AT”

] .] .

] .

Policies govern execution of actions over assets. Does permission of one action interfere with prohibition

of another action?

Direct Dependency

Implicit Dependency

Explicit Dependency

Dependencies among ODRL Policies

PAGE 12

:ex1 a odrl:Set;odrl:permission odrl:read.

:ex2 a odrl:Set;odrl:prohibition odrl:read.

:ex1 a odrl:Set;odrl:permission odrl:share.

:ex2 a odrl:Set;odrl:prohibition odrl:distribute.

:ex1 a odrl:Set;odrl:permission odrl:use.

:ex2 a odrl:Set;odrl:prohibition odrl:display.

?

?

?

ODRL explicitly defines a hierarchy among its actions e.g. odrl:present is a broader term/action for odrl:display

Governing execution of a more general action, influences execution of its narrower ones too.

Explicit Dependencies among ODRL Policies

PAGE 13

odrl:present

odrl:display odrl:play

odrl:print

skos:broaderTransitive

Implicit Dependencies among ODRL Policies

PAGE 14

Other dependencies are only implicitly expressed as part of the natural language description of ODRL actions.

e.g. odrl:share Prohibition of either odrl:reproduce/odrl:copy or odrl:distribute

would cause a conflict, if odrl:share would be permitted at the same time.

Agenda




PAGE 15

General Evaluation Procedure

PAGE 16

Data Consumer Data ProviderRequest(party,action,asset)

Check applicablepolicies

1

2

1. A query request consists of: optional information about requesting party, the requested action to be performed, and asset the requested action should be performed on.

Evaluation result3

Policy Store

2. A policy is applicable, if at least one of its rules is applicable. A rule is applicable, if its action, asset, and party (if specified) information match those of the request,

its constraints hold (if specified), and

its duties are fulfilled (if specified).


PAGE 17


Policy Store


1

2Evaluation result3

3. Result of a query request evaluation can either be: permission – query request is permitted

prohibition – query request is prohibited

conditional prohibition – query request is prohibited due to open obligation(s)

condition permission – query request is permitted since all its obligation(s) arefulfilled

not applicable – there is no applicable nor active policy for the query request


PAGE 18


Policy Store


1

2Evaluation result3

Abstract Syntax of ODRL

PAGE 19

Conflict Resolution

How to deal with conflicting evaluation results?

PAGE 20

ODRL defines three different conflict resolution strategies perm, prohibit, invalid


:policy1 a odrl:Agreement ;odrl:permission [

a odrl:Permission;odrl:assigner :owner;odrl:assignee :alice; odrl:action odrl:read;odrl:target :dataset1;


:policy2 a odrl:Agreement ;odrl:prohibition [

a odrl:Prohibition;odrl:assigner :owner;odrl:assignee :alice; odrl:action odrl:read;odrl:target :dataset1;

Permission Overrides (perm)

Semantics Whenever there are two rules in conflict with each other, the one

granting permission to execute an action a on a particular asset overrules the one prohibiting its execution.

PAGE 21

Prohibition Overrides (prohibit)

Semantics Whenever there are two rules in conflict with each other, the one

prohibiting execution of an action a on a particular asset overrules any permission of a.

PAGE 22

No Conflicts Allowed (invalid)

Semantics Whenever there are two rules in conflict with each other, no

answer can be returned. invalid is ODRL’s default conflict resolution strategy.

PAGE 23

Conclusion

Contributions Definition of an abstract syntax for expressing ODRL policies. Formalization of a possible interpretation of ODRL policy semantics. Discussion of a solution proposal for considering dependencies

among ODRL actions for policy evaluation. Future Work Introducing the concept of Policy Sets as container for policies which

allows to combine the evaluation results of policies independently of their respective chosen conflict resolution strategy.

Formalizing and extending the mapping between ODRL policies and logic programs, which enables basic, rule-based reasoning

Addressing the elaborate provision of proofs for constraints and duties which are currently assumed to be provided by the requester itself.

PAGE 24

Science

RuleML2015: Towards Formal Semantics for ODRL Policies