Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ODRL in Solid #55

Open
csarven opened this issue Dec 1, 2019 · 6 comments
Open

ODRL in Solid #55

csarven opened this issue Dec 1, 2019 · 6 comments
Labels

Comments

@csarven
Copy link
Member

csarven commented Dec 1, 2019

I'm keeping coming back to the ODRL Information Model: https://www.w3.org/TR/odrl-model/ .

I'm logging this so that we can evaluate ODRL's fit for Solid. Or something pertaining to policies.

This is an important piece of the ecosystem puzzle as we go forward.

It'd be ideal to coordinate with the Data Interoperability Panel: https://github.com/solid/data-interoperability-panel/

See also:

@jaxoncreed
Copy link
Contributor

This looks good. We probably would still need to invent some way to denote things like "all resources including this shape". Perhaps that could be an extension of an asset collection.

@michielbdejong
Copy link
Contributor

CC @Mitzi-Laszlo

@simonstey
Copy link

This looks good. We probably would still need to invent some way to denote things like "all resources including this shape". Perhaps that could be an extension of an asset collection.

something along the lines of this?

<http://alice.pod/policy:88>
    a odrl:Policy ;
    odrl:permission [ 
        odrl:target [
            a odrl:AssetCollection ;
            odrl:source <http://alice.pod/share/photoAnnotations/> ;
            odrl:refinement [
                a sh:NodeShape ;
                sh:pattern "public" ;
                sh:flags   "i" .
            ]
        ]
        odrl:action acl:Read;
    ] .

ODRL Constraints would be replaced with SHACL shapes where all focus nodes passing the refinement node shape would serve as target to the permission.

@coolharsh55
Copy link

Of relevance is work by @besteves4 @vroddon and mysel - where the ODRL policy is used to express preferences for sharing categories of data for specific purposes. Example:

:policy-1 a odrl:Policy ;
    odrl:profile oac: ;
    odrl:permission [
        a odrl:Permission ;
        odrl:assigner :anne ;
        odrl:target oac:Contact ;
        odrl:action oac:Read ;
        odrl:constraint [
            odrl:leftOperand oac:Purpose ;
            odrl:operator odrl:isA ;
            odrl:rightOperand 
                dpv:ResearchAndDevelopment ] ] .
                
:anne a oac:DataSubject ;
    cert:key <https://anne.databox.me/profile/card#me> .

@timbl
Copy link
Contributor

timbl commented Sep 13, 2021

How does ODRL fit with/compete with gConsent? gConsent has a concept of what purpose the information or access is going to be used for, which I think is important.

@coolharsh55
Copy link

GConsent (and others like DPV) can complement ODRL to express legal concepts of Purpose and Processing (e.g. EU/GDPR). ODRL's Action concept tells what is the operation, but not why it needs to happen (as you point out). To have ODRL express the purpose of action, possibilities are:

  1. Combine Processing and Purpose together into an Action. e.g. Collect for Service Provision where Collect is processing operation and Service Provision is the purpose (missing item is data i.e. Collect <data> for .... which is an Asset in ODRL)
  2. Consider Processing to be same/similar as Action and express Purpose as part of a restriction on where that action can be applied. This is the approach taken in my earlier comment
  3. Create a new concept to integrate Purpose in an ODRL rule or profile. Example is of this is in ODRL policy modelling and compliance checking by Vos et al. https://doi.org/10.1007/978-3-030-31095-0_3 ODRL example: https://github.com/instsuite/instsuite.github.io/blob/master/gdpr.ial
<http://example.com/policy:01> a orcp:Set ;
    odrl:profile <http://example.com/odrl:profile:regulatory-compliance> .
    orcp:request [ 
         odrl:action orcp:Processing ;
         orcp:resource orcp:PersonalData ;
         orcp:controller <http://example.com/CompanyA> ;
         orcp:purpose orcp:KYC ;
         orcp:location orcp:EU ;
         orcp:legalBasis orcp:Consent ; 
         odrl:responsibleParty orcp:Controller
] ;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

6 participants