W3C home > Mailing lists > Public > public-dpvcg@w3.org > August 2018

Re: Are there any concerns about using ODRL to model Consent?

From: Axel Polleres <axel.polleres@wu.ac.at>
Date: Fri, 17 Aug 2018 10:53:11 +0200
Message-Id: <01334E10-1FA5-48C4-8499-63F0AF7B66AF@wu.ac.at>
Cc: public-dpvcg@w3.org, Simon Steyskal <simon.steyskal@wu.ac.at>, "Javier D. Fernández" <jfernand@wu.ac.at>, piero.bonatti@unina.it
To: me@harshp.com
Piero, Javier to confirm, but my understanding is as follows: for the consent /compliance checking model of SPECIAL, all understan consent as composed of permissions modeling the permitted
a) processing 
b) of particular data categories
c) for particular purposes 
d) using specific storage location/duration
e) and optionally involving categories of data sharing
within SPECIAL, not full semantic descriptions of these at a finer level of granularity a la ODRL (although maybe these could (should?) inded be linked).
All these a)-e) at the moment we model by relatively simple taxonomies (not even very complex OWL reasoning).

Opinions/discussions welcome!

Axel

--
Prof. Dr. Axel Polleres
Institute for Information Business, WU Vienna
url: http://www.polleres.net/  twitter: @AxelPolleres

> On 16.08.2018, at 18:52, Harsh <me@harshp.com> wrote:
> 
> Ah! Thank you Axel.
> So the assumption I make from this is that it is possible to use ODRL, but simpler methods may exist (such as the OWL model). That being said, the work ahead would then be comparing these, and finding their strengths and complexities in terms of modeling consent. 
> This cleared up a lot of things in my mind regarding your (SPECIAL) choice of using OWL as well. Mainly being that it is specific to the use-case and works quite well if the purposes (w.r.t consent) are known ahead of time. 
> 
> Regards,
> 
> Harsh
> 
> On 16/08/18 16:06, Axel Polleres wrote:
>> </chairhat>
>> 
>> Simon might be more into this, we had some work using ODRL for modeling various Data access policies [1,2]
>> The reason for the choice of a simpler OWL taxonomy and fixed concepts (rathrer than describing each of these in detail in terms of more finr-granular ODRL policies, was AFAIR that the use cases in SPECIAL didn't require it and that with this OWL-based approach compliance checking can be defined in a relatively straightforward manner.
>> 
>> 1. Simon Steyskal and Axel Polleres. Towards formal semantics for ODRL policies. In 9th International Web Rule Symposium (RuleML2015), number 9202 in Lecture Notes in Computer Science (LNCS), pages 360--375, Berlin, Germany, August 2015. Springer. [ .pdf <http://www.polleres.net/publications/stey-poll-2015RuleML.pdf> ]
>>  
>> 2. Simon Steyskal and Axel Polleres. Defining expressive access policies for linked data using the ODRL ontology 2.0. In Proceedings of the SEMANTiCS 2014, ACM International Conference Proceedings Series, Leipzig, Germany, September 2014. ACM. Short paper. [ .pdf <http://www.polleres.net/publications/stey-poll-2014SEMANTiCS.pdf> ]
>>  
>> --
>> Prof. Dr. Axel Polleres
>> Institute for Information Business, WU Vienna
>> url: http://www.polleres.net/ <http://www.polleres.net/>  twitter: @AxelPolleres
>> 
>>> On 16.08.2018, at 16:16, Harsh <me@harshp.com <mailto:me@harshp.com>> wrote:
>>> 
>>> Hello all,
>>> 
>>> I wish to know the community's informed opinions about any concerns for using ODRL to model Consent for GDPR.
>>> 
>>> To elaborate:
>>> 
>>> Consent can be modeled as the Data Subject providing permissions for purposes or activities for their (specific) personal data. ODRL provides a systematic way to model such permissions and prohibitions.
>>> 
>>> However, to date, I am not aware of any work attempting to model consent using ODRL (that has published their approach). There has been use of RDF(S) and OWL [1,2] to model these concepts using terms which ODRL (seemingly) already provides.
>>> 
>>> Having not worked with ODRL before, it would be valuable to know the community's thoughts on using what is essentially a rights language to express consent as a legal policy using the vocabulary.
>>> 
>>> In terms of DPVCG, this discussion is essentially evaluating an existing ontology (ODRL) for a particular use-case (representation of given consent).
>>> [1] Sabrina Kirrane, Javier D. Fernández, Wouter Dullaert, Uros Milosevic, Axel Polleres, Piero Bonatti, Rigo Wenning, Olha Drozd and Philip Raschke. A Scalable Consent, Transparency and Compliance Architecture. Proceedings of the Posters and Demos Track of the Extended Semantic Web Conference (ESWC 2018)
>>> 
>>> [2] Kaniz Fatema, Ensar Hadziselimovic, Harshvardhan J. Pandit, Dave Lewis. Compliance through Informed Consent: Semantic Based Consent Permission and Data Management Model. Society, Privacy and the Semantic Web - Policy and Technology (PrivOn), co-located with ISWC 2017 
>>> Society, Privacy and the Semantic Web - Policy and Technology (PrivOn), co-located with ISWC 2017
>>> 
>>> 
>>> Regards,
>>> -- 
>>> ---
>>> Harshvardhan Pandit
>>> PhD Researcher
>>> ADAPT Centre
>>> Trinity College Dublin
>> 
> 
> -- 
> ---
> Harshvardhan Pandit
> PhD Researcher
> ADAPT Centre
> Trinity College Dublin


Received on Friday, 17 August 2018 08:53:45 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:27:54 UTC