W3C home > Mailing lists > Public > public-dpvcg@w3.org > August 2018

Re: Are there any concerns about using ODRL to model Consent?

From: Javier D. Fernández <jfernand@wu.ac.at>
Date: Fri, 17 Aug 2018 11:02:11 +0200
To: Axel Polleres <axel.polleres@wu.ac.at>, me@harshp.com
Cc: public-dpvcg@w3.org, Simon Steyskal <simon.steyskal@wu.ac.at>, piero.bonatti@unina.it
Message-ID: <358bdd27-998a-a04b-f3eb-24f6b5e42085@wu.ac.at>

Yes, that's exactly it. Just one comment, in the SPECIAL auxiliary 
vocabularies for the "processing" category, we borrow some actions from 
ODRL, in particular: aggregate, anonymize, copy, derive and move. Other 
processing categories, such as analyze, collect, query, etc., are 
specific to SPECIAL.

I will add the description to the wiki, but in the meantime, the 
description of these vocabularies can be found at: 



On 17/08/18 10:53, Axel Polleres wrote:
> Piero, Javier to confirm, but my understanding is as follows: for the 
> consent /compliance checking model of SPECIAL, all understan consent 
> as composed of permissions modeling the permitted
> a) *processing *
> b)**of particular *data categories*
> c) for particular *purposes*
> d) using specific *storage location/duration*
> e) and optionally involving categories of *data sharing*
> within SPECIAL, not full semantic descriptions of these at a finer 
> level of granularity a la ODRL (although maybe these could (should?) 
> inded be linked).
> All these a)-e) at the moment we model by relatively simple taxonomies 
> (not even very complex OWL reasoning).
> Opinions/discussions welcome!
> Axel
> --
> Prof. Dr. Axel Polleres
> Institute for Information Business, WU Vienna
> url: http://www.polleres.net/  twitter: @AxelPolleres
>> On 16.08.2018, at 18:52, Harsh <me@harshp.com <mailto:me@harshp.com>> 
>> wrote:
>> Ah! Thank you Axel.
>> So the assumption I make from this is that it is possible to use 
>> ODRL, but simpler methods may exist (such as the OWL model). That 
>> being said, the work ahead would then be comparing these, and finding 
>> their strengths and complexities in terms of modeling consent.
>> This cleared up a lot of things in my mind regarding your (SPECIAL) 
>> choice of using OWL as well. Mainly being that it is specific to the 
>> use-case and works quite well if the purposes (w.r.t consent) are 
>> known ahead of time.
>> Regards,
>> Harsh
>> On 16/08/18 16:06, Axel Polleres wrote:
>>> </chairhat>
>>> Simon might be more into this, we had some work using ODRL for 
>>> modeling various Data access policies [1,2]
>>> The reason for the choice of a simpler OWL taxonomy and fixed 
>>> concepts (rathrer than describing each of these in detail in terms 
>>> of more finr-granular ODRL policies, was AFAIR that the use cases in 
>>> SPECIAL didn't require it and that with this OWL-based approach 
>>> compliance checking can be defined in a relatively straightforward 
>>> manner.
>>> 1. Simon Steyskal and Axel Polleres. Towards formal semantics for 
>>> ODRL policies. In /9th International Web Rule Symposium 
>>> (RuleML2015)/, number 9202 in Lecture Notes in Computer Science 
>>> (LNCS), pages 360--375, Berlin, Germany, August 2015. Springer. [ 
>>> .pdf <http://www.polleres.net/publications/stey-poll-2015RuleML.pdf> ]
>>> 2. Simon Steyskal and Axel Polleres. Defining expressive access 
>>> policies for linked data using the ODRL ontology 2.0. In 
>>> /Proceedings of the SEMANTiCS 2014/, ACM International Conference 
>>> Proceedings Series, Leipzig, Germany, September 2014. ACM. Short 
>>> paper. [ .pdf 
>>> <http://www.polleres.net/publications/stey-poll-2014SEMANTiCS.pdf> ]
>>> --
>>> Prof. Dr. Axel Polleres
>>> Institute for Information Business, WU Vienna
>>> url: http://www.polleres.net/  twitter: @AxelPolleres
>>>> On 16.08.2018, at 16:16, Harsh <me@harshp.com 
>>>> <mailto:me@harshp.com>> wrote:
>>>> Hello all,
>>>> I wish to know the community's informed opinions about any concerns 
>>>> for using ODRL to model Consent for GDPR.
>>>> To elaborate:
>>>> Consent can be modeled as the Data Subject providing permissions 
>>>> for purposes or activities for their (specific) personal data. ODRL 
>>>> provides a systematic way to model such permissions and prohibitions..
>>>> However, to date, I am not aware of any work attempting to model 
>>>> consent using ODRL (that has published their approach). There has 
>>>> been use of RDF(S) and OWL [1,2] to model these concepts using 
>>>> terms which ODRL (seemingly) already provides.
>>>> Having not worked with ODRL before, it would be valuable to know 
>>>> the community's thoughts on using what is essentially a rights 
>>>> language to express consent as a legal policy using the vocabulary.
>>>> In terms of DPVCG, this discussion is essentially evaluating an 
>>>> existing ontology (ODRL) for a particular use-case (representation 
>>>> of given consent).
>>>> [1] Sabrina Kirrane, Javier D. Fernández, Wouter Dullaert, Uros 
>>>> Milosevic, Axel Polleres, Piero Bonatti, Rigo Wenning, Olha Drozd 
>>>> and Philip Raschke.*A Scalable Consent, Transparency and Compliance 
>>>> Architecture.* Proceedings of the Posters and Demos Track of the 
>>>> Extended Semantic Web Conference (ESWC 2018)
>>>> [2] Kaniz Fatema, Ensar Hadziselimovic, _Harshvardhan J. Pandit_, 
>>>> Dave Lewis. *Compliance through Informed Consent: Semantic Based 
>>>> Consent Permission and Data Management Model. *Society, Privacy and 
>>>> the Semantic Web - Policy and Technology (PrivOn), co-located with 
>>>> ISWC 2017
>>>> /Society, Privacy and the Semantic Web - Policy and Technology 
>>>> (PrivOn), co-located with ISWC 2017/
>>>> Regards,
>>>> -- 
>>>> ---
>>>> Harshvardhan Pandit
>>>> PhD Researcher
>>>> ADAPT Centre
>>>> Trinity College Dublin
>> -- 
>> ---
>> Harshvardhan Pandit
>> PhD Researcher
>> ADAPT Centre
>> Trinity College Dublin

Javier D. Fernández

WU Vienna, Institute for Information Business
Tel: +43-1-31336/5241
Received on Friday, 17 August 2018 09:37:39 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:27:54 UTC