Re: constraining parties and leftOperands from Renato Iannella on 2024-06-14 (public-odrl@w3.org from June 2024)

From: Renato Iannella <r@iannel.la>
Date: Fri, 14 Jun 2024 17:02:05 +1000
To: "public-odrl@w3.org Group" <public-odrl@w3.org>
Message-Id: <FE8E1A33-C24A-4C0E-BE72-A92666ED3606@iannel.la>

I think the only way to “constrain” the assignee is to use a party collection….

Something like….

ex:policy001 a odrl:Agreement ;
    odrl:assigner <http://example.com/party:owner> ;
    odrl:target <http://example.com/asset:1> ;
    odrl:permission [
        odrl:assignee a odrl:PartyCollection [
                odrl:source  <http://identity.bigcompany.com/>
                odrl:refinement [
                    odrl:leftOperand  odrl:function ;
                    odrl:operator odrl:eq ,;
                    odrl:rightOperand <<http://identity.bigcompany.com/role/user>
                    ]
        ]
        odrl:action odrl:play
    ] ;
    …

R


> On 13 Jun 2024, at 17:32, Joshua Cornejo <josh@marketdata.md> wrote:
> 
> I am looking for a constraint-based model for the tuples of [action -> parties] to prevent the following 2 situations:
> As your catalogue of policies grows (policies + roles + departments + parties), it will create unnecessary rules that need to be managed and tracked in sets (extra admin + more chance of errors).
> If I want to map to the control layer in REGO (OPA) or CEL (FGA), I have N ODRL rules = 1 REGU/CEL rule (N = number of parties) – now my ‘mapper’ has to be extra smart to bound to the output (complex), or I will have a larger (unnecessary) ruleset to test (runtime inefficient).
> Regards,
> ___________________________________
> Joshua Cornejo
> marketdata <https://www.marketdata.md/>
> embed open standards 
> across your supply chain
>  
> From: Renato Iannella <r@iannel.la <mailto:r@iannel.la>>
> Date: Thursday 13 June 2024 at 04:04
> To: "public-odrl@w3.org <mailto:public-odrl@w3.org> Group" <public-odrl@w3.org <mailto:public-odrl@w3.org>>
> Subject: Re: constraining parties and leftOperands
> Resent-From: <public-odrl@w3.org <mailto:public-odrl@w3.org>>
> Resent-Date: Thu, 13 Jun 2024 03:04:29 +0000
>  
> I may have missed some complexity, but would this work:
>  
> ex:policy001 a odrl:Agreement ;
>     odrl:assigner <http://example.com/party:owner> ;
>     odrl:target <http://example.com/asset:1> ;
>     odrl:permission [
>         odrl:assignee <http://example.com/party:user> ;
>         odrl:action odrl:play
>     ] ;
>     odrl:permission [
>         odrl:assignee <http://example.com/party:administrator> ;
>         odrl:action odrl:transform
>     ] .
>  
> Cheers - R
>  
>

Received on Friday, 14 June 2024 07:02:26 UTC