Re: ODRL Profile using Verifiable Credential from Yassir Sellami on 2024-03-01 (public-odrl@w3.org from March 2024)

From: Yassir Sellami <yassir.sellami@gaia-x.eu>
Date: Fri, 1 Mar 2024 09:00:59 +0000
To: Joshua Cornejo <josh@marketdata.md>
CC: "public-odrl@w3.org" <public-odrl@w3.org>
Message-ID: <DU2P194MB1679050343ADEF1F2E045866C15E2@DU2P194MB1679.EURP194.PROD.OUTLOOK.COM>
Hello Joshua,

Thank you for taking the time to go through the profile and getting back with your feedback.

First of all, I just want to point out that this ODRL profile is not only intended for constraints on location only, but any kind of Verifiable Credential claim.


  *
a. I am not sure I understand your whole point so feel free to correct me, in this case I used the "Assignee" to make it very clear that the constraint on the verifiable credential claim apply on the recipient of the rule, the requirement of this property comes bottom up, meaning that an ovc:constraint must be defined on this property; maybe it might be better to redefine an "ovc:offer" and make it required then.
  *
b. Yes indeed, I will replace the operator used in that example, it should rather be "isAnyOf<http://www.w3.org/ns/odrl/2/isAnyOf>"
  *
For the ISO-3166-2, it is rather defined on the shapes of the crendential<https://registry.lab.gaia-x.eu/development/api/trusted-shape-registry/v1/shapes/jsonld/trustframework#> the policy is referring to (and it is just to illustrate the physical location only), another possible way is to add a unit to the constraint<http://www.w3.org/ns/odrl/2/unit>
  *
As for the ovc:leftOperand, it refers to the JSONPath<https://datatracker.ietf.org/wg/jsonpath/about/> specification, since JSON-LD is widely used in Verifiable Credentials and many libraries are available for a technical implementation


Best regards,
Yassir SELLAMI
________________________________
From: Joshua Cornejo <josh@marketdata.md>
Sent: Thursday, February 29, 2024 12:14
To: Yassir Sellami <yassir.sellami@gaia-x.eu>
Cc: public-odrl@w3.org <public-odrl@w3.org>
Subject: Re: ODRL Profile using Verifiable Credential


I missed another one as I pressed send:



"ovc:leftOperand": "$.credentialSubject.gx:legalAddress.gx:countrySubdivisionCode",





I checked your repository: https://gitlab.com/gaia-x/lab/policy-reasoning/odrl-vc-profile/-/raw/main/ovc-1.ttl



I couldn’t find if that text in bold that you are defining descends from odrl:LeftOperand<https://www.w3.org/TR/odrl-vocab/#term-LeftOperand> ?



I also believe it overlaps/overrides odrl:leftOperand odrl:spatial<https://www.w3.org/TR/odrl-vocab/#term-spatial> ?





From: Joshua Cornejo <josh@marketdata.md>
Date: Thursday 29 February 2024 at 10:43
To: Yassir Sellami <yassir.sellami@gaia-x.eu>
Cc: "public-odrl@w3.org" <public-odrl@w3.org>
Subject: Re: ODRL Profile using Verifiable Credential
Resent-From: <public-odrl@w3.org>
Resent-Date: Thu, 29 Feb 2024 10:43:29 +0000



Hi Yassir,



      "assignee": {

        "ovc:constraint": [

          {

            "ovc:leftOperand": "$.credentialSubject.gx:legalAddress.gx:countrySubdivisionCode",

            "operator": "http://www.w3.org/ns/odrl/2/in",

            "rightOperand": [

              "FR-HDF",

              "BE-BRU"

            ],

            "ovc:credentialSubjectType": "gx:LegalParticipant"

          }

        ]

      }



A couple of comments on the code:



  1.  Assignee

You’re defining an Offer (says nothing about mandatory Assignee – so I assume it could go there)

According to the definition<https://www.w3.org/TR/odrl-vocab/#term-assignee>: “The Party is the recipient of the Rule.”

In your example, you seem to be using it as a category/type. I had the same conceptual problem and it is something that I have on my “list” of questions for v3.0.



In my interpretation - it is possible that the term ‘Collection’ could be used orthogonally – to define a “collectionOf” where the origins allow for ‘basket categories’ that would filter down to apply constraints when you transform an Offer -> Agreement (in your case: you want to restrict to a physical location). And also “partOf”, where you have a consortium (e.g. Sony) with multiple organisational divisions of types (“collectionOf”) in different locations (to apply your constraint).



  1.  Operators



https://www.w3.org/TR/odrl-vocab/#constraintRelationalOperators



“in” is not an (active) operator, I think you are referring to:



http://www.w3.org/ns/odrl/2/isAnyOf





And a separate thought:



Having ISO 3166 as separate attributes/operands/elements for constraints will prove to be more convenient (if you are expecting third parties to consume your policies).

Regards,



From: Yassir Sellami <yassir.sellami@gaia-x.eu>
Date: Thursday 29 February 2024 at 09:40
To: "public-odrl@w3.org" <public-odrl@w3.org>
Subject: ODRL Profile using Verifiable Credential
Resent-From: <public-odrl@w3.org>
Resent-Date: Thu, 29 Feb 2024 09:40:02 +0000



Hello,



I am happy to share with you this ODRL Profile for Attribute based access/usage control using Verifiable Credential claims.



Here are some useful links on the ODRL Profile:

The ODRL Profile (a specification document and a .ttl definition):  https://gitlab.com/gaia-x/lab/policy-reasoning/odrl-vc-profile

Also available through: https://w3id.org/gaia-x/ovc/1/

An open-source demonstration tool is available (not all features are implemented): https://wizard.lab.gaia-x.eu/policyStepper



I am looking forward to hearing any feedback from you.



Feel free to reach out for any questions or contributions.



Best regards,

Yassir Sellami | Software Developer
Gaia-X European Association for Data and Cloud AISBL

yassir.sellami@gaia-x.eu<mailto:yassir.sellami@gaia-x.eu>  | www.gaia-x.eu<http://www.gaia-x.eu/> |

Avenue des Arts 6-9
1210 Bruxelles/Brussels

Belgium

News & Press<https://gaia-x.eu/news-press/> | Events<https://gaia-x.eu/events/> | Media<https://gaia-x.eu/media/>| Membership<https://gaia-x.eu/membership/> | www.gaia-x.eu<http://www.gaia-x.eu/>

PRIVACY AND CONFIDENTIALITY NOTICE: For details about what personal information we collect and why, please see our Privacy Policy on our website at http://www.gaia-x.eu/privacy-policy.

This e-mail message and any attachments are for the sole use of the intended recipient(s) and may contain confidential and/or legally privileged information. Any unauthorized use or disclosure, copying and/or distribution of the content of this e-mail message and attachments is prohibited. If you are not the intended recipient, please contact us by reply e-mail and destroy all copies of the original message and attachments immediately. Thank you.

Please consider the environment before printing this e-mail. Save about 200ml water, 2g CO2, 0.05kWh power, and 2g wood.
Received on Friday, 1 March 2024 09:01:13 UTC