Re: Best practices or implementations for ODRL enforcement/validation? from Yassir Sellami on 2025-02-19 (public-odrl@w3.org from February 2025)

From: Yassir Sellami <yassir.sellami@gaia-x.eu>
Date: Wed, 19 Feb 2025 16:08:59 +0000
To: "Theissen-Lipp, Johannes" <theissen-lipp@dbis.rwth-aachen.de>, "public-odrl@w3.org" <public-odrl@w3.org>
Message-ID: <DU2P194MB16797E612CB8CB052BAEC00CC1C52@DU2P194MB1679.EURP194.PROD.OUTLOOK.COM>

Hello Johannes,

I hope this helps and at least answers part of your questions.
First of all, I would recommend taking a look at these two documents if not already done:
https://w3c.github.io/odrl/formal-semantics/
https://w3c.github.io/odrl/bp/

As for the Dataspace part, and specifically the state/context to validate against: I would recommend taking a look at Verifiable Credentials<https://www.w3.org/TR/vc-data-model/> another W3C Recommendation which enable trustworthy decentralized claims to base policies on, while using any ecosystem or domain specific ontology.
For this reason, we have worked on an ODRL Verifiable Credential Profile<https://gitlab.com/gaia-x/lab/policy-reasoning/odrl-vc-profile> that enables expressing ODRL Policies that refers to claims in Verifiable Credentials.

Feel free to reach out for any more information.

Regards,

Yassir Sellami | Software Engineer
Gaia-X European Association for Data and Cloud AISBL

yassir.sellami@gaia-x.eu<mailto:yassir.sellami@gaia-x.eu>  | www.gaia-x.eu<http://www.gaia-x.eu/> |

Avenue des Arts 6-9
1210 Bruxelles/Brussels

Belgium

Please consider the environment before printing this e-mail. Save about 200ml water, 2g CO2, 0.05kWh power, and 2g wood.


________________________________
From: Theissen-Lipp, Johannes
Sent: Wednesday, February 19, 2025 10:40
To: public-odrl@w3.org
Subject: Best practices or implementations for ODRL enforcement/validation?


Dear ODRL Community,



in the scope of dataspaces, ODRL is often used to support data sovereignty by expressing data access/usage policies.

However, validating/enforcing these policies requires a well-defined definition of “the current state/context”. Like validate(state, policies) -> validation result.



We are wondering if there are (1) best practices to define such a state/context and (2) implementations to do so.



I found the 2024 “ODRE” paper by Cimmino et al. [1] and an accompanying GitHub repository [2] with Python and Java implementation. Only supporting “dateTime” by now, but appears to be a promising base for extensions.

I also found a GitHub repository “SHARCS ODRL enforcement examples” [3], based on some use cases by Inès, which I however do not really understand.



Any suggestions? Thank you and best wishes,

Johannes





[1] https://doi.org/10.48550/arXiv.2409.17602

[2] https://github.com/ODRE-Framework/

[3] https://github.com/KNowledgeOnWebScale/SHARCS

[4] https://github.com/Ines-Akaichi/SHARCS-Use-Case



--

Dr. rer. nat. Johannes Theissen-Lipp (he/him)



RWTH Aachen University: Information Systems & Databases

Ahornstraße 55, Building E2, 52074 Aachen

http://dbis.rwth-aachen.de<http://dbis.rwth-aachen.de/>



Fraunhofer Institute for Applied Information Technology FIT

Data Science and Artificial Intelligence – Data Management and Engineering

Schloss Birlinghoven 1, 53757 Sankt Augustin

https://www.fit.fraunhofer.de<https://www.fit.fraunhofer.de/>

Received on Wednesday, 19 February 2025 16:09:09 UTC