Re: Best practices or implementations for ODRL enforcement/validation? from Andrea Cimmino on 2025-02-26 (public-odrl@w3.org from February 2025)

From: Andrea Cimmino <andreajesus.cimmino@upm.es>
Date: Wed, 26 Feb 2025 12:50:09 +0100
To: "Theissen-Lipp, Johannes" <theissen-lipp@dbis.rwth-aachen.de>
Cc: Yassir Sellami <yassir.sellami@gaia-x.eu>, "public-odrl@w3.org" <public-odrl@w3.org>, "Beatriz Gonçalves Crisóstomo Esteves (UGent-imec)" <Beatriz.Esteves@UGent.be>, Wout Slabbinck <Wout.Slabbinck@Ugent.be>
Message-Id: <AB7EFDBF-496B-4C8E-93D0-B57C9040D1FB@upm.es>
Dear Johannes,

If I can help you with any thing about ODRE let me know. If you are interested I can share some preactical cases and scenarios where we are using ODRE. Also, I support to have a look at the formal semantics document. 

Best regards,
Andrea C.


 <https://www.upm.es/>
Dr. Andrea Cimmino Arriaga
Profesor Permanente Laboral
Departamento de Sistemas Informáticos,
Ontology Engineering Group
Campus Sur de la UPM.
C. de Alan Turing, s/n. 28031, Madrid, Madrid SPAIN
✉ andreajesus.cimmino@upm.es <mailto:andreajesus.cimmino@upm.es>
✆ +34 671 09 06 24 <tel:+34-671-09-06-24>
Aviso / Disclaimer <https://www.upm.es/disclaimer> 🌳 🌳 Piensa antes de imprimir.

> El 20 feb 2025, a las 10:03, Wout Slabbinck <Wout.Slabbinck@Ugent.be> escribió:
> 
> Dear Johannes,
> 
> Through looking at the formal semantics specification mentioned by Yassir and feedback from that group, Beatriz and I have created an ODRL Compliance Report model [1] which serves as model to represent an evaluation of an ODRL Policy against the state of the world.
> Furthermore, we have created a test suite [2] to validate ODRL Evaluators for correctness, where each test case has the following form (ODRL policy, state of the world, ODRL request?) -> compliance report.
> Finally, we created an ODRL Evaluator [3] that for the evaluation of ODRL policies.
> 
> Kind regards,
> Wout Slabbinck
> 
> [1] https://github.com/SolidLabResearch/ODRL-Compliance-Report-Model <https://urldefense.com/v3/__https://github.com/SolidLabResearch/ODRL-Compliance-Report-Model__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASlegpHM6M8w$>
> [2] https://github.com/SolidLabResearch/ODRL-Test-Suite <https://urldefense.com/v3/__https://github.com/SolidLabResearch/ODRL-Test-Suite__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASlegO9drBJw$>
> [3] https://github.com/SolidLabResearch/ODRL-Evaluator <https://urldefense.com/v3/__https://github.com/SolidLabResearch/ODRL-Evaluator__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASlejfFKhxZQ$>
> 
> Note:
> The question mark at "ODRL request" was deliberate as enforcing ODRL policies can include verifying whether obligations and prohibitions were fulfilled. This is envisioned by the formal semantics group under the policy monitoring scenario.
> 
> On 19/02/2025 17:08, Yassir Sellami wrote:
>> Hello Johannes,
>> 
>> I hope this helps and at least answers part of your questions.
>> First of all, I would recommend taking a look at these two documents if not already done:
>> https://w3c.github.io/odrl/formal-semantics/ <https://urldefense.com/v3/__https://w3c.github.io/odrl/formal-semantics/__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASlejn3j4OkA$>
>> https://w3c.github.io/odrl/bp/ <https://urldefense.com/v3/__https://w3c.github.io/odrl/bp/__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASleiZKMoBLA$>
>> 
>> As for the Dataspace part, and specifically the state/context to validate against: I would recommend taking a look at Verifiable Credentials <https://urldefense.com/v3/__https://www.w3.org/TR/vc-data-model/__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASlejtt90Wag$> another W3C Recommendation which enable trustworthy decentralized claims to base policies on, while using any ecosystem or domain specific ontology.
>> For this reason, we have worked on an ODRL Verifiable Credential Profile <https://urldefense.com/v3/__https://gitlab.com/gaia-x/lab/policy-reasoning/odrl-vc-profile__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASlehD1zezVA$> that enables expressing ODRL Policies that refers to claims in Verifiable Credentials.
>> 
>> Feel free to reach out for any more information.
>> 
>> Regards,
>> Yassir Sellami | Software Engineer
>> Gaia-X European Association for Data and Cloud AISBL
>> yassir.sellami@gaia-x.eu <mailto:yassir.sellami@gaia-x.eu>  | www.gaia-x.eu <https://urldefense.com/v3/__http://www.gaia-x.eu/__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASleippItFZA$> |  
>> Avenue des Arts 6-9
>> 1210 Bruxelles/Brussels
>> Belgium
>> Please consider the environment before printing this e-mail. Save about 200ml water, 2g CO2, 0.05kWh power, and 2g wood.
>> 
>> 
>> From: Theissen-Lipp, Johannes
>> Sent: Wednesday, February 19, 2025 10:40
>> To: public-odrl@w3.org <mailto:public-odrl@w3.org>
>> Subject: Best practices or implementations for ODRL enforcement/validation?
>> 
>> Dear ODRL Community,
>>  
>> in the scope of dataspaces, ODRL is often used to support data sovereignty by expressing data access/usage policies.
>> However, validating/enforcing these policies requires a well-defined definition of “the current state/context”. Like validate(state, policies) -> validation result.
>>  
>> We are wondering if there are (1) best practices to define such a state/context and (2) implementations to do so.
>>  
>> I found the 2024 “ODRE” paper by Cimmino et al. [1] and an accompanying GitHub repository [2] with Python and Java implementation. Only supporting “dateTime” by now, but appears to be a promising base for extensions.
>> I also found a GitHub repository “SHARCS ODRL enforcement examples” [3], based on some use cases by Inès, which I however do not really understand.
>>  
>> Any suggestions? Thank you and best wishes,
>> Johannes
>>  
>>  
>> [1] https://doi.org/10.48550/arXiv.2409.17602 <https://urldefense.com/v3/__https://doi.org/10.48550/arXiv.2409.17602__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASlegGtJ4EVg$>
>> [2] https://github.com/ODRE-Framework/ <https://urldefense.com/v3/__https://github.com/ODRE-Framework/__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASlegjD7XtTA$>
>> [3] https://github.com/KNowledgeOnWebScale/SHARCS <https://urldefense.com/v3/__https://github.com/KNowledgeOnWebScale/SHARCS__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASlegG2PWW5Q$>
>> [4] https://github.com/Ines-Akaichi/SHARCS-Use-Case <https://urldefense.com/v3/__https://github.com/Ines-Akaichi/SHARCS-Use-Case__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASleiwfAqj0g$>
>>  
>> --
>> Dr. rer. nat. Johannes Theissen-Lipp (he/him)
>>  
>> RWTH Aachen University: Information Systems & Databases
>> Ahornstraße 55, Building E2, 52074 Aachen
>> http://dbis.rwth-aachen.de <https://urldefense.com/v3/__http://dbis.rwth-aachen.de/__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASlejPgHx-XA$>
>>  
>> Fraunhofer Institute for Applied Information Technology FIT
>> Data Science and Artificial Intelligence – Data Management and Engineering
>> Schloss Birlinghoven 1, 53757 Sankt Augustin
>> https://www.fit.fraunhofer.de <https://urldefense.com/v3/__https://www.fit.fraunhofer.de/__;!!D9dNQwwGXtA!R_8BwXVDv2b1t_e330UvWQOfYfGWSViKQuk1pCpKCHQvYySkaH_mx3agfBWgrxdHGAbt-_ssSTrAEyMc1Ew9_HASlejrqUuUQw$>
Received on Wednesday, 26 February 2025 11:50:30 UTC