This document specifies the expected behaviour of an ODRL Evaluator, a piece of software that performs computations based on a set of policies, a request and a certain state of the world.
The Open Digital Rights Language (ODRL) is a policy expression language that can be used to represent permitted, prohibited, and obligated actions over a certain asset.
The ODRL Information Model formally defines the core abstract concepts of the model and their properties by means of an OWL 2 Ontology (available at https://www.w3.org/ns/odrl/2/), which is described in the ODRL Vocabulary & Expression specification. This document does not contradict these documents, and its interpretation is subordinate to theirs.
The ODRL ontology can be used as a data model to represent machine-readable Policies and associate them with digital or analog assets. By using a machine-readable language to represent policies, ODRL implementations can provide useful functionalities such as those of a policy search engine, a policy compatibility checker, an access control system, a monitoring system, or a policy planning system, among others.
However, neither the specification of the model (in a text form) nor the vocabulary (in an OWL ontology) accurately describes the behaviour of an ODRL Evaluator. The objective of an ODRL Evaluator is to determine:When the ODRL Evaluator evaluates Permissions, it is expected to work in at least one of these two scenarios:
Within this document, the following namespace prefix bindings are used:
Prefix | Namespace | Description |
---|---|---|
odrl | http://www.w3.org/ns/odrl/2/ | [[odrl-vocab]] [[odrl-model]] |
odrl-fs | to be defined | Resources defined by this spec |
rdf | http://www.w3.org/1999/02/22-rdf-syntax-ns# | [[rdf11-concepts]] |
rdfs | http://www.w3.org/2000/01/rdf-schema# | [[rdf-schema]] |
owl | http://www.w3.org/2002/07/owl# | [[owl2-overview]] |
xsd | http://www.w3.org/2001/XMLSchema# | [[xmlschema11-2]] |
skos | http://www.w3.org/2004/02/skos/core# | [[skos-reference]] |
dcterms | http://purl.org/dc/terms/ | [[dcterms]] |
vcard | http://www.w3.org/2006/vcard/ns# | [[vcard-rdf]] |
foaf | http://xmlns.com/foaf/0.1/ | [[foaf]] |
schema | http://schema.org/ | schema.org |
cc | https://creativecommons.org/ns# | creativecommons.org |
ex | http://example.com/ns# |
odrl:Duty
represents a Condition for a odrl:Permission
when the odrl:Permission
refers to it by means of the odrl:duty
property.
odrl:Duty
represents a Consequence for a odrl:Duty
when the odrl:Duty
refers to it by means of the odrl:consequence
property. odrl:Constraint
is a Constraint of a odrl:Rule
when the rule refers to it by means of the odrl:constraint
property.odrl:Duty
is an Obligation of a odrl:Policy
when the odrl:Policy
refers to it by means of the odrl:obligation
property.
odrl:Constraint
is a Refinement when an odrl:Action
, odrl:AssetCollection
or odrl:PartyCollection
refers to it by means of the odrl:constraint
property. odrl:Duty
represents a Remedy for a odrl:Prohibition
when the odrl:Prohibition
refers to it by means of the odrl:remedy
property. The ODRL Evaluator uses as input:
The ODRL Evaluator requires a formal representation of the state of the world. The state of the world specifies knowledge representing real-world information that aids the evaluation of ODRL Policies. For example, a certain state of the world may include the current date and time, the location of agents, or the history of performed actions.
This document aims to provide a formal representation for the state of the world concepts that are necessary to evaluate ODRL policies, without forcing the usage of existing vocabularies, e.g., country codes can be modelled using the ISO 3166 and UN M49 standards. Furthermore, the formal representation of this information will be specified as RDF triples. The existence of these triples does not entail their represented world is a reality: the factuality of the class instances is not entailed, and hypothetical computations are possible. The implementor of the ODRL Evaluator may want to describe the factuality of relevant class instances. RDF triples to represent the state of the world may be generated as observations from the world generated by third parties or by the ODRL Evaluator itself.
As such, in this document, we aim to provide a minimal set of information that needs to be represented in the state of the world and respective definitions, which will be formally represented in an RDF vocabulary:SotW
: A set of knowledge representing real-world information aiding the evaluation of ODRL PoliciescurrentTime
: Denotes the current time of the state of the worldlocation
: Denotes the location where the policy is being evaluatedassetCollection
: Denotes an asset that is part of an asset collectionpartyCollection
: Denotes a party that is part of a party collectionreport
: Denotes existing reports from previously performed ODRL evaluations, i.e., to get history of attempted and performed actionscount
: Denotes the amount of times a rule has been exercisedevent
: Denotes information about an event that has occurred, e.g., when it has occurredaccumulatedTime
: Denotes an accumulated amount of time a rule has been exercisedrecipient
: Denotes information about a recipient of a rule that has been exercised
An evaluator requires an Evaluation Request as input.
The Evaluation Request, which is represented in RDF, is formally defined by the class odrl-fs:EvaluationRequest
and MUST contain the following properties:
odrl:action
: The action to be evaluated (e.g., use, read, modify).odrl:assignee
: The party (e.g., person or organization) requesting/requested the action.odrl:target
: The asset (e.g., file, document, data) on which the action is to be/was performed.dcterms:issued
: The time of the request.Additional contextual information can also be included in the Evaluation Request, e.g., a purpose for exercising the requested action.
To ensure consistency, it is recommended that requests conform to the defined SHACL shapes.
For formal validation and integration, the odrl-fs:EvaluationRequest
class is defined in an OWL ontology, with corresponding
SHACL shapes specifying structural constraints and a JSON-LD context to ensure semantic consistency across RDF representations.
These resources can be found at the following locations:
There are three ODRL Policy subclasses (Agreement, Offer, Set), plus four non-normative ODRL Policy subclasses (Assertion, Privacy, Request, Ticket). Direct instances of the odrl:Policy
class must be understood as policy odrl:Set
policies. This subsection describes how are these policies to be understood in relation to semantics.
odrl:Set
policy must be considered by an ODRL Evaluator. The odrl:Set
is not necessarily linked to odrl:Offer
nor odrl:Agreement
.odrl:Offer
policy must not be considered by an ODRL Evaluator. It is created by an odrl:Assigner
as a mere proposition.odrl:Agreement
policy must be considered by an ODRL Evaluator as any other odrl:Set
policy. It represents the accord between (at least) one odrl:Assigner
and a odrl:Assignee
. An instance of odrl:Agreement
may have a way for the odrl:Assigner
to trace to its related odrl:Offer
.Before providing the semantics of an ODRL Policy that may contain one or more Rules, we have to provide the semantics of the different types of ODRL Rules: Permission, Prohibition, and Obligation.
The deontic modalities of permissions, prohibitions and obligations can be represented in ODRL as instances of the classes
odrl:Permission
, odrl:Prohibition
and odrl:Duty
.
Instances of the class odrl:Duty
may have the following different meanings: Obligation, Condition, Consequence or Remedy. Instances of the class odrl:Constraint
may have the meaning of: Constraint or Refinement.
The concepts (objects) to be understood by an ODRL Evaluator therefore include: Policy, Permission, Prohibition, Obligation, Condition (Duty), Consequence, Remedy, Refinement, Constraint, State of the World, and actions. Here follows a list of properties (with their possible values) needed by the ODRL Evaluator:
The mechanisms for computing the activation of Permissions, Prohibitions, and Obligations and the violation or fulfillment of Prohibitions and Obligations are all different. Therefore we continue by discussing the semantics of Permissions, Prohibitions, and Obligations in separated sections.
In ODRL 2.2 a Permission can be limited by duties, like making a payment, we call these Conditions. It can also be limited by Constraints (in time, in space, etc.). In addition, the definition of the permitted action, the asset, and the party collection can be refined with Refinements. The evaluation of these Conditions (duties) and Constraints determine whether the Permission is active (i.e., it permits the performance of an action that belongs to the class of action regulated by the permission and that satisfies all the refinements) or not. Permissions can be evaluated in two different scenarios: access control or monitoring.
In the access control scenario: when an action is requested, the activation of permissions is computed. If there is an active permission that permits such an action with all refinements satisdied, then action is permitted. If there is not an active permission that permits such an action with all refinements satisdied, then action is denied.
In the monitoring scenario: when an action is performed, it is represented in the state of the world.
When the performace of the action has to be evaluated with respect to the permissions.
If the performed action belongs to class of actions (with all refinements satisfied) regulated
by an active permission, then the action is permitted.
if there is no active permission to do such an action (with all refinements satisfied) and the default
setting for the ODRL Evaluator is set to "everything is prohibited unless explicitly permitted" a
violation should be generated.
The ODRL Evaluator computes that a Permission is active if:
If one of those conditions is not met, the Permission is inactive.
In the following examples of permissions, as we will analyse one permission at a time, we will not deal with the generation of violations for permissions.
Please note that in the following examples namespaces are used, so that http://example.com/constraint/
is simplified by
"constraint:
", http://example.com/policy/
is simplified by "policy:
", etc.
Example description
A permission may have its action limited (in time, in space, etc.) without any Condition (Duty) or Refinement.
This is the situation of the following case, similar to Example 13
in the ODRL Information Model 2.2. The permission below allows the target asset document:1234
to be distributed,
it includes the constraint that the permission may only be exercised until 2018-01-01.
The permission is granted by the organization party:16
.
{ "@context": "http://www.w3.org/ns/odrl.jsonld", "@type": "Set", "uid": "http://example.com/policy/13", "permission": [{ "target": "http://example.com/document/1234", "assigner": "http://example.com/party/16", "action": "distribute", "constraint": [{ "@id": "http://example.com/constraint/1", "leftOperand": "dateTime", "operator": "lt", "rightOperand": { "@value": "2018-01-01", "@type": "xsd:date" } }] }] }
Expected behaviour of the Evaluator
The ODRL Evaluator has to calculate first the activation state of the permission.
The constraint must be evaluated on the state of the world, which must include a representation of the current time.
As long as the current time is before the first day of 2018, the Permission is active. When the first day of 2018
is passed, the Permission is inactive.
The class of actions regulated by this Permission has type
equal to distribute
and
object
equal to the target of the permission, i.e. document:1234
.
The table below shows the input (blue) and the output (red) of the ODRL Evaluator in different cases.
Example | Policy | World | Requested/Performed Action | satisfaction state of constraint:1 |
activation state of the permission |
control state of the permission |
output |
---|---|---|---|---|---|---|---|
E13-1 | policy:13 (link) | We are in 2017 current time.year=2017 (link) |
distribute
document:1234 link |
satisfied | active | permit the action | (link 1) (link 2) |
E13-2 | policy:13 (link) | We are in 2019 current time.year=2019 (link) |
distribute document:1234 link |
not-satisfied | inactive | deny the action | (link 1) (link 2) |
Example description
The example below is similar to Example 14 in the ODRL Information Model 2.2.
It allows the target asset document:1234
to be printed and also include a refinement indicating that the resolution
of the printing action must be less than or equal to 1200 dpi.
The permission is granted by the organization party:616
.
{ "@context": "http://www.w3.org/ns/odrl.jsonld", "@type": "Set", "uid": "http://example.com/policy/14", "permission": [{ "target": "http://example.com/document/1234", "assigner": "http://example.com/party/616", "action": [{ "rdf:value": { "@id": "odrl:print" }, "refinement": [{ "@id": "http://example.com/refinement/14" "leftOperand": "resolution", "operator": "lteq", "rightOperand": { "@value": "1200", "@type": "xsd:integer" }, "unit": "http://dbpedia.org/resource/Dots_per_inch" }] }] }] }
Expected behaviour of the Evaluator
The class of actions regulated by this Permission has type
equal to print
and
its object
is equal to the target of the permission, i.e. document:1234
.
Access control or monitoring scenario:
The Permission is always active because it has neither Constraints nor Conditions (Duties). Given a formal description a performed action.
Example | Policy | Requested/Performed Action | satisfaction of refinement:14 |
activation state of the permission |
control state of the permission |
---|---|---|---|---|---|
E14-1 | policy:14 | print of document:1234 with resolution less than 1200 dpi was performed |
satisfied | active | permit the action |
E14-2 | policy:14 | print of document:1234 with resolution more than 1200 dpi was performed |
not-satisfied | active | deny the action |
When a Permission contains Conditions (duties), they have to be evaluated first.
A Condition (duty) is fulfilled if all its constraints are satisfied and if its action, with all refinements satisfied, has been performed.
The life cycle of a Condition (duty) is depicted in the figure below:
Once the Condition (duty) has been evaluated, the Permission can be evaluated.
If the Condition is active but it is not fullfilled then the Permission is inactive.
If the Condition is fulfilled then the Permission is active.
Example description
The example below (similar to Example 22 in the ODRL Information Model 2.2)
is a Permission that is constrained by a Condition (Duty). The Condition does not have Constraints, but its action has a refinement.
This permission is granted by party:sony
for party:billie
to play the
target asset music:1999
. The permission includes the Condition to perform the compensate action that has a refinement of payAmount
of euro 5.00. The semantics of Permission requires that the compensate action (included in the duty) must be performed
before the play action in order to get an active
permission to perform the play action.
{ "@context": "http://www.w3.org/ns/odrl.jsonld", "@type": "Agreement", "uid": "http://example.com/policy/22", "permission": [{ "assigner": "http://example.com/party/sony", "assignee": "http://example.com/party/billie", "target": "http://example.com/music/1999.mp3", "action": "play", "duty": [{ "@id" : "http://example.com/condition/1", "action": [{ "rdf:value": { "@id": "odrl:compensate" }, "refinement": [{ "@id" : "http://example.com/refinement/1", "leftOperand": "payAmount", "operator": "eq", "rightOperand": { "@value": "5.00", "@type": "xsd:decimal" }, "unit": "http://dbpedia.org/resource/Euro" }] }] }] }] }
Expected behaviour of the Evaluator
The class of actions regulated by this Permission has type equal to play
,
object equal to the target
of the permission, i.e. music:1999.mp3
,
and performer
equal to the assignee of the permission, i.e. party:billie
.
The condition (duty) have to be evaluated first. condition:1
does not have Constraints,
so it is never inactive. It starts to be active and it is fulfilled
when in the state of the world there is a representation of a performed action that matches with the
the class of actions described in the condition:1
.
The class of actions regulated by condition:1
has type
equal to compensate
,
its payAmount
is equal to 5 euro
, and (given that the odrl:compensatedParty
of
the odrl:compensate
action is not specified) its beneficiary
is the assigner of the permission
party:sony
. It is not required that the agent who performs the compensate action is
party:billie
because, for example, a company can pay for its employees
(feature for an ODRL profile: it would be useful for actions of compensation or payment to contain a
reference to a policy or a rule and to the party for whom they are performed).
Access control or monitorin scenario:
Given a formal description of the requested or performed action, if such an action belongs to the class of actions regulated by the Permission and the Permission is active, then the action is permitted, otherwise it is denied.
Example | Policy | World | Requested/Performed Action | activation state of condition:1 |
deontic state of condition:1 |
activation state of the permission |
control state of the permission |
---|---|---|---|---|---|---|---|
E22-1 | policy:22 | compensate with payAmount = 5 euro and beneficiary = party:sony is not performed |
play and target = music:1999.mp3 and performer = party:billie |
active | not-set | inactive | deny the action |
E22-2 | policy:22 | compensate and payAmount = 5 euro and beneficiary = party:sony is performed |
play and target = music:1999.mp3 and performer = party:billie |
active | fulfilled | active | permit the action |
Example description
This policy contains a Permission constrained by a Condition (duty) (like in policy:22) with the difference that such Condition has constraints, it is only activated on Sundays.
{ "@context": "http://www.w3.org/ns/odrl.jsonld", "@type": "Agreement", "uid": "http://example.com/policy/88", "permission": [{ "assigner": "http://example.com/party/sony", "assignee": "http://example.com/party/billie", "target": "http://example.com/music/1999.mp3", "action": "play", "duty": [{ "@id" : "http://example.com/condition/1", "action": [{ "@id" : "http://example.com/action/payment", "rdf:value": { "@id": "odrl:compensate" }, "refinement": [{ "@id" : "http://example.com/refinement/1", "leftOperand": "payAmount", "operator": "eq", "rightOperand": { "@value": "5.00", "@type": "xsd:decimal" }, "unit": "http://dbpedia.org/resource/Euro" }] }], "constraint": [{ "@id" : "http://example.com/constraint/1", "leftOperand": "ex:dayOfWeek", "operator": "eq", "rightOperand": { "@value": "Sunday", "@type": "xsd:string" } }] }] }] }
Expected behaviour of the Evaluator
The class of actions regulated by this Permission has type equal to play
,
object equal to the target
of the permission, i.e. music:1999.mp3
,
and performer
equal to the assignee of the permission, i.e. party:billie
.
The class of actions regulated by condition:1
has type
equal to compensate
,
its payAmount
is equal to 5 euro
, and (given that the odrl:compensatedParty
of
the odrl:compensate
action is not specified) its beneficiary
is the assigner of the permission
party:sony
.
condition:1
has to be evaluated first. Given that condition:1
has constraints
it starts to be inactive and it becomes active when its Constraints are all satisfied
(the state of the world satisfies its Constraints, i.e. the current date is a Sunday. For expressing this constraint
an external vocabulary with the leftOperand ex:dayOfWeek
is used).
An active Constraint, it is also fulfilled when in the state of the world there is a representation
of an performed action that matches with the class of actions described in the Constraint.
The permission can be evaluated as follows:
If the Condition is inactive (its Constraint is not satisfied), the Permission is active.
If the Condition is active but it is not fullfilled, the Permission is inactive.
If the Condition is fulfilled the Permission is active.
Access control or monitoring scenario:
Example | Policy | World | Requested/Performed Action | satisfaction of constraint:1 |
satisfaction of refinement:1 |
activation of condition:1 |
deontic state of condition:1 |
activation of the permission |
control state of the permission |
---|---|---|---|---|---|---|---|---|---|
E88-1 | policy:88 | It is not Sunday |
play and target = music:1999.mp3 and performer = party:billie |
not-satisfied | don't care | inactive | not-set | active | permit the action |
E88-2 | policy:88 | It is Sundaycompensate with payAmount = 5 euro and beneficiary = party:sony is NOT performed. |
play and target = music:1999.mp3 and performer = party:billie |
satisfied | not-satisfied | active | not-set | inactive | deny the action |
E88-3 | policy:88 | It is Sundaycompensate with payAmount = 5 euro and beneficiary = party:sony is performed. |
play and target = music:1999.mp3 and performer = party:billie |
satisfied | satisfied | active | fulfilled | active | permit the action |
odrl:remedy
for its violation. Example description
This is example is similar to Example 19 in the Information Model, with the differences that it has not a related permission and it has a Constraint. In this case, there is a prohibition that is constrained by a constraint. The policy below is a formal Agreement between two parties (the assigner and the assignee) that the action of archiving the specified digital asset is prohibited. The prohibition is specifically active before the first day of 2025.
{ "@context": "http://www.w3.org/ns/odrl.jsonld", "@type": "Agreement", "uid": "http://example.com/policy/55", "prohibition": [{ "@id" : "http://example.com/prohibition/1", "target": "http://example.com/photoAlbum:55", "action": "archive", "assigner": "http://example.com/MyPix:55", "assignee": "http://example.com/assignee:55", "constraint": [{ "@id" : "http://example.com/constraint/1", "leftOperand": "dateTime", "operator": "lt", "rightOperand": { "@value": "2025-01-01", "@type": "xsd:date" } }] }] }
Expected behaviour of the Evaluator
The prohibition has an activation state and a deontic state that have to be calculated.
In this example, the Constraint must be evaluated on the state of the world. As long as the current time is before the first day of 2025 the Prohibition is active. After that date the Prohibition is inactive. When the prohibition is active, a violation occurs if the prohibited action is performed.
Example | Policy | World | satisfaction of constraint:1 |
activation of the prohibition:1 |
deontic state of the prohibition:1 |
---|---|---|---|---|---|
E55-1 | policy:55 | archive of photoAlbum:55 by assignee:55 is performed before 2025-01-01 |
satisfied | active | violated by the action |
E55-2 | policy:55 | archive of photoAlbum:55 by assignee:55 is NOT performed before 2025-01-01 |
satisfied | active | not-set |
E19-3 | policy:55 | archive of photoAlbum:55 by assignee:55 is performed after 2025-01-01 |
not-satisfied | inactive | not-set |
odrl:Duty
class (it would be better to have an odrl:Obligation
class) is active (its action,
with all refinements satisfied, should be perfomed) if all constraints of the Rule are satisfied, otherwise it is inactive.odrl:consequence
of not fulfilling that obligation. Example description
This example of derived from Example 20 in the Information Model. It describes an obligation that is not constrained by a Constraint. The policy below is a formal Agreement between two parties (the assigner and the assignee) that the action to compensate the assigner for a payment amount of EU500.00 is obliged.
{ "@context": "http://www.w3.org/ns/odrl.jsonld", "@type": "Agreement", "uid": "http://example.com/policy/42", "obligation": [{ "@id" : "http://example.com/obligation/1", "assigner": "http://example.com/party/43", "assignee": "http://example.com/party/44", "action": [{ "rdf:value": { "@id": "odrl:compensate" }, "refinement": [ { "leftOperand": "payAmount", "operator": "eq", "rightOperand": { "@value": "500.00", "@type": "xsd:decimal" }, "unit": "http://dbpedia.org/resource/Euro" }] }] }] }
Expected behaviour of the Evaluator
The Evaluator must determine the activation state and the deontic state of the obligation. The Obligation is always active. If the obliged action is performed then the obligation is fulfilled.
Example | Policy | World | activation of obligation:1 |
deontic state of obligation:1 |
---|---|---|---|---|
E42-1 | policy:42 | compensate of 500 euro by party:44 to party:43 is performed |
active | fulfilled by the performed action |
E42-2 | policy:42 | compensate of 500 euro by party:44 to party:43 is NOT performed |
active | not-set |