This document presents a new profile called ODRLData Usage Control (DUC) that extends from ODRL core vocabulary and expresion focused on data processing over big data systems
DUC is a Rights Expresson Language for the big data industry. With DUC profile, every single piece of content, a data asset, released by a news data provider or or data publisher can be annotated with machine-readable instructions that spell out the particular permissions and restrictions for this data asset.
This document is the result of a team effort by members of the Universidad Politécnica de Madrid 2020 with input and assistance from other contributors. Development and maintenance of DUC was done by these persons (ordered by surname): Munoz-Arcentales Andrés, Salvachua Joaquín, Lopez-Pernas Sonsoles, Huecas Gabriel, Alejandro Pozo, Alonso Álvaro
This section extends the ODRL Recommendation [ODRL22] by terms required by the big data industry.
This ODRL extension for policy definition regarding access and usage control. This means that data ownership along different phases of processing could be specified. The different use cases are been develop inside the FIWARE initiative (like Implement Data spaces, Machine Learning, Federated Learning, Secure Data sharing, Data Markets). Policy enforcement implemented via translation into a formal CSP like process algebra to specify the allowed behavior. Later is transformed into an extended automata that checks against Big Data platform logging information (like Apache Spark or Apache Flink).
Prefix | Namespace | Description |
---|---|---|
odrl | http://www.w3.org/ns/odrl/2/ | [[odrl-vocab]] [[odrl-model]] |
rdf | http://www.w3.org/1999/02/22-rdf-syntax-ns# | [[rdf11-concepts]] |
rdfs | http://www.w3.org/2000/01/rdf-schema# | [[rdf-schema]] |
owl | http://www.w3.org/2002/07/owl# | [[owl2-overview]] |
xsd | http://www.w3.org/2001/XMLSchema# | [[xmlschema11-2]] |
skos | http://www.w3.org/2004/02/skos/core# | [[skos-reference]] |
dcterms | http://purl.org/dc/terms/ | [[dcterms]] |
vcard | http://www.w3.org/2006/vcard/ns# | [[vcard-rdf]] |
foaf | http://xmlns.com/foaf/0.1/ | [[foaf]] |
schema | http://schema.org/ | schema.org |
cc | https://creativecommons.org/ns# | creativecommons.org |
ex | http://example.com/ns# |
For the class Action (http://www.w3.org/ns/odrl/2/Action), used with Rules, these instances are defined.
Definition: | To query some data asset. |
---|---|
Label: | duc:Query |
Identifier: | http://www.w3.org/ns/odrl/2/acceptQuery |
Included In: | http://www.w3.org/ns/odrl/2/use |
Definition: | To write or publish some data. |
---|---|
Label: | duc:Publish |
Identifier: | http://www.w3.org/ns/odrl/2/acceptPublish |
Included In: | http://www.w3.org/ns/odrl/2/use |
Definition: | To train a machine learning model. |
---|---|
Label: | duc:Train |
Identifier: | http://www.w3.org/ns/odrl/2/acceptTrain |
Included In: | http://www.w3.org/ns/odrl/2/use |
Definition: | To evaluate a machine learning model. |
---|---|
Label: | duc:Evaluate |
Identifier: | http://www.w3.org/ns/odrl/2/acceptEvaluate |
Included In: | http://www.w3.org/ns/odrl/2/use |
Definition: | To anonymize the incoming data. |
---|---|
Label: | duc:Anonymize |
Identifier: | http://www.w3.org/ns/odrl/2/acceptAnonymize |
Included In: | http://www.w3.org/ns/odrl/2/use |
Definition: | To transform, clean or filter data. |
---|---|
Label: | duc:Transform |
Identifier: | http://www.w3.org/ns/odrl/2/acceptTransforme |
Included In: | http://www.w3.org/ns/odrl/2/use |
Definition: | The consumer has to aggregate the data before perform another operation. |
---|---|
Label: | duc:AggregateByConsumer |
Identifier: | http://www.w3.org/ns/odrl/2/AggregateByConsumer |
Included In: | http://www.w3.org/ns/odrl/2/use |
Definition: | The provider has to aggregate the data before publish it. |
---|---|
Label: | duc:AggregateByProvider |
Identifier: | http://www.w3.org/ns/odrl/2/AggregateByProvider |
Included In: | http://www.w3.org/ns/odrl/2/use |
Definition: | To remove the subscription. |
---|---|
Label: | duc:RemoveSubscription |
Identifier: | http://www.w3.org/ns/odrl/2/RemoveSubscription |
Included In: | http://www.w3.org/ns/odrl/2/use |
Definition: | To kill the current executing job. |
---|---|
Label: | duc:KillJob |
Identifier: | http://www.w3.org/ns/odrl/2/KillJob |
Included In: | http://www.w3.org/ns/odrl/2/use |
For the class Party (http://www.w3.org/ns/odrl/2/Party), used with Rules, these instances are defined.
Definition: | The Party is the issuer of the Rule. |
---|---|
Label: | duc:Provider |
Identifier: | http://www.w3.org/ns/odrl/2/Provider |
Parent property: | function |
Domain: | Policy, Rule |
Range: | Party |
Definition: | The Party is the recipient of the Rule. |
---|---|
Label: | duc:Consumer |
Identifier: | http://www.w3.org/ns/odrl/2/Consumer |
Parent property: | function |
Domain: | Policy, Rule |
Range: | Party |
Definition: | The Party is monitoring the application of the Rule. |
---|---|
Label: | duc:Controller |
Identifier: | http://www.w3.org/ns/odrl/2/Controller |
Parent property: | function |
Domain: | Policy, Rule |
Range: | Party |
Definition: | The Party that acts as a broker of the data. |
---|---|
Label: | duc:Broker |
Identifier: | http://www.w3.org/ns/odrl/2/Broker |
Parent property: | function |
Domain: | Policy, Rule |
Range: | Party |
Company A wants to share a dataset to Company B. Company A only allows Company B to use the data for generating a ML model. Company B can not transfer any data to internal or external parties.
{
"@context": "http://www.w3.org/ns/odrl.jsonld",
"@type": "Agreement",
"uid": "http://example.com/policy:1010",
"duc:provider": "http://oem.com/ids#me",
"permission": : [{
"duc:consumer": "http://supplier.com/"",
"target": "http://oem.com/ids/inventory/dataset-1",
"action": "duc:train"",
}],
"obligation": [{
"@type": "Duty",
"target": "http://oem.com/ids/inventory/dataset-1",
"action": "inform",
"consequence": [{
"target": "http://oem.com/ids/inventory/dataset-1",
"action":[{
"rdf:value": { "@id": "duc:KillJob" },
"refinement": [{
"leftOperand": "recipient",
"operator": "eq",
"rightOperand": {
"@value": "flinkid00",
"@type": "http://orion.fiware.org/Job"
}
}]
}]
}]
}],
"prohibition": [{
"assignee": "http://supplier.com/",
"target" : "http://oem.com/ids/inventory/dataset-1",
"action": "print"
}]
}