This document presents a new profile called ODRLData Usage Control (DUC) that extends from ODRL core vocabulary and expresion focused on data processing over big data systems

DUC is a Rights Expresson Language for the big data industry. With DUC profile, every single piece of content, a data asset, released by a news data provider or or data publisher can be annotated with machine-readable instructions that spell out the particular permissions and restrictions for this data asset.

Acknowledgments

This document is the result of a team effort by members of the Universidad Politécnica de Madrid 2020 with input and assistance from other contributors. Development and maintenance of DUC was done by these persons (ordered by surname): Munoz-Arcentales Andrés, Salvachua Joaquín, Lopez-Pernas Sonsoles, Huecas Gabriel, Alonso Álvaro

DUC specifications

This section extends the ODRL Recommendation [ODRL22] by terms required by the big data industry.

Introduction

This ODRL extension for policy definition regarding access and usage control. This means that data ownership along different phases of processing could be specified. The different use cases are been develop inside the FIWARE initiative (like Implement Data spaces, Machine Learning, Federated Learning, Secure Data sharing, Data Markets). Policy enforcement implemented via translation into a formal CSP like process algebra to specify the allowed behavior. Later is transformed into an extended automata that checks against Big Data platform logging information (like Apache Spark or Apache Flink).

Document Conventions

Prefix Namespace Description
odrl http://www.w3.org/ns/odrl/2/ [[odrl-vocab]] [[odrl-model]]
rdf http://www.w3.org/1999/02/22-rdf-syntax-ns# [[rdf11-concepts]]
rdfs http://www.w3.org/2000/01/rdf-schema# [[rdf-schema]]
owl http://www.w3.org/2002/07/owl# [[owl2-overview]]
xsd http://www.w3.org/2001/XMLSchema# [[xmlschema11-2]]
skos http://www.w3.org/2004/02/skos/core# [[skos-reference]]
dcterms http://purl.org/dc/terms/ [[dcterms]]
vcard http://www.w3.org/2006/vcard/ns# [[vcard-rdf]]
foaf http://xmlns.com/foaf/0.1/ [[foaf]]
schema http://schema.org/ schema.org
cc https://creativecommons.org/ns# creativecommons.org
ex http://example.com/ns#

Actions for Rules

For the class Action (http://www.w3.org/ns/odrl/2/Action), used with Rules, these instances are defined.

Query

Definition: To query some data asset.
Label: duc:Query
Identifier: http://www.w3.org/ns/odrl/2/acceptQuery
Included In: http://www.w3.org/ns/odrl/2/use

Publish

Definition: To write or publish some data.
Label: duc:Publish
Identifier: http://www.w3.org/ns/odrl/2/acceptPublish
Included In: http://www.w3.org/ns/odrl/2/use

Train

Definition: To train a machine learning model.
Label: duc:Train
Identifier: http://www.w3.org/ns/odrl/2/acceptTrain
Included In: http://www.w3.org/ns/odrl/2/use

Evaluate

Definition: To evaluate a machine learning model.
Label: duc:Evaluate
Identifier: http://www.w3.org/ns/odrl/2/acceptEvaluate
Included In: http://www.w3.org/ns/odrl/2/use

Anonymize

Definition: To anonymize the incoming data.
Label: duc:Anonymize
Identifier: http://www.w3.org/ns/odrl/2/acceptAnonymize
Included In: http://www.w3.org/ns/odrl/2/use

Transform

Definition: To transform, clean or filter data.
Label: duc:Transform
Identifier: http://www.w3.org/ns/odrl/2/acceptTransforme
Included In: http://www.w3.org/ns/odrl/2/use

Aggregate_by_consumer

Definition: The consumer has to aggregate the data before perform another operation.
Label: duc:AggregateByConsumer
Identifier: http://www.w3.org/ns/odrl/2/AggregateByConsumer
Included In: http://www.w3.org/ns/odrl/2/use

Aggregate_by_provider

Definition: The provider has to aggregate the data before publish it.
Label: duc:AggregateByProvider
Identifier: http://www.w3.org/ns/odrl/2/AggregateByProvider
Included In: http://www.w3.org/ns/odrl/2/use

Remove_subscription

Definition: To remove the subscription.
Label: duc:RemoveSubscription
Identifier: http://www.w3.org/ns/odrl/2/RemoveSubscription
Included In: http://www.w3.org/ns/odrl/2/use

Kill_job

Definition: To kill the current executing job.
Label: duc:KillJob
Identifier: http://www.w3.org/ns/odrl/2/KillJob
Included In: http://www.w3.org/ns/odrl/2/use

Party Functions

For the class Party (http://www.w3.org/ns/odrl/2/Party), used with Rules, these instances are defined.

Provider

Definition: The Party is the issuer of the Rule.
Label: duc:Provider
Identifier: http://www.w3.org/ns/odrl/2/Provider
Parent property: function
Domain: Policy, Rule
Range: Party

Consumer

Definition: The Party is the recipient of the Rule.
Label: duc:Consumer
Identifier: http://www.w3.org/ns/odrl/2/Consumer
Parent property: function
Domain: Policy, Rule
Range: Party

Controller

Definition: The Party is monitoring the application of the Rule.
Label: duc:Controller
Identifier: http://www.w3.org/ns/odrl/2/Controller
Parent property: function
Domain: Policy, Rule
Range: Party

Broker

Definition: The Party that acts as a broker of the data.
Label: duc:Broker
Identifier: http://www.w3.org/ns/odrl/2/Broker
Parent property: function
Domain: Policy, Rule
Range: Party

Examples

Machine Learning (ML) example

Company A wants to share a dataset to Company B. Company A only allows Company B to use the data for generating a ML model. Company B can not transfer any data to internal or external parties.

Example
{
                 "@context": "http://www.w3.org/ns/odrl.jsonld",
                 "@type": "Agreement",
                 "uid": "http://example.com/policy:1010",
                 "duc:provider": "http://oem.com/ids#me",
                    "permission": : [{
                        "duc:consumer": "http://supplier.com/"",
                    "target": "http://oem.com/ids/inventory/dataset-1",
                    "action": "duc:train"",
                    }],

                 "obligation": [{
                    "@type": "Duty",
                    "target": "http://oem.com/ids/inventory/dataset-1",
                    "action": "inform",
                    "consequence": [{
                    "target": "http://oem.com/ids/inventory/dataset-1",
                        "action":[{
                            "rdf:value": { "@id": "duc:KillJob" },
                            "refinement": [{
                                "leftOperand": "recipient",
                                "operator": "eq",
                                "rightOperand": {
                                    "@value": "flinkid00",
                                    "@type": "http://orion.fiware.org/Job"
                                    }
                                }]
                            }]
                        }]
                    }],
                    "prohibition": [{
                    "assignee": "http://supplier.com/",
                    "target" : "http://oem.com/ids/inventory/dataset-1",
                    "action": "print"
                    }]
                }