Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to represent in the "state of the world" the executed Actions #61

Open
fornaran opened this issue Jul 1, 2024 · 5 comments
Open

How to represent in the "state of the world" the executed Actions #61

fornaran opened this issue Jul 1, 2024 · 5 comments
Assignees
@fornaran
Labels
Formal Semantics New Feature New feature or request

Comments

@fornaran
Copy link
Collaborator

fornaran commented Jul 1, 2024

In order to proved a Formal Semantics for ODRL (https://w3c.github.io/odrl/formal-semantics/), it is necessary to specify the name of the properties that can be used to describe the executed Actions in the "state of the world".
One initial proposal may be to represent them with at least: a type (the class of Actions to which the action belong), a performer (i.e. the agent that performs the action), an object (i.e. the object on which the action is performed), an atTime for describing the instant of time when the action is executed or when its execution has started.

  1. Are these basic properties OK?
  2. Is the list of action types specified in "ODRL Vocabulary & Expression 2.2/Actions for Rules" (https://www.w3.org/TR/odrl-vocab/#actionsCommon)?
  3. Is the list of other properties that can be used to describe an action that has been performed specified in "ODRL Vocabulary & Expression 2.2/Constraint Left Operands" (https://www.w3.org/TR/odrl-vocab/#constraintLeftOperandCommon)?
@joshcornejo
Copy link
Collaborator

In the work I am doing, and as per the email I sent a few days ago:

image001

  1. Once an agreement is created, a world IRI is generated (ie. because in practice a world can have 1:n agreements for the same actor(s));
  2. The agreement is added to a world, the extraction of variables takes place and they are added to the 'state of the world';
  3. The variables have a type, a name and values (e.g. <xsd:boolean, State, [false]> / <iso:iso639, languages, [esp, eng]>);
  4. Evaluation takes place via a function evaluate <world IRI , actor IRI, action IRI, asset IRI>

evaluate ( did:odrlw:01913775-4e85-74a4-881a-5b1005415c12, ex:someActor, odrl:play, ex:someMovie )

Note 1: I like the order world -> actor -> action -> asset (i think it has a good grammatical flow compared to action -> actor -> asset).

Note 2: For practical reasons, variables can also be added to the world "manually" to the context, especially for "spatial" assessments (we only know the location of an actor or asset when the evaluation is executed. I have 3 functions: addToContext / replaceInContext / removeFromContext - the most important is "replace" (as it can 'fix' issues with any variable's state/value and do things like change location), probably irrelevant to formal definitions.

@vroddon vroddon added the New Feature New feature or request label Oct 4, 2024
@vroddon
Copy link
Collaborator

vroddon commented Oct 4, 2024

The representation of the state of the world implies having new elements in ODRL. I label this issue as "new feature".

@joshcornejo
Copy link
Collaborator

So far the state of the world and a Policy have been separate entities as an implementation.

The "world" is linked to an "agreement" only for practical purposes, and as per my diagram above, when an agreement is created between an odrl:Assigner and an odrl:Assignee - the "world manager" extracts the variables from the agreement and categorises them (those that are "editable" - like a count and those that are "extraneous" - like dateTime).

I am unsure if the actual representation of the world has to be part of a "new feature" - unless the expectations are that you can "move" the agreements and states of worlds around in a distributed environment.

I would start with a logical representation and the rules to evaluate an outcome.

If we speak about "what is out there", as I mentioned during our call - authZen has a definition that was compatible with my evaluation:

{
    "subject": {
        "id": "Alice"
    },
    "resource": {
        "type": "payment_initiation"
    },
    "action": {
        "name": "transfer"
    },
    "context": {
        "remittance": "Ref Number Merchant"
    }
}

They also have a verbose way of describing relationships, those "evaluations" listed in that example, look as they can be actions in a list:

 odrl:action   ex:list_accounts, ex:read_balances, ex:read_transactions

I have a much more "compressed" (because the agreements give us much more information from the start) < subject, action, resource > where each item is just a UUID with the addition of the world it looks something like: < worldId, < actor, action, asset > >

Finally, they have a "client" managed context (or "state of the world") ... I am partial to where the context lives, there are advantages and disadvantages of either side.

Open
@woutslabbinck
Copy link

To describe executed actions in the state of the world, we (@besteves4 and me) are proposing the compliance report model presented for the ODRL CG at 2 October (slides).

The policy report allows to describe the action, party and target resource by linking to the relevant odrl policy and rule and it has a property to denote the time.

Futhermore, the model can also be used to denote an odrl evaluation.

The repository contains examples of the report for the three type of rules: Permission, Prohibition and Duty.

If this model seems interesting, we would gladly further discuss it in a future ODRL (formal semantics) CG
meeting.

@woutslabbinck woutslabbinck mentioned this issue Nov 25, 2024
Open
@joshcornejo
Copy link
Collaborator

When you say "describe executed actions in the state of the world", are you proposing some sort of "historical ledger"?

There seems to miss the outcome of the entire policy (a world can have many policies, let's assume with one actor, many actions, and many targets, and some can be inactive as the target is not part of that policy). It could have all the Attempted and Activation states.

Your diagram shows only Permissions, although it shows the report classes for all the rule types. A Permission can be "active/attempted", and during that same evaluation, you can have a Prohibition "active/violated" - the outcome of the Policy is therefore "active/violated". For example: "actor has permission to use asset" / "actor is prohibited to use it from home" (and yes, you can model this as a single rule - but you can also model it as multiple rules, so you have to allocate both possible paths, and hence why Policy is the "ultimate" outcome).

I'm not fond of reporting on "not attempted" - useful for development/debugging, but it could end up having lengthy reports with inconsequential entries.

Finally, during our call in October, it was raised a few times the complexities of Duty fulfilment processes. An example following yours:

ALICE must DELETE resource X

In practice, resource X is in Alice's shared drive, which has a local backup for her office that remains there for 12 months, and also goes to an organisational archive for 7 years.

At what point is the duty considered fulfilled and that report can be generated?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fornaran fornaran

Labels
Formal Semantics New Feature New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@vroddon @joshcornejo @riannella @woutslabbinck @fornaran