A Formal Foundation for ODRL

ODRL is a popular XML-based language for stating the conditions under which resources can be accessed legitimately. The language is described in English and, as a result, agreements written in ODRL are open to interpretation. To address this problem, we propose a formal semantics for a representative fragment of the language. We use this semantics to determine precisely when a permission is implied by a set of ODRL statements and show that answering such questions is a decidable NP-hard problem. Finally, we define a tractable fragment of ODRL that is also fairly expressive.

[1]  A. Tarski A Decision Method for Elementary Algebra and Geometry , 2023 .

[2]  Ron van der Meyden,et al.  The Dynamic Logic of Permission , 1990, J. Log. Comput..

[3]  J. R. Shoenfield,et al.  Review: Herbert B. Enderton, A Mathematical Introduction to Logic , 1973 .

[4]  Stefan Katzenbeisser,et al.  Towards Formal Semantics for ODRL , 2004, ODRL Workshop.

[5]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[6]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7]  Joseph Y. Halpern,et al.  A formal foundation for XrML , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[8]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[9]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[10]  Herbert B. Enderton,et al.  A mathematical introduction to logic , 1972 .

[11]  Ronald M. Lee International contracting-a formal language approach , 1988, Proceedings of the Twenty-First Annual Hawaii International Conference on System Sciences, 1988. Vol.IV. Applications Track.

[12]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[13]  Xin Wang,et al.  XrML -- eXtensible rights Markup Language , 2002, XMLSEC '02.

[14]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  Mark Strembeck,et al.  Experiences with the enforcement of access rights extracted from ODRL-based digital contracts , 2003, DRM '03.

[16]  Joseph Y. Halpern,et al.  Using First-Order Logic to Reason about Policies , 2008, TSEC.

[17]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..