oac.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  <style>dfn{cursor:pointer}
    .dfn-panel{position:absolute;z-index:35;min-width:300px;max-width:500px;padding:.5em .75em;margin-top:.6em;font:small Helvetica Neue,sans-serif,Droid Sans Fallback;background:#fff;color:#000;box-shadow:0 1em 3em -.4em rgba(0,0,0,.3),0 0 1px 1px rgba(0,0,0,.05);border-radius:2px}
    .dfn-panel:not(.docked)>.caret{position:absolute;top:-9px}
    .dfn-panel:not(.docked)>.caret::after,.dfn-panel:not(.docked)>.caret::before{content:"";position:absolute;border:10px solid transparent;border-top:0;border-bottom:10px solid #fff;top:0}
    .dfn-panel:not(.docked)>.caret::before{border-bottom:9px solid #a2a9b1}
    .dfn-panel *{margin:0}
    .dfn-panel b{display:block;color:#000;margin-top:.25em}
    .dfn-panel ul a[href]{color:#333}
    .dfn-panel>div{display:flex}
    .dfn-panel a.self-link{font-weight:700;margin-right:auto}
    .dfn-panel .marker{padding:.1em;margin-left:.5em;border-radius:.2em;text-align:center;white-space:nowrap;font-size:90%;color:#040b1c}
    .dfn-panel .marker.dfn-exported{background:#d1edfd;box-shadow:0 0 0 .125em #1ca5f940}
    .dfn-panel .marker.idl-block{background:#8ccbf2;box-shadow:0 0 0 .125em #0670b161}
    .dfn-panel a:not(:hover){text-decoration:none!important;border-bottom:none!important}
    .dfn-panel a[href]:hover{border-bottom-width:1px}
    .dfn-panel ul{padding:0}
    .dfn-panel li{margin-left:1em}
    .dfn-panel.docked{position:fixed;left:.5em;top:unset;bottom:2em;margin:0 auto;max-width:calc(100vw - .75em * 2 - .5em - .2em * 2);max-height:30vh;overflow:auto}
  </style>
  <link rel="preconnect" crossorigin="anonymous" href="https://www.w3.org/" class="removeOnSave">
  <link rel="preload" as="script" href="./oac_files/fixup.js.transferir" class="removeOnSave">
  <link rel="preload" as="style" href="./oac_files/base.css" class="removeOnSave">
  <link rel="stylesheet" href="./oac_files/base.css" class="removeOnSave">
  
  <title>ODRL Profile for Access Control</title>
  <link rel="icon" type="image/x-icon" href="./assets/folder.ico">
	
	<link rel="stylesheet" href="./oac_files/localstyle.css">
	<script src="./oac_files/jquery.min.js.transferir" type="text/javascript"></script>
		
	<style id="respec-ui-styles" class="removeOnSave">
    .respec-modal .close-button{position:absolute;z-index:inherit;padding:.2em;font-weight:700;cursor:pointer;margin-left:5px;border:none;background:0 0}
    #respec-ui{position:fixed;display:flex;flex-direction:row-reverse;top:20px;right:20px;width:202px;text-align:right;z-index:9000}
    #respec-pill,.respec-info-button{background:#fff;height:2.5em;color:#787878;border:1px solid #ccc;box-shadow:1px 1px 8px 0 rgba(100,100,100,.5)}
    .respec-info-button{border:none;opacity:.75;border-radius:2em;margin-right:1em;min-width:3.5em}
    .respec-info-button:focus,.respec-info-button:hover{opacity:1;transition:opacity .2s}
    #respec-pill:disabled{font-size:2.8px;text-indent:-9999em;border-top:1.1em solid rgba(40,40,40,.2);border-right:1.1em solid rgba(40,40,40,.2);border-bottom:1.1em solid rgba(40,40,40,.2);border-left:1.1em solid #fff;transform:translateZ(0);animation:respec-spin .5s infinite linear;box-shadow:none}
    #respec-pill:disabled,#respec-pill:disabled:after{border-radius:50%;width:10em;height:10em}
    @keyframes respec-spin{
    0%{transform:rotate(0)}
    100%{transform:rotate(360deg)}
    }
    .respec-hidden{visibility:hidden;opacity:0;transition:visibility 0s .2s,opacity .2s linear}
    .respec-visible{visibility:visible;opacity:1;transition:opacity .2s linear}
    #respec-pill:focus,#respec-pill:hover{color:#000;background-color:#f5f5f5;transition:color .2s}
    #respec-menu{position:absolute;margin:0;padding:0;font-family:sans-serif;background:#fff;box-shadow:1px 1px 8px 0 rgba(100,100,100,.5);width:200px;display:none;text-align:left;margin-top:32px;font-size:.8em}
    #respec-menu:not([hidden]){display:block}
    #respec-menu li{list-style-type:none;margin:0;padding:0}
    .respec-save-buttons{display:grid;grid-template-columns:repeat(auto-fill,minmax(47%,2fr));grid-gap:.5cm;padding:.5cm}
    .respec-save-button:link{padding-top:16px;color:#f0f0f0;background:#2a5aa8;justify-self:stretch;height:1cm;text-decoration:none;text-align:center;font-size:inherit;border:none;border-radius:.2cm}
    .respec-save-button:link:hover{color:#fff;background:#2a5aa8;padding:0;margin:0;border:0;padding-top:16px}
    .respec-save-button:link:focus{background:#193766}
    #respec-pill:focus,#respec-ui button:focus,.respec-option:focus{outline:0;outline-style:none}
    #respec-pill-error{background-color:red;color:#fff}
    #respec-pill-warning{background-color:orange;color:#fff}
    .respec-error-list,.respec-warning-list{margin:0;padding:0;list-style:none;font-family:sans-serif;background-color:#fffbe6;font-size:.85em}
    .respec-error-list>li,.respec-warning-list>li{padding:.4em .7em}
    .respec-warning-list>li::before{content:"⚠️";padding-right:.5em}
    .respec-error-list p,.respec-warning-list p{padding:0;margin:0}
    .respec-warning-list li{color:#5c3b00;border-bottom:thin solid #fff5c2}
    .respec-error-list,.respec-error-list li{background-color:#fff0f0}
    .respec-error-list li::before{content:"💥";padding-right:.5em}
    .respec-error-list li{padding:.4em .7em;color:#5c3b00;border-bottom:thin solid #ffd7d7}
    .respec-error-list li>p{margin:0;padding:0;display:inline-block}
    .respec-error-list li>p:first-child,.respec-warning-list li>p:first-child{display:inline}
    .respec-error-list>li li,.respec-warning-list>li li{margin:0;list-style:disc}
    #respec-overlay{display:block;position:fixed;z-index:10000;top:0;left:0;height:100%;width:100%;background:#000}
    .respec-show-overlay{transition:opacity .2s linear;opacity:.5}
    .respec-hide-overlay{transition:opacity .2s linear;opacity:0}
    .respec-modal{display:block;position:fixed;z-index:11000;margin:auto;top:10%;background:#fff;border:5px solid #666;min-width:20%;width:79%;padding:0;max-height:80%;overflow-y:auto;margin:0 -.5cm}
    @media screen and (min-width:78em){
    .respec-modal{width:62%}
    }
    .respec-modal h3{margin:0;padding:.2em;text-align:center;color:#000;background:linear-gradient(to bottom,#eee 0,#eee 50%,#ccc 100%);font-size:1em}
    .respec-modal .inside div p{padding-left:1cm}
    #respec-menu button.respec-option{background:#fff;padding:0 .2cm;border:none;width:100%;text-align:left;font-size:inherit;padding:1.2em 1.2em}
    #respec-menu button.respec-option:hover,#respec-menu button:focus{background-color:#eee}
    .respec-cmd-icon{padding-right:.5em}
    #respec-ui button.respec-option:last-child{border:none;border-radius:inherit}
    .respec-button-copy-paste{position:absolute;height:28px;width:40px;cursor:pointer;background-image:linear-gradient(#fcfcfc,#eee);border:1px solid #90b8de;border-left:0;border-radius:0 0 3px 0;-webkit-user-select:none;user-select:none;-webkit-appearance:none;top:0;left:127px}
    @media print{
    #respec-ui{display:none}
    }
    .respec-iframe{width:100%;min-height:550px;height:100%;overflow:hidden;padding:0;margin:0;border:0}
    .respec-iframe:not(.ready){background:url(https://respec.org/xref/loader.gif) no-repeat center}
    .respec-iframe+a[href]{font-size:.9rem;float:right;margin:0 .5em .5em;border-bottom-width:1px}</style><style id="respec-mainstyle">@keyframes pop{
    0%{transform:scale(1,1)}
    25%{transform:scale(1.25,1.25);opacity:.75}
    100%{transform:scale(1,1)}
    }
    .hljs{background:0 0!important}
    a abbr,h1 abbr,h2 abbr,h3 abbr,h4 abbr,h5 abbr,h6 abbr{border:none}
    dfn{font-weight:700}
    a.internalDFN{color:inherit;border-bottom:1px solid #99c;text-decoration:none}
    a.externalDFN{color:inherit;border-bottom:1px dotted #ccc;text-decoration:none}
    a.bibref{text-decoration:none}
    .respec-offending-element:target{animation:pop .25s ease-in-out 0s 1}
    .respec-offending-element,a[href].respec-offending-element{text-decoration:red wavy underline}
    @supports not (text-decoration:red wavy underline){
    .respec-offending-element:not(pre){display:inline-block}
    .respec-offending-element{background:url(data:image/gif;base64,R0lGODdhBAADAPEAANv///8AAP///wAAACwAAAAABAADAEACBZQjmIAFADs=) bottom repeat-x}
    }
    #references :target{background:#eaf3ff;animation:pop .4s ease-in-out 0s 1}
    cite .bibref{font-style:normal}
    code{color:#c63501}
    th code{color:inherit}
    a[href].orcid{padding-left:4px;padding-right:4px}
    a[href].orcid>svg{margin-bottom:-2px}
    .toc a,.tof a{text-decoration:none}
    a .figno,a .secno{color:#000}
    ol.tof,ul.tof{list-style:none outside none}
    .caption{margin-top:.5em;font-style:italic}
    table.simple{border-spacing:0;border-collapse:collapse;border-bottom:3px solid #005a9c}
    .simple th{background:#005a9c;color:#fff;padding:3px 5px;text-align:left}
    .simple th a{color:#fff;padding:3px 5px;text-align:left}
    .simple th[scope=row]{background:inherit;color:inherit;border-top:1px solid #ddd}
    .simple td{padding:3px 10px;border-top:1px solid #ddd}
    .simple tr:nth-child(even){background:#f0f6ff}
    .section dd>p:first-child{margin-top:0}
    .section dd>p:last-child{margin-bottom:0}
    .section dd{margin-bottom:1em}
    .section dl.attrs dd,.section dl.eldef dd{margin-bottom:0}
    #issue-summary>ul{column-count:2}
    #issue-summary li{list-style:none;display:inline-block}
    details.respec-tests-details{margin-left:1em;display:inline-block;vertical-align:top}
    details.respec-tests-details>*{padding-right:2em}
    details.respec-tests-details[open]{z-index:999999;position:absolute;border:thin solid #cad3e2;border-radius:.3em;background-color:#fff;padding-bottom:.5em}
    details.respec-tests-details[open]>summary{border-bottom:thin solid #cad3e2;padding-left:1em;margin-bottom:1em;line-height:2em}
    details.respec-tests-details>ul{width:100%;margin-top:-.3em}
    details.respec-tests-details>li{padding-left:1em}
    a[href].self-link:hover{opacity:1;text-decoration:none;background-color:transparent}
    h2,h3,h4,h5,h6{position:relative}
    aside.example .marker>a.self-link{color:inherit}
    h2>a.self-link,h3>a.self-link,h4>a.self-link,h5>a.self-link,h6>a.self-link{border:none;color:inherit;font-size:83%;height:2em;left:-1.6em;opacity:.5;position:absolute;text-align:center;text-decoration:none;top:0;transition:opacity .2s;width:2em}
    h2>a.self-link::before,h3>a.self-link::before,h4>a.self-link::before,h5>a.self-link::before,h6>a.self-link::before{content:"§";display:block}
    @media (max-width:767px){
    dd{margin-left:0}
    h2>a.self-link,h3>a.self-link,h4>a.self-link,h5>a.self-link,h6>a.self-link{left:auto;top:auto}
    }
    @media print{
    .removeOnSave{display:none}
    }</style><link rel="dns-prefetch" crossorigin="anonymous" href="https://api.specref.org/" class="removeOnSave"><link rel="preconnect" crossorigin="anonymous" href="https://respec.org/" class="removeOnSave"><link rel="preload" as="script" href="https://www.w3.org/Tools/respec/respec-highlight" class="removeOnSave"><link rel="stylesheet" href="./oac_files/cg-draft"><meta name="description" content=""><style>.hljs{display:block;overflow-x:auto;padding:.5em;color:#383a42;background:#fafafa}
    .hljs-comment,.hljs-quote{color:#717277;font-style:italic}
    .hljs-doctag,.hljs-formula,.hljs-keyword{color:#a626a4}
    .hljs-deletion,.hljs-name,.hljs-section,.hljs-selector-tag,.hljs-subst{color:#ca4706;font-weight:700}
    .hljs-literal{color:#0b76c5}
    .hljs-addition,.hljs-attribute,.hljs-meta-string,.hljs-regexp,.hljs-string{color:#42803c}
    .hljs-built_in,.hljs-class .hljs-title{color:#9a6a01}
    .hljs-attr,.hljs-number,.hljs-selector-attr,.hljs-selector-class,.hljs-selector-pseudo,.hljs-template-variable,.hljs-type,.hljs-variable{color:#986801}
    .hljs-bullet,.hljs-link,.hljs-meta,.hljs-selector-id,.hljs-symbol,.hljs-title{color:#336ae3}
    .hljs-emphasis{font-style:italic}
    .hljs-strong{font-weight:700}
    .hljs-link{text-decoration:underline}</style><style class="removeOnSave">var:hover{text-decoration:underline;cursor:pointer}
    var.respec-hl{color:var(--color,#000);background-color:var(--bg-color);box-shadow:0 0 0 2px var(--bg-color)}
    var.respec-hl-c1{--bg-color:#f4d200}
    var.respec-hl-c2{--bg-color:#ff87a2}
    var.respec-hl-c3{--bg-color:#96e885}
    var.respec-hl-c4{--bg-color:#3eeed2}
    var.respec-hl-c5{--bg-color:#eacfb6}
    var.respec-hl-c6{--bg-color:#82ddff}
    var.respec-hl-c7{--bg-color:#ffbcf2}
    @media print{
    var.respec-hl{background:0 0;color:#000;box-shadow:unset}}
  </style>
  <style>
    var{position:relative;cursor:pointer}
    var[data-type]::after,var[data-type]::before{position:absolute;left:50%;top:-6px;opacity:0;transition:opacity .4s;pointer-events:none}
    var[data-type]::before{content:"";transform:translateX(-50%);border-width:4px 6px 0 6px;border-style:solid;border-color:transparent;border-top-color:#000}
    var[data-type]::after{content:attr(data-type);transform:translateX(-50%) translateY(-100%);background:#000;text-align:center;font-family:"Dank Mono","Fira Code",monospace;font-style:normal;padding:6px;border-radius:3px;color:#daca88;text-indent:0;font-weight:400}
    var[data-type]:hover::after,var[data-type]:hover::before{opacity:1}
  </style><!-- Support ReSpec's development - https://opencollective.com/respec -->
  <meta name="monetization" class="removeOnSave" content="$ilp.uphold.com/DwJmxPHHi8K3">
  <script id="initialUserConfig" type="application/json">
    {
      "shortName": "profile-accesscontrol",
      "editors": [
        {
          "name": "Beatriz Esteves",
          "url": "https://besteves4.github.io/",
          "company": "Ontology Engineering Group, Universidad Politécnica de Madrid",
          "companyURL": "https://oeg.fi.upm.es/",
          "mailto": "beatriz.gesteves@upm.es"
        },
        {
          "name": "Harshvardhan J. Pandit",
          "url": "https://harshp.com/",
          "company": "ADAPT Centre, Trinity College Dublin",
          "companyURL": "https://tcd.ie/",
          "mailto": "pandith@tcd.ie"
        },
        {
          "name": "Víctor Rodríguez-Doncel",
          "url": "http://cosasbuenas.es/",
          "company": "Ontology Engineering Group, Universidad Politécnica de Madrid",
          "companyURL": "https://oeg.fi.upm.es/",
          "mailto": "vrodriguez@fi.upm.es"
        }
      ],
      "inlineCSS": true,
      "noIDLIn": true,
      "noLegacyStyle": false,
      "noRecTrack": true,
      "lint": true,
      "github": {
        "repoURL": "https://github.com/besteves4/odrl-access-control-profile",
        "branch": "master"
      },
      "publishISODate": "2023-10-09T00:00:00.000Z",
      "generatedSubtitle": ""
    }
  </script>
</head>
<body class="h-entry informative toc-sidebar">
  <p id="toc-nav">
    <a id="toc-jump" href="./oac.html#toc">
      <span aria-hidden="true">↑</span> <span>Jump to Table of Contents</span>
    </a>
    <a id="toc-toggle" href="./oac.html#toc">
      <span aria-hidden="true">←</span> <span>Collapse Sidebar</span>
    </a>
  </p>
  <div class="head">
    <h1 id="title" class="title">ODRL Profile for Access Control</h1>
    <h2>
      Draft release
      <time class="dt-published" datetime="2023-10-09">09 October 2023</time>
    </h2>
    <dl>
      <b>Version:</b> 0.2
      <dt>Latest editor's draft:</dt>
      <dd>
        <a href="https://w3id.org/oac">https://w3id.org/oac</a>
      </dd>
      <dt>Editors:</dt>
      <dd class="p-author h-card vcard">
        <a class="ed_mailto u-email email p-name" href="mailto:beatriz.gesteves@upm.es">Beatriz Esteves</a>
        (<a class="p-org org h-org h-card" href="https://oeg.fi.upm.es/">Ontology Engineering Group, Universidad Politécnica de Madrid</a>)
      </dd>
      <dd class="p-author h-card vcard">
        <a class="ed_mailto u-email email p-name" href="mailto:pandith@tcd.ie">Harshvardhan J. Pandit</a>
        (<a class="p-org org h-org h-card" href="https://tcd.ie/">ADAPT Centre, Trinity College Dublin</a>)
      </dd>
      <dd class="p-author h-card vcard">
        <a class="ed_mailto u-email email p-name" href="mailto:vrodriguez@fi.upm.es">Víctor Rodríguez-Doncel</a>
        (<a class="p-org org h-org h-card" href="https://oeg.fi.upm.es/">Ontology Engineering Group, Universidad Politécnica de Madrid</a>)
      </dd>
      <dt>Previous versions:</dt>
      <dd>
        <a href="./old/0.1/oac.html">v0.1</a>
      </dd>
      <dt>Participate:</dt>
      <dd>
        <a href="https://github.com/besteves4/odrl-access-control-profile">GitHub profile</a>
      </dd>
      <dd>
        <a href="https://github.com/besteves4/odrl-access-control-profile/issues">File a bug</a>
      </dd>
      <dd>
        <a href="https://github.com/besteves4/odrl-access-control-profile/commits/main">Commit history</a>
      </dd>
      <dd>
        <a href="https://github.com/besteves4/odrl-access-control-profile/pulls">Pull requests</a>
      </dd>
      <dt>Download serialization:</dt>
      <dd>
        <span><a href="oac.ttl" target="_blank"><img src="https://img.shields.io/badge/Format-TTL-blue.svg" alt="TTL"></a></span>
        <!-- TODO: add other serializations -->
        <!-- <span><a href="oac.json" target="_blank"><img src="https://img.shields.io/badge/Format-JSON_LD-blue.svg" alt="JSON-LD"></a></span>
        <span><a href="oac.rdf" target="_blank"><img src="https://img.shields.io/badge/Format-RDF/XML-blue.svg" alt="RDF/XML"></a></span>
        <span><a href="oac.nt" target="_blank"><img src="https://img.shields.io/badge/Format-N_Triples-blue.svg" alt="N-Triples"></a></span>
        <span><a href="oac.n3" target="_blank"><img src="https://img.shields.io/badge/Format-N3-blue.svg" alt="N3"></a></span> -->
      </dd>
      <dt>License:</dt>
      <dd>
        <a href="https://dalicc.net/licenselibrary/CC-BY_v4" target="_blank">
          <img src="https://img.shields.io/badge/License-CC--BY%204.0-green" alt="CC-BY 4.0">
        </a>
      </dd>
    </dl>
    <hr title="Separator for header">
  </div>
  <section id="abstract" class="introductory"><h2>Abstract</h2>
    <p>
      This document presents a new profile, the ODRL Profile for Access Control (OAC), that extends the WAC access control list 
      mechanism by using the Open Digital Rights Language (ODRL) to define access control policies that express permissions and / or 
      prohibitions associated with data stored in a decentralised storage environment and utilises the Data Privacy Vocabulary (DPV)
      as a controlled vocabulary for invoking privacy and data protection-specific terms.
    </p>
<!--     <p>
      In particular, the introduced elements will serve one of these purposes:
    </p>
    <p class="tab">
      (i) define actions supporting enforcement of current ACL verbs,
    </p>
    <p class="tab">
      (ii) define data protection-related actions and restrictions defined in GDPR,
    </p>
    <p class="tab">
      (iii) any vocabulary element needed to support policy patterns that can be anticipated to be common, and
    </p>
    <p class="tab">
      (iv) elements necessary to support the authorization reasoning decision.
    </p> -->
  </section>

  <nav id="toc">
    <h2 class="introductory" id="table-of-contents">Table of Contents</h2>
    <ol class="toc">
      <li class="tocline">
        <a class="tocxref" href="./oac.html#intro">
          <bdi class="secno">1. </bdi>Introduction
        </a>
        <ol class="toc">
          <li class="tocline">
            <a class="tocxref" href="./oac.html#diag">
              <bdi class="secno">1.1 </bdi>Profile diagram
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#conventions">
              <bdi class="secno">1.2 </bdi>Document Conventions
            </a>
          </li>
        </ol>
      </li>
      <li class="tocline">
        <a class="tocxref" href="./oac.html#spec">
          <bdi class="secno">2. </bdi>Profile specification
        </a>
        <ol class="toc">
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x2-1-base-concepts">
              <bdi class="secno">2.1 </bdi>Base Concepts
            </a>
            <ol class="toc">
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-1-1-policies">
                  <bdi class="secno">2.1.1 </bdi>Policies
                </a>
                <ol class="toc">
                  <li class="tocline">
                    <a class="tocxref" href="./oac.html#x2-1-1-1-preference">
                      <bdi class="secno">2.1.1.1 </bdi>Preference
                    </a>
                  </li>
                  <li class="tocline">
                    <a class="tocxref" href="./oac.html#x2-1-1-2-requirement">
                      <bdi class="secno">2.1.1.2 </bdi>Requirement
                    </a>
                  </li>
                </ol>
              </li>
            </ol>
            <ol class="toc">
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-1-2-operators">
                  <bdi class="secno">2.1.2 </bdi>Operators
                </a>
                <ol class="toc">
                  <li class="tocline">
                    <a class="tocxref" href="./oac.html#x2-1-2-1-isNotA">
                      <bdi class="secno">2.1.2.1 </bdi>Is not a
                    </a>
                  </li>
                  <li class="tocline">
                    <a class="tocxref" href="./oac.html#x2-1-2-2-subclass">
                      <bdi class="secno">2.1.2.2 </bdi>Subclass
                    </a>
                  </li>
                  <li class="tocline">
                    <a class="tocxref" href="./oac.html#x2-1-2-3-semantic">
                      <bdi class="secno">2.1.2.3 </bdi>Semantic
                    </a>
                  </li>
                </ol>
              </li>
            </ol>
            <ol class="toc">
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-1-3-other-properties">
                  <bdi class="secno">2.1.3 </bdi>Other properties
                </a>
                <ol class="toc">
                  <li class="tocline">
                    <a class="tocxref" href="./oac.html#x2-1-3-1-service">
                      <bdi class="secno">2.1.3.1 </bdi>Service
                    </a>
                  </li>
                  <li class="tocline">
                    <a class="tocxref" href="./oac.html#x2-1-3-2-application">
                      <bdi class="secno">2.1.3.2 </bdi>Application
                    </a>
                  </li>
                </ol>
              </li>
            </ol>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x2-2-assets">
              <bdi class="secno">2.2 </bdi>Assets
            </a>
            <ol class="toc">
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-2-1-personal-data">
                  <bdi class="secno">2.2.1 </bdi>Personal Data
                </a>
              </li>
            </ol>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x2-3-actions">
              <bdi class="secno">2.3 </bdi>Actions
            </a>
            <ol class="toc">
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-3-1-access">
                  <bdi class="secno">2.3.1 </bdi>Access
                </a>
              </li>
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-3-2-processing">
                  <bdi class="secno">2.3.2 </bdi>Processing
                </a>
              </li>
            </ol>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x2-4-parties">
              <bdi class="secno">2.4 </bdi>Parties
            </a>
            <ol class="toc">
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-4-1-entity">
                  <bdi class="secno">2.4.1 </bdi>Entity
                </a>
              </li>
            </ol>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x2-5-constraints">
              <bdi class="secno">2.5 </bdi>Constraints
            </a>
            <ol class="toc">
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-5-1-purpose">
                  <bdi class="secno">2.5.1 </bdi>Purpose
                </a>
              </li>
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-5-2-recipient">
                  <bdi class="secno">2.5.2 </bdi>Recipient
                </a>
              </li>
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-5-3-legal-basis">
                  <bdi class="secno">2.5.3 </bdi>Legal Basis
                </a>
              </li>
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-5-4-tom">
                  <bdi class="secno">2.5.4 </bdi>Technical and Organisational Measure
                </a>
              </li>
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-5-5-tech">
                  <bdi class="secno">2.5.5 </bdi>Technology
                </a>
              </li>
              <li class="tocline">
                <a class="tocxref" href="./oac.html#x2-5-6-idp">
                  <bdi class="secno">2.5.6 </bdi>Identity Provider
                </a>
              </li>
            </ol>
          </li>
        </ol>
      </li>
      <li class="tocline">
        <a class="tocxref" href="./oac.html#validation">
          <bdi class="secno">3. </bdi>Validation of policies with SHACL
        </a>
      </li>
      <li class="tocline">
        <a class="tocxref" href="./oac.html#matching">
          <bdi class="secno">4. </bdi>Matching requests for data
        </a>
        <ol class="toc">
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x4-1-mapping-dpv-pd">
              <bdi class="secno">4.1 </bdi>Associate resources with DPV-PD types
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x4-2-mapping-acl-dpv">
              <bdi class="secno">4.2 </bdi>Mapping ACL verbs to DPV processing
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x4-3-mapping-matching">
              <bdi class="secno">4.3 </bdi>Mapping results of the matching with ACP/ACL 
            </a>
          </li>
        </ol>
      </li>
      <li class="tocline">
        <a class="tocxref" href="./oac.html#examples">
          <bdi class="secno">5. </bdi>Examples
        </a>
        <ol class="toc">
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x5-1-preference-policy">
              <bdi class="secno">5.1 </bdi>Preference policy
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x5-2-requirement-policy">
              <bdi class="secno">5.2 </bdi>Requirement policy
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x5-3-offer-policy">
              <bdi class="secno">5.3 </bdi>Offer policy
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x5-4-request-policy">
              <bdi class="secno">5.4 </bdi>Request policy
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x5-5-agreement-policy">
              <bdi class="secno">5.5 </bdi>Agreement policy
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x5-6-isNotA-operator">
              <bdi class="secno">5.6 </bdi>Policy with is not a operator
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x5-7-subclass-operator">
              <bdi class="secno">5.7 </bdi>Policy with subclass operator
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x5-8-service">
              <bdi class="secno">5.8 </bdi>Policy with service party
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x5-9-application-assignee">
              <bdi class="secno">5.9 </bdi>Policy with application and assignee parties
            </a>
          </li>
<!--           <li class="tocline">
            <a class="tocxref" href="./oac.html#x3-10-purpose-policy">
              <bdi class="secno">3.10 </bdi>Policy with a purpose constraint
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x3-11-recipient-policy">
              <bdi class="secno">3.11 </bdi>Policy with a recipient constraint
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x3-12-legal-basis-policy">
              <bdi class="secno">3.12 </bdi>Policy with a legal basis constraint
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x3-12-multiple-constraints">
              <bdi class="secno">3.12 </bdi>Policy with multiple constraints
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x3-13-update-policy-metadata">
              <bdi class="secno">3.13 </bdi>Updated policy metadata
            </a>
          </li> -->
          <!-- <li class="tocline">
            <a class="tocxref" href="./oac.html#x3-1-user-preference-1">
              <bdi class="secno">3.1 </bdi>User Preference 1
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x3-2-user-preference-2">
              <bdi class="secno">3.2 </bdi>User Preference 2
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x3-3-app-policy-1">
              <bdi class="secno">3.3 </bdi>App Policy 1
            </a>
          </li>
          <li class="tocline">
            <a class="tocxref" href="./oac.html#x3-4-app-policy-2">
              <bdi class="secno">3.4 </bdi>App Policy 2
            </a>
          </li> -->
        </ol>
      </li>
      <li class="tocline">
        <a class="tocxref" href="./oac.html#orsd">
          <bdi class="secno">A </bdi>Ontology Requirement Specification Document
        </a>
        <a class="tocxref" href="./oac.html#ack">
          <bdi class="secno">B. </bdi>Acknowledgments
        </a>
        <a class="tocxref" href="./oac.html#references">
          <bdi class="secno">C. </bdi>References
        </a>
      </li>
    </ol>
  </nav>

  <section id="intro">
    <h2 id="x2-introduction">
      <bdi class="secno">1. </bdi>Introduction
      <a class="self-link" aria-label="§" href="./oac.html#intro"></a>
    </h2>
    <p>
      The Web Access Control (WAC) specification 
      [<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-wac" title="Web Access Control">wac</a></cite>]
      is a <i>"decentralized cross-domain access control system"</i> that uses Linked Data 
      [<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-ld" title="Linked Data">ld</a></cite>]
      and URIs to store authorisation conditions within Access Control Lists (ACL) to define access of Web agents to Web resources.
      Amongst other uses, it is used in the Solid ecosystem as a tool to determine the access to data stored within Solid Pods - 
      therefore, in Solid the user controlling the ACL is the entity responsible for deciding who has access to the data.
      Solid is a specification 
      [<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-solid-protocol" title="Solid Protocol">solid-protocol</a></cite>]
      for decentralised personal data stores (called `Pods') 
      that uses Web standards and semantic technologies to achieve user control and interoperability.
      <b>
        Therefore, the usage of the ODRL profile for Access Control (OAC) will be demonstrated through the Solid ecosystem
        as it is an example implementation of a decentralised environment for the sharing of personal data.
        However, it should be clear that OAC is not Solid-dependent and can be deployed in other environments as it does not
        rely in any Solid-specific vocabularies.
      </b>
    </p>
    <p>
      Given that Solid provides a way for personal data to be stored and managed by individuals, it is important to consider the impact 
      and application of data protection and privacy laws such as the European General Data Protection Regulation (GDPR)
      [<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-gdpr" title="General Data Protection Regulation">gdpr</a></cite>]
      that define specific concepts and obligations for how personal data can be collected, stored, used, and shared. In addition, 
      such laws also specify various rights and the legal basis used to justify using the data and the conditions for their validity. 
      In particular, GDPR's Articles 13 and 14 require controllers to provide information such as identity, purpose, personal data 
      categories, legal basis, and recipients when they collect personal data directly or indirectly from individuals.
    </p>
    <p>
      Applied to Solid, this information can be presented using conventional methods, such as a notice provided through the data requester's 
      website, and the resulting authorisation decision made by the individual stored within the ACL. However, for individuals to control 
      their data practices, the Solid Pod must contain this information as well so that the individual has the opportunity to:
    </p>
    <p class="tab">
      (i) inspect their personal data within an environment under their control; 
    </p>
    <p class="tab">
      (ii) store it for accountability purposes; 
    </p>
    <p class="tab">
      (iii) determine their data sharing preferences; and 
    </p>
    <p class="tab">
      (iv) be assisted in expressing and enforcing their data sharing preferences. 
    </p>
    <p>
      To achieve these goals, the following requirements motivate our approach to extend the existing ACL mechanism 
      using the ODRL Vocabulary and Expression 
      [<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-odrl-vocab" title="ODRL Vocabulary and Expression 2.2">odrl-vocab</a></cite>]
      specification to define access control policies that express permissions and / or 
      prohibitions associated with data stored in a decentralised storage system such as Solid Pods and utilises the Data Privacy Vocabulary (DPV)
      [<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-dpv" title="Data Privacy Vocabulary">dpv</a></cite>]
      as a controlled vocabulary for invoking privacy and data protection-specific terms.
    </p>
    <p class="tab">
      R1. Support specifying user preferences as policies.
    </p>
    <p class="tab">
      R2. Incorporate vocabulary specifying or aligned to legal concepts.
    </p>
    <p class="tab">
      R3. Support specifying permissions and prohibitions at arbitrary granularity.
    </p>
    <p class="tab">
      R4. Support identifying and resolving conflicts based on scope.
    </p>
    <p class="tab">
      R5. Record (store) policies used to authorise access.
    </p>
    <p class="tab">
      R6. Support querying policies and authorisations for introspection of data use.
    </p>
    <b>
      Therefore, these policies will add a new layer to decentralised storage systems, which is currently missing from the Solid ecosystem for instance, 
      that will be placed below the access authorisation layer in order to provide a richer access control mechanism to such systems.
    </b>

    <section id="diag">
      <h3 id="x2-2-document-conventions">
        <bdi class="secno">1.1 </bdi>Profile diagram
        <a class="self-link" aria-label="§" href="./oac.html#diag"></a>
      </h3>
      <p>
        The concepts specified by the ODRL Profile for Access Control are shown in the figure below.
      </p>
      <center>
        <img src="./assets/oac_diagram.png" alt="ODRL Profile for Access Control" width="800px">
      </center>
      </div>

    </section>

    <section id="conventions">
      <h3 id="x2-2-document-conventions">
        <bdi class="secno">1.2 </bdi>Document Conventions
        <a class="self-link" aria-label="§" href="./oac.html#conventions"></a>
      </h3>

        <table class="def">
            <tbody>
              <tr>
                <th>Prefix</th>
                <th>Namespace</th>
                <th>Description</th>
              </tr>
              <tr>
                <td>odrl</td>
                <td>http://www.w3.org/ns/odrl/2/</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-odrl-vocab" title="ODRL Vocabulary &amp; Expression 2.2">odrl-vocab<!---0.910070%--></a></cite><!---0.910070%-->] [<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-odrl-model" title="ODRL Information Model 2.2">odrl-model<!---0.910070%--></a></cite><!---0.910070%-->]</td>
              </tr>
              <tr>
                <td>rdf</td>
                <td>http://www.w3.org/1999/02/22-rdf-syntax-ns#</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-rdf11-concepts" title="RDF 1.1 Concepts and Abstract Syntax">rdf11-concepts<!---0.910070%--></a></cite><!---0.910070%-->]</td>
              </tr>
              <tr>
                <td>rdfs</td>
                <td>http://www.w3.org/2000/01/rdf-schema#</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-rdf-schema" title="RDF Schema 1.1">rdf-schema<!---0.910070%--></a></cite><!---0.910070%-->]</td>
              </tr>
              <tr>
                <td>owl</td>
                <td>http://www.w3.org/2002/07/owl#</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-owl2-overview" title="OWL 2 Web Ontology Language Document Overview (Second Edition)">owl2-overview<!---0.910070%--></a></cite><!---0.910070%-->]</td>
              </tr>
              <tr>
                <td>dcterms</td>
                <td>http://purl.org/dc/terms/</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-dcterms" title="DCMI Metadata Terms">dcterms<!---0.910070%--></a></cite><!---0.910070%-->]</td>
              </tr>
              <tr>
                <td>vann</td>
                <td>http://purl.org/vocab/vann/</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-vann" title="VANN: A vocabulary for annotating vocabulary descriptions">vann<!---0.910070%--></a></cite><!---0.910070%-->]</td>
              </tr>
              <tr>
                <td>xsd</td>
                <td>http://www.w3.org/2001/XMLSchema#</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-xsd" title="XML Schema">xsd<!---0.910070%--></a></cite><!---0.910070%-->]</td>
              </tr>
              <tr>
                <td>skos</td>
                <td>http://www.w3.org/2004/02/skos/core#</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-skos" title="SKOS Simple Knowledge Organization System Namespace Document">skos<!---0.910070%--></a></cite><!---0.910070%-->]</td>
              </tr>
              <tr>
                <td>dpv</td>
                <td>https://w3id.org/dpv#</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-dpv" title="Data Privacy Vocabulary (DPV) version 1">dpv</a></cite>]</td>
              </tr>
              <tr>
                <td>dpv-pd</td>
                <td>https://w3id.org/dpv/dpv-pd#</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-dpv-pd" title="DPV-PD: Extended Personal Data categories for DPV version 1">dpv-pd</a></cite>]</td>
              </tr>
              <tr>
                <td>dpv-tech</td>
                <td>https://w3id.org/dpv/dpv-tech#</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-dpv-tech" title="DPV-TECH: Extension providing Technology concepts for DPV version 0.8.2">dpv-tech</a></cite>]</td>
              </tr>
              <tr>
                <td>acl</td>
                <td>http://www.w3.org/ns/auth/acl#</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html#bib-acl" title="Basic Access Control ontology">acl</a></cite>]</td>
              </tr>
              <tr>
                <td>oac</td>
                <td>https://w3id.org/oac#</td>
                <td>[<cite><a class="bibref" data-link-type="biblio" href="./oac.html" title="ODRL Profile for Access Control">oac</a></cite>]</td>
              </tr>
              <tr>
                <td>ex</td>
                <td>https://example.com/</td>
                <td></td>
              </tr>
            </tbody>
          </table>

    </section>
  </section>

  <section id="spec">
    <h2 id="x3-spec">
      <bdi class="secno">2. </bdi>Profile specification
      <a class="self-link" aria-label="§" href="./oac.html#spec"></a>
    </h2>
    <p>
      This ODRL profile relies on the invocation of legal concepts using DPV and ACL for the reference to access mode operations.
      Its core concepts are the <a href="./oac.html#x2-1-1-1-preference">Preference</a> and <a href="./oac.html#x2-1-1-2-requirement">Requirement</a> policies, 
      a new set of <a href="./oac.html#x2-1-2-operators">operators</a> to constraint the defined <a href="./oac.html#x2-5-1-purpose">Purposes</a>, 
      <a href="./oac.html#x2-5-2-recipient">Recipients</a>, <a href="./oac.html#x2-5-3-legal-basis">Legal Basis</a>, 
      <a href="./oac.html#x2-5-4-tom">Technical and Organisational Measures</a>, <a href="./oac.html#x2-5-5-tech">Technology</a> and 
      <a href="./oac.html#x2-5-6-idp">Identity Provider</a> constraints (which will require the usage of DPV's taxonomies), 
      new properties to specify policies for <a href="./oac.html#x2-1-3-2-application">applications</a> and <a href="./oac.html#x2-1-3-1-service">services</a>, 
      <a href="./oac.html#x2-3-2-processing">Processing</a> and <a href="./oac.html#x2-3-1-access">Access actions</a>, as well as 
      <a href="./oac.html#x2-2-1-personal-data">Personal Data</a> categories, and <a href="./oac.html#x2-4-1-entity">Entities</a>.
    </p>
    <section id="base-concepts">
      <h3 id="x2-1-base-concepts">
        <bdi class="secno">2.1 </bdi>Base Concepts
        <a class="self-link" aria-label="§" href="./oac.html#x2-1-base-concepts"></a>
      </h3>
      <p>
        In this section, two new types of policies are specified to deal with the requirements of users which wish to define rules for the processing of their
        personal data, as well as a set of three new ODRL operators which we believe are currently missing from the ODRL Core vocabulary and two new properties
        to specify policies for services and applications, which are important stakeholders in decentralised systems.
      </p>
    </section>
    <section id="policies">
      <h4 id="x2-1-1-policies">
        <bdi class="secno">2.1.1 </bdi>Policies
        <a class="self-link" aria-label="§" href="./oac.html#x2-1-1-policies"></a>
      </h4>
    </section>
    <section id="preference">
      <h5 id="x2-1-1-1-preference">
        <bdi class="secno">2.1.1.1 </bdi>Preference
        <a class="self-link" aria-label="§" href="./oac.html#x2-1-1-1-preference"></a>
      </h5>
      <table class="def propdef">
        <tbody>
          <tr><th>Label:</th> <td>Preference</td></tr>
          <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#Preference">https://w3id.org/oac#Preference</a></td></tr>
          <tr><th>Definition:</th> <td>A Preference Policy is a soft policy that expresses the assigner's preferences over an Asset which MAY not be satisfied.</td></tr>
          <tr><th>Note:</th> <td>A Preference Policy MUST contain at least one Permission or Prohibition rule, an Action, a target Asset and a Party with Assigner function (in the same Permission or Prohibition). The Preference Policy MAY contain a Party with Assignee, Application and/or Service functions, but MUST not grant any privileges to those Parties.</td></tr>
          <tr><th>Example:</th> <td>If a preference policy set by a party A does not match a request policy from party B, the request can still be accepted if party A accepts party B's request conditions.</td></tr>
          <tr><th>Parent class:</th> <td><a href="http://www.w3.org/ns/odrl/2/Policy">odrl:Policy</a></td></tr>
          <tr><th>Disjoint classes:</th> <td><a href="http://www.w3.org/ns/odrl/2/Agreement">odrl:Agreement</a>, <a href="http://www.w3.org/ns/odrl/2/Offer">odrl:Offer</a>, <a href="http://www.w3.org/ns/odrl/2/Privacy">odrl:Privacy</a>, <a href="http://www.w3.org/ns/odrl/2/Request">odrl:Request</a>, <a href="http://www.w3.org/ns/odrl/2/Ticket">odrl:Ticket</a>, <a href="http://www.w3.org/ns/odrl/2/Assertion">odrl:Assertion</a>, <a href="https://w3id.org/oac#Requirement">oac:Requirement</a></td></tr>
        </tbody>
      </table>
    </section>
    <section id="requirement">
      <h5 id="x2-1-1-2-requirement">
        <bdi class="secno">2.1.1.2 </bdi>Requirement
        <a class="self-link" aria-label="§" href="./oac.html#x2-1-1-2-requirement"></a>
      </h5>
      <table class="def propdef">
        <tbody>
          <tr><th>Label:</th> <td>Requirement</td></tr>
          <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#Requirement">https://w3id.org/oac#Requirement</a></td></tr>
          <tr><th>Definition:</th> <td>A Requirement Policy is a hard policy that expresses the assigner's preferences over an Asset which MUST be satisfied.</td></tr>
          <tr><th>Note:</th> <td>A Requirement Policy MUST contain at least one Permission or Prohibition rule, an Action, a target Asset and a Party with Assigner function (in the same Permission or Prohibition). The Requirement Policy MAY contain a Duty, Party with Assignee, Application and/or Service functions, but MUST not grant any privileges to those Parties.</td></tr>
          <tr><th>Example:</th> <td>If a requirement policy set by a party A does not match a request policy from party B, the request must be denied even if party A accepts party B's request conditions.</td></tr>
          <tr><th>Parent class:</th> <td><a href="http://www.w3.org/ns/odrl/2/Policy">odrl:Policy</a></td></tr>
          <tr><th>Disjoint classes:</th> <td><a href="http://www.w3.org/ns/odrl/2/Agreement">odrl:Agreement</a>, <a href="http://www.w3.org/ns/odrl/2/Offer">odrl:Offer</a>, <a href="http://www.w3.org/ns/odrl/2/Privacy">odrl:Privacy</a>, <a href="http://www.w3.org/ns/odrl/2/Request">odrl:Request</a>, <a href="http://www.w3.org/ns/odrl/2/Ticket">odrl:Ticket</a>, <a href="http://www.w3.org/ns/odrl/2/Assertion">odrl:Assertion</a>, <a href="https://w3id.org/oac#Preference">oac:Preference</a></td></tr>
        </tbody>
      </table>
    </section>
    <section id="operators">
      <h4 id="x2-1-2-operators">
        <bdi class="secno">2.1.2 </bdi>Operators
        <a class="self-link" aria-label="§" href="./oac.html#x2-1-2-operators"></a>
      </h4>
    </section>
    <section id="isNotA">
      <h5 id="x2-1-2-1-isNotA">
        <bdi class="secno">2.1.2.1 </bdi>Is not a
        <a class="self-link" aria-label="§" href="./oac.html#x2-1-2-1-isNotA"></a>
      </h5>
      <table class="def propdef">
        <tbody>
          <tr><th>Label:</th> <td>Is not a</td></tr>
          <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#isNotA">https://w3id.org/oac#isNotA</a></td></tr>
          <tr><th>Definition:</th> <td>Indicates that a given Left Operand is not an instance of the Right Operand of the Constraint.</td></tr>
          <tr><th>Example:</th> <td>The purpose constraint of a rule can not be an instance of a academic research.</td></tr>
          <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/Operator">odrl:Operator</a></td></tr>
        </tbody>
      </table>
    </section>
    <section id="subclass">
      <h5 id="x2-1-2-2-subclass">
        <bdi class="secno">2.1.2.2 </bdi>Subclass
        <a class="self-link" aria-label="§" href="./oac.html#x2-1-2-2-subclass"></a>
      </h5>
      <table class="def propdef">
        <tbody>
          <tr><th>Label:</th> <td>Subclass</td></tr>
          <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#subclass">https://w3id.org/oac#subclass</a></td></tr>
          <tr><th>Definition:</th> <td>Indicates that a given Left Operand is a subclass of the Right Operand of the Constraint.</td></tr>
          <tr><th>Example:</th> <td>The purpose constraint of a rule can be a subclass of research and development such as academic research, non-commercial research or commercial research.</td></tr>
          <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/Operator">odrl:Operator</a></td></tr>
        </tbody>
      </table>
    </section>
    <section id="semantic">
      <h5 id="x2-1-2-3-semantic">
        <bdi class="secno">2.1.2.3 </bdi>Semantic
        <a class="self-link" aria-label="§" href="./oac.html#x2-1-2-3-semantic"></a>
      </h5>
      <table class="def propdef">
        <tbody>
          <tr><th>Label:</th> <td>Semantic</td></tr>
          <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#semantic">https://w3id.org/oac#semantic</a></td></tr>
          <tr><th>Definition:</th> <td>Indicates that a given Left Operand is equal to, an instance or a subclass of the Right Operand of the Constraint.</td></tr>
          <tr><th>Example:</th> <td>The purpose constraint of a rule can be research and development, an instance of research and development or one of its subclasses such as academic research, non-commercial research or commercial research.</td></tr>
          <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/Operator">odrl:Operator</a></td></tr>
        </tbody>
      </table>
    </section>
    <section id="party-roles">
      <h4 id="x2-1-3-other-properties">
        <bdi class="secno">2.1.3 </bdi>Other properties
        <a class="self-link" aria-label="§" href="./oac.html#x2-1-3-other-properties"></a>
      </h4>
    </section>
    <section id="service">
      <h5 id="x2-1-3-1-service">
        <bdi class="secno">2.1.3.1 </bdi>Service
        <a class="self-link" aria-label="§" href="./oac.html#x2-1-3-1-service"></a>
      </h5>
      <table class="def propdef">
        <tbody>
          <tr><th>Label:</th> <td>Service</td></tr>
          <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#service">https://w3id.org/oac#service</a></td></tr>
          <tr><th>Definition:</th> <td>Service used by the recipient of the Rule.</td></tr>
          <tr><th>Example:</th> <td>Method used to interact with the data, e.g., identity verification service, query service.</td></tr>
          <tr><th>Domain:</th> <td><a href="http://www.w3.org/ns/odrl/2/Rule">odrl:Rule</a>, <a href="http://www.w3.org/ns/odrl/2/Policy">odrl:Policy</a></td></tr>
          <tr><th>Range:</th> <td><a href=" 	https://w3id.org/dpv/dpv-tech#Service">dpv-tech:Service</a></td></tr>
        </tbody>
      </table>
    </section>
    <section id="application">
      <h5 id="x2-1-3-2-application">
        <bdi class="secno">2.1.3.2 </bdi>Application
        <a class="self-link" aria-label="§" href="./oac.html#x2-1-3-2-application"></a>
      </h5>
      <table class="def propdef">
        <tbody>
          <tr><th>Label:</th> <td>Application</td></tr>
          <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#application">https://w3id.org/oac#application</a></td></tr>
          <tr><th>Definition:</th> <td>Application used by the recipient of the Rule.</td></tr>
          <tr><th>Example:</th> <td>Application used by the assignee to interact with the data, e.g., address book, game.</td></tr>
          <tr><th>Domain:</th> <td><a href="http://www.w3.org/ns/odrl/2/Rule">odrl:Rule</a>, <a href="http://www.w3.org/ns/odrl/2/Policy">odrl:Policy</a></td></tr>
          <tr><th>Range:</th> <td><a href="https://w3id.org/dpv/dpv-tech#Application">dpv-tech:Application</a></td></tr>
        </tbody>
      </table>
    </section>
    <section id="assets">
      <h3 id="x2-2-assets">
        <bdi class="secno">2.2 </bdi>Assets
        <a class="self-link" aria-label="§" href="./oac.html#x2-2-assets"></a>
      </h3>
      <p>
        In this section, personal data is defined as an ODRL asset to define personal data-specific access policies.
      </p>
    </section>
      <h4 id="x2-2-1-personal-data">
        <bdi class="secno">2.2.1 </bdi>Personal Data
        <a class="self-link" aria-label="§" href="./oac.html#x2-2-1-personal-data"></a>
      </h4>
      <table class="def propdef">
          <tbody>
            <tr><th>Label:</th> <td>Personal Data</td></tr>
            <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#PersonalData">https://w3id.org/oac#PersonalData</a></td></tr>
            <tr><th>Definition:</th> <td>Data directly or indirectly associated or related to an individual.</td></tr>
            <tr><th>Example:</th> <td>Data assets related to an individual include financial data such as credit card or account numbers, social data such as marital status or friends, health data such as health records or blood type and so on.</td></tr>
            <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/Asset">odrl:Asset</a></td></tr>
            <tr><th>Parent class:</th> <td><a href="https://w3id.org/dpv#PersonalData">dpv:PersonalData</a></td></tr>
          </tbody>
      </table>
    </section>
    <section id="actions">
      <h3 id="x2-3-actions">
        <bdi class="secno">2.3 </bdi>Actions
        <a class="self-link" aria-label="§" href="./oac.html#x2-3-actions"></a>
      </h3>
      <p>
        In this section, access modes and processing operations are defined as ODRL actions to define access policies.
      </p>
    </section>
    <section id="access">
      <h4 id="x2-3-1-access">
        <bdi class="secno">2.3.1 </bdi>Access
        <a class="self-link" aria-label="§" href="./oac.html#x2-3-1-access"></a>
      </h4>
      <table class="def propdef">
          <tbody>
            <tr><th>Label:</th> <td>Access</td></tr>
            <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#Access">https://w3id.org/oac#Access</a></td></tr>
            <tr><th>Definition:</th> <td>Modes used to access resources, e.g. stored in Solid Pods.</td></tr>
            <tr><th>Example:</th> <td>The ACL vocabulary includes Read, Write and Append access modes.</td></tr>
            <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/Action">odrl:Action</a></td></tr>
            <tr><th>Parent class:</th> <td><a href="http://www.w3.org/ns/auth/acl#Access">acl:Access</a></td></tr>
          </tbody>
      </table>
    </section>
    <section id="processing">
      <h4 id="x2-3-2-processing">
        <bdi class="secno">2.3.2 </bdi>Processing
        <a class="self-link" aria-label="§" href="./oac.html#x2-3-2-processing"></a>
      </h4>
      <table class="def propdef">
          <tbody>
            <tr><th>Label:</th> <td>Processing</td></tr>
            <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#Processing">https://w3id.org/oac#Processing</a></td></tr>
            <tr><th>Definition:</th> <td>Processing operations performed on personal data.</td></tr>
            <tr><th>Example:</th> <td>DPV includes processing operations such as use, collect, adapt or infer.</td></tr>
            <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/Action">odrl:Action</a></td></tr>
            <tr><th>Parent class:</th> <td><a href="https://w3id.org/dpv#Processing">dpv:Processing</a></td></tr>
          </tbody>
      </table>
    </section>
    <section id="parties">
      <h3 id="x2-4-parties">
        <bdi class="secno">2.4 </bdi>Parties
        <a class="self-link" aria-label="§" href="./oac.html#x2-4-parties"></a>
      </h3>
      <p>
        In this section, human and non-human entities are defined as an ODRL party to define user-specific access policies.
      </p>
    </section>
    <section id="entity">
      <h3 id="x2-4-1-entity">
        <bdi class="secno">2.4.1 </bdi>Entity
        <a class="self-link" aria-label="§" href="./oac.html#x2-4-1-entity"></a>
      </h3>
      <table class="def propdef">
          <tbody>
            <tr><th>Label:</th> <td>Entity</td></tr>
            <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#Entity">https://w3id.org/oac#Entity</a></td></tr>
            <tr><th>Definition:</th> <td>A human or non-human party that constitutes an entity.</td></tr>
            <tr><th>Example:</th> <td>Entities can refer to individuals, organisations, institutions, or authorities.</td></tr>
            <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/Party">odrl:Party</a></td></tr>
            <tr><th>Parent class:</th> <td><a href="https://w3id.org/dpv#Entity">dpv:Entity</a></td></tr>
          </tbody>
      </table>
    </section>
    <section id="constraints">
      <h3 id="x2-5-constraints">
        <bdi class="secno">2.5 </bdi>Constraints
        <a class="self-link" aria-label="§" href="./oac.html#x2-5-constraints"></a>
      </h3>
      <p>
        In this section, purposes, recipients, legal basis, technical and organisational measures, technologies and identity providers are defined as ODRL constraints to define constraint-restricted access policies.
      </p>
    </section>
    <section id="purpose">
      <h4 id="x2-5-1-purpose">
        <bdi class="secno">2.5.1 </bdi>Purpose
        <a class="self-link" aria-label="§" href="./oac.html#x2-5-1-purpose"></a>
      </h4>
      <table class="def propdef">
          <tbody>
            <tr><th>Label:</th> <td>Purpose</td></tr>
            <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#Purpose">https://w3id.org/oac#Purpose</a></td></tr>
            <tr><th>Definition:</th> <td>Constraint on the purpose for which the processing of personal data is permitted or prohibited.</td></tr>
            <tr><th>Example:</th> <td>DPV includes purposes such as academic research, customer care or identity verification.</td></tr>
            <tr><th>Note:</th> <td>Only the <code>odrl:isA</code>, <code>odrl:eq</code>, <code>odrl:neq</code>, <code>oac:isNotA</code>, <code>oac:subclass</code> or <code>oac:semantic</code> operators SHOULD be used. Example: <br><code>ex:purposeConstraint a odrl:Constraint ;</code><br><code>  odrl:leftOperand oac:Purpose ;</code><br><code>odrl:operator odrl:isA ;</code><br><code>odrl:rightOperand dpv:ResearchAndDevelopment .</code><br> indicates that the purpose for the processing of personal data is an instance of <code>dpv:ResearchAndDevelopment</code>.</td></tr>
            <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/LeftOperand">odrl:LeftOperand</a></td></tr>
            <tr><th>Parent class:</th> <td><a href="https://w3id.org/dpv#Purpose">dpv:Purpose</a></td></tr>
          </tbody>
      </table>
    </section>
    <section id="recipient">
      <h4 id="x2-5-2-recipient">
        <bdi class="secno">2.5.2 </bdi>Recipient
        <a class="self-link" aria-label="§" href="./oac.html#x2-5-2-recipient"></a>
      </h4>
      <table class="def propdef">
          <tbody>
            <tr><th>Label:</th> <td>Recipient</td></tr>
            <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#Recipient">https://w3id.org/oac#Recipient</a></td></tr>
            <tr><th>Definition:</th> <td>Constraint on the recipients that may receive the results of the processing of personal data.</td></tr>
            <tr><th>Example:</th> <td>A recipient can be any entity receiving personal data, including data subjects, controllers, non profit organisations or non governmental organisations.</td></tr>
            <tr><th>Note:</th> <td>Only the <code>odrl:isA</code>, <code>odrl:eq</code>, <code>odrl:neq</code>, <code>oac:isNotA</code>, <code>oac:subclass</code> or <code>oac:semantic</code> operators SHOULD be used. Example: <br><code>ex:recipientConstraint a odrl:Constraint ;</code><br><code>  odrl:leftOperand oac:Recipient ;</code><br><code>odrl:operator odrl:neq ;</code><br><code>odrl:rightOperand ex:UniversityA .</code><br> indicates that the recipient of the personal data cannot be <code>ex:UniversityA</code>.</td></tr>
            <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/LeftOperand">odrl:LeftOperand</a></td></tr>
            <tr><th>Parent class:</th> <td><a href="https://w3id.org/dpv#Recipient">dpv:Recipient</a></td></tr>
          </tbody>
      </table>
    </section>
    <section id="legal-basis">
      <h4 id="x2-5-3-legal-basis">
        <bdi class="secno">2.5.3 </bdi>Legal Basis
        <a class="self-link" aria-label="§" href="./oac.html#x2-5-3-legal-basis"></a>
      </h4>
      <table class="def propdef">
          <tbody>
            <tr><th>Label:</th> <td>Legal Basis</td></tr>
            <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#LegalBasis">https://w3id.org/oac#LegalBasis</a></td></tr>
            <tr><th>Definition:</th> <td>Constraint on the legal basis for which the processing of personal data is permitted or prohibited.</td></tr>
            <tr><th>Example:</th> <td>A legal basis can be consent, legitimate interest or contract perfomance or jurisdiction specific legal basis such as the ones provided in GDPR Article 6.</td></tr>
            <tr><th>Note:</th> <td>Only the <code>odrl:isA</code>, <code>odrl:eq</code>, <code>odrl:neq</code>, <code>oac:isNotA</code>, <code>oac:subclass</code> or <code>oac:semantic</code> operators SHOULD be used. Example: <br><code>ex:legalBasisConstraint a odrl:Constraint ;</code><br><code>  odrl:leftOperand oac:LegalBasis ;</code><br><code>odrl:operator odrl:isA ;</code><br><code>odrl:rightOperand dpv:Consent .</code><br> indicates that the legal basis for the processing should be an instance of <code>dpv:Consent</code>.</td></tr>
            <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/LeftOperand">odrl:LeftOperand</a></td></tr>
            <tr><th>Parent class:</th> <td><a href="https://w3id.org/dpv#LegalBasis">dpv:LegalBasis</a></td></tr>
          </tbody>
      </table>
    </section>
    <section id="tom">
      <h4 id="x2-5-4-tom">
        <bdi class="secno">2.5.4 </bdi>Technical and Organisational Measure
        <a class="self-link" aria-label="§" href="./oac.html#x2-5-4-tom"></a>
      </h4>
      <table class="def propdef">
          <tbody>
            <tr><th>Label:</th> <td>Technical and Organisational Measure</td></tr>
            <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#TechnicalOrganisationalMeasure">https://w3id.org/oac#TechnicalOrganisationalMeasure</a></td></tr>
            <tr><th>Definition:</th> <td>Constraint on the technical and/or organisational measures used to ensure a secure processing of personal data.</td></tr>
            <tr><th>Example:</th> <td>Technical measures include access control methods, encryption and other security protocols. Organisational measures include notices, guidelines, policies, agreements and other organisational procedures.</td></tr>
            <tr><th>Note:</th> <td>Only the <code>odrl:isA</code>, <code>odrl:eq</code>, <code>odrl:neq</code>, <code>oac:isNotA</code>, <code>oac:subclass</code> or <code>oac:semantic</code> operators SHOULD be used. Example: <br><code>ex:tomConstraint a odrl:Constraint ;</code><br><code>  odrl:leftOperand oac:TechnicalOrganisationalMeasure ;</code><br><code>odrl:operator odrl:eq ;</code><br><code>odrl:rightOperand dpv:AccessControlMethod .</code><br> indicates that an access control method should be implemented for the processing to occur.</td></tr>
            <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/LeftOperand">odrl:LeftOperand</a></td></tr>
            <tr><th>Parent class:</th> <td><a href="https://w3id.org/dpv#TechnicalOrganisationalMeasure">dpv:TechnicalOrganisationalMeasure</a></td></tr>
          </tbody>
      </table>
    </section>
    <section id="tech">
      <h4 id="x2-5-5-tech">
        <bdi class="secno">2.5.5 </bdi>Technology
        <a class="self-link" aria-label="§" href="./oac.html#x2-5-5-tech"></a>
      </h4>
      <table class="def propdef">
          <tbody>
            <tr><th>Label:</th> <td>Technology</td></tr>
            <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#Technology">https://w3id.org/oac#Technology</a></td></tr>
            <tr><th>Definition:</th> <td>Constraint on the technologies used for the processing of personal data.</td></tr>
            <tr><th>Example:</th> <td>Technologies include communication mechanisms such as WiFi or Bluetooth, security technologies such as PETS, data technologies, operational technologies, identity technologies, and so on.</td></tr>
            <tr><th>Note:</th> <td>Only the <code>odrl:isA</code>, <code>odrl:eq</code>, <code>odrl:neq</code>, <code>oac:isNotA</code>, <code>oac:subclass</code> or <code>oac:semantic</code> operators SHOULD be used. Example: <br><code>ex:technologyConstraint a odrl:Constraint ;</code><br><code>  odrl:leftOperand oac:Technology ;</code><br><code>odrl:operator odrl:isA ;</code><br><code>odrl:rightOperand dpv-tech:PET .</code><br> indicates that a PET should be used for the processing to occur.</td></tr>
            <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/LeftOperand">odrl:LeftOperand</a></td></tr>
            <tr><th>Parent class:</th> <td><a href="https://w3id.org/dpv#Technology">dpv:Technology</a></td></tr>
          </tbody>
      </table>
    </section>
    <section id="idp">
      <h4 id="x2-5-6-idp">
        <bdi class="secno">2.5.6 </bdi>Identity Provider
        <a class="self-link" aria-label="§" href="./oac.html#x2-5-6-idp"></a>
      </h4>
      <table class="def propdef">
          <tbody>
            <tr><th>Label:</th> <td>Identity Provider</td></tr>
            <tr><th>Identifier:</th> <td><a href="https://w3id.org/oac#IdentityProvider">https://w3id.org/oac#IdentityProvider</a></td></tr>
            <tr><th>Definition:</th> <td>Constraint on the identity provider service used to authenticate a user.</td></tr>
            <tr><th>Example:</th> <td><a href="https://solidweb.me" target="_blank">https://solidweb.me</a> or <a href="https://login.inrupt.com" target="_blank">https://login.inrupt.com</a> are examples of Solid identity providers.</td></tr>
            <tr><th>Note:</th> <td>Only the <code>odrl:eq</code>, <code>odrl:neq</code>, <code>odrl:isAnyOf</code> or <code>odrl:isNoneOf</code> operators SHOULD be used. Example: <br><code>ex:idpConstraint a odrl:Constraint ;</code><br><code>  odrl:leftOperand oac:IdentityProvider ;</code><br><code>odrl:operator odrl:isAnyOf ;</code><br><code>odrl:rightOperand &lt;https://solidweb.me>, &lt;https://login.inrupt.com> .</code><br> indicates that used identity provider should be either the <code>&lt;https://solidweb.me></code> or <code>&lt;https://login.inrupt.com></code> services.</td></tr>
            <tr><th>Instance of:</th> <td><a href="http://www.w3.org/ns/odrl/2/LeftOperand">odrl:LeftOperand</a></td></tr>
          </tbody>
      </table>
    </section>
  </section>

  <section id="validation">
    <h2>
      <bdi class="secno">3. </bdi>Validation of policies with SHACL
      <a class="self-link" aria-label="§" href="./oac.html#validation"></a>
    </h2>
  </section>

  <section id="matching">
    <h2>
      <bdi class="secno">4. </bdi>Matching requests for data
      <a class="self-link" aria-label="§" href="./oac.html#matching"></a>
    </h2>

    <p>
      In this section, the followed architecture to implement the usage of OAC in Solid is discussed.
    </p>
    <p>
      The <a href="https://github.com/besteves4/solid-sope" target="_blank">SOPE</a> (Solid's ODRL access control Policies Editor) application can be used to 
      automatically generate OAC policies and store them in a specific container of a Solid Pod.
    </p>
    <p>
      To match data requests for specific data types, when an app, service or user generates and stores data in a Pod, in addition to the storage operation,
      needs to label the generated resources with the data type they contain. For this, we suggest the usage of the 
      <a href="https://w3id.org/dpv/dpv-pd">Extended Personal Data categories for DPV (DPV-PD)</a> specification, which contains a set of more than 200
      personal data types. 
    </p>
    <center>
      <img src="./assets/matching-sequence-diagram.png" alt="Matching sequence diagram" width="700px">
    </center>

    <h3 id="x4-1-mapping-dpv-pd">
      <bdi class="secno">4.1 </bdi>Associate resources with DPV-PD types
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x4-1-mapping-dpv-pd"></a>
    </h3>

    <p>Using <a href="https://w3id.org/dpv/dpv-pd">DPV-PD</a> it is possible to associate Solid Pod resources with the data type they contain.</p>
    <div class="example"><code>&lt;https://my-solid-pod/private/health/file1> dpv:hasPersonalData dpv-pd:HealthHistory .</code></div>
    <div class="note">NOTE: More instructions in this procedure will be added in the near future.</div>

    <h3 id="x4-2-mapping-acl-dpv">
      <bdi class="secno">4.2 </bdi>Mapping ACL verbs to DPV processing
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x4-2-mapping-acl-dpv"></a>
    </h3>

    <table class="def">
      <tbody>
        <tr><th>ACL access mode</th> <th>DPV processing</th></tr>
        <tr><td>Read</td> <td>Use, Collect</td></tr>
        <tr><td>Write</td> <td>Store, MakeAvailable</td></tr>
        <tr><td>Append</td> <td>...</td></tr>
        <tr><td>...</td> <td>Share, Transfer</td></tr>
      </tbody>
    </table>

    <div class="issue">The Solid WAC specification has a proposal to include new ACL verbs: acl:Update, acl:Create, acl:Delete - see <a href="https://github.com/solid/web-access-control-spec/issues/85" target="_blank">solid/web-access-control-spec/issues/85</a></div>
    <div class="issue">Issue in the Solid WAC specification to remove acl:Control access mode - see <a href="https://github.com/solid/web-access-control-spec/issues/94" target="_blank">solid/web-access-control-spec/issues/94</a></div>

    <h3 id="x4-3-mapping-matching">
      <bdi class="secno">4.3 </bdi>Mapping results of the matching with ACP/ACL
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x4-3-mapping-matching"></a>
    </h3>

    <div class="note">new properties might be needed in ACP/ACL to connect the granted authorization with the users policies, app request, …</div>

    <div class="example"><div class="example-title marker"><span>Agreement</span></div>
    <pre id="ex-agreement" class="hljs" aria-busy="false" aria-live="polite">    
&lt;https://example.com/agreement1> a odrl:Agreement ;
dcterms:description "Agreement to read behavioral data for research and development purposes" ;
dcterms:creator ex:userA ;
dcterms:issued "2022-11-08T18:13:37"^^xsd:dateTime ;
odrl:uid ex:agreement1 ;
dcterms:references ex:offer1, ex:request1 ;
odrl:profile oac: ;
odrl:permission [
  odrl:assigner ex:userA ;
  odrl:assignee ex:userB ;
  odrl:action oac:Read ;
  odrl:target oac:Behavioral ;
  odrl:constraint [
    odrl:leftOperand oac:Purpose ;
    odrl:operator odrl:isA ;
    odrl:rightOperand dpv:ResearchAndDevelopment ] ] .
    </pre>
  </div>

  <div class="example"><div class="example-title marker"><span>Derived ACL authorization</span></div>
  <pre id="ex-acl-authz" class="hljs" aria-busy="false" aria-live="polite">    
&lt;https://example.com/aclAuthorization1> a acl:Authorization ;
  acl:accessTo :TemplateResource ; # find resources that contain dpv-pd:Behavioral
  acl:agent ex:userB ;
  acl:mode acl:Read .
  </pre>
</div>

<div class="example"><div class="example-title marker"><span>Derived ACP grant</span></div>
<pre id="ex-acp-authz" class="hljs" aria-busy="false" aria-live="polite">    
&lt;https://example.com/acpGrant1> a acp:AccessGrant ;
  acp:grant acl:Read ;
  acp:context [
    acp:agent ex:userB ;
    acp:target :TemplateResource ; # find resources that contain dpv-pd:Behavioral
  ] .

</pre>
</div>

  </section>

  <section id="examples">
    <h2 id="examples">
      <bdi class="secno">5. </bdi>Examples
      <a class="self-link" aria-label="§" href="./oac.html#examples"></a>
    </h2>

    <h3 id="x5-1-preference-policy">
      <bdi class="secno">5.1 </bdi>Preference policy
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x5-1-user-preference-1"></a>
    </h3>
    <p>
      User A issued a Preference that permits read access operations over its behavioral data 
      for the purpose of research and development.
    </p>
    <div class="example"><div class="example-title marker"><span>Example 5.1</span></div>
      <pre id="ex31" class="hljs" aria-busy="false" aria-live="polite">
&lt;https://example.com/preference1> a oac:Preference ;
  dcterms:description "Preference to read behavioral data for research and development purposes" ;
  dcterms:creator ex:userA ;
  dcterms:issued "2022-11-02T11:08:05"^^xsd:dateTime ;
  odrl:uid ex:preference1 ;
  odrl:profile oac: ;
  odrl:permission [
    odrl:assigner ex:userA ;
    odrl:target oac:Behavioral ;
    odrl:action oac:Read ;
    odrl:constraint [
      odrl:leftOperand oac:Purpose ;
      odrl:operator odrl:isA ;
      odrl:rightOperand dpv:ResearchAndDevelopment ] ] .
      </pre>
    </div>

    <h3 id="x5-2-requirement-policy">
      <bdi class="secno">5.2 </bdi>Requirement policy
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x5-2-requirement-policy"></a>
    </h3>
    <p>
      User A issued a Requirement that obliges its assignee to read identifier data 
      only for the purpose of identity verification.
    </p>
    <div class="example"><div class="example-title marker"><span>Example 5.2</span></div>
      <pre id="ex32" class="hljs" aria-busy="false" aria-live="polite">
&lt;https://example.com/requirement1> a oac:Requirement ;
  dcterms:description "Requirement to read identifier data for identity verification purposes" ;
  dcterms:creator ex:userA ;
  dcterms:issued "2022-11-08T16:30:15"^^xsd:dateTime ;
  odrl:uid ex:requirement1 ;
  odrl:profile oac: ;
  odrl:permission [
    odrl:assigner ex:userA ;
    odrl:target oac:Identifier ;
    odrl:action oac:Read ;
    odrl:constraint [
      odrl:leftOperand oac:Purpose ;
      odrl:operator odrl:isA ;
      odrl:rightOperand dpv:IdentityVerification ] ] .
      </pre>
    </div>

    <h3 id="x5-3-offer-policy">
      <bdi class="secno">5.3 </bdi>Offer policy
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x5-3-offer-policy"></a>
    </h3>
    <p>
      User A issued an Offer that requires its assignee to read identifier data only for identity verification 
      and allows read access operations over its behavioral data for research and development.
      This offer is a combination that derives from the <code>https://example.com/preference1</code> and 
      <code>https://example.com/requirement1</code> policies as indicated by the <code>dct:source</code> property.
    </p>
    <div class="example"><div class="example-title marker"><span>Example 5.3</span></div>
      <pre id="ex33" class="hljs" aria-busy="false" aria-live="polite">    
&lt;https://example.com/offer1> a odrl:Offer ;
  dcterms:description """Offer to read identifier data for identity verification 
      and behavioral data for research and development""" ;
  dcterms:source ex:preference1, ex:requirement1 ;
  dcterms:creator ex:userA ;
  dcterms:issued "2022-11-08T17:26:35"^^xsd:dateTime ;
  odrl:uid ex:offer1 ;
  odrl:profile oac: ;
  odrl:permission [
    dpv:hasContext dpv:Optional ;
    odrl:assigner ex:userA ;
    odrl:target oac:Behavioral ;
    odrl:action oac:Read ;
    odrl:constraint [
      dcterms:title "Purpose for access is to conduct research and development." ;
      odrl:leftOperand oac:Purpose ;
      odrl:operator odrl:isA ;
      odrl:rightOperand dpv:ResearchAndDevelopment ] ] ;
  odrl:permission [
    dpv:hasContext dpv:Required ;
    odrl:assigner ex:userA ;
    odrl:target oac:Identifier ;
    odrl:action oac:Read ;
    odrl:constraint [
      dcterms:title "Purpose for access is to verify the identity of the assigner." ;  
      odrl:leftOperand oac:Purpose ;
      odrl:operator odrl:isA ;
      odrl:rightOperand dpv:IdentityVerification ] ] .
      </pre>
    </div>

    <h3 id="x5-4-request-policy">
      <bdi class="secno">5.4 </bdi>Request policy
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x5-4-request-policy"></a>
    </h3>
    <p>
      User B makes a request to use behavioral data for research and development in the context of project X.
    </p>
    <div class="example"><div class="example-title marker"><span>Example 5.4</span></div>
      <pre id="ex34" class="hljs" aria-busy="false" aria-live="polite">    
&lt;https://example.com/request1> a odrl:Request;
  dcterms:description "Request to use behavioral data for research and development purposes" ;
  dcterms:creator ex:userB ;
  dcterms:issued "2022-11-08T17:58:31"^^xsd:dateTime ;
  odrl:uid ex:request1;
  odrl:profile oac: ;
  odrl:permission [
    odrl:assignee ex:userB ;
    odrl:action oac:Use ;
    odrl:target oac:Behavioral ;
    odrl:constraint [
      dcterms:title "Purpose for processing is to conduct research in the R&D project X." ;
      odrl:leftOperand oac:Purpose ;
      odrl:operator odrl:eq ;
      odrl:rightOperand ex:RDProjectX ] ] .

ex:RDProjectX a dpv:ResearchAndDevelopment ;
  rdfs:label "Conduct research in the R&D project X." .
      </pre>
    </div>

    <h3 id="x5-5-agreement-policy">
      <bdi class="secno">5.5 </bdi>Agreement policy
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x5-5-agreement-policy"></a>
    </h3>
    <p>
      User A and B agree to allow read access over user A's behavioral data for research and development.
      This agreement is the result of the matching of <code>https://example.com/offer1</code> and 
      <code>https://example.com/request1</code>, as indicated by the <code>dct:references</code> property.
    </p>
    <div class="example"><div class="example-title marker"><span>Example 5.5</span></div>
      <pre id="ex35" class="hljs" aria-busy="false" aria-live="polite">    
&lt;https://example.com/agreement1> a odrl:Agreement ;
  odrl:profile oac: ;  
  dcterms:description "Agreement to read behavioral data for research and development purposes" ;
  dcterms:creator ex:userA ;
  dcterms:issued "2022-11-08T18:13:37"^^xsd:dateTime ;
  odrl:uid ex:agreement1 ;
  dcterms:references ex:offer1, ex:request1 ;
  dpv:hasDataSubject ex:userA ;
  dpv:hasDataController ex:userB ;
  dpv:hasLegalBasis dpv:Consent ;
  odrl:permission [
    odrl:assigner ex:userA ;
    odrl:assignee ex:userB ;
    odrl:action oac:Read ;
    odrl:target oac:Behavioral ;
    odrl:constraint [
      dcterms:title "Purpose for processing is to conduct research in the R&D project X." ;
      odrl:leftOperand oac:Purpose ;
      odrl:operator odrl:eq ;
      odrl:rightOperand ex:RDProjectX ] ] .
      </pre>
    </div>

    <h3 id="x5-6-isNotA-operator">
      <bdi class="secno">5.6 </bdi>Policy with is not a operator
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x5-6-isNotA-operator"></a>
    </h3>
    <p>
      User A prohibits write access operations over its browsing behavior data if the purpose
      is not commercial research.
    </p>
    <div class="example"><div class="example-title marker"><span>Example 5.6</span></div>
      <pre id="ex36" class="hljs" aria-busy="false" aria-live="polite">    
&lt;https://example.com/policy2> a oac:Preference ;
  dcterms:description "Prohibition to write browsing behavior data if the purpose is not commercial research" ;
  dcterms:creator ex:userA ;
  dcterms:issued "2022-11-09T09:14:10"^^xsd:dateTime ;
  odrl:uid ex:policy2 ;
  odrl:profile oac: ;
  odrl:permission [
    odrl:assigner ex:userA ;
    odrl:action oac:Write ;
    odrl:target oac:BrowsingBehavior ;
    odrl:constraint [
      odrl:leftOperand oac:Purpose ;
      odrl:operator oac:isNotA ;
      odrl:rightOperand dpv:CommercialResearch ] ] .
      </pre>
    </div>

    <h3 id="x5-7-subclass-operator">
      <bdi class="secno">5.7 </bdi>Policy with subclass operator
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x5-7-subclass-operator"></a>
    </h3>
    <p>
      User A allows read access operations over its educational qualification data if the purpose
      is a subclass of research and development such as academic research, non-commercial research or commercial research.
    </p>
    <div class="example"><div class="example-title marker"><span>Example 5.7</span></div>
      <pre id="ex37" class="hljs" aria-busy="false" aria-live="polite">    
&lt;https://example.com/policy3> a oac:Preference ;
  dcterms:description "Permission to read educational qualification data if the purpose is a subclass of research and development" ;
  dcterms:creator ex:userA ;
  dcterms:issued "2022-11-09T09:17:13"^^xsd:dateTime ;
  odrl:uid ex:policy3 ;
  odrl:profile oac: ;
  odrl:permission [
    odrl:assigner ex:userA ;
    odrl:action oac:Read ;
    odrl:target oac:EducationQualification ;
    odrl:constraint [
      odrl:leftOperand oac:Purpose ;
      odrl:operator oac:subclass ;
      odrl:rightOperand dpv:ResearchAndDevelopment ] ] .
      </pre>
    </div>

    <h3 id="x5-8-service">
      <bdi class="secno">5.8 </bdi>Policy with service party
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x5-8-service"></a>
    </h3>
    <p>
      User A allows write access operations over its TV viewing behavior data for the purpose
      of academic research using <code>https://example.com/serviceA</code> .
    </p>
    <div class="example"><div class="example-title marker"><span>Example 5.8</span></div>
      <pre id="ex38" class="hljs" aria-busy="false" aria-live="polite">    
&lt;https://example.com/policy4> a oac:Preference ;
  dcterms:description "Permission for service A to write TV viewing behavior data if the purpose is academic research" ;
  dcterms:creator ex:userA ;
  dcterms:issued "2022-11-09T09:22:42"^^xsd:dateTime ;
  odrl:uid ex:policy4 ;
  odrl:profile oac: ;
  odrl:permission [
    odrl:assigner ex:userA ;
    oac:service ex:serviceA ;
    odrl:action oac:Write ;
    odrl:target oac:TVViewingBehavior ;
    odrl:constraint [
      odrl:leftOperand oac:Purpose ;
      odrl:operator odrl:isA ;
      odrl:rightOperand dpv:AcademicResearch ] ] .
      </pre>
    </div>

    <h3 id="x5-9-application-assignee">
      <bdi class="secno">5.9 </bdi>Policy with application and assignee parties
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x5-9-application-assignee"></a>
    </h3>
    <p>
      User A allows User B to perform write access operations over its location data for the purpose
      of providing a service using <code>https://example.com/applicationA</code> .
    </p>
    <div class="example"><div class="example-title marker"><span>Example 5.9</span></div>
      <pre id="ex38" class="hljs" aria-busy="false" aria-live="polite">    
&lt;https://example.com/policy5> a oac:Preference ;
  odrl:profile oac: ;
  dcterms:description "Permission for User B to write location data using application A if the purpose is related to provide a service requested by the user" ;
  dcterms:creator ex:userA ;
  dcterms:issued "2022-11-17T12:32:18"^^xsd:dateTime ;
  odrl:uid ex:policy5 ;
  odrl:permission [
    odrl:assigner ex:userA ;
    odrl:assignee ex:userB ;
    oac:application ex:applicationA ;
    odrl:action oac:Write ;
    odrl:target oac:Location ;
    odrl:constraint [
      odrl:leftOperand oac:Purpose ;
      odrl:operator odrl:isA ;
      odrl:rightOperand dpv:RequestedServiceProvision ] ] .
      </pre>
    </div>

    <!-- <h3 id="x3-1-user-preference-1">
      <bdi class="secno">3.1 </bdi>User Preference 1 - Read-only policy for Contact for R&D Purposes
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x3-1-user-preference-1"></a>
    </h3>
    <p>
      Anne, as identified by her WebID <i>https://anne.databox.me/profile/card#me</i>, 
      permits read access operations over her contact data for the purpose of research and development.
    </p>
    <div class="example"><div class="example-title marker"><span>Example 3.1</span></div>
      <pre id="ex41" class="hljs" aria-busy="false" aria-live="polite">
        <code class="hljs json" aria-busy="false">
          :example-3-1 a odrl:Policy ;
            odrl:profile oac: ;
            odrl:permission [
              a odrl:Permission ;
              odrl:assigner :anne ;
              odrl:target oac:Contact ;
              odrl:action oac:Read ;
              odrl:constraint [
                odrl:leftOperand oac:Purpose ;
                odrl:operator odrl:isA ;
                odrl:rightOperand dpv:ResearchAndDevelopment
              ] 
            ] .
      
          :anne a oac:DataSubject ;
            cert:key "https://anne.databox.me/profile/card#me" .
        </code>
      </pre>
    </div>
    <h3 id="x3-2-user-preference-2">
      <bdi class="secno">3.2 </bdi>User Preference 2 - Prohibition to share resource <i>/docs/file1</i> with third parties
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x3-2-user-preference-2"></a>
    </h3>
    <p>
      Anne, as identified by her WebID <i>https://anne.databox.me/profile/card#me</i>, 
      prohibits the sharing of a resource stored on her Pod, located at 
      <i>https://anne.databox.me/docs/file1</i>, with more than 3 recipients.
    </p>
    <div class="example"><div class="example-title marker"><span>Example 3.2</span></div>
      <pre id="ex42" class="hljs" aria-busy="false" aria-live="polite">
        <code class="hljs json" aria-busy="false">
          :example-3-2 a odrl:Policy ;
            odrl:profile oac: ;
            odrl:prohibition [
              a odrl:Prohibition ;
              odrl:assigner :anne ;
              odrl:target "https://beatriz.databox.me/docs/file1" ;
              odrl:action oac:Share ;
              odrl:constraint [
                odrl:leftOperand oac:Recipient ;
                odrl:operator odrl:gt ;
                odrl:rightOperand "3"^^xsd:integer
              ]
            ] .
      
          :anne a oac:DataSubject ;
            cert:key "https://anne.databox.me/profile/card#me" .
        </code>
      </pre>
    </div>
    <h3 id="x3-3-app-policy-1">
      <bdi class="secno">3.3 </bdi>App Policy 1 - Request to use data for Registration purposes
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x3-3-app-policy-1"></a>
    </h3>
    <p>
      App 1, as identified by their URL <i>https://example-app-1.com</i>, 
      requests permission to use and store the email address and social network 
      information of users for the purpose of registering and authenticating to their service.
    </p>
    <div class="example"><div class="example-title marker"><span>Example 3.3</span></div>
      <pre id="ex43" class="hljs" aria-busy="false" aria-live="polite">
        <code class="hljs json" aria-busy="false">
          :example-3-3 a odrl:Policy ;
            odrl:profile oac: ;
            odrl:permission [
              a odrl:Permission ;
              odrl:assignee :app-1-controller ;
              odrl:target oac:EmailAddress, oac:SocialNetwork ;
              odrl:action oac:Use, oac:Store ;
              odrl:constraint [
                odrl:leftOperand oac:Purpose ;
                odrl:operator odrl:isA ;
                odrl:rightOperand dpv:RegistrationAuthentication
              ]
            ] .
    
          :app-1-controller a oac:DataController ;
            cert:key "https://example-app-1.com" .
        </code>
      </pre>
    </div>
    <h3 id="x3-4-app-policy-2">
      <bdi class="secno">3.4 </bdi>App Policy 2 - Request to collect and share anonymised Health Records
      <a class="self-link respec-offending-element" aria-label="§" href="./oac.html#styles" title="Broken local reference found in document." id="respec-offender-broken-local-reference-found-in-document"></a>
      <a class="self-link" aria-label="§" href="./oac.html#x3-4-app-policy-2"></a>
    </h3>
    <p>
      App 2, as identified by their URL <i>https://example-app-2.com</i>, 
      requests permission to collect and produce a copy of the health records, 
      medical prescriptions and health history of users for the purpose of performing 
      academic research and make the anonymised information available to third parties.
    </p>
    <div class="example"><div class="example-title marker"><span>Example 3.4</span></div>
      <pre id="ex43" class="hljs" aria-busy="false" aria-live="polite">
        <code class="hljs json" aria-busy="false">
          :example-3-4 a odrl:Policy ;
            odrl:profile oac: ;
            odrl:assignee :app-2-controller ;
            odrl:target oac:HealthRecord, oac:Prescription, oac:HealthHistory ;
            odrl:permission [
              a odrl:Permission ;
              odrl:action oac:Collect, oac:Copy ;
              odrl:constraint [
              odrl:leftOperand oac:Purpose ;
                odrl:operator odrl:isA ;
                odrl:rightOperand dpv:AcademicResearch 
              ]
            ] ;
            odrl:permission [
              a odrl:Permission ;
              odrl:action oac:Anonymise, oac:MakeAvailable ;
              odrl:constraint [
                odrl:leftOperand oac:Recipient ;
                odrl:operator odrl:isA ;
                odrl:rightOperand dpv:ThirdParty
              ]
            ] .
        
          :app-2-controller a oac:DataController ;
            cert:key "https://example-app-2.com" .
        </code>
      </pre>
    </div> -->
  </section>

  <section id="orsd">
    <h3 id="x2-1-document-orsd">
      <bdi class="secno">A </bdi>Ontology Requirement Specification Document
      <a class="self-link" aria-label="§" href="./oac.html#orsd"></a>
    </h3>
    <div class="issue">TODO: update ORSD</div>
    <table class="center">
      <tr>
        <th colspan=2 class="table-top">
          ODRL Profile for Access Control in Solid
        </th>
      </tr>
      <tr>
        <th colspan=2 class="table-title">
          1. Purpose
        </th>
      </tr>
      <tr>
        <td colspan=2 class="table-cell">
          The purpose of this profile of ODRL is to support policies 
          determining the access control to personal data stored in Solid Pods.
        </td>
      </tr>
      <tr>
        <th colspan=2 class="table-title">
          2. Scope
        </th>
      </tr>
      <tr>
        <td colspan=2 class="table-cell">
          The scope of this profile is limited to the definition of an ODRL Profile 
          for Access Control in Solid. In particular, the introduced elements will 
          serve one of these purposes: (i) define actions supporting enforcement 
          of current ACL verbs, (ii) define data protection-related actions and restrictions 
          defined in GDPR, (iii) any vocabulary element to support policy patterns that can 
          be anticipated to be common, and (iv) elements necessary to support the authorization 
          reasoning decision.
        </td>
      </tr>
      <tr>
        <th colspan=2 class="table-title">
          3. Implementation Language
        </th>
      </tr>
      <tr>
        <td colspan=2 class="table-cell">
          RDF, RDFS
        </td>
      </tr>
      <tr>
        <th colspan=2 class="table-title">
          4. Intended End-Users
        </th>
      </tr>
      <tr>
        <td colspan=2 class="table-cell">
          Developers of Solid servers and Solid clients.
        </td>
      </tr>
      <tr>
        <th colspan=2 class="table-title">
          5. Intended Uses
        </th>
      </tr>
      <tr>
        <td colspan=2 class="table-cell">
          Use 1. Declaration of a policy by an individual storing personal data in a Pod.<br>
          Use 2. Request of data made by a person or application to gain access to the data in different modalities.<br>
          Use 3. Contextual elements to be considered in the authorization decision.<br>
          Use 4. Explanation of the authorization decision.
        </td>
      </tr>
      <tr>
        <th colspan=2 class="table-title">
          6. Ontology Requirements
        </th>
      </tr>
      <tr>
        <th colspan=2 class="table-title">
          a. Non-Functional Requirements
        </th>
      </tr>
      <tr>
        <td colspan=2 class="table-cell">
          NFR 1. The ontology shall be published online with standard documentation.
        </td>
      </tr>
      <tr>
        <th colspan=2 class="table-title">
          b. Functional Requirements: Groups of Competency Question
        </th>
      </tr>
      <tr>
        <th class="table-title">
          CQG1. Related to authorization
        </th>
        <th class="table-title">
          CQG2. Related to GDPR
        </th>
      </tr>
      <tr>
        <td class="table-cell">
          CQ1. Which actions are to be authorized?<br>
          CQ2. Which requirements are to be authorized?<br>
          CQ3. Who are the parties intervening in policy?<br>
          CQ4. Which is the priority of a certain policy?<br>
          CQ5. Which are the contextual elements to be considered in the authorization decision?
        </td>
        <td class="table-cell">
          CQ6. Which obligations and requirements, and information about personal data and its processing are necessary?<br>
          CQ7. Which is the legal identification of the policy parties?
        </td>
      </tr>
    </table>
  </section>

<section id="ack">
  <h2 id="x1-acknowledgments">
    <bdi class="secno">B. </bdi>Acknowledgments
    <a class="self-link" aria-label="§" href="./oac.html#ack"></a>
  </h2>
  <p>
    This research has been supported by European Union's Horizon 2020 research and innovation programme under 
    the Marie Skłodowska-Curie grant agreement No 813497 (PROTECT) and `Datos 4.0 Retos y Soluciones' 
    (TIN2016-78011-C4-3-R). Harshvardhan J. Pandit is funded by the Irish Research Council Government of Ireland 
    Postdoctoral Fellowship Grant#GOIPD/2020/790; European Union's Horizon 2020 research and innovation programme 
    under NGI TRUST Grant#825618 for Project#3.40 Privacy-as-Expected: Consent Gateway; and by the ADAPT SFI 
    Centre for Digital Media Technology which is funded by Science Foundation Ireland through the SFI Research 
    Centres Programme and is co-funded under the European Regional Development Fund (ERDF) through Grant#13/RC/2106_P2.
  </p>
</section>

<section id="references" class="appendix"><!--OddPage--><h2 id="a-references"><bdi class="secno">C.<!---0.910070%--> </bdi>References<!---0.910070%--><a class="self-link" aria-label="§" href="./oac.html#references"></a></h2><section id="informative-references">
  <dl class="bibliography">
    <dt id="bib-acl">[acl]</dt>
    <dd>
      <a href="http://www.w3.org/ns/auth/acl#">
        <cite>Basic Access Control ontology</cite>
      </a>. 2009. URL: 
      <a href="http://www.w3.org/ns/auth/acl#">
        http://www.w3.org/ns/auth/acl#
      </a>
    </dd>
    <dt id="bib-dcterms">[dcterms]</dt>
    <dd>
      <a href="https://www.dublincore.org/specifications/dublin-core/dcmi-terms/">
        <cite>DCMI Metadata Terms</cite>
      </a>. DCMI Usage Board.  DCMI. 20 January 2020. DCMI Recommendation. URL: 
      <a href="https://www.dublincore.org/specifications/dublin-core/dcmi-terms/">
        https://www.dublincore.org/specifications/dublin-core/dcmi-terms/
      </a>
    </dd>
    <dt id="bib-dpv">[dpv]</dt>
    <dd>
      <a href="https://w3id.org/dpv"><cite>Data Privacy Vocabulary (DPV) version 1</cite></a>.
      Axel Polleres; Beatriz Esteves; Bert Bos; Bud Bruegger; David Hickey; Elmar Kiesling; Eva Schlehahn; Fajar J. Ekaputra; Georg P. Krog; 
      Harshvardhan J. Pandit; Javier D. Fernández; Julian Flake; Mark Lizar; Paul Ryan; Piero Bonatti; Ramisa Gachpaz Hamed; Rigo Wenning; Rob Brennan; 
      Simon Steyskal. 5 December 2022. URL: 
      <a href="https://w3id.org/dpv">
        https://w3id.org/dpv
      </a>
    </dd>
    <dt id="bib-dpv-pd">[dpv-pd]</dt>
    <dd>
      <a href="https://w3id.org/dpv/dpv-pd"><cite>DPV-PD: Extended Personal Data categories for DPV version 1</cite></a>.
      Axel Polleres; Beatriz Esteves; Bert Bos; Bud Bruegger; David Hickey; Elmar Kiesling; Eva Schlehahn; Fajar J. Ekaputra; Georg P. Krog; 
      Harshvardhan J. Pandit; Javier D. Fernández; Julian Flake; Mark Lizar; Paul Ryan; Piero Bonatti; Ramisa Gachpaz Hamed; Rigo Wenning; Rob Brennan; 
      Simon Steyskal. 5 December 2022. URL: 
      <a href="https://w3id.org/dpv/dpv-pd">
        https://w3id.org/dpv/dpv-pd
      </a>
    </dd>
    <dt id="bib-dpv-tech">[dpv-tech]</dt>
    <dd>
      <a href="https://w3id.org/dpv/dpv-tech"><cite>DPV-TECH: Extension providing Technology concepts for DPV version 0.8.2</cite></a>.
      Beatriz Esteves; Georg P. Krog; Harshvardhan J. Pandit; Julian Flake; Paul Ryan. 5 December 2022. URL: 
      <a href="https://w3id.org/dpv/dpv-tech">
        https://w3id.org/dpv/dpv-tech
      </a>
    </dd>
    <dt id="bib-gdpr">[gdpr]</dt>
    <dd>
      Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the 
      processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). URL: 
      <a href="https://eur-lex.europa.eu/eli/reg/2016/679/oj">
        https://eur-lex.europa.eu/eli/reg/2016/679/oj
      </a>
    </dd>
    <dt id="bib-ld">[ld]</dt>
    <dd>
      <a href="https://www.w3.org/DesignIssues/LinkedData.html">
        <cite>Linked Data</cite>
      </a>. Tim Berners-Lee. 18 June 2009. URL: 
      <a href="https://www.w3.org/DesignIssues/LinkedData.html">
        https://www.w3.org/DesignIssues/LinkedData.html
      </a>
    </dd>
<!--     <dt id="bib-foaf">[foaf]</dt>
    <dd>
      <a href="http://xmlns.com/foaf/spec">
        <cite>FOAF Vocabulary Specification 0.99 (Paddington Edition)</cite>
      </a>. Dan Brickley; Libby Miller.  FOAF project. 14 January 2014. URL: 
      <a href="http://xmlns.com/foaf/spec">
        http://xmlns.com/foaf/spec
      </a>
    </dd> -->
    <dt id="bib-odrl-model">[odrl-model<!---0.910070%-->]</dt>
    <dd>
      <a href="https://www.w3.org/TR/odrl-model/">
        <cite>ODRL Information Model 2.2</cite>
      </a>. Renato Iannella; Serena Villata.  W3C. 15 February 2018. W3C Recommendation. URL: 
      <a href="https://www.w3.org/TR/odrl-model/">https://www.w3.org/TR/odrl-model/</a><!---0.910070%-->
    </dd>
    <dt id="bib-odrl-vocab">[odrl-vocab<!---0.910070%-->]</dt>
    <dd>
      <a href="https://www.w3.org/TR/odrl-vocab/">
        <cite>ODRL Vocabulary &amp; Expression 2.2</cite>
      </a>. Renato Iannella; Michael Steidl; Stuart Myles; Víctor Rodríguez-Doncel.  W3C. 15 February 2018. W3C Recommendation. URL: 
      <a href="https://www.w3.org/TR/odrl-vocab/">
        https://www.w3.org/TR/odrl-vocab/
      </a><!---0.910070%-->
    </dd>
    <dt id="bib-owl2-overview">[owl2-overview<!---0.910070%-->]</dt>
    <dd>
      <a href="https://www.w3.org/TR/owl2-overview/">
        <cite>OWL 2 Web Ontology Language Document Overview (Second Edition)</cite>
      </a>. W3C OWL Working Group.  W3C. 11 December 2012. W3C Recommendation. URL: 
      <a href="https://www.w3.org/TR/owl2-overview/">
        https://www.w3.org/TR/owl2-overview/
      </a><!---0.910070%-->
    </dd>
    <dt id="bib-rdf-schema">[rdf-schema<!---0.910070%-->]</dt>
    <dd>
      <a href="https://www.w3.org/TR/rdf-schema/">
        <cite>RDF Schema 1.1</cite>
      </a>. Dan Brickley; Ramanathan Guha.  W3C. 25 February 2014. W3C Recommendation. URL: 
      <a href="https://www.w3.org/TR/rdf-schema/">
        https://www.w3.org/TR/rdf-schema/
      </a><!---0.910070%-->
    </dd>
    <dt id="bib-rdf11-concepts">[rdf11-concepts<!---0.910070%-->]</dt>
    <dd>
      <a href="https://www.w3.org/TR/rdf11-concepts/">
        <cite>RDF 1.1 Concepts and Abstract Syntax</cite>
      </a>. Richard Cyganiak; David Wood; Markus Lanthaler.  W3C. 25 February 2014. W3C Recommendation. URL: 
      <a href="https://www.w3.org/TR/rdf11-concepts/">
        https://www.w3.org/TR/rdf11-concepts/
      </a><!---0.910070%-->
    </dd>
    <dt id="bib-skos">[skos]</dt>
    <dd>
      <a href="https://www.w3.org/TR/skos-reference/">
        <cite>SKOS Simple Knowledge Organization System Reference</cite>
      </a>. Alistair Miles; Sean Bechhofer.  W3C. 18 August 2009. W3C Recommendation. URL: 
      <a href="https://www.w3.org/TR/skos-reference/">
        https://www.w3.org/TR/skos-reference/
      </a>
    </dd>
<!--     <dt id="bib-vcard-rdf">[vcard-rdf]</dt>
    <dd>
      <a href="https://www.w3.org/TR/vcard-rdf/">
        <cite>vCard Ontology - for describing People and Organizations</cite>
      </a>. Renato Iannella; James McKinney.  W3C. 22 May 2014. W3C Note. URL: 
      <a href="https://www.w3.org/TR/vcard-rdf/">https://www.w3.org/TR/vcard-rdf/</a>
    </dd> -->
    <dt id="bib-xsd">[xsd]</dt>
    <dd>
      <a href="https://www.w3.org/TR/xmlschema11-2/">
        <cite>W3C XML Schema Definition Language (XSD) 1.1 Part 2: Datatypes</cite>
      </a>. David Peterson; Sandy Gao; Ashok Malhotra; Michael Sperberg-McQueen; Henry Thompson; Paul V. Biron et al.  W3C. 5 April 2012. W3C Recommendation. URL: 
      <a href="https://www.w3.org/TR/xmlschema11-2/">
        https://www.w3.org/TR/xmlschema11-2/
      </a>
    </dd>
    <dt id="bib-solid-protocol">[solid-protocol]</dt>
    <dd>
      <a href="https://solidproject.org/TR/protocol">
        <cite>Solid Protocol</cite>
      </a>. Sarven Capadisli; Tim Berners-Lee; Ruben Verborgh; Kjetil Kjernsmo; Justin Bingham; Dmitri Zagidulin. 7 July 2021. URL: 
      <a href="https://solidproject.org/TR/protocol">
        https://solidproject.org/TR/protocol
      </a>
    </dd>
    <dt id="bib-vann">[vann]</dt>
    <dd>
      <a href="http://purl.org/vocab/vann/">
        <cite>VANN: A vocabulary for annotating vocabulary descriptions</cite>
      </a>. Ian Davis. 1 April 2005. URL: 
      <a href="http://purl.org/vocab/vann/">
        http://purl.org/vocab/vann/
      </a>
    </dd>
    <dt id="bib-wac">[wac]</dt>
    <dd>
      <a href="https://solid.github.io/web-access-control-spec/">
        <cite>Web Access Control</cite>
      </a>. Sarven Capadisli. 11 July 2021. URL: 
      <a href="https://solid.github.io/web-access-control-spec/">
        https://solid.github.io/web-access-control-spec/
      </a>
    </dd>
  </dl>
</section></section><p role="navigation" id="back-to-top">
  <a href="./oac.html#title"><abbr title="Back to Top">↑</abbr></a>
</p><script id="respec-dfn-panel">(() => {
// @ts-check
if (document.respec) {
document.respec.ready.then(setupPanel);
} else {
setupPanel();
}

function setupPanel() {
const listener = panelListener();
document.body.addEventListener("keydown", listener);
document.body.addEventListener("click", listener);
}

function panelListener() {
/** @type {HTMLElement} */
let panel = null;
return event => {
  const { target, type } = event;

  if (!(target instanceof HTMLElement)) return;

  // For keys, we only care about Enter key to activate the panel
  // otherwise it's activated via a click.
  if (type === "keydown" && event.key !== "Enter") return;

  const action = deriveAction(event);

  switch (action) {
    case "show": {
      hidePanel(panel);
      /** @type {HTMLElement} */
      const dfn = target.closest("dfn, .index-term");
      panel = document.getElementById(`dfn-panel-for-${dfn.id}`);
      const coords = deriveCoordinates(event);
      displayPanel(dfn, panel, coords);
      break;
    }
    case "dock": {
      panel.style.left = null;
      panel.style.top = null;
      panel.classList.add("docked");
      break;
    }
    case "hide": {
      hidePanel(panel);
      panel = null;
      break;
    }
  }
};
}

/**
* @param {MouseEvent|KeyboardEvent} event
*/
function deriveCoordinates(event) {
const target = /** @type HTMLElement */ (event.target);

// We prevent synthetic AT clicks from putting
// the dialog in a weird place. The AT events sometimes
// lack coordinates, so they have clientX/Y = 0
const rect = target.getBoundingClientRect();
if (
  event instanceof MouseEvent &&
  event.clientX >= rect.left &&
  event.clientY >= rect.top
) {
  // The event probably happened inside the bounding rect...
  return { x: event.clientX, y: event.clientY };
}

// Offset to the middle of the element
const x = rect.x + rect.width / 2;
// Placed at the bottom of the element
const y = rect.y + rect.height;
return { x, y };
}

/**
* @param {Event} event
*/
function deriveAction(event) {
const target = /** @type {HTMLElement} */ (event.target);
const hitALink = !!target.closest("a");
if (target.closest("dfn:not([data-cite]), .index-term")) {
  return hitALink ? "none" : "show";
}
if (target.closest(".dfn-panel")) {
  if (hitALink) {
    return target.classList.contains("self-link") ? "hide" : "dock";
  }
  const panel = target.closest(".dfn-panel");
  return panel.classList.contains("docked") ? "hide" : "none";
}
if (document.querySelector(".dfn-panel:not([hidden])")) {
  return "hide";
}
return "none";
}

/**
* @param {HTMLElement} dfn
* @param {HTMLElement} panel
* @param {{ x: number, y: number }} clickPosition
*/
function displayPanel(dfn, panel, { x, y }) {
panel.hidden = false;
// distance (px) between edge of panel and the pointing triangle (caret)
const MARGIN = 20;

const dfnRects = dfn.getClientRects();
// Find the `top` offset when the `dfn` can be spread across multiple lines
let closestTop = 0;
let minDiff = Infinity;
for (const rect of dfnRects) {
  const { top, bottom } = rect;
  const diffFromClickY = Math.abs((top + bottom) / 2 - y);
  if (diffFromClickY < minDiff) {
    minDiff = diffFromClickY;
    closestTop = top;
  }
}

const top = window.scrollY + closestTop + dfnRects[0].height;
const left = x - MARGIN;
panel.style.left = `${left}px`;
panel.style.top = `${top}px`;

// Find if the panel is flowing out of the window
const panelRect = panel.getBoundingClientRect();
const SCREEN_WIDTH = Math.min(window.innerWidth, window.screen.width);
if (panelRect.right > SCREEN_WIDTH) {
  const newLeft = Math.max(MARGIN, x + MARGIN - panelRect.width);
  const newCaretOffset = left - newLeft;
  panel.style.left = `${newLeft}px`;
  /** @type {HTMLElement} */
  const caret = panel.querySelector(".caret");
  caret.style.left = `${newCaretOffset}px`;
}

// As it's a dialog, we trap focus.
// TODO: when <dialog> becomes a implemented, we should really
// use that.
trapFocus(panel, dfn);
}

/**
* @param {HTMLElement} panel
* @param {HTMLElement} dfn
* @returns
*/
function trapFocus(panel, dfn) {
/** @type NodeListOf<HTMLAnchorElement> elements */
const anchors = panel.querySelectorAll("a[href]");
// No need to trap focus
if (!anchors.length) return;

// Move focus to first anchor element
const first = anchors.item(0);
first.focus();

const trapListener = createTrapListener(anchors, panel, dfn);
panel.addEventListener("keydown", trapListener);

// Hiding the panel releases the trap
const mo = new MutationObserver(records => {
  const [record] = records;
  const target = /** @type HTMLElement */ (record.target);
  if (target.hidden) {
    panel.removeEventListener("keydown", trapListener);
    mo.disconnect();
  }
});
mo.observe(panel, { attributes: true, attributeFilter: ["hidden"] });
}

/**
*
* @param {NodeListOf<HTMLAnchorElement>} anchors
* @param {HTMLElement} panel
* @param {HTMLElement} dfn
* @returns
*/
function createTrapListener(anchors, panel, dfn) {
const lastIndex = anchors.length - 1;
let currentIndex = 0;
return event => {
  switch (event.key) {
    // Hitting "Tab" traps us in a nice loop around elements.
    case "Tab": {
      event.preventDefault();
      currentIndex += event.shiftKey ? -1 : +1;
      if (currentIndex < 0) {
        currentIndex = lastIndex;
      } else if (currentIndex > lastIndex) {
        currentIndex = 0;
      }
      anchors.item(currentIndex).focus();
      break;
    }

    // Hitting "Enter" on an anchor releases the trap.
    case "Enter":
      hidePanel(panel);
      break;

    // Hitting "Escape" returns focus to dfn.
    case "Escape":
      hidePanel(panel);
      dfn.focus();
      return;
  }
};
}

/** @param {HTMLElement} panel */
function hidePanel(panel) {
if (!panel) return;
panel.hidden = true;
panel.classList.remove("docked");
}
})()</script><script src="./oac_files/fixup.js.transferir"></script></body></html>