-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to represent in the "state of the world" the executed Actions #61
Comments
In the work I am doing, and as per the email I sent a few days ago:
Note 1: I like the order world -> actor -> action -> asset (i think it has a good grammatical flow compared to action -> actor -> asset). Note 2: For practical reasons, variables can also be added to the world "manually" to the context, especially for "spatial" assessments (we only know the location of an actor or asset when the evaluation is executed. I have 3 functions: addToContext / replaceInContext / removeFromContext - the most important is "replace" (as it can 'fix' issues with any variable's state/value and do things like change location), probably irrelevant to formal definitions. |
The representation of the state of the world implies having new elements in ODRL. I label this issue as "new feature". |
So far the state of the world and a Policy have been separate entities as an implementation. The "world" is linked to an "agreement" only for practical purposes, and as per my diagram above, when an agreement is created between an odrl:Assigner and an odrl:Assignee - the "world manager" extracts the variables from the agreement and categorises them (those that are "editable" - like a count and those that are "extraneous" - like dateTime). I am unsure if the actual representation of the world has to be part of a "new feature" - unless the expectations are that you can "move" the agreements and states of worlds around in a distributed environment. I would start with a logical representation and the rules to evaluate an outcome. If we speak about "what is out there", as I mentioned during our call - authZen has a definition that was compatible with my evaluation:
They also have a verbose way of describing relationships, those "evaluations" listed in that example, look as they can be actions in a list:
I have a much more "compressed" (because the agreements give us much more information from the start) Finally, they have a "client" managed context (or "state of the world") ... I am partial to where the context lives, there are advantages and disadvantages of either side. |
To describe executed actions in the state of the world, we (@besteves4 and me) are proposing the compliance report model presented for the ODRL CG at 2 October (slides). The policy report allows to describe the action, party and target resource by linking to the relevant odrl policy and rule and it has a property to denote the time. Futhermore, the model can also be used to denote an odrl evaluation. The repository contains examples of the report for the three type of rules: Permission, Prohibition and Duty. If this model seems interesting, we would gladly further discuss it in a future ODRL (formal semantics) CG |
When you say "describe executed actions in the state of the world", are you proposing some sort of "historical ledger"? There seems to miss the outcome of the entire policy (a world can have many policies, let's assume with one actor, many actions, and many targets, and some can be inactive as the target is not part of that policy). It could have all the Attempted and Activation states. Your diagram shows only Permissions, although it shows the report classes for all the rule types. A Permission can be "active/attempted", and during that same evaluation, you can have a Prohibition "active/violated" - the outcome of the Policy is therefore "active/violated". For example: "actor has permission to use asset" / "actor is prohibited to use it from home" (and yes, you can model this as a single rule - but you can also model it as multiple rules, so you have to allocate both possible paths, and hence why Policy is the "ultimate" outcome). I'm not fond of reporting on "not attempted" - useful for development/debugging, but it could end up having lengthy reports with inconsequential entries. Finally, during our call in October, it was raised a few times the complexities of Duty fulfilment processes. An example following yours:
In practice, resource X is in Alice's shared drive, which has a local backup for her office that remains there for 12 months, and also goes to an organisational archive for 7 years. At what point is the duty considered fulfilled and that report can be generated? |
Thank you for the fruitful discussion on this issue related to the ‘state of the world’. I try to summarize the results of the discussion.
References: |
Proposed resolution: the context is unlimited, infinite. Every new specified element should be backed by an example in the test bed. If there is no example in the test bed, we should not speak about it. Therefore, the action is to add examples (jsonld or turtle files) in the github repo, folder "Formal Semantics" folder. |
In order to proved a Formal Semantics for ODRL (https://w3c.github.io/odrl/formal-semantics/), it is necessary to specify the name of the properties that can be used to describe the executed Actions in the "state of the world".
One initial proposal may be to represent them with at least: a type (the class of Actions to which the action belong), a performer (i.e. the agent that performs the action), an object (i.e. the object on which the action is performed), an atTime for describing the instant of time when the action is executed or when its execution has started.
The text was updated successfully, but these errors were encountered: