Policies Composition Based on Data Usage Context

Valeria Soto-Mendoza, Patricia Serrano-Alvarado, Emmanuel Desmontils, José-Antonio García-Macías

1

In International Workshop on Consuming Linked Data (COLD) at ISWC, 12 pages,

Bethlehem, Pennsylvania, United States,12 October 2015

https://hal.archives-ouvertes.fr/hal-01184660

Problem

• Massive production and usage of (personal) data

• Usage policies should be defined for every data (PriLoo, ODRL, PPo, l4all, CC, GPL, etc.)

• But in a collaborative application combining data, which will be the usage policy of the resulting data?

12/01/16 2

Our goal

• A method to combine policies – based on semantic web technologies

(ontologies, reasoning rules, rdf,…) – considering usage context – easy to extend

12/01/16 3

Proposed approach

• Federation of personal data servers servers (e.g., SPARQL endpoints)

• Usage policies linked to personal data

• Federated query • Before query evaluation,

PrODUCE makes policies composition

PrODUCE is a mechanism for policies composition based on semantic web technologies

12/01/16 4

PriLoo usage policies

Like other policies, but in addition they describe: • the contexte under

which data should be used – Usage purposes, usage

duration, usage locality, storage locality, etc.

• What to do with non-explicit terms/properties – implicitProperties (all-

but-prohibited, all-but-permitted-or-obliged)

• Families of licensesPriLoo ontology http://www.privacy-lookout.net/pluxml/index.php

12/01/16 5

Some details

• For ImplicitStatus, two values are allowed: – all-but-prohibited, to prohibit all implicit terms and – all-but-permits-or-obliges, to permit or to oblige

implicit terms

• LegalTerms, Operations and Purposes are terms structured in a hierarchical tree – For instance, LegalTerm “moral rights preserve”

inherits of “rights preserve”, consultation purpose inherits of medical purpose

– For legal terms, operations and purposes defined in PriLoo, see http://privacy-lookout.net/ontologies/2015/06/28/pl-usage-terms.n3

12/01/16 6

PriLoo – available usage policies

• Several standard licenses have been defined in PriLoo like CC-By or Beerware

http://privacy-lookout.net/ontologies/2015/06/28/pl-licenses.n3

12/01/16 7

lic:Beerware a pl:License ; rdfs:label "Beer-ware Licence (Revision 42)"@en ; rdfs:comment "If we meet some day, and you think this stuff is worth it, you can buy me a beer in return"@en ; pl:legalTermsURL "http://people.freebsd.org/~phk/"^^xsd:anyURI ; pl:memberOfTheFamily lic:PublicDomain ; pl:permitedOperation operation:rename ; pl:obligedLegalTerm term:copyrightNotice ; pl:permitedLegalTerm term:warranty .

lic:CC-BYv3 a pl:License ; rdfs:label "CC BY 3.0"@en , "CC BY 3.0"@fr ; rdfs:comment "Creative Commons Attribution 3.0 Unported"@en ; pl:obligedLegalTerm term:by ; pl:legalTermsURL "http://creativecommons.org/licenses/by/3.0/legalcode"^^xsd:anyURI ; pl:memberOfTheFamily lic:CreativeCommonsFreeCulture ; pl:permitedOperation operation:write ; owl:sameAs sc_registro:CC-BY_1, <http://creativecommons.org/licenses/by/3.0/> .

PrODUCE composition process

• Stage 0 applies ontology-based rules to consider data usage context: Bussines rules, propagation rules, implicit management rules

• Stage 1 applies operators AND and OR: AND for permissions, OR for prohibitions/obligations

• Stage 2 uses priorities to resolve conflicts: 1 for original terms, 2 for terms produced by bussines rule, 3 for rules produced by implicit management and propagation rules

12/01/16 8

A custom usage policy#Policy 1 1. :License1 a pl:License ; 2. pl:permits operation:read .

3. :PUCelder1 a pl:PUC ; 4. pl:permits purpose:scientific, purpose:medical ; 5. pl:prohibits purpose:tracking ; 6. pl:object <Resident1PersonalData.n3> ; 7. pl:hasLicense :License1 ; 8. pl:duration ”P0Y0M2D”ˆ ˆ xsd:duration ; 9. pl:maxUses ”3”ˆ ˆ xsd:integer ; 10.pl:grantee <http://www.clinicasantaclarita.com/ 11 Dr Clemente Humberto

Zuniga Gil.html>, 11.<http://serenaseniorcare.com/>, <http://www.cicese.edu.mx/> ; 12.pl:grantor <Resident1.n3> ; 13.pl:usageLocality <http://dbpedia.org/resource/Mexico>, <http://

dbpedia.org/resource/USA> ; 14.pl:storageLocality <http://dbpedia.org/resource/Mexico> .

12/01/16 9

Example of composition

#Policy 1 1. :License1 a pl:License ; 2. pl:permits operation:read .

3. :PUCelder1 a pl:PUC ; 4. pl:permits purpose:scientific, purpose:medical ; 5. pl:prohibits purpose:tracking ; 6. pl:object <Resident1PersonalData.n3> ; 7. pl:hasLicense :License1 ; 8. pl:duration ”P0Y0M2D”ˆ ˆ xsd:duration ; 9. pl:maxUses ”3”ˆ ˆ xsd:integer ; 10. pl:grantee <http://www.clinicasantaclarita.com/ 11 Dr Clemente

Humberto Zuniga Gil.html>, 11. <http://serenaseniorcare.com/>, <http://www.cicese.edu.mx/> ;

#Policy 4 1 :License4 a pl:License ; 2 pl:permits operation:sharing, operation:publishing, 3 operation:distribute, operation:read ; 4 pl:obliges legalTerm:by .

5 :PUCelder3 a pl:PUC ; 6 pl:permits purpose:scientific, purpose:medical, 7 purpose:wellbeing, purpose:consultation, 8 purpose:comercial ; 9 pl:object <Resident3PersonalData.n3> ; 10 pl:hasLicense :License4 ; 11 pl:duration "P0Y0M2D"^ ^ xsd:duration ; 12 pl:maxUses "3"^ ^ xsd:integer ; 13 pl:grantee <http://serenaseniorcare.com/>, 14 <http://www.cinicasantaclarita.com/Dr Clemente Humberto 15 Zuniga Gil.html> ; 16 pl:grantor <Resident3.n3> ; 17 pl:usageLocality <http://dbpedia.org/resource/Mexico>, 18 <http://dbpedia.org/resource/USA> ; 19 pl:storageLocality <http://dbpedia.org/resource/Mexico>, 20 <http://dbpedia.org/resource/USA> .

#Policy 5 1 :License5 a pl:License ; 2 pl:permits operation:distribute, operation:read ; 3 pl:obliges legalTerm:by .

4 :PUCelder2 a pl:PUC ; 5 pl:permits purpose:scientific, purpose:tracking ; 6 pl:prohibits purpose:commercial, purpose:medical ; 7 pl:object <Resident2PersonalData.n3> ; 8 pl:hasLicense :License5 ; 9 pl:duration "P0Y0M2D"^ ^ xsd:duration ; 10 pl:maxUses "3"^ ^ xsd:integer ; 11 pl:grantee <http://serenaseniorcare.com/> ; 12 pl:grantor <Resident2.n3> ; 13 pl:usageLocality <http://dbpedia.org/resource/Mexico> ; 14 pl:storageLocality <http://dbpedia.org/resource/Mexico> .

12/01/16 10

Query for scientific purposes wanting access to elders data

Stage 0 Pre-processing #Policy 1 extended 1. :License1 a pl:License ; 2. pl:obliges legalTerm:fairDealing, legalTerm:constraintDerivative, legalTerm:waiver, 3. legalTerm:otherRightsPreserve, legalTerm:copyrightNotice, legalTerm:warranty, legalTerm:history, 4. legalTerm:sa, legalTerm:notice, legalTerm:holdLiable, legalTerm:lesserCopyLeft, legalTerm:by, 5. legalTerm:origin, legalTerm:PublicDomainPreserve, legalTerm:moralRightsPreserve, 6. legalTerm:limitedCommercial, legalTerm:freeSourceCode, legalTerm:rightsPreserve ; 7. pl:prohibits operation:rename, operation:write ; 8. pl:permits operation:read , operation:distribute , operation:publishing .

9. :PUCelder1 a pl:PUC ; 10.pl:begin "2014-02-03T00:00:00.000+01:00" ; 11.pl:duration "P0Y0M2D"^ ^ xsd:duration ; 12.pl:grantee <http://serenaseniorcare.com/> ; 13.pl:grantor <Resident1.n3> ; 14. pl:hasLicense :License1 ; 15.pl:implicitProperties pl:all-but-prohibited ; 16.pl:object <Resident1PersonalData.n3> ; 17. pl:permits purpose:consultation , 18. purpose:scientific , purpose:medical ; 19.pl:prohibits purpose:tracking , purpose:sales , 20. purpose:commercial , purpose:care, purpose:gift, 21. purpose:privateUse, purpose:wellbeing, 22. purpose:management ; 23.pl:storageLocality <http://dbpedia.org/resource/Mexico> ; 24. pl:usageLocality <http://dbpedia.org/resource/Mexico>, 25.<http://dbpedia.org/resource/USA> ; 26.pl:maxUses ”3”ˆ ˆ xsd:integer .

#Policy 1 1. :License1 a pl:License ; 2. pl:permits operation:read .

3. :PUCelder1 a pl:PUC ; 4. pl:permits purpose:scientific, purpose:medical ; 5. pl:prohibits purpose:tracking ; 6. pl:object <Resident1PersonalData.n3> ; 7. pl:hasLicense :License1 ; 8. pl:duration ”P0Y0M2D”ˆ ˆ xsd:duration ; 9. pl:maxUses ”3”ˆ ˆ xsd:integer ; 10. pl:grantee <http://www.clinicasantaclarita.com/ 11 Dr Clemente

Humberto Zuniga Gil.html>, 11. <http://serenaseniorcare.com/>, <http://www.cicese.edu.mx/>

; 12. pl:grantor <Resident1.n3> ; 13. pl:usageLocality <http://dbpedia.org/resource/Mexico>,

<http://dbpedia.org/resource/USA> ; 14. pl:storageLocality <http://dbpedia.org/resource/Mexico> .

Scientific and medical purposes generate

obligations, prohibitions, implicit properties and other

purposes.

12/01/16 11

Stage 1 – composition operations (1/2)

#Policy 1 extended 1. :License1 a pl:License ; 2. pl:obliges legalTerm:fairDealing, legalTerm:constraintDerivative, legalTerm:waiver, … ; 3. pl:prohibits operation:rename, operation:write ; 4. pl:permits operation:read , operation:distribute , operation:publishing .

5. :PUCelder1 a pl:PUC ; 6. pl:begin "2014-02-03T00:00:00.000+01:00" ; 7. pl:duration "P0Y0M2D"^ ^ xsd:duration ; 8. pl:getPurposeFrom :License1 ; 9. pl:grantee <http://serenaseniorcare.com/> ; 10.pl:grantor <Resident1.n3> ; 11.pl:hasLicense :License1 ; 12.pl:implicitProperties pl:all-but-prohibited ; 13.pl:object <Resident1PersonalData.n3> ; 14. pl:permits purpose:consultation , purpose:scientific , purpose:tracking , purpose:medical ; 15.pl:prohibits purpose:sales , purpose:commercial , purpose:care, purpose:gift, purpose:privateUse, 16.purpose:wellbeing, purpose:management ; 17. pl:storageLocality <http://dbpedia.org/resource/Mexico> ;

#Policy 4 extended 1. :License4 a pl:License ; 2. pl:obliges legalTerm:by, legalTerm:constraintDerivative ; 3. pl:prohibits legalTerm:otherRightsPreserve, legalTerm:copyrightNotice, legalTerm:warranty, … ; 4. pl:permits operation:read, operation:sharing, operation:publishing .

5. :PUCelder3 a pl:PUC ; 6. pl:begin "2014-02-03T00:00:00.000+01:00" ; 7. pl:duration "P0Y0M2D"^ ^ xsd:duration ; 8. pl:getPurposeFrom :License4 ; 9. pl:grantee <http://serenaseniorcare.com/> ; 10.pl:grantor <Resident3.n3> ;

Model Operator Description

Permits operation/purpose ANDAn operation or purpose is permitted in the composed policy if it appears in all policies.

Prohibits operation/purpose/legalTerm OR

An operation, purpose or legalTerm is prohibited in the composed policy if it appears in at least one policy.

Obliges legalTerm ORA legalTerm is obligated in the composed policy if it appears in at least one policy.

Operators applied for legalTerms and

operations in the licenses.

12/01/16 12

#Policy 5 extended 1. :License5 a pl:License ; 2. pl:obliges legalTerm:fairDealing , legalTerm:otherRightsPreserve, legalTerm:copyrightNotice, legalTerm:warranty, … ; 3. pl:permits operation:read, operation:sharing, operation:rename, operation:distribute, operation:publishing, … .

4. :PUCelder2 a pl:PUC ;

Stage 1 – composition operations (2/2)

#Policy 1 extended 1. … 2. :PUCelder1 a pl:PUC ; 2. pl:permits purpose:consultation , purpose:scientific , purpose:tracking , purpose:medical ; 3. pl:prohibits purpose:sales , purpose:commercial , purpose:care, purpose:gift, purpose:privateUse, … ; 4. … .

#Policy 4 extended 1. … 2. :PUCelder3 a pl:PUC ; 3. pl:permits purpose:wellbeing, purpose:management , purpose:commercial , purpose:tracking , 4. purpose:consultation , purpose:scientific, purpose:sales, purpose:medical, purpose:care, purpose:gift ; 5. pl:prohibits purpose:privateUse ; 6. … .

Model Operator Description

Permits operation/purpose ANDAn operation or purpose is permitted in the composed policy if it appears in all policies.

Prohibits operation/purpose/legalTerm OR

An operation, purpose or legalTerm is prohibited in the composed policy if it appears in at least one policy.

Obliges legalTerm ORA legalTerm is obligated in the composed policy if it appears in at least one policy.

Operators applied to purposes in the PUC.

12/01/16 13

#Policy 5 extended 1. … 2. :PUC elder2 a pl:PUC ; 3. pl:permits purpose:management, purpose:scientific, purpose:tracking, purpose:privateUse, purpose:care, purpose:wellbeing ; 4. pl:prohibits purpose:sales, purpose:commercial, purpose:medical, purpose:gift, purpose:consultation ; 5. … .

Stage 2 – solution of conflicts

12/01/16 14

• Based on priorities – High priority: original terms/purposes – Medium priority: terms/purposes added by business rules – Low priority: terms/purposes added by implicit management and propagation

rules

• In addition – If same priority for a permitted term/purpose that is prohibited in at least one

policy, then it will not be included in the final policy; – if two terms are not compatible then one of them is chosen based on the

requester purposes;#Composite policy 1. :scientificCompositePolicy a pl:License ; 2. pl:obliges legalTerm:moralRightsPreserve, legalTerm:by, legalTerm:notice, 3. legalTerm:lesserCopyLeft, legalTerm:holdLiable, legalTerm:fairDealing, legalTerm:origin, 4. legalTerm:rightsPreserve, legalTerm:publicDomainPreserve, legalTerm:warranty, 5. legalTerm:copyrightNotice, legalTerm:waiver, legalTerm:sa, legalTerm:otherRightsPreserve, 6. legalTerm:constraintDerivative, legalTerm:history, legalTerm:freeSourceCode, legalTerm:limitedCommercial ; 7. pl:permits operation:publishing, operation:read ; 8. pl:prohibits operation:rename, operation:write, operation:using, operation:distribute, operation:derivative, 9. operation:copy, operation:sharing, operation:unlimitedDisclosure, legalTerm:publicDomainPreserve, 10. legalTerm:waiver, legalTerm:fairDealing, legalTerm:otherRightsPreserve, legalTerm:holdLiable, 11. legalTerm:coyrightNotice, legalTerm:warranty, legalTerm:sa, legalTerm:rightsPreserve, legalTerm:lesserCopyLeft, 12. legalTerm:by, legalTerm:history, legalTerm:moralRightsPreserve, legalTerm:freeSourceCode, legalTerm:origin, 13. legalTerm:notice .

14. :escenario2 a pl:PUC ;

Resulting composed policy#Composite policy 1. :scientificCompositePolicy a pl:License ; 2. pl:obliges legalTerm:moralRightsPreserve, legalTerm:by, legalTerm:notice, 3. legalTerm:lesserCopyLeft, legalTerm:holdLiable, legalTerm:fairDealing, 4. legalTerm:origin, legalTerm:rightsPreserve, legalTerm:publicDomainPreserve, 5. legalTerm:warranty, legalTerm:copyrightNotice, legalTerm:waiver, 6. legalTerm:sa, legalTerm:otherRightsPreserve, legalTerm:constraintDerivative, 7. legalTerm:history, legalTerm:freeSourceCode, legalTerm:limitedCommercial ; 8. pl:permits operation:publishing, operation:read ; 9. pl:prohibits operation:rename, operation:using, operation:distribute, 10. operation:derivative, operation:copy, operation:sharing, 11. operation:unlimitedDisclosure, operation:write .

12. :escenario2 a pl:PUC ; 13.pl:permits purpose:scientific ; 14. pl:prohibits purpose:consultation, purpose:care, purpose:tracking, 15.purpose:management, purpose:sales, purpose:privateUse, purpose:commercial, 16.purpose:gift, purpose:medical, purpose:welllbeing ; 17. pl:object <CompositePersonalData.n3> ; 18.pl:hasLicense :scientificCompositePolicy ; 19.pl:duration "P0Y0M2D"^ ^ xsd:duration ; 20.pl:maxUses "3"^ ^ xsd:integer ; 21.pl:grantee <http://cicese.edu.mx/> ; 22.pl:grantor <Resident1.n3>, <Resident2.n3>, <Resident3.n3> ; 23.pl:usageLocality <http://dbpedia.org/resource/Mexico> ; 24. pl:storageLocality <http://dbpedia.org/resource/Mexico> .

12/01/16 15

Positioning with the state of the art

16

Gangadharan, et al.

Mesiti, et al. Villata, et al. PrODUCE

Context Web services MPEG resources Web of data Web of data

Policies representation Ontology-based Set of grants Ontology-based Ontology-based

ModelsPermission,

requirement, constraint

-Permissions, obligations, prohibitions

Permissions, obligations, prohibitions

Terms

By scopes. Rights:{adaptation, composition, derivation, attribution,

shareAlike, non-commercial}, Financial:

{peruse,payment}

By groups. Use:{play, print, execute}, Manage:{install, uninstall, move, delete}, Transformation:{reduce, enlarge, modify, diminish enhance, adapt, embed}

DerivativeWorks, Sharing, Distribution, Reproduction,

Notice, Attribution, ShareAlike, SourceCode,

CopyLeft, NonCommercial, Commercial,

HighIncomeNationUse

Operations:{read, write, unlimitedDisclosure,rename

}, terms:{notice, copyrightNotice, waranty, holdliable, fairDealing}, purposes:{commercial,

private, medical, scientific}

Composition rules Meaning-based Group-based Deontic logic-

basedOntology-based

Unspecified terms

Rules case-by-case

- Conservative decision

Decision based on the data-usage

context

Data-usage context No

Yes (only usage purpose in the composition

request)

No Yes17

Perspectives

• Custom policies and resulting policies are legal ? We have to talk with Jurists…

• To define new rules for contextual aspects like Laws of the usage and storage locations of concerned data

• To construct a feedback when the policies combination is not possible

12/01/16 18

12/01/16 19