How are policies enforced? Usage rules are defined on the resource [3.0] using ODRL and injected into the contract. The PDC [2.1] verifies these policies via its Policy Enforcement Point (PEP).
In the data space, policies determine how data is used and for what actions are permitted both at legal and technical levels. Usage rules are defined over the resource following the ODRL (Open Digital Rights Language) Standard, a W3C language designed to express usage permissions, prohibitions and obligations in a machine-readable manner, enabling to specify who can perform actions like “use”, “modify” and “share” a resource, under what conditions and restrictions.
These policies are applied at the resource level and are, subsequently, injected inside the contract, so they can be part of the legally binding agreement between the provider and the data consumer. Within the marketplace ecosystem, the ODRL Manager component (library for Node.js, that validates, interprets and processes ODRL policies) is essential for the PDC [2.1] to evaluate resource-related policies and to determine if the requests are permitted or denied. When a data access or use request comes, the PDC asks the Police Enforcement Point, which applies the rules evaluated by the ODRL Manager, about the request and the context of the contract. This enables the access and, if not, it blocks it. This combination of ORDL policies, evaluated through the ODRL Manager and applied in the PEP, guarantees that the usage rules are technically achieved as part of the contract lifecycle and that the data exchanges are respected with the restrictions agreed.
References