[Odrl-version2] Prohibitions - the saga continues...Reply to Alapan

Tue Feb 14 14:12:47 EST 2006

Hi ,

On Feb 10, Vicky Weissman said:
-------------------------------
... Suppose that a database of clinical information is jointly owned by
hospital H and research institute R.  To get access, an individual needs to
present agreements from both H and R that together imply the permission...
Now I think we want prohibitions because we want to detect conflicts between
H and R (e.g., H permits an access that R forbids). 

On Feb 13, Alapan Arnab replied:
--------------------------------
I don't think prohibitions are necessary at all to handle the scenario you
posted. I will try to give a logical proof why (I have ignored invalid
licenses):

Notation:
E  -> element of
H  -> license agreement from Hospital
R  -> license agreement from Research Institute
HPS-> hospital license permission set
RPS-> research institute permission set
x  -> the permission in question
pH -> permission granted by DRM controller (Hospital) pR -> permission
granted by DRM controller (RI) pJ -> permission granted by DRM controller
(joint data)

&  -> and
!  -> not

Rules:
1. x E HPS & x E H -> pH
2. x !E HPS & x !E H -> pH
3. x E HPS & x E H -> !pH

4. x E RPS & x E R -> pR
5. x !E RPS & x !E R -> pR
6. x E RPS & x E R -> !pR

7. pR & pH -> pJ

>From the above, it is clear, that [7] is satisfied iff ([1] | [2]) & ([4] |
[5]).

Vicky Weissman, replying:
---------------------------
I don't understand your notation.  In particular, I don't see why rule 1
doesn't contradict rule 3 (and, similarly, why rule 4 doesn't contradict rule
6).  My best guess is that, for each DRM controller, you're maintaining two
sets of information.  A permission is granted if it is in the controller's
permission set and in the agreement; a permission is denied if it is in the
controller's permission set and not in the agreement; and it is unregulated
if it is not in the permission set nor in the agreement.  If this is the
case, then you're essentially capturing prohibitions explicitly (as the
difference between 2 sets), and you might as well do it in the standard way;
that is, with permissions and prohibitions, instead of with permissions and a
superset of regulated actions.

Regardless of your specific work-around, I do think that, for the example I
gave, we want to distinguish forbidden actions from unregulated ones.
(Having both permissions and prohibitions is, I believe, the most common way
to do this.)  To clarify my thinking, suppose that Alice wants to access the
clinical database directly and, to get access, she presents an agreement
agr_H from the hospital that says "Alice may query the database" and she
presents an agreement agr_R from the research institute that says "Alice may
access the database directly".  Should Alice be given access?  If ODRL
includes prohibitions, then agr_H does not object to Alice accessing the
database and, as a result, I think the request should be granted.  If ODRL
does not include prohibitions, then we can't tell whether the hospital does
not object, in which case access should be granted, or the hospital forbids
the action, in which case H and R contradict one another and some "default"
action should be done (e.g., contact H and R so they can work out the
disagreement, or give Alice access to a perturbed version of the database). 

-Vicky