- The paper demonstrates that ODRL's conduct-level semantics are insufficient and requires cross-level normative grounding using UFO-L.
- It validates the model with formal axioms and benchmarks via automated reasoners to ensure consistency and enforceability of norms.
- The work introduces an OWL legal profile to integrate competence-level positions, explicitly establishing authority structures in policy design.
Cross-Level Ontological Grounding of ODRL Policies in UFO-L
ODRL Policy Semantics and Structural Gaps
ODRL, adopted by W3C and pivotal for European Data Spaces, is a standard policy language enabling fine-grained expression of data access and usage constraints. The core challenge addressed by this work is the semantic incompleteness of ODRL evaluation: policy evaluators yield verdicts on permissions, prohibitions, and duties in the active policy set, yet they do not explicate the underlying normative positions, authority structures, or governance-related powers that instate, declare, or enforce these norms. This omission propagates ambiguity and incompatibility across ODRL deployments regarding (i) violation declaration authority, (ii) normative rights and correlatives, and (iii) enforceability of remedies.
Foundational Ontology: UFO-L as a Basis for Norm Relations
UFO-L extends the Unified Foundational Ontology with a rich formalization of legal positions—incorporating conduct-level (Permission, Duty, Right, No Right) and competence-level (Power, Subjection, Immunity, Disability) distinctions. Legal positions are moments ontologically dependent on specific agents and always paired as correlatives in a legal relator structure. Conduct-level positions govern what agents may, must, or must not do; competence-level positions pertain to the authority to trigger, instantiate, or abrogate norms via institutional acts. All norm creation or violation transitions are thus contingent on competence-level powers as per UFO-L, grounding ODRL’s semantics beyond verdict evaluation.
Deontic Analysis: Permission, Prohibition, and Duty
This work provides a formal ontological analysis of ODRL’s three core constructs:
- Permission: ODRL’s weak permissions are conduct-level-complete; strong permissions, persistent against normative updates, require Immunity and Disability, elevating them to cross-level applicability.
- Prohibition: ODRL prohibitions are always sanctioned; regulated actions are performable, and violations activate consequential duties. Regimentation is not supported; prohibition is always violable, so remediation requires competence-level authority (Power–Subjection).
- Duty: Only achievement obligations (event-bounded fulfillment) are formally handled; maintenance and process obligations lack evaluation semantics. This ontological limitation restricts normative policy expressivity in practice.
Cross-Level Design Principle
Through formal propositions and theorems, the paper establishes: for any policy language with violable, consequential norms, representations must combine conduct- and competence-level positions. Weak permission suffices with conduct-level positions; sanctioned norms and strong permissions necessitate competence-level authority constructs. ODRL’s conduct-only evaluation model is sound but incomplete—four of eight possible legal positions (e.g., Power, Subjection, Immunity, Disability) remain unrepresented and ungrounded in evaluator outputs.
Each ODRL rule activates a simple legal relator in UFO-L, pairing assignee and assigner positions. Prohibitions with remedies instate not only a Duty to Omit and Right to Omission but also a Power for the assigner to declare violation and a corresponding Subjection for the assignee. The paper introduces an OWL ODRL Legal Profile (odrl-l:), enabling policy authorship to directly state competence-level positions at design-time, thus supporting explicit governance and data sovereignty articulation. Mechanically verified axiomatizations (via Vampire, E, Z3, Isabelle/HOL) confirm both consistency and completeness, with benchmarks spanning all critical norm activation scenarios.
Numerical Results and Explicit Claims
All axioms and their grounding claims are validated across a 39-problem benchmark using state-of-the-art automated reasoners. The model is shown both consistent (minimal finite models for key policies) and sufficient to entail all normative positions emergent from ODRL rule activation, including authority assignments and correlatives absent in existing evaluators. The grounding explicitly surfaces provider-specific violation declaration powers in multi-provider scenarios, authoritative differentiation unattainable by native ODRL semantics.
Implications and Future Work
Practical implications are immediate: grounding ODRL in UFO-L enables governance frameworks to specify, query, and enforce authority structures, automate remedy-based transitions, and resolve policy conflicts via ontological inference rather than implementation heuristics. This enriches compliance checking, data sovereignty enforcement, and policy generation workflows. Theoretically, the cross-level design principle sets a rigorous requirement for any future normative policy language intended for robust, interoperable, and enforceable governance. It mandates explicit authority and enforcement semantics, not only conduct-level verdicts.
Future directions include inheritance-based conflict detection (for odrl:inheritFrom), and integration with LLM-based policy generation—the surfaced ontology serving as a formal target for extraction, reasoning, and compliance validation.
Conclusion
This work demonstrates that ODRL’s conduct-level-only policy semantics are insufficient for fully grounding normative authority and enforcement. Using UFO-L, each ODRL rule activation is mapped to paired legal positions, including competence-level authority structures. Four silent correlatives (e.g., assigner’s Power, Right to Omission) are made explicit, and an OWL profile is introduced for embedding these at policy authoring time. The Cross-Level Design Principle is formally proved and mechanically verified: violable, consequential normative systems necessitate both conduct and competence-level positions for ontological adequacy and governance expressivity. The resultant model is both theoretically robust and practically actionable, supporting advanced compliance, governance, and conflict detection in distributed data space environments.
Paper: "What Does ODRL Mean? A Cross-Level Ontological Grounding of Permissions, Prohibitions, and Duties in UFO-L" (2606.24344)