Driven by data protection laws, interest in decentralized data sharing solutions has surged in recent years. To implement these solutions efectively, usage control is essential for ensuring regulatory compliance and interoperability. The Open Digital Rights Language (ODRL) standard stands out as a potential unified language for formulating fine-grained usage control policies, which must be consistently enforced through a policy engine across every node in the decentralized network. However, how to reliably and uniformly interpret ODRL policies remains an open problem, often leaving implementers to devise their own solutions. To address this problem, this work introduces the Framework for ODRL Rule Compliance through Evaluation (FORCE), designed to assist in policy development and enhance comprehension of evaluation outputs. FORCE is built upon the ODRL Evaluator - a component rigorously tested using the ODRL Test Suite. FORCE's main contributions are i) a guide on the several specifications and pieces of software we are building to work with the current standard and to test new features for a possible future version of the standard, and ii) a Web application that acts as a playground to test these specifications and software libraries. Future work could expand FORCE to include more powerful ODRL Evaluators that can deal with conflict resolution or policy instantiation.
To address privacy concerns arising from the usage of personal data by evolving digital technologies, the
General Data Protection Regulation (GDPR) [
To address challenges in interpreting ODRL policies, Slabbinck et al. proposed a systemic approach
focused on developing interoperable policy engines [
This article presents FORCE, the Framework for ODRL Rule Compliance through Evaluation, a specification and an open-source Web editor built upon the aforementioned ODRL Evaluator. The former contains a guide on how to design ODRL policies, understand ODRL evaluation and provides references to other specifications, including one about proposals for ODRL 3.0. The latter provides a live editor for inputting ODRL policies, requests, and the state of the world and it runs entirely in the browser without requiring an additional server. Furthermore, it generates machine-readable compliance reports with detailed human-readable explanations to aid user understanding. Finally, users can also load and refine test cases from the test suite to deepen their comprehension.
The remainder of the article is organized as follows: Section 2 discusses prior work on ODRL evaluation. In Section 3, we introduce the Framework for ODRL Rule Compliance through Evaluation and outline its key components. Finally, Section 4 concludes the paper.
The Open Digital Rights Language (ODRL) Information Model 2.2 [
In addition to the evaluation behaviour of ODRL 2.2, several research eforts aim to extend the
recommendation with new features. Fornara and Colombetti propose incorporating temporal properties to
model the lifecycles of permissions, obligations, and prohibitions, enabling compliance monitoring[12].
Akaichi et al. introduce variable constraints, resolved by introducing a deterministic dereferencing
mechanism tied to external sources [
This section introduces the Framework for ODRL Rule Compliance through Evaluation (FORCE). The first subsection focuses on the FORCE specification, and the second discusses the FORCE web demonstrator used to explore ODRL evaluations and proposed extensions.
The FORCE specification 14 serves as a guide for the development and evaluation of ODRL policies. It
elaborates how the behaviour of the ODRL Evaluator and how ODRL Evaluators in general should be
tested for correct behaviour, complementing the work of Slabbinck et al. [
This section describes FORCE Web editor15, a demonstrator developed to aid the understanding of ODRL policy evaluation. This is achieved through three core features: An intuitive user interface to edit and evaluate policies, comprehensive output explanations, and a selection of scenarios to facilitate the exploration of ODRL evaluation examples.
The first feature is its intuitive design, achieved by implementing it as a Web application for evaluating ODRL policies. The ODRL Evaluator operates with three essential inputs: (i) an ODRL policy, which outlines the rules defining what access is allowed to which resource by a specific entity; (ii) an ODRL request, containing an ODRL request policy that specifies the actions a party wishes to perform; and (iii) the state of the world, which provides additional context necessary for evaluating constraints. To accommodate these, the FORCE application ofers three editable input fields. To further enhance the user experience, the application addresses the cold start problem by pre-loading an example, as illustrated in Figure 1. Evaluating over the input happens in the browser by relying on the EYE JS [15] library as the core reasoning engine of the ODRL Evaluator16.
The second feature serves to reduce the intricacies of the ODRL Compliance Report Model. The machine-readable Compliance Report describes for each policy its associated rules, the activation state, and the rationale behind that state. To enhance clarity, the web editor includes a humanreadable explanation highlighting the most important messages of the report. For example, if there is a report:PermissionReport that is report:Active, text is provided that entails that the requested action is allowed to be performed by the requesting party.
Furthermore, the demonstrator allows for showcasing a large number of handcrafted scenarios as
example inputs for ODRL evaluations. For that purpose, the test cases from the test suite introduced by
Slabbinck et al. [
ODRL defines its semantics, how to resolve its value remains unspecified 19. • Operator: A comparison operator from the odrl:Operator class. • Right Operand: Either a static value (odrl:rightOperand) or a dynamic reference (odrl:rightOperandRef that must be dereferenced at evaluation time.
The challenge lies in comparing a left operand to a dynamic value. The proposed algorithm deterministically resolves the reference using SHACL paths and a dereferenceable URL. We’ve implemented this algorithm in the ODRL Evaluator and integrated several examples in the FORCE web demonstrator for ODRL extensions20. Further implementation details and a worked-out example are provided in the ODRL 3.0 proposals specification 21. 18Property Path : https://www.w3.org/TR/shacl/#property-paths 19At the time of writing, no formal method exists to materialize left operand values. 20FORCE ODRL extension sandbox: https://w3id.org/force/demo/odrl3proposal 21FORCE ODRL 3.0 proposals: https://w3id.org/force/odrl3proposal
In this paper, we present FORCE as a set of specifications and a Web application that enhances user comprehension of ODRL policy evaluation. The Web editor enables users to create and edit ODRL policies, define requests, and configure various environment variables, all of which can be evaluated through an intuitive interface that also provides human-readable insights into compliance reports.
Through pointers to additional resources and proposals for ODRL 3.0, the FORCE specifications lay the groundwork for continued research and development. As an open-source initiative, FORCE facilitates extensibility and experimentation, enabling further research on ODRL evaluators. Future work includes addressing open challenges for ODRL, including conflict resolution, which addresses cases where multiple policies are incompatible, and policy instantiation, which involves defining the agreed-upon terms of exchange based on a set of policies and a request.
This research was funded by SolidLab Vlaanderen (Flemish Government, EWI and RRF project VV023/10) and by the imec.icon project PACSOI (HBC.2023.0752), which was co-financed by imec and VLAIO and brings together the following partners: FAQIR Foundation, FAQIR Institute, MoveUP, Byteflies, AContrario, and Ghent University – IDLab.
During the preparation of this work, the author(s) used Grammarly in order to: Grammar and spelling check. After using this tool/service, the author(s) reviewed and edited the content as needed and take(s) full responsibility for the publication’s content. [8] R. Zhao, J. Zhao, Perennial Semantic Data Terms of Use for Decentralized Web, in: Proceedings of the ACM Web Conference 2024, ACM, Singapore Singapore, 2024, pp. 2238–2249. doi:10.1145/ 3589334.3645631. [9] A. Cimmino, J. Cano-Benito, R. García-Castro, Open Digital Rights Enforcement framework (ODRE): From descriptive to enforceable policies, Comput. Secur. 150 (2025). doi:10.1016/j. cose.2024.104282. [10] V. Rodríguez-Doncel, N. Roman, Towards Conformance in ODRL 3.0, in: M. Sabou, A. Harth, P. Lisena, E. Curry, B. Zhang, R. Alharbi, Y. He, G. Rehm, S. Schimmler, S. Dietze, N. Manola, A. Cimmino, N. Fornara, V. Rodríguez-Doncel, J. Domingue, A. Rettinger, D. Trilling, M. Grobelnik, C. d’Amato, V. Fionda, I. Tiddi, G. Tolomei (Eds.), Joint Proceedings of the ESWC 2025 Workshops and Tutorials, volume 3977 of CEUR Workshop Proceedings, CEUR, Portorož, Slovenia, 2025. URL: https://ceur-ws.org/Vol-3977/OPAL2025-8.pdf, iSSN: 1613-0073. [11] A. Hosseinzadeh, A. Eitel, C. Jung, A Systematic Approach toward Extracting Technically Enforceable Policies from Data Usage Control Requirements:, in: Proceedings of the 6th International Conference on Information Systems Security and Privacy, SCITEPRESS - Science and Technology Publications, Valletta, Malta, 2020, pp. 397–405. URL: http://www.scitepress.org/DigitalLibrary/ Link.aspx?doi=10.5220/0008936003970405. doi:10.5220/0008936003970405. [12] N. Fornara, M. Colombetti, Using semantic web technologies and production rules for reasoning on obligations, permissions, and prohibitions, AI Communications 32 (2019) 319–334. URL: https://doi.org/10.3233/AIC-190617, publisher: IOS Press. [13] A. Cimmino, N. Fornara, Improving ODRL 2.2: current limitations and theoretical solutions, in: M. Sabou, A. Harth, P. Lisena, E. Curry, B. Zhang, R. Alharbi, Y. He, G. Rehm, S. Schimmler, S. Dietze, N. Manola, A. Cimmino, N. Fornara, V. Rodríguez-Doncel, J. Domingue, A. Rettinger, D. Trilling, M. Grobelnik, C. d’Amato, V. Fionda, I. Tiddi, G. Tolomei (Eds.), Joint Proceedings of the ESWC 2025 Workshops and Tutorials, volume 3977 of CEUR Workshop Proceedings, CEUR, Portorož, Slovenia, 2025. URL: https://ceur-ws.org/Vol-3977/OPAL2025-6.pdf, iSSN: 1613-0073. [14] B. Esteves, R. Dedecker, W. Slabbinck, F. Pattyn, R. Verborgh, Semantic Framework for Legallyaligned Health Data Exchanges, in: M. Sabou, A. Harth, P. Lisena, E. Curry, B. Zhang, R. Alharbi, Y. He, G. Rehm, S. Schimmler, S. Dietze, N. Manola, A. Cimmino, N. Fornara, V. RodríguezDoncel, J. Domingue, A. Rettinger, D. Trilling, M. Grobelnik, C. d’Amato, V. Fionda, I. Tiddi, G. Tolomei (Eds.), Joint Proceedings of the ESWC 2025 Workshops and Tutorials, volume 3977 of CEUR Workshop Proceedings, CEUR, Portorož, Slovenia, 2025. URL: https://ceur-ws.org/Vol-3977/ OPAL2025-9.pdf, iSSN: 1613-0073. [15] J. Wright, J. D. Roo, I. Smessaert, EYE JS: A client-side reasoning engine supporting Notation3 and RDF Surfaces, in: L. Etcheverry, V. L. Garcia, F. Osborne, R. Pernisch (Eds.), Proceedings of the ISWC 2024 Posters, Demos and Industry Tracks: From Novel Ideas to Industrial Practice, volume 3828 of CEUR Workshop Proceedings, CEUR, Maryland, USA, 2024. URL: https://ceur-ws. org/Vol-3828/paper8.pdf, iSSN: 1613-0073.