odrl icon indicating copy to clipboard operation
odrl copied to clipboard
verified publisher icon w3c

Default behaviour of the Evaluator

Open vroddon opened this issue 7 months ago • 4 comments

On the default behaviour of the Evaluator. In the absence of rules... is action permitted? Evaluator can be specified either an open or closed behaviour. The default behaviour for the Evaluator in the examples is closed (unless otherwise specified within the policy). The Formal Semantics' sentence "More precisely, the ODRL Evaluator uses as input:" will be followed by a fourth point, on setting the default behaviour for the evaluator (closed/open) For example:

  • Individuals can do everything that is not strictly forbidden
  • Public powers can only do what is explicitly permitted to them

vroddon avatar Jun 03 '25 17:06 vroddon

I would follow the principle of least privilege/authority.

Benefits of the principle include:

  • Intellectual security.
  • Better system security.
  • Ease of deployment.

I am unsure if I follow what open or closed means in the context of the evaluator.

joshcornejo avatar Jun 04 '25 06:06 joshcornejo

To be more clear, see these examples:

Behaviour one:

  • Policies: {Ø} (none)
  • Request: "Can I smoke?"
  • Evaluator Response: "Yes" (because it is not forbidden and the Evaluator is working under a "default-allow" way)

Behaviour two:

  • Policies: {Ø} (none)
  • Request: "Can I smoke?"
  • Evaluator Response: "No" (because it is not permitted and the Evaluator is working under a "default-disallow" way)

For different scenarios, each of the behaviours makes sense...

vroddon avatar Jun 04 '25 15:06 vroddon

So like this:

Behaviour one: You can do everything permitted, plus everything that isn't explicitly disallowed.

Behaviour two: You can only do everything explicitly permitted.

For behaviour two, the agreements and references to assets, actions and parties within are enough for the evaluator to decide, I assume this is what you call "closed"?

For behaviour one, the evaluator needs access to every possible agreement, action, asset and party to decide, and this is what you call "open"?

joshcornejo avatar Jun 05 '25 06:06 joshcornejo

If the meaning of open/closed is misleading, let us not use those words. But "behaviour one / behaviour two", as they are explained, are crystal clear (I humbly believe) --and they are useful in other scenarios --in any case, the current silence of the ODRL spec can lead to confusion.

vroddon avatar Jun 09 '25 13:06 vroddon