The policy representation problem

A data governance policy is a statement about what can and cannot be done with data. Every organisation has them. The problem is not a shortage of policies. It is a shortage of policies that machines can read.

Text-based policies (PDFs, wiki pages, README sections, catalog description fields) share three structural weaknesses. They cannot be composed across systems: a prohibition written in one team's wiki cannot be referenced by another team's pipeline. They cannot be validated: there is no way to check whether a proposed data use is consistent with a text policy without a human reading it. And they cannot be enforced: a notebook that loads a CONFIDENTIAL dataset has no mechanism to consult a document.

The deeper issue is vocabulary. Two organisations that want to enforce compatible policies need to agree on what words mean. "Distribute" means different things to a media licensing lawyer and a data engineer. In a federated architecture (a data mesh, a data space, a multi-cloud lakehouse) policies travel across organisational and system boundaries. If the vocabulary is not shared, enforcement cannot be.

"Two systems cannot enforce the same policy if they do not agree on what the words mean. ODRL is the vocabulary agreement."

The Open Digital Rights Language (ODRL) is a W3C recommendation (first published 2018, active since 2002) that solves both problems at once. It provides a precisely defined information model for expressing policies and expresses that model in JSON-LD, where every concept is identified by a URI rather than an arbitrary string. The vocabulary is shared by definition.

The information model: six building blocks

The ODRL information model has six core concepts. Everything in an ODRL policy is one of these things or a relationship between them.

odrl:Policy

The container document. Has a unique URI identifier, a type (Set, Offer, Agreement, or Request), and a set of rules. Every ODRL document is a Policy.

odrl:Asset

The thing being governed. Can be a dataset URI, a DCAT distribution, an API endpoint, or any identifiable digital resource. An Asset can also be an AssetCollection.

odrl:Party

Who the rules apply to: identified by URI, not by name. An assigner grants permissions; an assignee receives them. Both roles can be PartyCollections (groups).

odrl:Rule

A permission, prohibition, or duty. Links an action to an asset and optionally to a party. A permission may carry duties; things that must be done when exercising it.

odrl:Action

What action the rule governs. From the ODRL action vocabulary: use, distribute, reproduce, present, modify, derive, aggregate, anonymize, extract, inform, and more.

odrl:Constraint

A condition that qualifies a rule. Expressed as a (LeftOperand, Operator, RightOperand) triple: the algebraic form that makes constraint evaluation algorithmic rather than interpretive.

The relationships between these concepts are intentionally minimal. A Policy contains Rules. Each Rule references an Action and an Asset. Parties are associated at the Rule level. Constraints qualify Rules. That is the entire model. The simplicity is not a limitation. It is what makes ODRL composable across systems that know nothing about each other beyond the standard.

Actions form a hierarchy

The ODRL action vocabulary is not a flat list. Actions form a subsumption hierarchy: odrl:use is the broadest action and subsumes nearly everything below it. A permission for odrl:use implicitly permits odrl:distribute, odrl:reproduce, odrl:present, and more: unless those are explicitly prohibited in the same policy.

This matters for governance because it determines what a prohibition actually blocks. A prohibition on odrl:distribute does not block odrl:reproduce, even though both are sub-actions of odrl:use. Precision at the action level is the mechanism for expressing nuanced policies: "You may use this data for internal analytics but may not share it externally" without ambiguity.

The four policy types

ODRL defines four Policy subtypes that map to distinct real-world governance workflows. Understanding which type to use and when is the difference between a policy that supports a governance process and one that merely describes it.

Type Purpose Real-world mapping
odrl:Set Standalone policy, no specific parties Default catalog terms: "These are the rules for anyone accessing this dataset"
odrl:Offer Proposal from assigner to potential assignees Data marketplace listing: "Here is what I will grant under these conditions"
odrl:Agreement Bilateral policy, both parties bound Data sharing contract: "We have agreed to these terms for this specific use"
odrl:Request Assignee requests permissions from assigner Access request form: "I am requesting these specific rights for this purpose"

The Set type is the right choice for a data catalog: it expresses the terms of use for a dataset without presuming a specific consumer. The Offer type becomes relevant in marketplace contexts, where a data provider publishes the terms they are willing to offer before any specific consumer has agreed. The Agreement type is the output of a successful negotiation. It binds both parties to specific terms and is the type used in data space bilateral contracts. The Request type supports the access request workflow: a consumer expresses what permissions they need before a provider decides whether to grant them.

Composing policy types into workflows

A complete access workflow looks like: (1) data provider publishes an Offer for a dataset; (2) consumer submits a Request expressing their specific use case; (3) provider evaluates and counter-signs into an Agreement. ODIN generates Set policies by default: The starting point before any specific consumer is known. Offer, Request, and Agreement support the full workflow that arrives once parties are identified.

Constraints: precision without programming

An ODRL rule without constraints is binary: the action is either permitted or it is not. Constraints are the mechanism for expressing everything in between. They are the reason ODRL can encode policies like "employees in the EU may use this dataset for internal analytics before 2027, up to 1,000 queries per day" in a form that a machine can evaluate without human interpretation.

Every constraint is a triple: a left operand (the property being constrained), an operator (the comparison), and a right value (the bound).

odrl:dateTime odrl:lt "2027-01-01T00:00:00Z" Time-bounded permission: valid only before 1 January 2027
odrl:spatial odrl:eq "http://sws.geonames.org/6255148/" Geographic constraint: applies only within Europe (GeoNames URI)
odrl:purpose odrl:isA ex:InternalAnalytics Purpose constraint: permitted only for internal analytics use
odrl:count odrl:lteq "1000"^^xsd:integer Usage count limit: permission valid for at most 1,000 uses

The left operand vocabulary

ODRL defines a rich set of left operands covering time, geography, purpose, payload, party attributes, and data characteristics. The most frequently used in data governance contexts:

  • odrl:dateTime: absolute time bound (ISO 8601)
  • odrl:elapsedTime: relative duration from first use (ISO 8601 duration)
  • odrl:purpose: declared use purpose, typically a URI from a purpose taxonomy
  • odrl:spatial: geographic region, typically a GeoNames URI
  • odrl:count: maximum number of permitted uses
  • odrl:payAmount: monetary payment condition (with unit)
  • odrl:industry: industry sector of the assignee, often a NAICS or SIC code URI
  • odrl:deliveryChannel: the channel through which the asset is delivered
  • odrl:event: triggered by an external event (e.g., a regulatory event)

Logical constraints: composing conditions

Individual constraints can be combined using logical operators. A logical constraint wraps multiple atomic constraints into a compound condition.

  • odrl:and: all operand constraints must be satisfied
  • odrl:or: at least one operand constraint must be satisfied
  • odrl:xone: exactly one operand constraint must be satisfied

This makes it possible to express "use is permitted if (purpose is InternalAnalytics AND spatial is EU) OR the assignee is a VerifiedResearchInstitution" as a single machine-evaluable expression, without encoding that logic in application code where it will drift from the policy document.

The JSON-LD wire format: a complete example

The following is a realistic ODRL Agreement between a financial data provider and a buy-side consumer, granting use rights for internal analytics while prohibiting redistribution, with a market data licensing obligation and a time bound. Every concept is identified by a URI.

ODRL Agreement: financial dataset, internal analytics, time-bounded
{
  "@context":  "http://www.w3.org/ns/odrl.jsonld",
  "@type":     "Agreement",
  "uid":      "https://catalog/agreements/a91c3d27-f5e2",
  "profile":  "https://catalog/profiles/financial-data",

  // The parties to this agreement
  "assigner": { "uid": "https://providers.example/acme-data" },
  "assignee": { "uid": "https://consumers.example/buyside-fund" },

  "permission": [{
    "target": "https://catalog/datasets/equities-eod-prices",
    "action":  "use",
    "constraint": [
      {
        "leftOperand":  "purpose",
        "operator":     "isA",
        "rightOperand": "ex:InternalRiskAnalytics"
      },
      {
        "leftOperand":  "dateTime",
        "operator":     "lt",
        "rightOperand": {
          "@value": "2027-06-30T23:59:59Z",
          "@type":  "xsd:dateTime"
        }
      }
    ],
    // Duties: obligations that must be fulfilled when exercising this permission
    "duty": [
      {
        "action": "compensate",
        "constraint": [{
          "leftOperand":  "payAmount",
          "operator":     "eq",
          "rightOperand": "1500.00",
          "unit":          "http://dbpedia.org/resource/Euro"
        }]
      },
      {
        "action": "inform",
        "assignee": "https://providers.example/acme-data"
      }
    ]
  }],

  "prohibition": [
    { "target": "https://catalog/datasets/equities-eod-prices", "action": "distribute" },
    { "target": "https://catalog/datasets/equities-eod-prices", "action": "reproduce" },
    { "target": "https://catalog/datasets/equities-eod-prices", "action": "derive" }
  ]
}

Several things are worth observing about this document. The assigner and assignee are both identified by URI; no names, no email addresses, no strings that can drift. The constraint on the permission uses purpose isA ex:InternalRiskAnalytics, where ex:InternalRiskAnalytics is itself a URI that can be resolved to a definition. The duty structure demonstrates how obligations attach to permissions rather than floating free: the compensate and inform duties are only triggered when the permission is exercised.

And critically: the entire document is a valid JSON object. A consuming system does not need an ODRL library to extract the prohibitions; it can traverse the JSON. An ODRL-aware system can do full policy evaluation. This spectrum of interoperability is intentional.

Profiles: extending the core vocabulary

ODRL's core vocabulary covers a wide range of generic data governance scenarios, but domain-specific requirements (financial regulation, healthcare, data space connector policies) need additional vocabulary terms. ODRL supports this through profiles.

A profile is a document that defines extensions to the ODRL vocabulary, typically new actions or new left operands, scoped to a specific domain or system. Profiles can also restrict the policy types or constraint operators that are valid within that domain. A policy document declares its profile using the odrl:profile property.

IDSA

Eclipse Dataspace Components (IDS Usage Control)

The IDSA connector policy profile extends ODRL with idsc: prefixed actions for data space message handling; connector-to-connector data transfer constraints, usage logging requirements, and access token scoping. This is the profile used by Eclipse EDC and the International Data Spaces Association for cross-organisational data exchange.

CC

Creative Commons Licences as ODRL

Creative Commons licences (CC-BY, CC-BY-SA, CC0) are expressible as ODRL Set policies. The W3C has published a CC/ODRL mapping. This means a dataset with a CC licence can have its terms consumed by an ODRL evaluator without special-casing, and a catalog that stores CC licences as ODRL gains uniform policy evaluation across all licence types.

DCAT

DCAT-AP and dcat:hasPolicy

The W3C Data Catalog Vocabulary (DCAT) defines dcat:hasPolicy precisely as a property whose value is an ODRL policy. A DCAT-compliant catalog that populates hasPolicy with a well-formed ODRL document is therefore exposing machine-readable governance terms via a standard property understood by any DCAT consumer.

ODIN

ODIN classification-driven profile

ODIN's profile maps data classification levels (PUBLIC, INTERNAL, CONFIDENTIAL, HIGH_CONFIDENTIAL) to ODRL Set policy templates, and extends the obligation vocabulary with domain-specific duty terms (licenseMarketData, applyGDPRMasking, notifyDataOwnerBeforeAIUse) triggered by FIBO and schema.org concept mappings. These terms are resolvable via ODIN's own vocabulary endpoint.

How ODRL improves governance: six concrete mechanisms

The governance improvements from ODRL are not rhetorical. They are direct consequences of the model's properties. Here are the six that matter most in practice.

🔗
Shared vocabulary

"Distribute" means odrl:distribute everywhere. No ambiguity across team, system, or organisational boundaries.

⚙️
Machine-evaluable

Policy evaluation is a deterministic algorithm: given a policy and a proposed action, compute whether the action is permitted. No human interpretation required.

🧩
Composable

Policies reference each other by URI. An enterprise-wide prohibition can apply across all datasets without being copied, just referenced.

📋
Auditable by design

A policy is a document with a URI. It can be hashed, versioned, and time-stamped. You can prove what the policy was and what it was derived from at any point in time.

🛡️
Enforcement-ready

Any system that can read JSON can read the policy. Keycloak, OPA, API gateways, and AI tool guards can enforce the same policy terms without custom integration.

🌐
Cross-system interoperability

A policy expressed in ODRL travels with the dataset across organisational boundaries. The recipient system can evaluate it without knowing anything about the issuer's internal architecture.

The interoperability point deserves elaboration. Governance frameworks that rely on proprietary metadata schemas. A catalog's internal classification field, a pipeline's custom tags, collapse when data crosses system boundaries. The receiving system does not know what the tags mean. ODRL does not have this problem: the vocabulary is public, the semantics are defined, and any ODRL-aware system can evaluate a policy produced by any other ODRL-aware system.

"A policy that lives in a proprietary field governs one system. A policy expressed in ODRL governs every system that can read JSON-LD."

The evaluation algorithm

The ODRL Information Model specification defines a normative evaluation algorithm. Given a policy and a proposed action-party-asset triple, the evaluator:

  1. Collects all Rules from the Policy whose target matches the Asset and (if applicable) whose assignee includes the Party.
  2. Evaluates each Rule's Constraints. A Rule is active only if all its Constraints are satisfied.
  3. If any active Prohibition applies to the Action: the action is prohibited.
  4. If an active Permission applies to the Action and all its Duties are satisfiable: the action is permitted.
  5. Otherwise: the action is not permitted (the ODRL closed-world assumption; absence of permission is prohibition).

This algorithm is deterministic and requires no judgement. A conforming implementation in any language produces the same answer given the same inputs. That is what makes enforcement possible at machine scale.

How ODIN implements ODRL

ODIN's ODRL implementation takes the standard's flexibility and constrains it to a specific, practical governance model: policies are derived automatically from element classifications and vocabulary concept mappings, so that data owners do not need to author ODRL by hand.

The derivation follows a deterministic pipeline:

01

Compute dataset classification

Each logical data element has an accepted classification value. ODIN takes the most restrictive across all published elements: PUBLIC < INTERNAL < CONFIDENTIAL < HIGH_CONFIDENTIAL. One CONFIDENTIAL element makes the dataset CONFIDENTIAL, regardless of how many INTERNAL elements surround it.

02

Map classification to ODRL access level template

Each classification level maps to a baseline ODRL Set policy: a defined set of permitted actions, prohibited actions, and default obligations. CONFIDENTIAL, for example, permits odrl:use for analytics and regulatory reporting while prohibiting odrl:distribute, odrl:reproduce, and odrl:present.

03

Layer regulatory obligations from vocabulary signals

FIBO concept IRI prefixes identify regulatory domains. fibo-md mappings add a licenseMarketData duty. Dataset keywords (gdpr, mifid, emir) add applicable regulatory framework labels and corresponding compliance obligations. These stack on top of the classification baseline.

04

Return or freeze the derived policy

The derived policy is returned live on every request while the policySource is derived. When a data owner reviews and accepts the policy, it is frozen into the dataset's hasPolicy field (policySource: explicit) and only updated on explicit owner action. A fallback source means no element classifications exist; ODIN builds a minimal policy from the dataset's licence field.

The result is exposed at GET /api/v1/datasets/{id}/terms-of-use, which returns the ODRL JSON alongside a plain-English summary and a derivationDetails object documenting exactly which elements and vocabulary signals produced the policy. The dcat:hasPolicy property on the dataset entity points to the same policy document, making it discoverable through standard DCAT tooling.

From advisory to enforceable

Understanding the ODRL model makes the path from policy storage to policy enforcement concrete. ODRL was designed for enforcement. The evaluation algorithm exists precisely because the specification authors intended policies to be evaluated by machines, not read by humans.

The enforcement integration points follow naturally from the model:

  • API gateway enforcement: A gateway can call GET /datasets/{id}/terms-of-use before proxying a data request, evaluate the ODRL policy against the requesting party and intended action, and reject requests that violate prohibitions or fail constraint checks.
  • OPA policy integration: The ODRL JSON can drive an Open Policy Agent policy that evaluates the same rules as Rego. The ODRL document is the source of truth; OPA is the enforcement runtime.
  • Keycloak scope constraints: The access level from the derived ODRL policy maps directly to OAuth scopes. A CONFIDENTIAL dataset requires a scope that can only be granted to identities in the data owner's approved list, derived from the ODRL assignee Party constraint.
  • AI agent tool guards: An AI agent that calls data catalog APIs can receive the ODRL policy alongside the dataset metadata and evaluate permitted actions before constructing a query. The policy is not advisory to the agent. It is a structured input to its tool-use logic.
  • Data space connectors: In an IDS/Eclipse EDC architecture, the ODRL policy (as an Offer or Agreement) is the contract that governs connector-to-connector data transfer. Enforcement is built into the connector protocol, not bolted on separately.

None of these integration points require modifying the ODRL policy document. The same JSON-LD that a data owner accepts in the catalog UI is the input to every enforcement mechanism. That is the value of the standard: write the policy once, enforce it everywhere.

What the standard actually gives you

ODRL is not magic. A badly specified policy (wrong action vocabulary, missing constraints, no parties identified) does not improve governance just because it is expressed in JSON-LD. The standard provides the grammar; the governance work is still required to produce a policy that accurately reflects intent.

What the standard does give you is a foundation that does not rot. A custom classification scheme, a proprietary metadata field, an internal tag vocabulary; these all become technical debt the moment they cross a system boundary. An ODRL policy document can be handed to any ODRL-aware system: A partner organisation's catalog, a data space connector, an AI agent, a compliance auditor's tooling. Then, it is evaluated without translation.

Governance at scale is a vocabulary problem before it is a technology problem. The same policy intent expressed in a hundred different proprietary systems produces a hundred different enforcement behaviours. Expressed in ODRL, it produces one. The standard is the coordination mechanism that makes federated governance possible; dataset by dataset, classification by classification, as the policies accumulate into something that actually works.