sensitive to privacy? Being W3C de facto standard to
describe things, we adopt the World-of-Things Thing
Description (WoT TD) to concretize this blend.
WoT TD abstracts a thing, whether physical or
virtual, into an entity that would logically reside
in an ecosystem of things and would engage in in-
teractions with these things. To blend ODRL with
WoT TD, we proceed with (i) examining separately
the model of each specification, (ii) identifying poten-
tial overlaps/correspondences between the 2 models’
constructs, and finally, (iii) using these constructs to
make WoT TD-based things sensitive to ODRL-based
rights and duties. Section 2 is an overview of IoT,
ODRL, and WoT TD. Section 3 is the core of the paper
by presenting a case study and conceptualizing and
operationalizing the blend of ODRL with WoT TD for
an IoT sensitive to privacy. Section 4 concludes the
paper and discusses future work.
2 BACKGROUND
This section presents IoT, ODRL, and WoT TD.
2.1 Overview of IoT
A good number of works on IoT exist, which in fact
does not help define IoT from a unique perspective
(e.g., (Abdmeziem et al., 2016), (Barnaghi and Sheth,
2016), and (Taivalsaari and Mikkonen, 2017)). For
illustration, Abdmeziem et al. present IoT character-
istics and enabling technologies (Abdmeziem et al.,
2016). The former include distribution, interoperabil-
ity, scalability, resource scarcity, and security. And,
the latter include sensing, communication, and actu-
ating, and are mapped onto a 3-layer IoT architecture
referred to as perception, network, and application.
In (Barnaghi and Sheth, 2016), Barnaghi and Sheth
discuss IoT’s requirements and challenges. Require-
ments are related to quality, latency, trust, availabil-
ity, reliability, and continuity that should impact effi-
cient access and use of IoT data and services. And,
challenges result from today’s IoT ecosystems that
feature billions of dynamic things that make existing
search, discovery, and access techniques inappropri-
ate for IoT data and services. Finally, Qin et al. define
IoT from a data perspective as “In the context of the
Internet, addressable and interconnected things, in-
stead of humans, act as the main data producers, as
well as the main data consumers. Computers will be
able to learn and gain information and knowledge to
solve real world problems directly with the data fed
from things. As an ultimate goal, computers enabled
by the Internet of Things technologies will be able to
sense and react to the real world for humans” (Qin
et al., 2016).
2.2 Overview of ODRL
ODRL is an example of Rights Expression Lan-
guages (REL) that provides a flexible and interop-
erable information model, vocabulary, and encoding
mechanisms to represent statements about the poten-
tial uses of assets. An asset is an identifiable resource
(or collection of resources) such as data/information,
content/media, applications, and services. The ODRL
information model is available at www.w3.org/TR/
odrl-model and whose main constructs are:
• Policy could include one to many permission, pro-
hibition, or duty rules. First, Permission allows an
action over an asset if all constraints are satisfied
and all duties are fulfilled. Second, Prohibition
disallows an action over an asset if all constraints
are satisfied. And, Duty is the obligation to exer-
cise an action that over an asset or not.
• Party is an entity or collection of entities that
could correspond to a person, group of persons,
organisation, or agent. A party can fulfill differ-
ent roles including assigner (issuer of the rule),
and assignee (recipient of the rule),
• Constraint is used to refine the specification of an
action and a party/asset collection or to declare
conditions applicable to a rule.
In JSON-LD Listing 1, the assigner (line 6) in
charge of an asset, movie1 (line 5), refers to a pol-
icy labelled as agreement (line 3) consisting of one
permission rule and one prohibition rule. The per-
mission rule (line 4) that is concerned with display
action (line 8) that an assignee, smart TV (line 7),
will execute subject to satisfying the constraint of
not enabling the permission rule for more than
4 hours (lines 10-13). The prohibition rule (line 14)
that is concerned with digitize action (line 18) that is
associated with the same assignee (line 17). Should
the assignee execute this action, then the remedy
would be to apply the action anonymize (line 20) to
the asset that is movie1 (line 21).
Listing 1: Excerpt of movie’s ODRL specification.
1 {" @c o n t e xt ": " htt p : // w ww . w 3 . or g / ns / o drl . js o n ld "
,
2 " ui d ": " ht t p : // e x a m ple . co m / p o licy : 0 1 " ,
3 " @ typ e " : " A g r e e ment " ,
4 " p e r m i ssion " : [{
5 " ta r get " : " htt p : // ex a m ple . co m / a sse t : mo v ie 1 ",
6 " as s i g ner ": " h ttp : // exa m p l e . c om / Mo v ie 1 P art y :
org " ,
7 " as s i g nee ": " h ttp : // exa m p l e . c om / sma rt - TV " ,
ICSOFT 2023 - 18th International Conference on Software Technologies
234