This document presents CaLi, a lattice-based model for ordering licenses based on compatibility. CaLi defines restrictiveness lattices for license statuses and actions. It identifies valid and compatible licenses using constraints. CaLi can partially order licenses to determine compatibility and compliance. It has been implemented in an algorithm and license search engine to facilitate reuse of licensed resources. Future work includes extending CaLi to account for other license aspects and compatibility relations.
Modelling the compatibility of licenses - ESWC2019
1. Photo by jhonnie Shannon on Pixabay
MODELLING THE
COMPATIBILITY OF
LICENSES
Benjamin Moreau,
Patricia Serrano-Alvarado,
Matthieu Perrin and
Emmanuel Desmontils
ESWC 2019 - June 2019 - Portorož
1
2. INTRODUCTION
2
The Web facilitates the combination of resources:
linked data, source code, Web services.
Resource producers use licenses to protect their
resources.
Licenses specify the conditions of reuse of resources, i.e.,
what actions are permitted, obliged, prohibited, etc.
3. RDF LICENSE
3
:cc-by-nc4.0 a odrl:Policy ;
rdfs:label "CC BY-NC";
...
odrl:permission
[odrl:action
cc:Distribution,
cc:Reproduction,
cc:DerivativeWorks;];
odrl:duty
[odrl:action
cc:Notice,
cc:Attribution;]
odrl:prohibition
[odrl:action
cc:CommercialUse].
A license is a set of status
assigned to actions.
72 actions
12 actions
5. COMBINATION OF LICENSED RESOURCES
5
r1
r2
r3
l2
l1
l3
l3
must be compliant with l1
and l2
.
l1
and l2
must be compatible with l3
.
6. COMBINATION OF LICENSED RESOURCES
6
r1
r2
r3
l2
l1
l3
l3
must be compliant with l1
and l2
.
l1
and l2
must be compatible with l3
.
r1
and r2
are reusable with r3
.
7. COMBINATION OF LICENSED RESOURCES
7
r1
r2
r3
l2
l1
l3
l3
must be compliant with l1
and l2
.
l1
and l2
must be compatible with l3
.
r1
and r2
are reusable with r3
.
In general, l1
and l2
are less restrictive
than l3
.
8. Choosing an appropriate license
for a combined resource is a
difficult task.
The risk is either:
● to choose a license too
restrictive
● to choose a license very
permissive
MOTIVATION
8
l2
l1
l3
l5
l4
l7
l6
l8
l9
?
9. PROBLEM STATEMENT
9
l2
l1
l3
l5
l4
l7
l6
l8
l9
Given a license, how to automatically
position it over a set of licenses in
terms of compatibility and
compliance?
The challenge is to generalise the
order relation while taking into
account the semantics of actions.
11. RELATED WORKS
11
Approaches
Check
compatibility
Combine
licenses
Order licenses
in terms of
compatibility
Order
automatically
License-based tools [1-4] YES NO NO NO
License combination [7-11] YES YES NO NO
License compatibility in FOSS [12] YES NO YES NO
Lattice-based access control [13] NO NO NO YES
CaLi YES YES YES YES
[1] https://tldrlegal.com/
[2] https://creativecommons.org/choose/
[3] https://choosealicense.com/
[4] https://ccsearch.creativecommons.org/
[5] http://licentia.inria.fr/
[6] https://www.dalicc.net/
[7] G. Gangadharan, et al., “Service license composition and compatibility analysis,” in Conference on Service-Oriented Computing, 2007.
[8] S. Villata et al., “Licenses compatibility and composition in the web of data,” in Workshop on Consuming Linked Data, 2012.
[9] G. Governatori, et al., “One License to Compose Them All. A Deontic Logic Approach to Data Licensing on the Web of Data,” in Semantic Web Conference, 2013.
[10] M. Mesiti, et al., “On the Composition of Digital Licenses in Collaborative Environments,” in Conference on Database and Expert Systems Applications, Springer, 2013.
[11] V. Soto-Mendoza, et al., “Policies Composition Based on Data Usage Context,” in Workshop on Consuming Linked Data at ISWC. 2015.
[12] G. M. Kapitsaki, et al., “Automating the license compatibility process in open source software with spdx,” Journal of Systems and Software, vol. 131, pp. 386–401, 2017.
[13] R. S. Sandhu, “Lattice-based access control models,” Computer, vol. 26, no. 11, pp. 9–19, 1993.
13. CaLi, a lattice-based model that partially orders licenses
in terms of compatibility using restrictiveness relations
and constraints.
Demo of license-based search engine that orders most
used licenses in the LOD.
CONTRIBUTION
13
14. RESTRICTIVENESS AS BASIS TO ORDER LICENSES IN TERMS OF COMPATIBILITY
14
A compatibility relation is always a restrictiveness relation
But how to decide if a license is less restrictive than another?
Is an action assigned to a status less restrictive than the
same action assigned to another status?
Is a status less restrictive than another status?
15. RESTRICTIVENESS LATTICE OF STATUS
15
A lattice of status LS defines
1. all possible status S for a license
2. the restrictiveness relations ≤S
among status.
Permission
Prohibition
Permission
Recommendation
Duty
Permission
Undefined
Recommendation
Prohibition
Prohibition
Undefined
Permission
Duty
Restrictiveness
16. RESTRICTIVENESS LATTICE OF STATUS
16
A lattice of status LS defines
1. all possible status S for a license
2. the restrictiveness relations ≤S
among status.
Permission
Prohibition
Permission
Recommendation
Duty
Permission
Undefined
Recommendation
Prohibition
Prohibition
Undefined
Permission
Duty
Restrictiveness
17. A SET OF ACTIONS
17
A is a set of actions that can be used to describe licenses.
Example, A = {read, modify}
A license is a function li
: A → S
Example,
LA,LS
is the set of all licenses
li
(read)=Permission
li
(modify)=Prohibition
18. RESTRICTIVENESS LATTICE OF LICENSES
X
l1
(read)=Permission
l2
(read)=Prohibition
l1
(modify)=Permission
l2
(modify)=Prohibition
Restrictiveness 18
The set of all licenses LA,LS
partially ordered by restrictiveness.
19. RESTRICTIVENESS LATTICE OF LICENSES
19
l1
(read)=Permission
l1
(modify)=Permission
l4
(read)=Prohibition
l4
(modify)=Prohibition
l3
(read)=Permission
l3
(modify)=Prohibition
l2
(read)=Prohibition
l2
(modify)=Permission
Restrictiveness
The set of all licenses LA,LS
partially ordered by restrictiveness.
22. COMPATIBILITY CONSTRAINTS
22
Compatibility constraints identify restrictiveness relations
that are not compatibility relations.
ω→
: LA,LS
x LA,LS
→ Boolean
● True : is a compatibility relation,
● False : is not a compatibility relation
24. CALI ORDERING
24
A CaLi ordering is a tuple <A, LS, CL
, C→
> :
A is a set of actions
LS is a restrictiveness lattice of status
CL
is a set of license constraints
C→
is a set of compatibility constraints
25. IMPLEMENTATION OF CALI ORDERINGS
25
● Size growth of cali orderings is |LS||A|
● Implemented algorithm
○ n2
/2 to generate a subgraph of a CaLi ordering (O(n2
))
○ n to insert a license (O(n))
github.com/benjimor/CaLi
26. A LICENSE BASED SEARCH ENGINE
26
CaLi ordering size is |LS||A|
= 472
:
A = 72 actions from ODRL
LS = Undefined ≤S
Permission ≤S
Duty ≤S
Prohibition
CL
= {ωL1
, ωL2
,ωL3
}
C→
= {ω→1
, ω→2
}
What are the licensed resources that can
be reused under a given license?
github.com/benjimor/CaLi-Search-Engine
27. Photo by jhonnie Shannon on Pixabay
CONCLUSION AND
PERSPECTIVES
27
28. CONCLUSION
28
● CaLi, a lattice-based model
○ partially orders licenses: compatibility and compliance
○ implemented algorithm: orders a subset of licenses
○ use case: a license based search engine
● CaLi does not provided a legal advice but aims at
encouraging and facilitating the reuse of licensed
resources.
29. PERSPECTIVES
29
● Extend CaLi to take into account
○ other aspects of licenses (jurisdiction, time validity, ...).
○ compatibility relations that are not based on
restrictiveness relations.
● Define function to pass from a CaLi ordering to another.
30. Photo by jhonnie Shannon on Pixabay
30
MODELLING THE
COMPATIBILITY OF
LICENSES
THANK YOU !
ESWC 2019 - June 2019 - Portorož