Expand description
§typesec-odrl
ODRL (Open Digital Rights Language, W3C) policy engine.
ODRL is a richer policy model than RBAC — rules can carry constraints that are evaluated at check time (e.g., “only allowed before 2027-01-01”, “only for purpose=analytics”). This makes ODRL well-suited to AI agent scenarios where access is conditional on context, not just identity.
§ODRL Concepts
- Policy — container, has a UID and type (
Set,Offer,Agreement). - Rule — a
permission,prohibition, orduty. - Action — what the rule applies to (maps to our
Permission::name()). - Constraint — a runtime condition that must hold for the rule to apply.
§Audit Trail
Every check() call emits a structured tracing::info! event with the
policy UID, rule type, constraint evaluation results, and final verdict.
This gives a full audit trail for compliance and forensics.
Re-exports§
pub use engine::OdrlEngine;pub use model::OdrlConstraint;pub use model::OdrlPolicy;pub use model::OdrlRule;pub use model::OdrlRuleType;pub use model::RuleAction;
Modules§
- audit
- Audit log types for ODRL policy decisions.
- constraint
- Constraint evaluation for ODRL rules.
- engine
- ODRL policy engine — implements
PolicyEnginefor anOdrlDocument. - model
- Serde data model for ODRL YAML policies.