Modeling and Managing Temporal Obligations in GUCON Using SPARQL-star and RDF-star
Ines Akaichi, Giorgos Flouris, Irini Fundulaki, Sabrina Kirrane
TL;DR
This work addresses the challenge of monitoring temporal obligations in usage control as data traverse cross-organizational boundaries. It extends GUCON with explicit temporal obligations, introducing start times $t_{start}$ and deadlines $t_{deadline}$ and grounding the approach in formal SPARQL graph-pattern semantics, implemented via RDF-star and SPARQL-star. Key contributions include a formal temporal knowledge base, extended action patterns, an Obligation State Manager, and an end-to-end prototype with evaluation demonstrating scalability for real-world knowledge graphs. By enabling continuous monitoring of obligation states against temporal usage traces, the approach supports proactive compliance and governance across domains such as healthcare and data sharing.
Abstract
In the digital age, data frequently crosses organizational and jurisdictional boundaries, making effective governance essential. Usage control policies have emerged as a key paradigm for regulating data usage, safeguarding privacy, protecting intellectual property, and ensuring compliance with regulations. A central mechanism for usage control is the handling of obligations, which arise as a side effect of using and sharing data. Effective monitoring of obligations requires capturing usage traces and accounting for temporal aspects such as start times and deadlines, as obligations may evolve over times into different states, such as fulfilled, violated, or expired. While several solutions have been proposed for obligation monitoring, they often lack formal semantics or provide limited support for reasoning over obligation states. To address these limitations, we extend GUCON, a policy framework grounded in the formal semantics of SPAQRL graph patterns, to explicitly model the temporal aspects of an obligation. This extension enables the expressing of temporal obligations and supports continuous monitoring of their evolving states based on usage traces stored in temporal knowledge graphs. We demonstrate how this extended model can be represented using RDF-star and SPARQL-star and propose an Obligation State Manager that monitors obligation states and assess their compliance with respect to usage traces. Finally, we evaluate both the extended model and its prototype implementation.