{"id":20781198,"url":"https://github.com/wistefan/odrl-pap","last_synced_at":"2026-02-03T10:17:01.611Z","repository":{"id":228812738,"uuid":"774978267","full_name":"wistefan/odrl-pap","owner":"wistefan","description":"Policy Administration point to handle ODRL policies and provide their Rego-equivalent to the Open Policy Agent","archived":false,"fork":false,"pushed_at":"2026-01-21T14:06:54.000Z","size":1228,"stargazers_count":11,"open_issues_count":1,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-01-22T00:28:43.475Z","etag":null,"topics":["authorization","dataspaces","odrl","openpolicyagent","rego"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wistefan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-03-20T14:45:54.000Z","updated_at":"2026-01-21T13:57:00.000Z","dependencies_parsed_at":"2024-04-23T15:41:21.156Z","dependency_job_id":"70dbca41-c373-447e-a87c-7987a23b9870","html_url":"https://github.com/wistefan/odrl-pap","commit_stats":null,"previous_names":["wistefan/odrl-poc","wistefan/odrl-pap"],"tags_count":52,"template":false,"template_full_name":null,"purl":"pkg:github/wistefan/odrl-pap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wistefan%2Fodrl-pap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wistefan%2Fodrl-pap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wistefan%2Fodrl-pap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wistefan%2Fodrl-pap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wistefan","download_url":"https://codeload.github.com/wistefan/odrl-pap/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wistefan%2Fodrl-pap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29041057,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T10:09:22.136Z","status":"ssl_error","status_checked_at":"2026-02-03T10:09:16.814Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","dataspaces","odrl","openpolicyagent","rego"],"created_at":"2024-11-17T13:42:17.548Z","updated_at":"2026-02-03T10:17:01.593Z","avatar_url":"https://github.com/wistefan.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ODRL-PAP\n\nThe ODRL-PAP allows to configure policies written in [ODRL](https://www.w3.org/TR/odrl-model/) to be consumed by\nthe [Open Policy Agent(OPA)](https://www.openpolicyagent.org).\nTherefor it translates the ODRL in to [rego](https://www.openpolicyagent.org/docs/latest/policy-language/) equivalents\nand offers them via the [bundles-endpoint](https://www.openpolicyagent.org/docs/latest/management-bundles/).\nIt uses the following architecture:\n![architecture](./doc/odrl-pap.jpg)\n\n- [API](#api)\n- [Enforcement](#enforcement)\n- [Translation](#translation)\n - [mapping.json](#the-mappingjson)\n- [Running the application](#running-the-application)\n - [Locally](#locally)\n - [Getting familiar with policies](#getting-familiar-with-policies)\n - [Try out some policies](#try-out-some-policies)\n - [Gaia-X ODRL-Profile](#gaia-x-odrl-profile)\n- [Configuration](#configuration)\n- [Creating a native executable](#creating-a-native-executable)\n\n## API\n\nThe ODRL-PAP offers two APIS\n\n* the Policy-API to manage policies in ODRL: [OpenAPI](./api/odrl.yaml)\n* the Bundle-API to offers bundles for OPA: [OpenAPI](./api/bundle.yaml)\n * the `methods`-bundle: It contains the rego-equivalent to certain odrl-classes.\n The [rego.methods-folder](src/main/resources/regomethods/methods) contains the initial set of methods. It can be\n overwritten by providing methods in a folder at `paths.rego`\n * the `policies`-bundle: It contains the actual policies and the `main`-policy, combining all configured policies.\n All\n request have to be evaluated against the `main` policy.\n * the `data`-bundle: Contains additional data to be taken into account for the evaluation.\n\n## Enforcement\n\nTo actually enforce policies, a Policy-Enforcment-Point is required. This role can in principle be taken by any\nOPA-compatible component.\nWe recommend (and test) the usage of [Apisix](https://apisix.apache.org/) for that. Apisix is an OpenSource API-Gateway,\nthat has a built-in plugin to connect OPA.\nSee the [it-test Apisix-Chart](./charts/apisix) for an example configuration.\n\nAlternative options are:\n\n* [Kong](https://konghq.com): provides an OPA-Plugin for payed-usage, format is supported by the ODRL-PAP\n* [Envoy](https://www.envoyproxy.io/): Just a proxy, no API-Gateway functionality, supports OPA integration\n\n## Translation\n\nThe translation between ODRL and Rego is based on the [mapping-file](src/main/resources/mapping.json). It contains the\nmapping between evaluatable\nODRL-classes(see [OdrlAttribute.java](./src/main/java/org/fiware/odrl/mapping/OdrlAttribute.java) for all options) and a\nmatching rego-method.\nClasses are mapped depending on their namespace and method. It allows to create domain-specific instances of\nodrl-classes(see [dome rego-methods](src/main/resources/regomethods/methods) as example)\nand map them to a method.\n\nThe ODRL-PAP loads an initial set of methods on startup, that can be used to create policies. Its seperated in 3 main\npackages:\n\n* [utils](./src/main/resources/rego/utils): Contains methods to access the request and its parts. Currently it supports\n the inport format of [apisix](./src/main/resources/rego/utils/apisix.rego)\n and [kong](./src/main/resources/rego/utils/kong.rego)\n* [odrl](./src/main/resources/rego/odrl): Contains standard methods to work with odrl. It supports the\n classes ```action```, ```assignee```, ```leftOperand```, ```operand```, ```rightOperand```, and ```target```. Check\n the individual files for the concrete methods.\n* [dome](./src/main/resources/rego/dome): In order to support the DOME use-case, a number of DOME-specific methods is\n provided. Check the individual method files for details.\n\nSee the [method-documentation](./doc/REGO.md) for all available methods.\n\nThe set of methods can be extended by providing packages at the path configured at ```paths.rego``` in\nthe [application.properties](./src/main/resources/application.properties). ODRL-PAP will scan the given folder for files\nwith the ```.rego``` extension\nand offer them as part of the policies-bundle. In case of providing packages that are already included in the defaults,\nit will overwrite them with the newly provided one.\n\n### The mapping.json\n\nThe [mapping.json](./src/main/resources/mapping.json) provides a mapping between ODRL Classes and the corresponding\nrego-methods.\nIts keyed by the [ODRL-Attribute](src/main/java/org/fiware/odrl/mapping/OdrlAttribute.java) and contains its (\nnamespaced) implementations.\nThe mapping needs to contain the ```regoPackage```(to be used for the import statement) containing the actual method and\nthe method-invocation.\nTo create an invocation, the input-parameters need to be taken into account. As of now, the class:\n\n- ```operator``` requires two parameters\n- ```operand``` requires one parameter\n- ```assignee``` requires one parameter\n- ```target``` requires one parameter\n- all other require none\n\nThe parameters need to be defined with the ```%s``` placeholder. The methods can use other methods as input(f.e. from\nthe ```helper```) but no additional parameter replacement.\n\nThe mapping.json can be extended via a mapping file, configured at ```paths.mapping```. If provided, all contents will\nbe added to the default mapping. Existing keys will be overwritten, e.g. the provided one superseeds the defaults.\n\n## Running the application\n\n### Locally\n\nTo run the application together with OPA, start an instance of OPA via:\n\n```shell\ndocker run -p 8181:8181 --network host -v $(pwd)/src/test/resources/opa.yaml:/opa.yaml openpolicyagent/opa:1.2.0 run --server -c /opa.yaml\n```\n\nIt will mount the OPA config-file under [src/test/resources/opa.yaml](/src/test/resources/opa.yaml) and start OPA at\nport 8181. This config tries to\nconnect to the ODRL-PAP at localhost:8080, thus the container needs to be in the host-network. It will start to poll\nbundles at http://localhost:8080/bundles/service/v1/\u003cpolicies.tar.gz|bundles.tar.gz\u003e\n\nThe database:\n\n```shell\ndocker run -p 5432:5432 --network host -e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=postgres -e POSTGRES_DB=pap postgres\n```\n\nand the application:\n\n```shell\n./mvnw compile quarkus:dev -Dquarkus.http.port=8081\n```\n\nTo start it for debugging(attach to 5005), use:\n\n```shell\n./mvnw compile quarkus:dev -Dquarkus.http.port=8081 -Dsuspend\n```\n\n### Getting familiar with policies\n\nThe project aims to take [ODRL Policies](https://www.w3.org/TR/odrl-model/) and execute them using\nthe [Open Policy Agent](https://www.openpolicyagent.org).\n\nIn order to get familiar with the languages and tools, see [test/examples](src/test/resources/examples).\n\n### Try out some policies\n\nTo try it out, create a policy:\n\n```shell\ncurl -X PUT http://localhost:8081/policy/test -H 'Content-Type: application/json' -d '{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\",\n \"dc\": \"http://purl.org/dc/elements/1.1/\",\n \"dct\": \"http://purl.org/dc/terms/\",\n \"owl\": \"http://www.w3.org/2002/07/owl#\",\n \"rdfs\": \"http://www.w3.org/2000/01/rdf-schema#\",\n \"skos\": \"http://www.w3.org/2004/02/skos/core#\",\n \"dome\": \"https://www.dome-marketplace.org/\",\n \"dome-op\": \"https://github.com/DOME-Marketplace/dome-odrl-profile#\"\n },\n \"@id\": \"https://dome-marketplace.org/policy/common/_1000\",\n \"@type\": \"odrl:Policy\",\n \"odrl:profile\": \"https://github.com/DOME-Marketplace/dome-odrl-profile/blob/main/dome-op.ttl\",\n \"odrl:permission\": {\n \"odrl:assigner\": {\n \"@id\": \"https://www.dome-marketplace.org/\"\n },\n \"odrl:target\": \"urn:ngsi-ld:product-offering:62d4f929-d29d-4070-ae1f-9fe7dd1de5f6\",\n \"odrl:assignee\": \"did:web:test.org\",\n \"odrl:action\": {\n \"@id\": \"odrl:read\"\n }\n },\n \"rdfs:isDefinedBy\": {\n \"@id\": \"dome:\"\n }\n}' \n```\n\nThe policy allows an organization \"did:web:test.org\" to \"read\"(e.g. GET) the entity \"urn:ngsi-ld:product-offering:\n62d4f929-d29d-4070-ae1f-9fe7dd1de5f6\".\n\nAfter the polling period, the policy can be tested as following:\n\n```shell\ncurl -X POST http://localhost:8181/ -H 'Content-Type: application/json' -d '{\n\"request\": {\n \"method\": \"GET\",\n \"path\": \"urn:ngsi-ld:product-offering:62d4f929-d29d-4070-ae1f-9fe7dd1de5f6\",\n \"headers\": {\n \"authorization\" : \"Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqLUVQbXUwdUdUTmZxMDZSTGtYVllQbHpoaXI5T25MeE1sZ214RmplZjk0In0.eyJqdGkiOiJteVRlc3RUb2tlbiIsImlzcyI6ImRpZDp3ZWI6dGVzdC5vcmciLCJ2ZXJpZmlhYmxlQ3JlZGVudGlhbCI6eyJ0eXBlIjpbXSwiaXNzdWVyIjoiZGlkOndlYjp0ZXN0Lm9yZyIsImlkIjoidXJuOm15LWlkIiwiY3JlZGVudGlhbFN1YmplY3QiOnsicm9sZXNBbmREdXRpZXMiOlt7InRhcmdldCI6ImRpZDp3ZWI6dGVzdC5vcmciLCJyb2xlTmFtZXMiOlsiT3duZXIiXX1dfX19.GOesKINcyTwtkzvF9ZnZKnrNaBbzsTezrraRv6ou_Tboy9IzVmtU59o7dFxx8vHm9teuALeziqtXv4ViMTv_vnC2QcLCL9rSTfshMVeothH3SzGJ2Jb3-JUZ6Bmkpv_L5YkQCnxVBzCOnBH7Kfe3JpGwtwbI5bV0udmvyc_bXMz2SxUW9e5bYPV2WZIH06LZAk5yDPyZ4gwVKZGV1bGW-qVeI2DaQupGdeLW8ZzF4o7DGU0hhyLfuwXE6nVQUac6h8Remry1NTa99UCmSMkpICW3l8Z5kBKieek2C2mKeWu4KC5SzdTdkiG7n9_vOR7zjcfCtCuwvKdRFIcaVXN8oQ\"\n }\n }\n}'\n```\n\nThe rule would evaluate to ```true```, thus the request is accepted. If f.e. the method is changed to ```PUT```:\n\n```shell\ncurl -X POST http://localhost:8181/ -H 'Content-Type: application/json' -d '{\n\"request\": {\n \"method\": \"PUT\",\n \"path\": \"urn:ngsi-ld:product-offering:62d4f929-d29d-4070-ae1f-9fe7dd1de5f6\",\n \"headers\": {\n \"authorization\" : \"Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqLUVQbXUwdUdUTmZxMDZSTGtYVllQbHpoaXI5T25MeE1sZ214RmplZjk0In0.eyJqdGkiOiJteVRlc3RUb2tlbiIsImlzcyI6ImRpZDp3ZWI6dGVzdC5vcmciLCJ2ZXJpZmlhYmxlQ3JlZGVudGlhbCI6eyJ0eXBlIjpbXSwiaXNzdWVyIjoiZGlkOndlYjp0ZXN0Lm9yZyIsImlkIjoidXJuOm15LWlkIiwiY3JlZGVudGlhbFN1YmplY3QiOnsicm9sZXNBbmREdXRpZXMiOlt7InRhcmdldCI6ImRpZDp3ZWI6dGVzdC5vcmciLCJyb2xlTmFtZXMiOlsiT3duZXIiXX1dfX19.GOesKINcyTwtkzvF9ZnZKnrNaBbzsTezrraRv6ou_Tboy9IzVmtU59o7dFxx8vHm9teuALeziqtXv4ViMTv_vnC2QcLCL9rSTfshMVeothH3SzGJ2Jb3-JUZ6Bmkpv_L5YkQCnxVBzCOnBH7Kfe3JpGwtwbI5bV0udmvyc_bXMz2SxUW9e5bYPV2WZIH06LZAk5yDPyZ4gwVKZGV1bGW-qVeI2DaQupGdeLW8ZzF4o7DGU0hhyLfuwXE6nVQUac6h8Remry1NTa99UCmSMkpICW3l8Z5kBKieek2C2mKeWu4KC5SzdTdkiG7n9_vOR7zjcfCtCuwvKdRFIcaVXN8oQ\" }\n }\n}\n```\n\nIt evaluates to false and is denied.\n\n### Gaia-X ODRL-Profile\n\nAs part of [Gaia-X](https://gaia-x.eu/), an [ODRL-Profile](https://gitlab.com/gaia-x/lab/policy-reasoning/odrl-verifiable-credential-ontology-mapping) focusing on Verifiable Credentials was created.\nThe ODRL-PAP supports the profile per default, see the [rego-mappings](./src/main/resources/rego/gaia-x). \n\nAn example policy could be created as following:\n```shell\ncurl -X PUT http://localhost:8081/policy/test -H 'Content-Type: application/json' -d '{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\",\n \"dc\": \"http://purl.org/dc/elements/1.1/\",\n \"ovc\": \"https://w3id.org/gaia-x/ovc/1/\",\n \"rdfs\": \"http://www.w3.org/2000/01/rdf-schema#\",\n \"dome\": \"https://www.dome-marketplace.org/\"\n },\n \"@id\": \"https://dome-marketplace.org/policy/common/_1000\",\n \"@type\": \"odrl:Policy\",\n \"odrl:profile\": \"https://github.com/DOME-Marketplace/dome-odrl-profile/blob/main/dome-op.ttl\",\n \"odrl:permission\": {\n \"odrl:assigner\": {\n \"@id\": \"https://www.mp-operation.org/\"\n },\n \"odrl:target\": \"urn:ngsi-ld:product-offering:62d4f929-d29d-4070-ae1f-9fe7dd1de5f6\",\n \"odrl:assignee\": \"did:web:test.org\",\n \"odrl:action\": {\n \"@id\": \"odrl:read\"\n },\n \"ovc:constraint\": [{\n \"ovc:leftOperand\": \"$.credentialSubject.gx:legalAddress.gx:countrySubdivisionCode\",\n \"odrl:operator\": \"odrl:anyOf\",\n \"odrl:rightOperand\": [\n \"FR-HDF\",\n \"BE-BRU\"\n ],\n \"ovc:credentialSubjectType\": \"gx:LegalParticipant\"\n }]\n }\n}' \n```\n\nThe policy allows an organization \"did:web:test.org\" to \"read\"(e.g. GET) the entity \"urn:ngsi-ld:product-offering:\n62d4f929-d29d-4070-ae1f-9fe7dd1de5f6\" if they are a LegalParticipant located in either \"FR-HDF\" or \"BE-BRU\".\n\nAfter the polling period, the policy can be tested as following:\n\n```shell\ncurl -X POST http://localhost:8181/ -H 'Content-Type: application/json' -d '{\n\"request\": {\n \"method\": \"GET\",\n \"path\": \"urn:ngsi-ld:product-offering:62d4f929-d29d-4070-ae1f-9fe7dd1de5f6\",\n \"headers\": {\n \"authorization\" : \"Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJWX25oamp6R01ReHR2c05vdzV2anFoWWowMU9hNExEVTNfNWNQajdhWjdjIn0.eyJqdGkiOiJteVRlc3RUb2tlbiIsImlzcyI6ImRpZDp3ZWI6dGVzdC5vcmciLCJ2ZXJpZmlhYmxlQ3JlZGVudGlhbCI6eyJ0eXBlIjpbXSwiaXNzdWVyIjoiZGlkOndlYjp0ZXN0Lm9yZyIsImlkIjoidXJuOm15LWlkIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiZ3g6bGVnYWxBZGRyZXNzIjp7Imd4OmNvdW50cnlTdWJkaXZpc2lvbkNvZGUiOiJCRS1CUlUifSwidHlwZSI6Imd4OkxlZ2FsUGFydGljaXBhbnQifX19.atRNw6m3-LmH09P52R37JqPjEfNX_jnjkljRrCJZPdCikHQhK6K673SS3tWNLILz9JtzRIf0ZCfonokujRne0z49CIIhrBYiA4MAh3bHDZET9PI2RKiWvx3YgPGdXKvRO1OtEhGHD1P8xQwGplUI4wyth6lY4N7_IyKfXIItidY-K5uhjQk6nyu1dPfxK2OHEQKQfb-4LgMteuOLYbw5eS7Q-Vv1hMUiYnbgk5GsyDA65r9LN1tlfSEP-ql37MmUG2SUeD0oKRK4RgL7i11QMlpGg4tJ9zDVtAP5VbFnktbioMmt9Vjq3-4-r23hUvC2mpXBwvxDveklWuZeRHfirQ\"\n }\n }\n}'\n```\n\nWhen requesting with another countryCode(f.e. \"DE-BER\"), it will be false:\n\n```shell\ncurl -X POST http://localhost:8181/ -H 'Content-Type: application/json' -d '{\n\"request\": {\n \"method\": \"GET\",\n \"path\": \"urn:ngsi-ld:product-offering:62d4f929-d29d-4070-ae1f-9fe7dd1de5f6\",\n \"headers\": {\n \"authorization\" : \"Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJJQ05wTDBEZ2RIcmZseFFlb3JmelVtWEtlbHlsdm9HYzVMVHhid1VabndNIn0.eyJqdGkiOiJteVRlc3RUb2tlbiIsImlzcyI6ImRpZDp3ZWI6dGVzdC5vcmciLCJ2ZXJpZmlhYmxlQ3JlZGVudGlhbCI6eyJ0eXBlIjpbXSwiaXNzdWVyIjoiZGlkOndlYjp0ZXN0Lm9yZyIsImlkIjoidXJuOm15LWlkIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiZ3g6bGVnYWxBZGRyZXNzIjp7Imd4OmNvdW50cnlTdWJkaXZpc2lvbkNvZGUiOiJERS1CRVIifSwidHlwZSI6Imd4OkxlZ2FsUGFydGljaXBhbnQifX19.GwcYOc5SMpKmu8BAH_H_K_fkYGMqnF6hJcaDBp0B7lc0qU3GbjfPvqsfckpPt5ZyociMX--v8w3Ai2QdowTVOW2mIpG9C25cgl1pQjo3-2-wyjuLHYaUoSt3PjQJyR2cjvEk1sdw-Ocanng1XLOEyK9hbduskB0RoWLUMqRW-4tzxuaz8nbDjFmh8O6M4KC3qryIjvXoLMcMYV5oRYE5hjBo7j4ahJ7c7z4uqWMRw-gGau3M81kOgIfIiZHfbuAxG50wMypIgzImAGD9Bq6naq1PVCI8kq8IADIiqI0QsZkec_NdISss2ZF-UntSGM41JPT0_ohpYNkLkATBUVpzsw\"\n }\n }\n}'\n```\n\n### JSON-LD\n\nThe policies are provided in Json-LD. In order to be properly translated, they need to be compacted, containing namespace prefixes. E.g.:\n```json\n{\n \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n \"assigner\": \"someone\",\n \"assignee\": \"someoneelse\",\n \"target\": \"my-asset\",\n \"uid\": \"my-policy\",\n \"permission\": [...]\n}\n```\nshould become: \n```json\n{\n \"odrl:assigner\": \"someone\",\n \"odrl:assignee\": \"someoneelse\",\n \"odrl:target\": \"my-asset\",\n \"@id\": \"my-policy\",\n \"odrl:permission\": [...]\n}\n```\nIn order to do so, the incoming policies are first expanded according to their context:\n```json\n{\n \"http://www.w3.org/ns/odrl/2/assignee\": [\n {\n \"@id\": \"someoneelse\"\n }\n ],\n \"http://www.w3.org/ns/odrl/2/assigner\": [\n {\n \"@id\": \"someone\"\n }\n ],\n \"http://www.w3.org/ns/odrl/2/permission\": [...],\n \"http://www.w3.org/ns/odrl/2/target\": [\n {\n \"@id\": \"my-asset\"\n }\n ],\n \"@id\": \"my-policy\"\n}\n```\n\nAnd then compacted with the compaction-context. The default context only handles \"odrl\"-prefixes(see [compaction-context.jsonld](./src/main/resources/compaction-context.jsonld)). \nIf a more complex context is required, provide it by setting the ```paths.compactionContext``` to the custom context file.\n\n## Configuration\n\nSince the [Quarkus Framework](https://quarkus.io) is used, its standard configuration methods can be used.\nSee [https://quarkus.io/guides/config](https://quarkus.io/guides/config) for a detailed documentation.\n\nThe most important parameters are listed in the table below:\n\n| Property | Env-Var | Description | Default |\n|----------------------------------|----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------|\n| general.organization-did | GENERAL_ORGANIZATION_DID | Did of the organization running the pap. Is used for evaluating roles in the DOME use-case(see [dome-op:role](./src/main/resources/rego/dome/leftOperand.rego)) | null |\n| general.pep | GENERAL_PEP | The PEP to be supported. Will decide about the input format used for the policies. Currently ```apisix``` and ```kong``` are supported. | ```apisix``` |\n| quarkus.datasource.username | QUARKUS_DATASOURCE_USERNAME | Username to be used for connecting the database. | ```postgres``` |\n| quarkus.datasource.password | QUARKUS_DATASOURCE_PASSWORD | Password to be used for connecting the database. | ```postgres``` |\n| quarkus.datasource.jdbc.url | QUARKUS_DATASOURCE_JDBC_URL | Connection string to the DB, only postgres is supported at the moment. | jdbc:postgresql://localhost:5432/pap |\n| paths.mapping | PATHS_MAPPING | Path to an additional mapping.json | null |\n| paths.rego | PATHS_REGO | Path to additional rego packages. | null | \n| quarkus.rest-client.opa_yaml.url | QUARKUS_REST_CLIENT_OPA_YAML_URL | Address of the OpenPolicyAgent to be used for validation. Its recommended to not use the same instance as for policy evaluation to not conflict wiht the actual evaluation, | http://localhost:8181 |\n\n## Test\n\nAPI Tests can be executed via:\n\n```shell\n mvn clean test\n```\n\nIt will spin-up OPA and [MockServer](https://www.mock-server.com/) to test policy creation through the ODRL-PAP.\n\nThe IT-Tests are intended to be as close to a production environment as possible. Therefor, create the (native) image\nfirst:\n\n```shell\n mvn clean package -Dnative -Dquarkus.container-image.build=true\n```\n\nThe image will automatically be copied to the k3s-cluster, running the tests. Start the tests via:\n\n```shell\n mvn clean install -Pk8s-it\n```\n\nThe test will spin up a k3s-cluster, with the ODRL-PAP, an instance of OPA, a MockServer to provide the request target\nand [Apisix](https://apisix.apache.org/) as the Policy-Enforcement-Point.\nIf you want to use such environment for development, use:\n\n```shell\n mvn clean install -Pdev\n```\n\n## Creating a native executable\n\n\u003e :warning: If you add any rego-resource, execute ```./scripts/create-rego-resource-list.sh``` first. It updates the\n\u003e list\n\u003e of rego-resource, so that the native application can access them properly.\n\nYou can create a native executable using:\n\n```shell script\n./mvnw package -Dnative\n```\n\nOr, if you don't have GraalVM installed, you can run the native executable build in a container using:\n\n```shell script\n./mvnw package -Dnative -Dquarkus.container-image.build=true\n```\n\nYou can then execute your native executable with: `./target/odrl-poc-1.0.0-SNAPSHOT-runner`\n\nIf you want to learn more about building native executables, please consult https://quarkus.io/guides/maven-tooling.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwistefan%2Fodrl-pap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwistefan%2Fodrl-pap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwistefan%2Fodrl-pap/lists"}