This document is collaborative effort that attempts to collect all projects, tooling and implementations that work with the Open Digital Rights Language (ODRL).
The Open Digital Rights Language (ODRL) Information Model 2.2 is a W3C Recommendation to express usage control policies.
ODRL policies define who can perform which action on which resource, and under what conditions. These policies are composed of one or more rules, which are based on deontic concepts:
- Permission: explicitly allows an action. (e.g. "Alice may read Resource X on Monday, 15 September 2025, between 09:00 and 17:00.")
- Prohibition: explicitly forbids an action. (e.g. "Alice is not allowed to write to Resource X.")
- Obligation: requires an action to be fulfilled before or during usage. (e.g. "Alice must pay 5 euros in order to read Resource X.")
Orignally, ODRL was originally designed for Digital Rights Management (DRM), focusing on expressing rights and obligations for digital content. For the most recent version, the scope was thus mainly on expression: providing a common information model for representing such policies.
Since ~2020, organizations have started exploring ODRL for access and usage control enforcement. This shift created a need for software and tooling capable of evaluating ODRL policies in operational environments. For example, projects like Solid considered ODRL for data usage control (see related github issues: WAC-10, WAC-87, Solid-56, Authz), but these efforts stalled due to the lack of a formalized, systematic evaluation approach. Dataspaces also mention to use ODRL as usage control policy language for enforcement (both Gaia-X and IDSA).
Recently, significant progress has been made toward formalizing ODRL semantics. The ODRL Formal Semantics Community Group is working on standardizing the inputs required for policy evaluation, such as the state of the world, the evaluation request, and the policies themselves. In parallel, they are defining the expected outputs through the Compliance Report Model and developing a formal semantics for ODRL to ensure consistent and interoperable evaluations across different implementations. As of today (15 September 2025), these efforts are ongoing. This document aims to provide an overview of existing tools, frameworks, and approaches for ODRL policy evaluation, helping practitioners and researchers navigate the current landscape and contribute to these standardization efforts.
An ODRL Evaluator is defined as follows by the ODRL Information Model 2.2 as
A system that determines whether the Rules of an ODRL Policy expression have meet their intended action performance.
Thus, in this overview, we have added all evaluators that we know of. The table has three columns
- Name: what is the project name, with a link to the source
- Context: contains what it does (capabilities), which software language is used to implement it.
- Future work should include: the input (apart from the policies) and the output (yes/no vs compliance report vs ...)
- Authors: the group that created it and (if possible) a contact person
| Name | Context | Authors |
|---|---|---|
| ODRL Evaluator | An open implementation of an ODRL Evaluator that evaluates ODRL policies by generating Compliance Reports. Written in Node.js and Notation3 (prolog evaluated); runs in the browser |
KNoWS for the Solidlab project maintainer: Wout Slabbinck |
| Open Digital Rights Enforcement (ODRE) Framework | An open implementation of an ODRL Evaluator in multiple languages. there is ODRE for Java and ODRE for Python |
OEG from UPM maintainer: Andrea Cimmino |
| ODRL-PAP | Evaluates ODRL policies by translating them to Rego policies, which are then executed by the Open Policy Agent (OPA). Written in Java |
Created for the DOME-marketplace project |
| Odrl-manager | A library designed to facilitate the interpretation and evaluation of ODRL (Open Digital Rights Language) policies in JSON format. written in Node.js |
Prometheus-X |
| MOSAICrOWN policy engine | Parses and evaluates MOSAICrOWN policies, which uses as basis ODRL, but adds purpose as a first class citizen at rule level. Written in Python |
Created for the MOSAICrOWN project (H2020) |
| MYDATA Control Technologies | Transforms ODRL policies to the custom XML-based MYDATA policy and evaluates the latter Written in Java |
Fraunhofer |
| Gaia-X Wizard (PDP) Policy Stepper | gitlab repo; TODO: how does it work and in which language is it written | Gaia-X maintainer: Yassir Sellami |
| Polival | Policy and semantic web evaluation Written in Rust and SPAQRL |
Elbtech maintainer: Richard Stoffels |
- ODRL-Test-Suite
- Software that can execute, validate and measure the compliance of an ODRL evaluator over a set of test cases. The test case consists of inputs (a policy, a request and the state of the world) and the expected outcome (Compliance Report Model).
- Created by KNoWS for the Solidlab project (maintainer: Wout Slabbinck).
- User-Managed Access (UMA) server
- A User-Managed Access infrastructure where the Authorization Server (AS) uses the ODRL Evaluator as a Policy engine (Policy Decision Point)
- Created by KNoWS for the Solidlab project.
- FORCE specification suite
- The Framework for ODRL Rule Compliance through Evaluation (FORCE) specification suite is designed to assist in ODRL policy development and enhance comprehension of ODRL evaluation outputs. It also enables experimentation and prototyping of ODRL 3.0 proposals. The specification points to other relevant specifications for further details.
- Created by KNoWS for the Solidlab (maintainers: Wout Slabbinck and Beatriz Esteves).
- FORCE UI
- The FORCE Web editor is a user interface developed with as goal aiding understanding of ODRL Policy Evaluation and experimenting with new features for ODRL.
- Created by KNoWS for the Solidlab (maintainer: Wout Slabbinck).
- LOAMA: Low-code ODRL Access Management Application
- Web User Interface to manage ODRL policies in decentralized ecosystems. Currently only with aforementioned UMA Server
- Created by KNoWS for the Solidlab project (maintainer: Wout Slabbinck).
- Gaia-X Wizard
- A web interface that contains ODRL Policy Evaluation. It also allows you to create and sign Verifiable Presentations as well as obtaining the Verifiable Credentials that attest Gaia-X compliance.
- Maintained by Yassir Sellami
- odrl-evaluation-engine-testbed
- The ODRL Evaluation testbed provides a basic level tests for an ODRL evaluation engine.
- Maintained by Yassir Sellami
- Eclipse Dataspace Connector (EDC)
- Implementation of a Dataspace Connector as defined by the Dataspace Protocol (DSP) (see DSP in the protocols section). In the control plane (the layer that deals with the contracts over the data), ODRL is used.
- Solid Agent UCP demo
- a Web agent-based solution where an agent decomposes ODRL policies into actionable tasks (such as granting and retracting access to resources) using declarative condition-action rules and takes care of executing such tasks, by modifying the Access Control Rules of Solid resources.
- Created by KNoWS for the Solidlab project (maintainer: Wout Slabbinck).
- Dataspace Protocol (DSP)
- The Dataspace Protocol is a specification designed to facilitate interoperable data sharing between entities governed by usage control and based on Web technologies. For usage control and contracts, the ODRL Vocabulary is reused.
- Eclipse Dataspace Decentralized Claims Protocol (DCP)
- The DCP defines a set of protocols for asserting participant identities, issuing verifiable credentials, and presenting verifiable credentials using a decentralized architecture for verification and trust.
- Works orthogonally together with the DSP to solve the identity and trust gap.
- The DCP defines a set of protocols for asserting participant identities, issuing verifiable credentials, and presenting verifiable credentials using a decentralized architecture for verification and trust.
- Authorization for Data Spaces (A4DS)
- A User-Managed Access extension that uses ODRL as the policy language for usage control.
- Created by KNoWS for the Solidlab project (maintainer: Wouter Termont).
- MyData ODRL policy creator
- ODRL Shape validation
- ODRL Validation implementation
- Deontic Policy Consistency Checker
- LLM4ODRL
- ODRL2SHACL
When there is something missing in this list, feel free to add it yourself by opening a pull request.