Representing internal access policies with ODRL

A standalone repository can hold sensitive personal data requiring mediated access. The target persona might be a data manager in a high profile research group that conducts health studies. The group is committed to providing ‘secondary access’ to other research groups to build collaborative networks and optimise reuse and impact of data they have collected. The data manager wants make the access processes visible with policies that ensure consistent, efficient processing of access requests, and provide standardised policy types that support automation of access workflows. The research group wants to start with a single policy for its clinical trial datasets (assets) that makes it clear that these datasets are available for secondary use by other academic users. The research group also wishes to specify actions that can be performed on those assets by end users (e.g. access for academic researchers for a specific research question to the full dataset in a trusted research environment (TRE) ).