doc(policies): add policy description in tractusx-edc

[BenediktSR]

WHAT

Add new policy description to tractusx-edc

WHY

There are many policy descriptions scattered around. The aim is to have a description that describes everything you need to know about policies in Catena-X. The destination of this description should be the tractusx-edc repository.

FURTHER NOTES

Closes #701

[github-actions]

This pull request is stale because it has been open for 7 days with no activity.

[florianrusch-zf]

Just did a quick syntax check 😉

[matgnt]

Hi,

it seems sometimes LogicalConstraint is used in examples and sometimes not. Is there any reason behind?

[mhellmeier]

There are still a lot of differences between the example payloads in the document. I highlighted different weaknesses in my review.

I would strongly recommend going through the whole document and checking all payloads carefully, if they are consistent and aligned with the other ones presented.

[github-actions]

This pull request is stale because it has been open for 7 days with no activity.

[stephanbcbauer]

@BenediktSR Do you need support?

[github-actions]

This pull request is stale because it has been open for 7 days with no activity.

[github-actions]

This pull request was closed because it has been inactive for 7 days since being marked as stale.

[mhellmeier]

Reopen as the inactivity might be related to the Christmas holiday season.

[arnoweiss]

Please check for redundancy to this PR:
#953

[github-actions]

This pull request is stale because it has been open for 7 days with no activity.

[github-actions]

This pull request was closed because it has been inactive for 7 days since being marked as stale.

[ndr-brt]

I'm obviously incapable of properly using the dash-licence-tool. Here's what I tried:

1. push, copy output from failed pipeline, paste, commit, push --> error
2. copy from main, commit, push --> error
3. run ./gradlew allDependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s]+" | sort | uniq | java -jar ./build/libs/dash.jar - -summary DEPENDENCIES after having downloaded the jar to ./build/libs, commit, push --> error

Any ideas or a quick fix?

yes, we noticed that on different machines (also with the same OS!) it gives different sorting.
just open the failed check, in the console output there will be the expected dependencies file printed, just copy and paste it

[matgnt]

we should remove the not required LogicalConstraint in Usage Policies.

[arnoweiss]

I said it before and I'll say it again: The implementation can handle logical constraints. If they are discouraged, this should be laid out in normative documents, not in descriptive ones like usage docs.

[matgnt]

Then they must be able to handle both options. Example here:
eclipse-tractusx/tractusx-profiles#12

Both are ODRL compliant and have the same meaning. This is the thing that comes with ODRL ;-)

[jimmarino]

we should remove the not required LogicalConstraint in Usage Policies.

To expand on what @arnoweiss said, we will absolutely not eliminate LogicalConstraint support from the Tractus-X EDC implementation. If a use case or dataspace member has a need for logical constraints, TX-EDC will be able to support them.

That is distinct from the question of interoperability. A dataspace such as Catena-X may decide the minimum bar for interoperability is that all participants must support an atomic constraint or a logical and constraint. In that case, I'll point out two things:

1. The must-support statement does not restrict systems from implementing more than that. Most interoperability efforts I am familiar with take this approach.
2. Removing LogicalConstraint support would remove support for and constraints and any multiplicity constraint. This would mean that policies could only be authored with atomic constraints, which would be a severe limitation.

This is also distinct from supporting the multiple serialization formats. For example removing the need for specifying @type, which would default to an and constraint.

[matgnt]

Yes, I agree, we should not "remove" it from EDC. that is clear. As long as EDC does also support ODRL allowed way of describing this with:

"constraint": [
             {
              "leftOperand": "cx-policy:FrameworkAgreement",
              "operator": "eq",
              "rightOperand": "traceability:v1.0"
            },
            ...
        ]

all is good and I only would like to see this in the documentation, that users are aware they need to be able to handle both. Otherwise, we would need to restrict how ODRL can be used.
@jimmarino Do we have any issue with EDC with the given example? When I tried, I couldn't' detect one with 0.5.3

[jimmarino]

Please verify this against the latest upstream EDC implementation and if it is not supported, file an enhancement request. The issue will then need to be triaged, accepted (or rejected), and prioritized by the committers.

[matgnt]

Ok I'm giving up on this. Taking this as tx-edc setting the rules here. It must be LogicalConstraint->and , independent from what may be allowed with ODRL.

[jimmarino]

That's not what I said. As I indicated, TX-EDC will continue to support multiple logical constraint types, including specifying them in ODRL serialized as Json-Ld. It is also reasonable for upstream EDC to support not specifying @type and interpreting that as a logical and constraint. However, if that is not supported, it should be submitted as a feature request to the EDC project.

This is how Eclipse open-source projects work. It's not about "tx-edc setting the rules." It's about providing proper governance overseen by the committers.

[matgnt]

This is how Eclipse open-source projects work. It's not about "tx-edc setting the rules." It's about providing proper governance overseen by the committers.

yes, correct. not the best wording I used. Thanks for the clarification @jimmarino

[mhellmeier]

The dash license tool pipeline is still failing. Please ensure that the DEPENDENCIES file is up to date.

[paullatzelsperger]

@BenediktSR you have several open reviews. Could you re-request a review from the reviewers?
@mhellmeier thanks for pointing that out, but no need to request changes IMO. That is usually used when there is significant problem in the code.

[BenediktSR]

As Arno has already said, there are always ongoing discussions on this topic. Arno is looking into this. He has agreed to revise the passages. Thanks a lot!!!

[github-actions]

This pull request is stale because it has been open for 7 days with no activity.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[mhellmeier]

Thanks for fixing the mentioned issues and open points!

[mhellmeier]

(Approval related to my mentioned point of the outdated DEPENDENCIES file which has been solved)

[ndr-brt]

I re-requested review to the ones that commented but not approved, my proposal would be to merge this by tomorrow EOB if no one is against it, 4 months are an huge amount of time for a PR to stay open, further fixes can be done after then.

[ndr-brt]

there we go

[arnoweiss]

thanks - I agree that PRs should never stay open for this long. it fell victim to uncoordinated improvement efforts for the docs. glad it's merged now. we'll do better in the future.

[BenediktSR]

Tanks a lot guys, especially to Arno, who took the lead at the end. Yes, I think it was another learning experience for us!