language en

The OntoCookie ontology for semantically representing web cookies

Latest version:
https://genibushati.github.io/OntoCookie.io
Revision:
Version 1.2
Contributors:
Anelia Kurteva
Anna Fensel
Anurag Vats
Geni Bushati
Petraq Nako
Sven Carsten Rasmusen
Download serialization:
JSON-LD RDF/XML N-Triples TTL
License:
https://creativecommons.org/licenses/by/4.0/
Visualization:
Visualize with WebVowl
Cite as:
Kurteva, A., Bushati, G., Rasmusen, S. C., Vats, A., Nako, P., Fensel, A. The OntoCookie Ontology for semantically representing web cookies, Version 1.2, 2023.
Provenance of this page
Ontology Specification Draft

Introduction back to ToC

The OntoCookie ontology is a formal representation of the cookie domain in the context of the General Data Protection Regulation (GDPR)[1]. The ontology was built as a response to the lack of openly available semantic models for cookies and the need for cookie consent compliance (from a design and implementation perspectives). OntoCookie was built with Protégé [2] and currently comprises of 233 axioms, 32 classes, 11 object properties and 10 data properties.

Namespace declarations

Table 1: Namespaces used in the document
ontocookie<http://www.semanticweb.org/OntoCookie>
schema<https://www.schema.org>
wgs<http://www.w3.org/2003/01/geo/wgs84_pos>
owl<http://www.w3.org/2002/07/owl>
gn<http://www.geonames.org/ontology>
fn<http://www.w3.org/2005/xpath-functions>
xsd<http://www.w3.org/2001/XMLSchema>
rdfs<http://www.w3.org/2000/01/rdf-schema>
rdf<http://www.w3.org/1999/02/22-rdf-syntax-ns>
terms<http://purl.org/dc/terms>
xml<http://www.w3.org/XML/1998/namespace>
sesame<http://www.openrdf.org/schema/sesame>
gconsent<https://w3id.org/GConsent>
ontology<https://openscience.adaptcentre.ie/ontologies/GConsent/docs/ontology>
dc<http://purl.org/dc/elements/1.1>

OntoCookie: Overview back to ToC

This ontology has the following classes and properties.

Classes

Object Properties

Data Properties

Cross-reference for OntoCookie classes, object properties and data properties back to ToC

This section provides details for each class and property defined by OntoCookie.

Classes

Analyticsc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#Analytics

Analytics cookies or performance cookies are used to track website visitors and their user behaviour. This data is then used to improve the way the website works and in turn, used to improve user experience.
has super-classes
Purpose c

Authentication Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#AuthenticationCookie

Authentication cookies are commonly used by web servers to authenticate that a user is logged in, and with which account they are logged in.
has super-classes
Cookie c

Consentc back to ToC or Class ToC

IRI: https://w3id.org/GConsent#Consent

As per Article 4(11) of the GDPR, ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; In the case of this ontology, 'Consent' is a concept as well as a tangible entity (something that has a provenance record). To separate this distinction with relation to the data subject, the Consent class represents the consent of the data subject in its entirely, including any history and annotations for it. To link the Consent instance with the DataSubject instance, use the isConsentForDataSubject and hasConsent properties.
is in domain of
consent id dp, has status op, in medium op, is consent for data subject op
is in range of
associated with op, has consent op

Data Subjectc back to ToC or Class ToC

IRI: https://w3id.org/GConsent#DataSubject

Data Subject is defined as an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; - according to Article 4(1) of the GDPR pertaining to the definition of Personal Data. In the case of this ontology, a Data Subject refers to the person(s) as per the definition of the GDPR. Since a Data Subject is a Person, it is defined as a subclass of foaf:Person. The Data Subject is linked to the Consent instance via the isConsentForDataSubject and hasConsent properties.
is in domain of
has consent op, name dp
is in range of
is consent for data subject op

Domainc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#Domain

The 'domain' attribute signifies the domain for which the cookie is valid and can be submitted with every request for this domain or its subdomains. If this attribute is not specified, then the hostname of the originating server is used as the default value.
is in range of
has domain op

Expiredc back to ToC or Class ToC

IRI: https://openscience.adaptcentre.ie/ontologies/GConsent/docs/ontology#ConsentStatusExpired

Indicates the consent has expired.
has super-classes
Status c

Explicitly Givenc back to ToC or Class ToC

IRI: https://openscience.adaptcentre.ie/ontologies/GConsent/docs/ontology#ConsentStatusExplicitlyGiven

Indicates consent is explicitly given.
has super-classes
Status c

First Party Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#FirstPartyCookie

A first-party cookie - when a cookie's domain attribute will match the domain that is shown in the web browser's address bar.
has super-classes
Tracking Cookie c

Host Only Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#HostOnlyCookie

Host Only cookie means that the cookie should be handled by the browser to the server only to the same host/server that firstly sent it to the browser.
has super-classes
Cookie c

Http Only Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#HttpOnlyCookie

An http-only cookie cannot be accessed by client-side APIs, such as JavaScript. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS). However, the cookie remains vulnerable to cross-site tracing (XST) and cross-site request forgery (CSRF) attacks. A cookie is given this characteristic by adding the HttpOnly flag to the cookie.
has super-classes
Cookie c

Marketingc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#Marketing

Tracking track users' online activity to help advertisers deliver more relevant advertising or to limit how many times users see an ad.
has super-classes
Purpose c

Necessaryc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#Necessary

A strictly necessary cookie is a type of cookie that is used by the website to function properly, without which the site would not work.
has super-classes
Necessity c

Necessityc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#Necessity

Signifies if a cookie is necessary or optional.
has sub-classes
Necessary c, Optional c
is in range of
has necessity op

Not Givenc back to ToC or Class ToC

IRI: https://openscience.adaptcentre.ie/ontologies/GConsent/docs/ontology#ConsentStatusNotGiven

Indicates that consent has not been given.
has super-classes
Status c

Optionalc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#Optional

An optional cookie is a type of cookie that is used by the website to request optional or additional information from a website user.
has super-classes
Necessity c

Pathc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#Path

The 'path' attribute signifies the URL or path for which the cookie is valid. The default path attribute is set as '/'.
is in domain of
url dp
is in range of
has path op

Persistent Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#PersistentCookie

A persistent cookie expires at a specific date or after a specific length of time. For the persistent cookie's lifespan set by its creator, its information will be transmitted to the server every time the user visits the website that it belongs to, or every time the user views a resource belonging to that website from another website (such as an advertisement).
has super-classes
Cookie c

Profilingc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#Profiling

Cookie profiling, also called web profiling, is the use of persistent or permanent cookies to track a user's overall activity online.
has super-classes
Purpose c

Purposec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#Purpose

The purpose of the cookie.
has sub-classes
Analytics c, Marketing c, Profiling c, Service Optimisation c, Service Personalisation c, Service Provision c, Tracking c
is in domain of
is purpose for op
is in range of
has purpose op

Same Site Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#SameSiteCookie

With attribute SameSite=Strict, the browsers would only send cookies to a target domain that is the same as the origin domain.
has super-classes
Cookie c

Secure Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#SecureCookie

A secure cookie can only be transmitted over an encrypted connection (i.e. HTTPS). They cannot be transmitted over unencrypted connections (i.e. HTTP). This makes the cookie less likely to be exposed to cookie theft via eavesdropping. A cookie is made secure by adding the Secure flag to the cookie.
has super-classes
Cookie c

Service Optimisationc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#ServiceOptimisation

Aims to improve a service process that involves close interaction between customer and a web service.
has super-classes
Purpose c

Service Personalisationc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#ServicePersonalisation

Personalised service is a type of customer service tailored to the customer's individual needs.
has super-classes
Purpose c

Service Provisionc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#ServiceProvision

The provision of service is the act of giving it or making it available to users.
has super-classes
Purpose c

Session Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#SessionCookie

A session cookie (also known as an in-memory cookie, transient cookie or non-persistent cookie) exists only in temporary memory while the user navigates a website. Session cookies expire or are deleted when the user closes the web browser. Session cookies are identified by the browser by the absence of an expiration date assigned to them.
has super-classes
Cookie c

Statusc back to ToC or Class ToC

IRI: https://w3id.org/GConsent#Status

Represents the status of consent for the data subject. This allows persisting the determination of the validatity or suitability of consent (as an entity or instance) for use in processing and other activities. Examples: consent is given, consent is requested but not given, consent was withdrawn.
has sub-classes
Expired c, Explicitly Given c, Not Given c
is in range of
has status op

Super Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#SuperCookie

A supercookie is a cookie with an origin of a top-level domain (such as .com) or a public suffix (such as .co.uk). Ordinary cookies, by contrast, have an origin of a specific domain name, such as example.com.
has super-classes
Cookie c

Third Party Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#ThirdPartyCookie

A third-party cookie, however, belongs to a domain different from the one shown in the address bar.
has super-classes
Tracking Cookie c

Trackingc back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#Tracking

Tracking cookies are commonly used for legitimate marketing and advertising purposes including track the user's behavior.
has super-classes
Purpose c

Tracking Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#TrackingCookie

Tracking cookies, and especially third-party tracking cookies, are commonly used as ways to compile long-term records of individuals' browsing histories.
has super-classes
Cookie c
has sub-classes
First Party Cookie c, Third Party Cookie c

Zombie Cookiec back to ToC or Class ToC

IRI: http://www.semanticweb.org/OntoCookie#ZombieCookie

A zombie cookie is data and code that has been placed by a web server on a visitor's computer or other device in a hidden location outside the visitor's web browser's dedicated cookie storage location, and that automatically recreates a HTTP cookie as a regular cookie after the original cookie had been deleted.
has super-classes
Cookie c

Object Properties

associated withop back to ToC or Object Property ToC

IRI: http://www.semanticweb.org/OntoCookie#associatedWith

has characteristics: functional

has domain
Cookie c
associated with op exactly 1 Consent c
has range
Consent c

has consentop back to ToC or Object Property ToC

IRI: https://w3id.org/GConsent#hasConsent

Links a data subject to their consent.

has characteristics: functional

has domain
Data Subject c
has range
Consent c
is inverse of
is consent for data subject op

has domainop back to ToC or Object Property ToC

IRI: http://www.semanticweb.org/OntoCookie#hasDomain

has domain
Cookie c
has range
Domain c

has necessityop back to ToC or Object Property ToC

IRI: http://www.semanticweb.org/OntoCookie#hasNecessity

has characteristics: functional

has domain
Cookie c
has range
Necessity c

has pathop back to ToC or Object Property ToC

IRI: http://www.semanticweb.org/OntoCookie#hasPath

has characteristics: functional

has domain
Cookie c
has range
Path c

has purposeop back to ToC or Object Property ToC

IRI: http://www.semanticweb.org/OntoCookie#hasPurpose

has characteristics: functional

has domain
Cookie c
has range
Purpose c
is inverse of
is purpose for op

has statusop back to ToC or Object Property ToC

IRI: https://openscience.adaptcentre.ie/ontologies/GConsent/docs/ontology#hasStatus

has characteristics: functional

has domain
Consent c
has status op exactly 1 Status c
has range
Status c

in mediumop back to ToC or Object Property ToC

IRI: https://w3id.org/GConsent#inMedium

Specifies the medium through which the consent was given. Examples are web forms, paper documents.

has characteristics: functional

has domain
Consent c
has range
Cookie c

is consent for data subjectop back to ToC or Object Property ToC

IRI: https://w3id.org/GConsent#isConsentForDataSubject

Links a consent instance with the data subject it is associated with.

has characteristics: functional

has domain
Consent c
is consent for data subject op exactly 1 Data Subject c
has range
Data Subject c
is inverse of
has consent op

is purpose forop back to ToC or Object Property ToC

IRI: http://www.semanticweb.org/OntoCookie#isPurposeFor

has characteristics: functional

has domain
Purpose c
has range
Cookie c
is inverse of
has purpose op

Data Properties

Datedp back to ToC or Data Property ToC

IRI: https://schema.org/Date

A date value in ISO 8601 date format.
has domain
Cookie c
has range
date time

durationdp back to ToC or Data Property ToC

IRI: https://schema.org/duration

The duration of the item (movie, audio recording, event, etc.) in ISO 8601 date format.
has domain
Cookie c
has range
string

end datedp back to ToC or Data Property ToC

IRI: https://schema.org/endDate

has domain
Cookie c
has range
date time

namedp back to ToC or Data Property ToC

IRI: http://www.semanticweb.org/OntoCookie#name

The name of the data subject that accepted a cookies.
has domain
Data Subject c
has range
string

start datedp back to ToC or Data Property ToC

IRI: https://schema.org/startDate

has domain
Cookie c
has range
date time

Timedp back to ToC or Data Property ToC

IRI: https://schema.org/Time

A point in time recurring on multiple days in the form hh:mm:ss[Z|(+|-)hh:mm] .
has domain
Cookie c
has range
date time

urldp back to ToC or Data Property ToC

IRI: https://schema.org/url

URL of an item.
has domain
Cookie c
Path c
has range
any u r i

valuedp back to ToC or Data Property ToC

IRI: https://schema.org/value

Reffers to the value of a cookie, which is found as a separate fields within cookie logs. Example value: cPFMEtrg26bSUwe6pGuJYx.ZWRhZDc1YjMtZWJlNC00ZWMxLWE4ODgtZTUxOWZjM2YzZDY0..1grieid4t.1grieid4t.0.0.0
The value of the quantitative value or property value node.
has domain
Cookie c
has range
string

Legend back to ToC

c: Classes
op: Object Properties
dp: Data Properties

References back to ToC

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Available at https://eur-lex.europa.eu/eli/reg/2016/679/oj.

[2] Stanford University, Protégeé, Available at https://protege.stanford.edu.

Acknowledgments back to ToC

This research is supported by the CampaNeo project funded by FFG (grant 873839) as well as the smashHit EU project funded under Horizon 2020 (grant 871477). We would like to thank Harshvardhan J. Pandit for sharing helpful insights on cookies, consent and GDPR.

The authors would like to thank Silvio Peroni for developing LODE, a Live OWL Documentation Environment, which is used for representing the Cross Referencing Section of this document and Daniel Garijo for developing Widoco, the program used to create the template used in this documentation.