Permissions and Obligations Expression Working Group Teleconference
27 March 2017
<benws110> nick benws
<victor> hi all
<renato> hi victor
scribe michaelS
benws: anybody want to raise an issue with last week's minutes
<phila> [NOTUC]
<phila> Last week's minutes
Resolved: last week's minutes approved
<renato> https://www.w3.org/2016/poe/wiki/Use_Cases#POE.UC.37_Representing_regulations_using_ODRL
Sabrina: introduced the Use Case
… it models the EU General Data Protection Regulation
… it needs to cover that at a generic level but also in details
… Article 12 added as an example
… this article shows the important use of references to other articles
… the numbering of the articles has at least two levels
benws: any comments on that so far?
benws: does this requirement belong to a profile or to the general ODRL model?
Sabrina: this is a decision by this group
renato: what does "refer to another article" mean?
Sabrina: that are dependencies - look at Article 12. This may transform to many duties.
… to check if Article 12 is fullfilled the fulfillment of other articles is required
phila: GDPR is very important it would be a big PR win if ODRL could show that it can cover it.
… key question: is ODRL is a good tool for that purpose. Sabrina do you feel that?
Sabrina: ODRL is not a bad fit. We need to specify obligations and constraints
… There is work on taxonomies by other parties but less fitting.
renato: we could promote this as a profile. This would serve to explain how to create a profile
… and this profile could be shown to a wide audience.
… the relationships between the constraints and duties is demandingö
Sabrina: we have dependencies between the duties, we have constraints on duties, actions and parties
… supported to create a profile for that.
benws: to show that we could express regulations and licences by the same language would be fine
phil
phila: supported using ODRL for this purpose
Sabrina: we are basically defining obligiations = duties = complying with the regulations
… if we run into problems we will come back to this group
… when it comes to constraints: there are discretational ones
smyles: suggested to model optional constraints as permissions
Sabrina: that's not exactly the intention of the GDPR
… there are statements like a recommendation - and we don't want to omit them
renato: is thinking what this could look like in code: leftOperand say you may or may not use an icon
Sabrina: need for a discretional constraint: it would be good to meet this constraint but it doesn't stop the policy
… if it is not met
Sabrina: for her and Simon some constraints a bit fuzzy, needs deeper reviews
smyles: we may add a concept of recommendation = if you can, you should do that
… there could be levels of recommendation: strongly recommended ... and more
Sabrina: will review this suggestion
<renato> https://tools.ietf.org/html/rfc2119
<phila> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
<phila> NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
<phila> "OPTIONAL" in this document are to be interpreted as described in
<phila> RFC 2119.
phila: RFC2119 is a standard specifying things like that - could help
Sabrina: Dispensation = something is required, but there is a dispensation under specific condiditions.
… and some articles say "you are not allowed" others say "unless party X allows that"
<victor> Dispensation: a : an exemption from a law or from an impediment, vow, or oath may be granted a dispensation from the rule b : a formal authorization requested a dispensation to form another lodge
Sabrina: in fact: an exception on an exception
… may also be used
renato: went over some more details of transforming DGPR into ODRL
victor: thinks like that can be expressed by ODRL.
Sabrina: we are looking not only at GDPR but also legal regulations in general - is the existing ODRL data model work for us
benws: what are "features"
victor: we could think about synonyms for hardwired constraints
Sabrina: two more things: "Feature" = article 12 has various obligations, some are well defined, some don't stand on their own.
… we are looking at conjunctions and disjunctions in this context
… transparency is the conjunction of all of them - we call them Features at the moment
Sabrina: we need additional constraints on the asset - they will span across multiple duties
renato: ODRL scope could work
Sabrina: agreed
… we have an issue with the type of processing - e.g. how personal data may be used for marketing
smyles: the purpose is to define the nature of a party - right?
Sabrina: yes, depending on who you are rules may apply
smyles: why not to split up in constraints for group A and group B of persons
smyles: wondered if inheritance could be used
Sabrina: the controllers for different purposes are different
… we look at what's there and then will come back to this group
… the Wiki space could be used for discussions
benws: timeline?
Sabrina: there are different groups of work: e.g. transforming the article and the sub-points - but that's not very usable.
… in a next step obligations have to be pulled out of the articles - and that's a big work, will take months.
benws: does this timeline align with the ODRL timeline?
Sabrina: yes.
renato: do we need a new policy type "regulation"?
Sabrina: yes
benws: supported to use Wikipages for working on the transformation
<renato> https://www.w3.org/2016/poe/wiki/Deliverables
renato: went over https://www.w3.org/2016/poe/wiki/Deliverables
<renato> https://lists.w3.org/Archives/Public/public-poe-comments/2017Mar/0012.html
renato: we got a reply from EDRLabs
<renato> https://github.com/w3c/poe/issues/118
renato: raised some concerns regarding periods
… this needs an update of the definitions of date/time and period constraints
renato: re Horizontal reviews:
… any news from Brian?
benws: has sent a reminder
renato: reviews seem to be on track
benws: refered to a proposoal of Victor to hold a special meeting
… = a call
benws: asked Victor to launch a Doodgle survey for finding date and time
benws: tried to reach out to James from Catapult, but the email did not work
benws: only 3 on the issue tracker
<phila> s/RESOLVED: last week's minutes approved//
benws: open issue is providing hotel rooms at TR rates - but Sabrina may have an alternative
victor: would appreciate to have times for the agenda items
bens: starting time 10am - ok?
renato: agenda will be based on requests from group members and currently ongoing work
<ivan> will there be possibiltiies for dial in?
benws: suggested 5:30pm as closing time
<ivan> thanks
benws: it will be possible to dial in too
benws: AOB?
benws: none was raised - bye