Permissions and Obligations Expression Working Group London F2F Day 1

18 May 2017

Meeting Minutes

benws: welcomes everyone to the london f2f + remote meeting and points to the agenda https://‌www.w3.org/‌2016/‌poe/‌wiki/‌Meetings:London2017

Requirements for an ODRL Processor

renato: what do we expect an odrl processor to do - expression, validation, enforcement?

renato: this will determine what are the testing requirements

renato: without specifying the nature of the odrl processor, we can't test it

benws: the authors of the formal semantics should be able to speak to the requirements

simon we need to clarify constraints in odrl - should an odrl processor do constraint checking?

simonestey: we are in between - some constraints can be checked, others cannot be automatically evaluated

simonestey: we should directly state - odrl processor must be able to check constraints (or decide not)

simonestey: constraints in odrl are currently a more concise version of the natural language expression. however, we have changed some constraints so that they could be automatically checked - e.g. current date or time

<Zakim> phila:, you wanted to highlight https://‌w3c.github.io/‌poe/‌model/#dfn-odrl-processor

simonestey: the question is should we fully follow that route - should odrl processor be able to evaluate constraints?

<phila> ODRL Processor

phila: agress we should discuss what a processor should do. but we need to start with defining "what is an odrl processor?"

phila: we have a definition "A system that provides services that creates, manipulates, and validates ODRL Policy expressions"

phila: but we need to more fully specify the definition

michaelS: exactly how should the processor be defined - is it a list of features?

phila: yes, we should have a section in the document which lists all the things that a processor should do

michaelS: in the RightsML definition, yes we did believe that constraints should be evaluated

michaelS: but the tricky thing in resolving constraints is interpreting the left operand. some are implicitly normative, others are explicitly non normative

michaelS: we need to define the difference between normative and non normative more precisely

renato: the normative and non-normative terms was based on the survey of current ODRL usage. if two or more uses were found a term was declared normative

<victor> http://‌delicias.dia.fi.upm.es/~vrodriguez/‌static/‌odrl/‌semantics1.pdf

<benws> q b

victor: the editors of the formal semantics note met only once

victor: several possibilities were identified. SHACL was discussed, but maybe it doesn't cover everything?

victor: should we require conversions between formats - XML, JSON, RDF? conclusion, no

victor: should the processor validate profiles? also no

victor: other items were declared secondary. the main priority was to create a conformance validator

simonestey: rules in the information model - you are able to check your policy conforms to the specification, e.g. via SHACL

simonestey: odrl concepts all have shapes, which lets you confirm whether your policy conforms to the spec

simonestey: some constraints - e.g. absolute position - how can this be checked in a standardized way?

simonestey: we as a working group must define how to automatically evaluate each constraint

simonestey: some constraints are more straightforward, but many are too abstract to define in a standardized way

renato: it will be almost impossible to define constraint checking - too difficult to cover all cases

renato: we could validate that the expression is a valid ODRL policy, but it is out of scope to require that an ODRL processor can evaluate every constraint type

ivan: wondering whether it makes things too complicated to discuss "one" odrl processor

ivan: there are several different type of task - saying they are all the same thing. perhaps it is better to discuss them using different names

ivan: do we only have one odrl processor? no. we have a constraint processor (one kind) but several other kinds too

<Zakim> phila:, you wanted to distinguish between function and method

benws: in the standard we should discuss a processor which validates that the processor is syntactically correct

phila: agree that there should be a level beyond which we should not go

phila: should an odrl processor as defined by the group check for conformance to the odrl standard? or do we say that an odrl processor requires valid odrl as an input

phila: an odrl processor does need to be able evaluate constraints - "is the sky blue?" "all of those things must be jpegs" - those are not things that can be specified within turtle or XML, therefore they must be evaluated via the processor

simonstey: constraint checking is integral - e.g. a duty is not fulfilled unless all of the constraints are satisfied

simonstey: for formal semantics - we could say "either a constraint evaluation result is either true or false". but i'm not sure if we need to help users more than that?

victor: we should have a numbered list of features that a processor must support. but are some features automatic and some are not?

phila: there are different types of constraints - some which can be evaluated automatically, but some not. and we need to prove that we have different machines that will provide the correct and consistent results

renato: we do talk about constraints in the spec. but currently not any further details on how to evaluate the constraints

renato: should we have an odrl processor that validate syntax and something else (not called a "processor") which evaluates the constraints

<phila> +1 to Renato

<phila> RRSAgent:

benws: is there room for a different part of the processor which says "given that the constraint is satisfied" (even if we don't say how) "then this permission is actionable"

<phila> s/^renato /renato: /g

simonstey: we could say "if all of the constraints are satisfied then the action is actionable"

simonstey: we could say "if all of the constraints on a duty are satisfied then the action is actionable"

<victor> i can see an easy task to build an automated processor if "constraint validation" is a made as a "black box".

benws: if a constraint (a left operand) was strongly defined in a profile to have a meaning within the context then we could evaluate the permission

benws: perhaps we should require that all profiles meet that definition standard - that they must be precisely defined within a context

<renato> https://‌w3c.github.io/‌poe/‌vocab/#term-absoluteSpatialPosition

simonstey: an example of a constraint which cannot be checked in a general way is absolute position

victor: points out that some constraints could be manually checked

<simonstey> http://‌w3c.github.io/‌poe/‌vocab/#term-absoluteTemporalPosition

michaelS: example - advertising clip has to be between 1 minute and 1.30 minute of a stream. how could this be checked by an ODRL processor?

michaelS: how well do some left operands work? such as count of usages?

benws: there is only so far we can go in machine readable representation

davec: many of these constraints are not edge cases

benws: agreed

davec: some constraints can't be done programmatically, but are core to odrl

renato: we should take the black box approach for constraints. how else can we cover all the cases?

<victor> Side note: I find the word "processor" too broad. For example, I can conceive a service that given a ODRL expression, an automatically generated English expression is given. This would be a "processor", wouldn't it? I believe that this software would abide to the constraints we are discussing now --although not called "processor", but "validator"

renato: if we try to enforce constraints, then there is a risk that our group would be misunderstood in is intent

renato: we can have a processor which validates the odrl properties, but the actually checking of the constraints needs to be done by some external system

renato: POE has the word "expression" in the name, since that is the scope

phila: the notion of "actionable" is useful

<phila> smyles: I agree with where we seem to be getting

<phila> ... The thing I built that I call an ODRL processor, consults context

<phila> ... It asks "is this constraint satisfied" but doesn't ask how do you know

<benws> q

<phila> smyles: The separation is useful as is the black box concept

ivan: i agree but ...

ivan: the processor must be more than what, say, SHACL can do

ivan: this would then be a testable thing for our CR criteria

LindA: will the ODRL engine check whether the constraint has been processed?

ivan: do we need an engine, which depends on the true or false of the constraint evaluation and then acts upon it

ivan: if so, then this evaluation must be defined and testable

phila: each constraint needs to be evaluated via a "black box" which returns "true or false"

benws: the processor then makes decisions based on the true / false status of the constraints

renato: can the black box be a human?

everyone: yes!

phila: it is literally true or false coming back from the API

lindA: introduces herself to the team

<renato> https://‌www.linkedin.com/‌in/‌lindaburman/

davec: introduces himself to the team

<renato> https://‌www.linkedin.com/‌in/‌davecompton/

benws: asking whether formal semantics support the odrl processor we have just agreed?

victor: yes i think so

simonstey: yes, since something else will do the actual constraint evaluation

victor: if we do an implementation, will that count?

phila: yes

phila: stages. the concept of an odrl processor, then the

proposal: we define fully the concept of an odrl processor

<victor> ...

<victor> +1

phila: knowing that we therefore have to show independent implementations exist

phila: they don't have to be open source or commerical or public, but they must be shown to exist

<phila> +1


<renato> +1

<davec> +1

<benws> +1

<ivan> +1

<CarolineB> +1

<simonstey> +1

<michaelS> +1

Resolved: we define fully the concept of an odrl processor

phila: what does the odrl do (and not do)?

phila: do we want validation of the odrl policy a part of the processor?

benws: it is better to split validation from processor

victor: we should have a validator and something else

victor: what should we call the "something else"

<renato> policy

linda: evaluation is not sufficient to determine whether something is actionable

michaelS: we should not forget about restrictions

benws: suggest - a validator and an evaluator

phila: the process of validation is seperate from evaluation

michaelS: validation could include structural items, such as duties can only be there for permissions not restrictions

simonstey: on the one side is syntactic validation and on the other semantic validation

simonstey: semantic validation could detect contradictory statements, for example

benws: three elements? syntactic validation, semantic validation and then evaluation

simonstey: no, just syntactic and semantic validation

benws: you also need to know whether the policy is actionable or not

simonstey: if you already know whether a policy is semantically correct then is there anything left for evaluation?

phila: structural ? validation tends to mean just whether a parser can read the file, so we are really talking about "semantic validation"

phila: can you write a syntactic and smenaticaly valid policy which is still nonsense? yes

simonstey: if two rules are not actionable at the same time, you need to evaluate them - such as for conflict detection

simonstey: structural validation - is this valid odrl?

benws: aggregations of policies is an issue, for later debate

benws: we should only discuss the processor

benws: structural validation for correct odrl

benws: given values (e.g. via an API) for constraints being true or false, then there is an evaluation step to determine whether the policy is actionable

davec: how do we handle contradictory constraints?

benws: this is beyond the scope of what we're talking about

benws: odrl validator and an evaluator

<renato> ODRL Validator = odrl policy meets IM requirements

proposal: an odrl validator checks the correctness of the policy

[debate about what does "correctness" mean]

<renato> conformance?

ivan: could we define correctness by the set of tests we define

victor: correctness has a specific meaning, will this be confusing

<renato> :-)

proposal: an odrl validator checks the conformance of the policy to the ODRL standard

<phila> +1


<simonstey> +1

<michaelS> +1

<benws> +1

<davec> +1

<renato> +1

<CarolineB> +1

<ivan> +1

proposal: an odrl evaluator determines whether the policy is actionable, including with reference to external boolean returning processes

<victor> +1

Resolved: an odrl validator checks the conformance of the policy to the ODRL standard

proposal: an odrl evaluator determines whether the policy is actionable

simonstey: what does it mean for a policy to be actionable?

proposal: an odrl evaluator determines whether the permission is actionable

<renato> Rule?

proposal: an odrl evaluator determines whether the permissions and prohibitions of a policy are actionable

<phila> +1

<CarolineB> +1

<davec> +1


<benws> +1

<simonstey> 0

<michaelS> +1

<ivan> 0

<victor> +0

<renato> +0.9

<victor> i dont think an external reader will understand the word actionable

simonstey: what does it mean to be "actionable" in this context

<victor> i woulud speak in terms of actions, not prohbitions and permissions

michaelS: we should be careful - actions are only parts of the permissions and prohibitions

benws: that is not the job of the evaluator

renato: the evaluator is really about evaluating constraints and duties

renato: the evaluator is mainly about checking whether the constraints are satisfied

phila: we are trying to determine what the evaluator does and what the black box does

michaelS: is the verb "applies" clearer?

benws: applies to ... what?

benws: "in effect" captures the concept more precisely

proposal: an odrl evaluator determines whether the permissions and prohibitions of a policy are in effect

<phila> +1

<ivan> +1

<CarolineB> +1

<simonstey> +1

<benws> +1


<victor> +1

<renato> +0.99999999

<michaelS> +1

<davec> +1


Resolved: an odrl evaluator determines whether the permissions and prohibitions of a policy are in effect

<phila> RRSAgent:

<renato> Back in 20 mins

phila: does an evaluator specify whether a set of permissions and restrictions are in effect for a specific use

phila: does an evaluator specify whether a set of permissions and restrictions are in effect for a specific target

[coffee or tea break]

<renato> back

<michaelS> we too - slowly

<benws> We're back too

<smyles> phila: in re-reading the spec, i was looking at the discussion of "scope"

<renato> https://‌w3c.github.io/‌poe/‌model/#asset-scope

<smyles> phila: the target - where does the permission apply

<renato> https://‌w3c.github.io/‌poe/‌model/#party-scope

<smyles> phila: within that, you can add a "scope" - the value given was a URI

<simonstey> http://‌w3c.github.io/‌poe/‌model/#asset-scope

<smyles> phila: the URI given was meant - via some voodoo - "this is only applicable to e.g. JPEGs"

<smyles> benws: connection with processing?

<smyles> phila: there is a lot of processing going on there

<smyles> benws: the target can be one or more URIs

<smyles> benws: what those URIs mean is outside the scope of URI

<smyles> renato: what exactly is the problem with scope?

<smyles> renato: scope limits the application of that particular permission to URIs that match that additional scope URI

<smyles> renato: e.g. you refer to a catalogue, then you limit to to a subset of the catalogue that match the scope parameter

<smyles> benws: how is this different than a constraint?

renato: it could be handled by constraint in that particular example, but there is also a scope process for parties and assets

benws: is scope really just syntactic sugar? and so could it be eliminated?

benws: constraints could be applicable to the target

benws: is scope anything beyond what you can do with constraints?

renato: this was a requirement which was accepted by the working group, so we can eliminate it, but we did previously discuss and agree

phila: the processor needs to understand that..

benws: no, processors cannot understand constraints themselves

benws: processors use the results of constraint evaluation, the odrl engine does not in itself evaluation scope

phila: will be happy if the requirement can be satisfied via constraints and so eliminate scope as a different concept

<renato> http://‌w3c.github.io/‌poe/‌ucr/#POE.R.DM.08

ivan: I'm not sure this is still relevant... The way I would have read the example, the code was something like a media type
… That's probably not exactly what you meant
… The other possibility I was wondering about, was something like URI patterns
… They may express a set of targets
… But it seems it[s all going away based on your discussions

<simonstey> " The scope feature is useful is there is no ability to directly identify the target Asset with a uid identifier."

simonstey: If you read 3.2.2 the scope... the scope feature is useful is there is no way of identifying the target by UID.

<simonstey> https://‌github.com/‌w3c/‌poe/‌issues/‌111

simonstey: There's another issues where I was questioning whether every asset and party etc. must have an ID and not be bnode
… so maybe we have to remove that restriction
… if we can have blank nodes then you can add properties to that

benws: Rather than using a blank node, one could use a URI that points to an object that specifies a dataset and , say, jpegs only, a blank node is just an RDF way of doing that
… You're saying that by insisting on having UIDs, you're stopping me using RDF blank nodes

simonstey: It is an expressivity question. If you're not able to pinpoint the asset... ODRL says I need to identify the assets
… We don't have that requirement for Ps&Os, they can be bnodes,
… but maybe ai want to define the targets in terms of their properties

benws: I can always replace the blank node with an identifier

benws: I'm neutral on whether a target has to be identified or can be a bnode

michaelS: I think the legal context... does it make sense to ground the permission on something that is not uniquely defined

simonstey: We have this scope thing because we wanted to be able to define things without URIs

simonstey: Without a constraint language, you need to come up with a left operand...

benws: You can do that in a profile

simonstey: You can't punt everbthing to a profile

benws: Yes you can, all we need to know whether the constraint is satisfied or not.

smyles: I also would like to eliminate scope

<simonstey> https://‌github.com/‌w3c/‌poe/‌issues/‌174

smyles: For parties and assets where we can introduce scope. You give the group an identifier and then a scope

<benws> ?

smyles: For me the ... I don't see how ODRL can determine whether a target is or is not in the group
… I think scope is a concept that adds complication that won't be used

Linda: I think scope is too hard to define, it brings in too much complexity

michaelS: Regarding the scope - scope is also a constraint that applies to the asset, so it can easily be transferred there.
… But we should think that scope can be applied directly to an asset where a permission can apply to multiple assets

renato: Let me explain scope for parties. That was part of ODRL2.1
… The idea was the you go to identify a party and then say that the party was a group of individuals
… Then that permission could be exercised by individuas in the group
… SO it just gave us greater semantics
… There was more about parties but that was the original idea

<simonstey> http://‌w3c.github.io/‌poe/‌vocab/#term-Party

benws: I understand why we want scope, my question is whether it belongs in the ODRL standard or outside it. Does the work done by scope not be done by constraints

<ivan> http://‌www.rfc-editor.org/‌rfc/‌rfc6570.txt

ivan: I come back to what I said. It may be irrelevant...

ivan: That's the spec for URI templates
… target can be a URI, can be a URI template
… Any asset that matches this template is what we meant.
… Moustache is the processor that does that already
… Just removing the scope might be the simplest thing to do.

benws: That sounds like a good idea. Good if we can find semantics outside our own standard.

<simonstey> https://‌github.com/‌w3c/‌poe/‌issues/‌174

simonstey: I come back to my blank node issues...

<renato> Is a URI Template an IRI ?

simonstey: That's the issue about having UIDs
… I replace the assigner with a bnode that has a feature of foaf:name:Bob
… For an evaluator, this means that a certain rule is applicable for a certain assigner if the assigner has these properties.

benws: On the surface, I'm comfortable with that. but... wwe also have an XML serialisation?

<renato> <xml>

smyles: It would be difficult for me to say it's an RDF-only standard

renato: You're saying that every party with foaf:name Bob

renato: It's saying any JPEG within this context is in scope

phila: (no it doesn't)

simonstey: Just because I have a URI, doesn't mean I can resolve it.

renato: When I looked at your example, I thought there was one individual that had foaf:name Bob, but no, it's all Bobs

simonstey: The scope we have now defines the general stuff and then restrictions.
… Could be every party must belong to...

benws: Can this example be expressed as a constraint

renato: No, because constraints can't apply to parties

simonstey: It's not clear to which party the constraint applies

benws: We need to reduce the hidden semantics... maybe rely on the constraint. Use of bnodes seems to introduce stray semantics

renato: So would the proposal be to remove scope?

benws: And then that we don't allow bnodes

renato: That's a serialisation issue

benws: I'm not sure whether the original use case demands the scope notion

<ivan> +1 to ben with regard to scopes

benws: This would mean that our evaluation engine wouldn't need to define it.

<renato> http://‌w3c.github.io/‌poe/‌ucr/#POE.UC.17

smyles: I think it's hard for the ODRL engine to evaluate - I'd like that to be one of the black box actions

<renato> POWDER :-)

<smyles> phila: i struggled for 18 months with this same problem

<smyles> phila: in ODRL you point from the policy to the asset

<smyles> benws: in realistic implementations, assets will point to policies

<smyles> phila: so, should we remove the concept of target?

<smyles> benws: you need bi-directional relationships

<smyles> phila: given that (assets point to policies) then why point to targets at all?

<renato> for all the other real examples

phila: If you always go from an asset to a policy, why do we ever need odrl:target?

michaelS: nextPolicy is important

<victor> I wrote an example of the that here https://‌www.w3.org/‌2016/‌poe/‌wiki/‌Best_Practices#5._How_to_declare_externally_the_asset

<renato> https://‌w3c.github.io/‌poe/‌model/#asset

ivan: I've just realised that... an asset can be a uid or a URI template. It can be that now.
… That's missing from the discussion

phila: Recites UC17

benws: But I think his case can be expressed as a constraint
… It can't be a URI template
… e.g. we have info on 500 companies and you can by 20 of them, that's a constraint. not a URI template

davec: Going to the RightsML... using a document that described what the restrictions were

Linda: I was wondering why the prohibition of not applying a constraint on parties was there?

[No answer]

<ivan> +1

<benws> +1

PROPOSED: That we remove the concept of scope but allow constraints to be applied to parties and assets

<ivan> +1

victor: If I want to declare a constraint for adult content, the left operand can be age.

benws: That constraint might have a specific type of 'partyConstraint'

benws: I think it's clearer to have a constraint type to indicate what is being constrained

<renato> doh ;-)

phila: I prefer links. This constraint -> constrains -> That

renato: We don't have any constraint types for the others

<simonstey> The leftOperand MUST clearly be defined to indicate the subject of the constraint, and MAY include how the value for comparison has to be retrieved or generated. For example, the count constraint applies to the action and the language constraint applies to the asset.

renato: That means that the definition of the leftOperand, you have to specifically state what the subject is.
… So you'd need to point to the thing being constrained

benws: This is additional semantics - might be nice to make it explicit

renato: Wwhen we said define in that context, we mean define in a metadata sense. You're defining the left operand in a human readable manner

benws: All we're saying is that this constraint is a constraint on {x}

michaelS: I recall that we have discussed this at the time
… When we were designing the left operands
… if we constrain an asset - which asset?

benws: If it's an asset constraint then it's applicable to all those targets
… If you want to apply it to some of the assets, then you split the list of targets and define 2 permissions

michaelS: Couldn't that be the solution for this?

benws: No, because if we're saying age greater than 18, we don't know whether it's about the content or the user.

michaelS: We can create a constraint that says this is the age of the party
… Let the subject of the left operand define the thing being constrained.

benws: That's starting to hide the semantics

michaelS: It would be good to have an explicit property - where to put the ID of the asset

<renato> file:///‌Users/‌renato/‌users/‌odrl/‌W3C-POE/‌GIT-POE/‌model/‌index.html#constraint

benws: Yes, that's where we're coming to I think - and it's not new

<renato> https://‌w3c.github.io/‌poe/‌model/#constraint

renato: If you look at the example
… no. 14
… There are 2 constraints in eg14
… The first is a property of the permission

renato: The constraints explicitly apply to the permission and the duty
… We had some explicit declaration of what the constraint applied to. But if we're now applying it to assigner etc. then...

<ivan> "assigner" : [ "uid" : "http....", "constraint": [{....}]]

renato: That's it, thanks Ivan

benws: It does the work that we want it to do.

ivan: And it's coherent with the rest

ivan: I don't see a problem

smyles: It's a breaking change for the JSON but we're breaking that anyway

<victor> I just wrote a proposal here https://‌www.w3.org/‌2016/‌poe/‌wiki/‌Best_Practices#8._How_to_constrain_assets_and_parties

smyles: I can't remember the XML off hand

renato: Just a quick look at the XML... we'll probably have to break out the party and put a constraint in the middle.

benws: Can we take this set of proposals

PROPOSED: That we remove the concept of scope and allow constraints on parties and assets.

<ivan> +1

Victor's quick examples

simonstey: In RDF you'd need to define a new party
… then link to...

<CarolineB> +1

benws: Please vote on the proposal

<benws> +1


<michaelS> +1

<renato> +1

<victor> +1

<davec> +1

<simonstey> -0.5

<Linda> +1

<smyles> +1

simonstey: I am happy to remove scope. But I think we're making it open to greater complexity

benws: Is there a simpler way?

simonstey: Currently there is no difference... we have a constraint that says age ge 18, there's no difference with that and a human readable doc

renato: It is different. We can pass off to a black box that can do age verification and pass back the flag

renato: We can't say how the constraints will be processed.

simonstey: I agree with you, but the problem is, to understand the left operand, you need to read the description.

renato: Is foaf:age any better?

simonstey: It gets better

phila: (+1 to renato)

renato: If age is important to an implementation then they'll implement it

renato: The group seems to want to use the same constraint mechanism for parties and assets.

Resolved: That we remove the concept of scope and allow constraints on parties and assets.

ivan: In 3.2 of the model, I think we can safely remove the reference to URI templates

ivan: If you can have a URI or a URI template at that place, then any processor has to be able to handle URI templates.
… It is not necessarily valid RDF due to syntax

benws: If these are a MAY, does that change your view, Ivan

ivan: The media fragments URI - that sentence is wrong, fragments in a URI can identify a section of an audio or video. It's not necessary since it's already true
… Whether we mention URI templates. If it's not syntactically a URI then it breaks RDF

<victor> I have updated the choices at https://‌www.w3.org/‌2016/‌poe/‌wiki/‌Best_Practices#8._How_to_constrain_assets_and_parties

<victor> now 5 choices, including URI templates. Did I understand it correctly?

<simonstey> If an error occurs, the result returned might not be a valid URI reference; it will be an incompletely expanded template string that is only intended for diagnostic use.

phila: This one looks dodgy http://‌example.com/‌search{?q,lang} for example

benws: I don't think we have a single use case for URI templates so why not drop it

<simonstey> URI Templates are not URIs: they do not identify an abstract or physical resource, they are not parsed as URIs, and they should not be used in places where a URI would be expected unless the template expressions will be expanded by a template processor prior to use.

<simonstey> https://‌tools.ietf.org/‌html/‌rfc6570

PROPOSED: To remove the mention of URI templates in section 3.2 (for simplification) and media frags because it's unnecessary

<Zakim> ivan, you wanted to comment on one more Occam's razor thing...

<simonstey> +1

<renato> "assigner": {

<renato> "@type": [ "Party", "vcard:Organization" ],

<renato> "uid": "http://‌example.com/‌org/‌sony-music",

<renato> "constraint": [{

<renato> "leftOperand": "foaf:age",

<renato> "operator": "gt",

<renato> "rightOperand": "18"

<renato> }],

<renato> }

benws: That's a suggestion for how we might implement a cosnstraint on parties and assets

<renato> +1

<ivan> +1

PROPOSED: To remove the mention of URI templates in section 3.2 (for simplification) and media frags because it's unnecessary

<smyles> +1

<ivan> +1


<benws> +1

<simonstey> +1

<Linda> +1

<davec> +1

<victor> +1 (might be left as an implementation example)

<CarolineB> +1

<michaelS> +1

Resolved: To remove the mention of URI templates in section 3.2 (for simplification) and media frags because it's unnecessary

<renato> Will put example in the IM - in JSON-LD

benws: Renato has made a suggestion for how we might express these constraints on parties

victor: I've done 5 examples

<victor> https://‌www.w3.org/‌2016/‌poe/‌wiki/‌Best_Practices#8._How_to_constrain_assets_and_parties

simonstey: Just wondering... how do we know that it isn't Sony Music that must be over 18?

renato: It's a bad example, that's why

<renato> "assigner": {

<renato> "@type": [ "Party", "vcard:Individual" ],

<renato> "uid": "http://‌example.com/‌person/‌fred",

<renato> "constraint": [{

<renato> "leftOperand": "foaf:age",

<renato> "operator": "gt",

<renato> "rightOperand": "18"

<renato> }],

<renato> }

<benws> Renato, I just got to step out for 5mins. Can you chair?// Renato, I just got to step out for 5mins. Can you chair?

<renato> yes

simonstey: That says that Fred must be over 18

renato: So we need to say it's for a group of people

smyles: The group could be all over the users of this website

[Some general discussion of the examples]

victor: Talks about his examples

<ivan> +1 to Phil

<renato> "target": {

<renato> "@type": "Asset",

<renato> "uid": "http://‌example.com/‌asset/‌content",

<renato> "constraint": [{

<renato> "leftOperand": "mm:runingTime",

<renato> "operator": "gt",

<renato> "rightOperand": "2hr"

<renato> }],

<renato> }

[Phil bangs on about WebArch, one resource per URI]

<simonstey> +1

ivan: That would not be in line with WebArch

ivan: Taking that example and saying any content on the asset site with a running time of > 2 hr is not semantically correct

smyles: These sort of constraints being applied to assets is difficult

simonstey: We have the same issue - not all the exampleconstraints make sense

victor: Alternatively, we may define terms that define any asset in terms of its properties

ivan: I would receive one thing back from that URI
… I'm supposed to be able to put that in a browser and get something back.

renato: Then I think we should review this resolution

ivan: It depends on the use case

ivan: If I have a movie, and it runs less than 2 hours, then the policy doesn't apply. That's a valid outcome

renato: Phil said that URI is one thing, one movie

ivan: Yes, so if that one movie runs 1 hour, then the Evaluator should return saying that the policy doesn't apply to the target
… I don't know if that's valid use case

ivan: You can define a URI that refers to a collection. But its' getting from the items in the collection that's tricky

[More discussion about collections]

smyles: In my view... this URI identifies a collection, then asked whether an asset was in that collection or not.

smyles: If the assignee is Fred... is the user of this Fred... in my view the black box needs to know whether it is Fred or Fred's device
… the black box has to identify whether the thing identified is the same as the real world

<renato> https://‌tools.ietf.org/‌html/‌rfc3986

renato: I've looked at RFC3986 on URIs and it says that a URI identifies a Resource.
… Then it gives an example of a resource that is a collection of resources.

<renato> and a collection of other resources.

ivan: That's fine. But the constraint you have there is a constraint against the collection, not the members of the collection.

ivan: My feeling is that we're at the point where we hit the limits of what you can express
… We won't solve this issue. Maybe we need explicit hooks for a black box to process

<simonstey> make it a blank node and define the constraint for that blank node

michaelS: In RightsML, we even had an example going along this group of assets. The thinking was - a news feed delivers new items, and each news items might have a link to a policy
… But having in mind that a policy must have a target, it's not possible to update the enumerated list in real time. Therefore, this policy must point to a resource that says 'this resource covers all the news items in this feed.'

michaelS: Even there, having an enumerated list would be hard.
… we need to be able to say it applies everywhere where X is true.

<benws> Simon - we'll break before two

<simonstey> http://‌w3c.github.io/‌poe/‌vocab/#term-Group

<renato> "assignee": [{

<renato> "uid": "http://‌example.com/‌user44/‌friends",

<renato> "scope": [ "Group"]

<renato> }]

<simonstey> odrl:memberOf

phila: Repeats what Ivan said

<renato> odrl:targetAll ?

smyles: If I distribute a photo, as it travels it gets a new URI, and so does it apply
… You end up with multiple sets of bits with multiple copies

benws: I suggest we do nothing

victor: Suggest using targetReference
… This matches MPEG, for example
… Is the resource a single resource or a service

smyles: If I have a local copy, doe the constraints still apply?

[mini discussion]

phila: No.

michaelS: That's why Guids are good, they travel with the asset

smyles: The other thing is... is it going to be too difficult to implement? Will it be too confusing.

<renato> Break 50 mins

<ivan> phil, are you still there?

<renato> back now

<renato> Everyone back there?

<simonstey> yes

renato: the current issue of adding constraints to parties and assets is still open

subtopic: how to add constraints to general parties and assets without breaking the WebArch

renato: shall we remove scope? shall they be replaced?

phila: I would not go back to scope. But the semantics of what we say must match the semantics of what we mean: what has to do with "collection" has to be treated carefully

phila: my suggestion is that where we say that if odrl:target refers to a specific resource, no constraint can be defined
… whereas if the odrl:target is pointing to a collection, then constraints can apply.

renato: Possible wording "if the target asset is a collection, then you may use constraints"

<simonstey> doesnt work for xml

stuart: are we speaking about having a target and a targetRef distinct? -- this is more complicated than having a URI and can deter people from using ODRL.

stuart: the current semantics of target identify an individual thing, not an "individual of a collection"

<simonstey> http://‌w3c.github.io/‌poe/‌model/#relation

simonstey: do not forget the XML legacy, which has a target as a subproperty of another element.

simonstey: can we get rid of relation/function?

[webex interruption]

<renato> We have lost audio?

<smyles> we did

<michaelS> Webex got disconnected ...

[webex recovered]

CarolineB: collections happens in life and we should make their use clear.

Linda: can we have concrete examples?

CarolineB: let's imagine I have a set of photos arranged in a collage.
… I may want to refer to each of the photos individually or to the whole collage.

michaelS: who has to write the black box for resolving the target? the receiver? this cannot be a business of the assignee alone.

smyles: the provider of the policy may give hints to the recepients to determing which the target/asset is.

benws: in order to declare a policy on a fragment of a dataset, we definitely need constraints for targets.

renato: I understand both options, using or not constraints on assets.

benws: is this the solution then?

<michaelS> ack

smyles: setting aside constraints... can we get a solution on target / targetRef ?

smyles: it does not make any sense constraining a single thing

benws: well, consider the case of datasets with dynamic queries
… the constraint applies to the whole dataset.

renato: recalling what philA said (IN THIS VERY MOMENT ABSENT FROM THE ROOM) if the URI clearly identifies a collection, then constraints are possible

davec: we aer referring to dynamic collections

renato: so we only need to update the semantics of target

<simonstey> http://‌w3c.github.io/‌poe/‌vocab/#term-fileFormat what does that imply for already existing leftoperands?

<benws> this is a different case - it's not the target but the output (...after exercising the Action)

proposed: to update the definition of target to include collections

smyles: what about assigners? does the same apply to assigners?

simonstey: again, what about the movie whose parts have to be referred?

simonstey; if the asset is a collection, the description has to say "this applies to all the assets in the collection"

simonstey: the current definition speaks about Assets, not about Collections.

smyles: the current definition is not precise enough

renato: the radical view would be "let us not have scope nor constraints". What this be unacceptable?

smyles: +1

benws: this is a basic use case for us

benws: for example, the FTSE Index is made out of the market value of the shares of 100 companies in the stockmarket
… the FTSE is calculated in a complex manner, and it is a complex dataset with high value. We woule like to refer to the individual information ("segmentaion") rather than the aggregated data.

rename: what about a constraint on the action?

benws: constraints are on the assets, that you are limiting. not on the actions.

benws: what we want to express about collections/members/parts is simple and it is an actual need

benws: we may want to specify "content type = index constituents". the problem is left to the processing engine.

<renato> "target": {

<renato> "@type": "Asset",

<renato> "uid": "http://‌tr.com/‌asset/‌ftse100",

<renato> "constraint": [{

<renato> "leftOperand": "tr:content-type",

<renato> "operator": "eg",

<renato> "rightOperand": "index-constiutents"

<renato> }],

<renato> }

simonstey: there may be ambiguities

renato: please see the example above

<renato> "target": {

<renato> "@type": "Asset",

<renato> "uid": "http://‌tr.com/‌asset/‌ftse100",

<renato> "constraint": [{

<renato> "leftOperand": "tr:content-type",

<renato> "operator": "eg",

<renato> "rightOperand": "index-constiutents"

<renato> }],

benws: yeah.

<renato> }

renato: maybe we should have AssetCollection. the target would point either to an Asset or to an AssetCollection

benaws: that is clean

benws: Collection even as a subclass of Asset?

benws: another classic constraint on the asset is the "real time", also for the FTSE 100 index. We want to have a 10 seconds of delay at least.
… we need to constraint the asset (realtime, delay or embargo)

smyles: what we are proposing (Asset/AssetCollection) is also in line with phila prescriptions

<renato> Why don't implementors read specs ;-(

smyles: then we would accept constraints, as long as the AssetCollection is there instead of Asset. This is better than having target/targetRef

renato: would then we have "PartyCollection" in the same manner??

simonsteys: yes, with the same properties.

<benws> +1

<smyles> in xml it is like this <o:asset id="as1" uid="http://‌example.com/‌music:1234908" relation="http://‌www.w3.org/‌ns/‌odrl/‌2/‌target"/>

michaelS: we have in XML two manners to declare relations: as a property or through a relation mechanism. In JSON we have assinger and assingees as properties instead.

simonstey: this has been one of the hottest topics on github.

simonstey: the current spec still reflects features because of the times when XML Schema was used.

<simonstey> http://‌w3c.github.io/‌poe/‌model/#party

<smyles> example XML <o:party id= "p2" uid="http://‌example.com/‌billie:888" function="http://‌www.w3.org/‌ns/‌odrl/‌2/‌assignee"/>

benws: this issue with functions was not clear to me.


<simonstey> A Party MUST have a function indicating the role undertaken by the Party.

renato: we have to move forward.

proposed: to add a PartyCollection and a AssetCollection

<benws> +1

<ivan> 0

<CarolineB> +1


should it read: "to add a PartyCollection and an AssetCollection, where constraints are allowed on Collections but not on Assets or Parties alone"?

<smyles> i believe simonstey's proposal was to stick with Asset as a type and then add AssetCollection and AssetIndividual as subtypes of Asset

<simonstey> yes

<Sabrina> +1 to SImons proposal

michaelS: consistent terminology should be used.

<michaelS> yack michaelS

proposed: Let Asset be a type and then add AssetCollection and AssetIndividual as subtypes of Asset.

smyles: the proposal introduces small changes in the XML version

<Sabrina> does the proposal include having constraints on the asset?

<michaelS> re Sabrina : yes

proposed: Let Asset be a type and then add AssetCollection and AssetIndividual as subtypes of Asset. The same for Parties.

<davec> small change to XML, but needs additional attribute

re Sabrina: no

<Sabrina> q

proposed: Add AssetCollection and AssetIndividual as subtypes of Asset. The same for Parties.

<smyles> "keep it simple"...

<CarolineB> +1

<smyles> +1


<benws> +1

<ivan> +1

<davec> +1

<renato> +_1

<michaelS> +1 on the design

<Sabrina> +1

<simonstey> +1 (and allow constraints for both indiv. and collections)

Resolved: Add AssetCollection and AssetIndividual as subtypes of Asset. Do the same for Parties

(and allow constraints for both indiv. and collections)

me PartyCollection

<renato> https://‌www.w3.org/‌2016/‌poe/‌wiki/‌Meetings:London2017

<renato> https://‌github.com/‌w3c/‌poe/‌projects/‌1

WG/Wide/Horiz Review issues

<simonstey> https://‌github.com/‌w3c/‌poe/‌issues

renato: we had different WG Wide and Horizontal review feedback

renato: one of the topics is "profiles", another one is "normative vs non-normative".

subtopic: ODRL Profiles

<ivan> issue https://‌github.com/‌w3c/‌poe/‌issues/‌172

<michaelS> q

simonstey: I am not against adding profiles, but they should not violate semantics and structural features.

simonstey: some things cannot be "deprecated" nor given a different meaning.

<smyles> https://‌www.w3.org/‌2017/‌dxwg/‌wiki/‌Main_Page

michaelS: Phil is not in the room and he should tell us about other W3C Working Groups' works.

subtopic Normative vs Non-normative features.

subtopic: Normative vs Non-normative features

ivan: given a certain feature, if at the end of the CR period has not been implemented, it will fall to non-normative

benws: a radical suggestion, let us make the core model standard, and the vocabulary terms out of the standard; provided by different profiles.

<simonstey> https://‌github.com/‌w3c/‌poe/‌issues/‌159 related to that

benws: let us make the actions like display to live in a profile

michaelS: I concede that having a smaller specification is easier to agree with. But, from a pragmatic point of view it is easier to have them in the main track

smyles: odrl 2.0 was a model, and a common vocabulary, in different URLs. when we moved to 2.1, ontologies appeared and everything was merged into a single HTML document

<renato> Community group reports: https://‌www.w3.org/‌community/‌odrl/

smyles: should we have different namespaces for each?

<smyles> victor: mpeg21 REL a similar thing (though only in XML) three namespace - "core", then "s" (for standard) and then "multimedia"

<renato> https://‌github.com/‌w3c/‌poe/‌issues/‌182

<renato> Another, more radical approach :-0 would be to just to only have the IM as the normative spec (have all the formal IM-only vocab terms in an appendix there) and the all the Common terms go into a NOTE, and the 3 encodings can also go into another NOTE

<michaelS> [Phil is back in the F2F room]

ivan: we should distinguish the editorial way to implement this and the concept itself

ivan: perhaps we are saying the same thing

benws: having profiles with a common vocabulary (in a Note or not) fundamentally supports the idea of profiles

<simonstey> what about xml? O:

ivan: do we agree that the only normative part is the core? is there agreement about that?

ivan: fundamental question is "what is normative, what is not"

<simonstey> https://‌github.com/‌w3c/‌poe/‌issues/‌159 "Do you know which standard Action we could attach it to? To encourage best practices, we'd like to show how to mint a new action by extending existing ones, following the approach I've mentioned at #160."

renato: as of now, in the information model we have actions (but not specific actions, other than "use")

benws: yes, i understand we have "model" and "vocab", but the current "vocab" is not in a profile.

benws: what would be your simplest profile be?

benws: the 5-6 top level terms

renato: i hope we dont go too far taking away everything.

renato: because otherwise we will not be able to create a ODRL expression without using a profile

michaelS: test cases need having actions

benws: no problem, they can be taken from the profiles.

<Linda> q

<simonstey> https://‌github.com/‌w3c/‌poe/‌issues/‌159 "Do you know which standard Action we could attach it to? To encourage best practices, we'd like to show how to mint a new action by extending existing ones, following the approach I've mentioned at #160."

simonstey: we need to provide a toolset to relate actions to each others. if we have already some actions, we favour interoperability.

<simonstey> ack smyles

<davec> fyi - for RightsML we used display, play etc from ODRl as semantics matched the news domain, but overrode archive, copy, distribute for the news profile. So the core set would be small imho.

smyles: We, as RightsML, are happy to get full support to the vocabulary we use, not only half-fledged

phila: Discussion about profiles in other W3C about content negotiation: there is no clear definition of profile

phila: you dont want to be dependent on other group.

benws: the W3C may even stamp a seal of approval on profies developed by others.

linda: the only way for different content providers to operate is having a clear reference.

linda: the examples stemming from real life (for examples those from IPTC) are absolutely necessary

phila: we dont want to be a registry of profiles

benws: if i belong to the book industry, i hardly find the URL to IPTC's webpage, and then I find hard to recognize the relation with ODRL.

renato: it would be possible for RightsML to become a W3C Note.

benws: great idea!

michaelS: what will happen when this POE group gets disbanded?

<renato> ODRL Community Group ???

phil: even if the ODRL Community Group survives... ...it won't live forever.

phil: is it possible to stablish a liaison with IPTC and jointly publish the spec? (as long as no copyright and other laws are breached)

phila: we should have a default profile

phila: further, the RightsML might be the default profile.

benws: no.

<Zakim> phila, you wanted to talk about RightsML

<simonstey> a note isn't normative / standardized

benws: let us a create a small "default profile"

benws: in the main Rec.

phila: why?

ivan: we are jousting about different things

ivan: when the WG closes down, then we assign another existing/new group the responsibility of maintenance.

ivan: that committee group can take the responsibility of publishing profiles as w3c notes.

<renato> Dec 2017

ivan: this group has not much life ahead!

ivan: having the core profile as a note as part of the Rec. is not that important

Linda: having a W3C Note together with another organization is the best of the possibilities. There are 5 IPTC members here today!

Linda: I perceive a need in the industry about rights. This is a very good opportunity to cover this gap.

michaelS: how many actions should be in the spec?

<simonstey> +1 what phil said

smyles: every action is subclass of use

davec: i would require that the meaning of given terms cannot be overriden

<renato> no...transfer is a top-level

<simonstey> but we introduce means for relating actions defined in profiles with odrl:use

renato: use and transfer are the two top level actions

CarolineB__: what if we have 59 profiles? what about their integration?

benws: we are trying to persuade companies/sectors to use machine readable rights. i feel this can only be achieved if they can use their own vocabulary.

benws: hence, the core should be as small as possible.

CarolineB__: it should be prepared to grow, as well.


phila: they W3C does not do anything. the members do.

Linda: there are many commonalities between news and other sectors. there is legal stuff behind, which is not different. we should be happy to have mappings, and we would expect W3C to support this.

phila: this is a job for the community. the W3C is not funded to do that. W3C provides the mechanism to create and maintain Community Groups.

phila: once something is in the w3c/TR\/namespace, it is difficult to change.

<Sabrina> sorry gotta run.... back tomorrow

<renato> no, I am

[discussion on the namespaces/profiles]

proposed: (1) move top level actions to the information model: use and transfer (2) let us create a core profile, mirroring the current spec

simonstey: can new profiles include new concepts like "remedies", etc.?

<phila> victor: Would left operands be part of the core?

<phila> all: no, not part of the core

<phila> benws: We'll create a core profile

we decide to postpone the discussions.

<phila> [Adjourned]

Summary of Resolutions

  1. we define fully the concept of an odrl processor
  2. an odrl validator checks the conformance of the policy to the ODRL standard
  3. an odrl evaluator determines whether the permissions and prohibitions of a policy are in effect
  4. That we remove the concept of scope and allow constraints on parties and assets.
  5. To remove the mention of URI templates in section 3.2 (for simplification) and media frags because it's unnecessary
  6. Add AssetCollection and AssetIndividual as subtypes of Asset. Do the same for Parties