Re: Generic permissions and prohibitions from Alapan on 2014-06-03 (public-odrl-contrib@w3.org from June 2014)

From: Alapan <alapan@gmail.com>
Date: Tue, 3 Jun 2014 07:51:30 +0200
To: Renato Iannella <ri@semanticidentity.com>
Cc: "Michael Steidl (IPTC)" <mdirector@iptc.org>, "ODRL Community Group (Contrib)" <public-odrl-contrib@w3.org>
Message-ID: <CACR6ppcF8Armvkb7UpGyS3X2kaAeUk3LGsBK2_7BUGera-cyjQ@mail.gmail.com>

Hi,

Yes - we discussed this a number of years ago; and I also had a paper on
the logical model around permissions and prohibitions [1].

The problem arises because there is a difference between the license (as
expressed in ODRL) and the interpreter that enforces the license. There are
three sets of actions:
a) Actions that are explicitly permitted
b) Actions that are explicitly prohibited
c) Actions that are not specified

For the last set, this can be broken to two further classes:
i) Actions that are not specified but in the dictionary of defined possible
actions
ii) Actions that are not specified and also not in the dictionary of
defined possible actions

My basic proposal was that, on interpretation of the license, the
enforcement should be on the basis of:
1) Permit - a and c (ii)
2) Prohibit b and c(i)

This should be specified as one of the requirements of the
interpretor/enforcement engine. Perhaps this should be added as part of the
ODRL specs also?

Regards,
Alapan

[1]: Arnab, Alapan and Andrew Hutchison (2007) Persistent Access Control: A
Formal Model for DRM. In *Proceedings Seventh ACM Workshop on Digital
Rights Management (ACM-DRM).* Non paywall link:
http://pubs.cs.uct.ac.za/archive/00000411/

Blog: http://idiots-mind.blogspot.com/
-------------------------------------------------------------
Life's a gamble - take a chance

On 3 June 2014 06:13, Renato Iannella <ri@semanticidentity.com> wrote:

>
> On 3 Jun 2014, at 02:03, Michael Steidl (IPTC) <mdirector@iptc.org> wrote:
>
> Example: a permission to use a photo for printing is granted by an ODRL
> policy. This policy includes the single permission and nothing else.
> This raises the question – at least for lawyers: what about all the other
> actions in the ODRL vocabulary (and maybe beyond it)? Are they implicitly
> prohibited?
>
>
> I can recall discussing this on the list (many years ago)...but reviewing
> the current Core Model, I can see no explicit statement.
>
> The general idea as that you can only do what was explicitly stated, and
> nothing else
>
> Even in Version 1.1 we had "A Permission that is not specified in any
> Rights Expressions is not granted"
>
> To solve this issue I see two options:
> i/ To write down in the ODRL specs that the default state is: “nothing is
> permitted”, only explicit permissions lift that. The exact role of a
> prohibition in such a context would need a good explanation.
>
>
> Yes, we should do this.
>
> Cheers...
> Renato Iannella
> Semantic Identity
> http://semanticidentity.com
> Mobile: +61 4 1313 2206
>
>

Received on Tuesday, 3 June 2014 05:51:58 UTC