W3C home > Mailing lists > Public > public-annotation@w3.org > December 2015

Re: [web-annotation] How do we model "groups" in the Annotation model?

From: Rob Sanderson via GitHub <sysbot+gh@w3.org>
Date: Wed, 02 Dec 2015 18:02:55 +0000
To: public-annotation@w3.org
Message-ID: <issue_comment.created-161382301-1449079374-sysbot+gh@w3.org>

>From the description, the requirement for groups is that only members 
of the group be able to see the annotation (and hence it's an access 
control issue).

#8 is explicitly not about access control, as raised by Irina and 
subsequently discussed and clarified at TPAC, which is recorded in the
 issue.  Access control requires Authentication and Authorization, 
which we have resolved previously as out of scope, and on 2015-12-02 
call decided to action chairs + staff contacts to find appropriate 
external advisors, per #19.   You could have access control that 
allows only people in a group to see the annotations, but the audience
 be a different set. For example, an organization for the ACLs, and an
 audience of managers -- only people in the organization can see it, 
and although non-managers can see it, they're not the intended 
audience and hence may wish to filter it out.

There seemed to be agreement on that call that the *model* should not 
include access control lists, that access control was at best a 
*protocol* issue, which is reinforced by the description -- you 
publish/create an annotation, and then only certain users (in the 
group) can see/retrieve it.

So I propose that we do not accept the issue as stated:
  * It is access control related, which has been discussed as being 
out of scope
  * It is not a model issue
  * It is orthogonal to #8 

GitHub Notification of comment by azaroth42
Please view or discuss this issue at 
 using your GitHub account
Received on Wednesday, 2 December 2015 18:02:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:43 UTC