- From: Rob Sanderson via GitHub <sysbot+gh@w3.org>
- Date: Wed, 02 Dec 2015 18:02:55 +0000
- To: public-annotation@w3.org
>From the description, the requirement for groups is that only members of the group be able to see the annotation (and hence it's an access control issue). #8 is explicitly not about access control, as raised by Irina and subsequently discussed and clarified at TPAC, which is recorded in the issue. Access control requires Authentication and Authorization, which we have resolved previously as out of scope, and on 2015-12-02 call decided to action chairs + staff contacts to find appropriate external advisors, per #19. You could have access control that allows only people in a group to see the annotations, but the audience be a different set. For example, an organization for the ACLs, and an audience of managers -- only people in the organization can see it, and although non-managers can see it, they're not the intended audience and hence may wish to filter it out. There seemed to be agreement on that call that the *model* should not include access control lists, that access control was at best a *protocol* issue, which is reinforced by the description -- you publish/create an annotation, and then only certain users (in the group) can see/retrieve it. So I propose that we do not accept the issue as stated: * It is access control related, which has been discussed as being out of scope * It is not a model issue * It is orthogonal to #8 -- GitHub Notification of comment by azaroth42 Please view or discuss this issue at https://github.com/w3c/web-annotation/issues/119#issuecomment-161382301 using your GitHub account
Received on Wednesday, 2 December 2015 18:02:56 UTC