RE: About a more strict definition of Constraint

Hi Michael,


Ø  Stuart raised the question how such strict constraints could help.

No, you misunderstood my email. I wasn’t objecting to clearer definitions of the types of constraints. (This is hard to object to!)

What I said was:

> I don’t see how it is meaningful to constrain either parties or
> targets. In fact, I think it just introduces problems for evaluating
> policies.

In other words, I object to applying constraints to assignees or to targets, since this introduces problems for specifying how policies should be evaluated.

Regards,

Stuart


From: Michael Steidl (IPTC) [mailto:mdirector@iptc.org]
Sent: Wednesday, November 09, 2016 5:48 AM
To: 'Simon Steyskal'; Myles, Stuart; 'Ivan Herman'; 'Renato Iannella'
Cc: 'W3C POE WG'
Subject: RE: About a more strict definition of Constraint

Hi Ivan, Stuart, Renato and Simon - and all,
my responses to your comments:

A key reason for my suggestion is what Simon raises below: does an ODRL constraint precisely tell what condition has to be met a) for getting the permission approved or b) for ticking off the Duty as being done?

Having a look into the Names of Constraints in the Vocabulary Editor's Draft - http://w3c.github.io/poe/vocab/#constraintNames<http://w3c.github.io/poe/vocab/#constraintNames> - I read:
* Absolute Position = A point defined with absolute coordinates. My question: to which thing does this position apply? I guess it’s the asset on some kind of canvas ...
* Count = The numeric count indicating the number of times the corresponding entity may be exercised. My question: what is "the corresponding entity"? By ODRL terms an asset, a party and other things are "an entity".
* System Device = An identifiable computing system. My question: what is the role of this device in the permitted - and constrained - usage.
* Language = The natural language applicable to the asset usage. My interpretation: if the rightOperand is set to Spanish then only the version in Spanish of a video is covered by this permission. But I read in the Comment: "For example, JPEG image may only be reproduced with Spanish text." - sorry that's far away from my interpretation.
Other names are clearer:
* Delivery Channel = The delivery channel used for storing or communicating the asset. (Pins down the asset as subject of the constraint and outlines the applicable actions.)
* Industry = The defined industry sector applicable to the asset usage. (Pins down a type of assignees - or do I interpret this wrongly?)

This experience resulted in: constraints need a more strict design - expressed in natural language as
"To a specific thing" "a specific constraint is applied under condition/with parameters" " ... (condition/parameters) ..."
And only if an evaluation of this triple results in a Boolean true the constraint is met.
Regarding Ivan's and Renato's comments: this may get complex for RDF graph processors ... but constraints are a typical part of licenses.

In the current ODRL design is a trend to combine the "specific thing" and the "specific constraint" in the Name of a constraint but as shown above in a way which can be interpreted differently. And that's not good for interoperability.

So the two options for solving that issue I see are:
a) defining a strict template for Names of Constraints, it must include what exactly is constrained, and in which way, should also include the required condition parameters
b) splitting the Name into a constraint subject and a constraint term (and the definition of the term should include the required condition parameters)

And I would like to remind of Use Cases and Requirements to cover:
1) Use Cases have requested to cover "constraints on specific entities of a policy" (see Requirement https://www.w3.org/2016/poe/wiki/Requirements#POE.R.DM.02_Define_target_of_a_constraint<https://www.w3.org/2016/poe/wiki/Requirements#POE.R.DM.02_Define_target_of_a_constraint>).

2) There is a requirement for relative time constraints (https://www.w3.org/2016/poe/wiki/Requirements#POE.R.DM.06_Support_relative_time_constraints<https://www.w3.org/2016/poe/wiki/Requirements#POE.R.DM.06_Support_relative_time_constraints>)
For time constraints we have discussed the prominent use case: "the image may be used 30 minutes after the Super Bowl has ended". A Name could define "Action after relative period" but this needs a definition of the starting point of the relative period = the end of an event.

Stuart raised the question how such strict constraints could help.
The processing model I see is: In Permission P party X1 grants action A to party Z1 under the condition of meeting the constraint C. An evaluation processor has to work in a specific context and can check:
- is party Z1 "this" party
- is action A the action which should be taken
- is constraint C met. And there it has to dig into evaluating the constraint. It must be clear <how something> (ODRL: left operand) is checked (ODRL:operator) against which values (ODRL:rightOperand). If the left operand (Name of Constraint) is File Format the processor must check the file format of the asset, checking the action is not sufficient. In this case the processor has to know from the Name definition what needs to be checked, asset, action, a party ...

Ivan and Renato address the reification facet of constraints. Thanks for your better RDF-ied examples than mine.

But comments address a very basic problem of all work on rights expressions/licences - the complexity of the real world.
After I have read all contributed Use Cases (https://www.w3.org/2016/poe/wiki/Use_Cases<https://www.w3.org/2016/poe/wiki/Use_Cases>) I was surprised by the complexity of some of them. This "use image ..." case, see above, is quite typical in the news industry and I consider it as much simpler than some of the other contributed Use Cases. If now already this "use image ..." is too complex I'm afraid potential users of ODRL will not be happy about its features and will not adopt it. How to get out of that?

Best,
Michael

-----Original Message-----
From: Simon Steyskal [mailto:simon.steyskal@wu.ac.at]
Sent: Wednesday, November 9, 2016 8:33 AM
To: Myles, Stuart <SMyles@ap.org<mailto:SMyles@ap.org>>
Cc: W3C POE WG <public-poe-wg@w3.org<mailto:public-poe-wg@w3.org>>
Subject: Re: About a more strict definition of Constraint

Hi!

> (What follows is all based on my experience with implementing an
> engine to evaluate ODRL automatically. [...]

Just out of curiosity (sry for hijacking your email discussion).. Given following ODRL policy:

<http://example.com/policy:0811<http://example.com/policy:0811>>
a odrl:Set;
odrl:permission [
a odrl:Permission ;
odrl:action odrl:play ;
odrl:target <http://example.com/game:4589<http://example.com/game:4589>> ;
odrl:constraint [
a odrl:Constraint ;
odrl:operator odrl:lteq ;
odrl:dateTime "2010-12-31"^^xsd:date
]
] .

How would your engine evaluate/determine whether constrained permission is valid?
I.e., x <= "2010-12-31"^^xsd:date -> where does "x" come from?

br, simon

---
DDipl.-Ing. Simon Steyskal
Institute for Information Business, WU Vienna

www: http://www.steyskal.info/<http://www.steyskal.info/> twitter: @simonsteys

Am 2016-11-08 16:13, schrieb Myles, Stuart:
> I don’t see how it is meaningful to constrain either parties or
> targets. In fact, I think it just introduces problems for evaluating
> policies.
>
> (What follows is all based on my experience with implementing an
> engine to evaluate ODRL automatically. And it is the same argument for
> why I think it is a mistake to indicate any properties of parties
> other than their URI - such as whether or not they are a “group”).
>
>
> When you’re evaluating an ODRL policy, you’re trying to determine “Am
> I permitted to perform this action on this asset?”. More generally, it
> could be stated as “Is Party P permitted to perform Action A on Asset
> X?”. That means you need to determine whether various entities in the
> Policy are “the same as” the entities you’re interested in. Is the
> Policy Asset “the same as” Asset X and is the Policy Assignee “the
> same as” Party P? (In fact, it is much more complicated than this, as
> you also need to determine whether the Policy Action is “the same as”
> Action A – ODRL actions are hierarchical, so it is quite likely the
> action you wish to perform is very granular, but the Policy Action
> could be much more general – an ancestor of Action A in the ODRL tree.
> And the same thing applies to values for constraints such as location
> – the Policy may constrain actions in Europe. And you might want to
> perform the Action in Istanbul or Geneva or London).
>
> So, a lot of the work that an ODRL evaluation engine must perform is
> to evaluate rules to determine whether various values are “the same
> as” other values. So, what would it mean to introduce constraints on
> those values in the Policy itself? How can a Party have both a URI
> *AND* a constraint? What is that meant to mean? I can understand a
> Party URI which means “people known to be 18 years and older”. But I
> don’t understand how an engine is meant to evaluate a URI and a
> constraint – unless we want to introduce rules for how to deal with
> contradictions between what is stated in the Policy constraints and
> what is “known” by the evaluating engine.
>
> Regards,
>
> Stuart
>
> FROM: Renato Iannella [mailto:renato.iannella@monegraph.com]
> SENT: Tuesday, November 08, 2016 8:40 AM
> TO: W3C POE WG
> SUBJECT: Re: About a more strict definition of Constraint
>
> I think the general issue is that we have associated the Constraint to
> the Perm/Prohib/Duty, when we should have associated it directly to
> the Action/Name.
>
> Michael’s example show that with the “odrl:constraintsubject”
> having to explicitly refer to the odrl:action.
>
> And this gets worse when we introduce support for Constraints on
> Asset’s and Parties.
>
> *IF* we move the constraint directly as a property of the Action/Name,
> then we could express:
>
> odrl:permission [
>
> a odrl:Permission ;
>
> odrl:target <http://example.com/music:4545<http://example.com/music:4545> [1]> ;
>
> odrl:assigner <http://example.com/sony:10<http://example.com/sony:10> [2]> ;
>
> odrl:action [
>
> a odrl:Action ;
>
> rdf:value odrl:copy ;
>
> odrl:constraint [
>
> a odrl:Constraint ;
>
> odrl:count 1 ;
>
> odrl:operator odrl:lteq
>
> ]
>
> ]
>
> ] .
>
> This makes the constraint clearly associated with the odrl:copy action
> (and all constraints in that Action will apply to the same).
>
> Then, when we add a Constraint to the Target, the subject is clear:
>
> odrl:target [
>
> a odrl:Asset ;
>
> rdf:value <http://example.com/music:4545<http://example.com/music:4545> [1]> ;
>
> odrl:constraint [
>
> a odrl:Constraint ;
>
> spotify:artist <http://music.net/people:prince<http://music.net/people:prince> [3]> ;
>
> odrl:operator odrl:eq
>
> ]
>
> ]
>
> And the same for Party:
>
> odrl:assignee [
>
> a odrl:Party ;
>
> rdf:value <http://example.com/billie<http://example.com/billie>> ;
>
> odrl:constraint [
>
> a odrl:Constraint ;
>
> spotify:age 18 ;
>
> odrl:operator odrl:gteq
>
> ]
>
> ]
>
> Then we have our favourite example…the constraint on a constraint.
>
> The constraint “end of the football match” is further constrained by a
> “30 min time period”:
>
> odrl:action [
>
> a odrl:Action ;
>
> rdf:value odrl:distribute ;
>
> odrl:constraint [
>
> a odrl:Constraint ;
>
> odrl:event <http://premier-league.com/end-of-match<http://premier-league.com/end-of-match> ;
>
> odrl:operator odrl:eq ;
>
> odrl:constraint [
>
> a odrl:Constraint ;
>
> odrl:dateTime "P30M" ;
>
> odrl:operator odrl:gteq ;
>
> ]
>
> ]
>
> ] .
>
> Renato
>
> ps: i’ve used rdf:value here but we could define our own predicate
>
> Links:
> ------
> [1] http://example.com/music:4545<http://example.com/music:4545>
> [2] http://example.com/sony:10<http://example.com/sony:10>
> [3] http://music.net/people:prince<http://music.net/people:prince>

Received on Wednesday, 9 November 2016 23:24:47 UTC