- From: Phil Archer <phila@w3.org>
- Date: Mon, 27 Mar 2017 14:35:07 +0100
- To: POE WG <public-poe-wg@w3.org>
As ever, the minutes of today's meeting are at
https://www.w3.org/2017/03/27-poe-minutes with a text snapshot below.
Thanks Michael for scribing.
Main topic today was Sabrina's new use case of modelling the GDPR using
a profile of ODRL.
Permissions and Obligations Expression Working Group Teleconference
27 March 2017
[2]Agenda [3]IRC log
[2] https://www.w3.org/2016/poe/wiki/Meetings:Telecon20170327
[3] http://www.w3.org/2017/03/27-poe-irc
Attendees
Present
benws, benws110, ivan, michaelS, phila, renato, Sabrina,
Serena, smyles, victor
Regrets
Brian, Caroline, Simon
Chair
Ben
Scribe
michaelS
Contents
* [4]Meeting Minutes
1. [5]Last week's minutes
2. [6]New Use Case
3. [7]Deliverables
4. [8]best practices
5. [9]open Actions
6. [10]London F2F
* [11]Summary of Action Items
* [12]Summary of Resolutions
Meeting Minutes
<benws110> nick benws
<victor> hi all
<renato> hi victor
scribe michaelS
Last week's minutes
benws: anybody want to raise an issue with last week's minutes
<phila> [NOTUC]
<phila> [13]Last week's minutes
[13] https://www.w3.org/2017/03/20-poe-minutes.html
Resolved: last week's minutes approved
<renato> [14]https://www.w3.org/2016/poe/wiki/
Use_Cases#POE.UC.37_Representing_regulations_using_ODRL
[14]
https://www.w3.org/2016/poe/wiki/Use_Cases#POE.UC.37_Representing_regulations_using_ODRL
New Use Case
Sabrina: introduced the Use Case
… it models the EU General Data Protection Regulation
… it needs to cover that at a generic level but also in details
… Article 12 added as an example
… this article shows the important use of references to other
articles
… the numbering of the articles has at least two levels
benws: any comments on that so far?
benws: does this requirement belong to a profile or to the
general ODRL model?
Sabrina: this is a decision by this group
renato: what does "refer to another article" mean?
Sabrina: that are dependencies - look at Article 12. This may
transform to many duties.
… to check if Article 12 is fullfilled the fulfillment of other
articles is required
phila: GDPR is very important it would be a big PR win if ODRL
could show that it can cover it.
… key question: is ODRL is a good tool for that purpose.
Sabrina do you feel that?
Sabrina: ODRL is not a bad fit. We need to specify obligations
and constraints
… There is work on taxonomies by other parties but less
fitting.
renato: we could promote this as a profile. This would serve to
explain how to create a profile
… and this profile could be shown to a wide audience.
… the relationships between the constraints and duties is
demandingö
Sabrina: we have dependencies between the duties, we have
constraints on duties, actions and parties
… supported to create a profile for that.
benws: to show that we could express regulations and licences
by the same language would be fine
phil
phila: supported using ODRL for this purpose
Sabrina: we are basically defining obligiations = duties =
complying with the regulations
… if we run into problems we will come back to this group
… when it comes to constraints: there are discretational ones
smyles: suggested to model optional constraints as permissions
Sabrina: that's not exactly the intention of the GDPR
… there are statements like a recommendation - and we don't
want to omit them
renato: is thinking what this could look like in code:
leftOperand say you may or may not use an icon
Sabrina: need for a discretional constraint: it would be good
to meet this constraint but it doesn't stop the policy
… if it is not met
Sabrina: for her and Simon some constraints a bit fuzzy, needs
deeper reviews
smyles: we may add a concept of recommendation = if you can,
you should do that
… there could be levels of recommendation: strongly recommended
... and more
Sabrina: will review this suggestion
<renato> [15]https://tools.ietf.org/html/rfc2119
[15] https://tools.ietf.org/html/rfc2119
<phila> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL
<phila> NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
<phila> "OPTIONAL" in this document are to be interpreted as
described in
<phila> RFC 2119.
phila: RFC2119 is a standard specifying things like that -
could help
Sabrina: Dispensation = something is required, but there is a
dispensation under specific condiditions.
… and some articles say "you are not allowed" others say
"unless party X allows that"
<victor> Dispensation: a : an exemption from a law or from an
impediment, vow, or oath may be granted a dispensation from the
rule b : a formal authorization requested a dispensation to
form another lodge
Sabrina: in fact: an exception on an exception
… may also be used
renato: went over some more details of transforming DGPR into
ODRL
victor: thinks like that can be expressed by ODRL.
Sabrina: we are looking not only at GDPR but also legal
regulations in general - is the existing ODRL data model work
for us
benws: what are "features"
victor: we could think about synonyms for hardwired constraints
Sabrina: two more things: "Feature" = article 12 has various
obligations, some are well defined, some don't stand on their
own.
… we are looking at conjunctions and disjunctions in this
context
… transparency is the conjunction of all of them - we call them
Features at the moment
Sabrina: we need additional constraints on the asset - they
will span across multiple duties
renato: ODRL scope could work
Sabrina: agreed
… we have an issue with the type of processing - e.g. how
personal data may be used for marketing
smyles: the purpose is to define the nature of a party - right?
Sabrina: yes, depending on who you are rules may apply
smyles: why not to split up in constraints for group A and
group B of persons
smyles: wondered if inheritance could be used
Sabrina: the controllers for different purposes are different
… we look at what's there and then will come back to this group
… the Wiki space could be used for discussions
benws: timeline?
Sabrina: there are different groups of work: e.g. transforming
the article and the sub-points - but that's not very usable.
… in a next step obligations have to be pulled out of the
articles - and that's a big work, will take months.
benws: does this timeline align with the ODRL timeline?
Sabrina: yes.
renato: do we need a new policy type "regulation"?
Sabrina: yes
benws: supported to use Wikipages for working on the
transformation
Deliverables
<renato> [16]https://www.w3.org/2016/poe/wiki/Deliverables
[16] https://www.w3.org/2016/poe/wiki/Deliverables
renato: went over [17]https://www.w3.org/2016/poe/wiki/
Deliverables
[17] https://www.w3.org/2016/poe/wiki/Deliverables
<renato> [18]https://lists.w3.org/Archives/Public/
public-poe-comments/2017Mar/0012.html
[18]
https://lists.w3.org/Archives/Public/public-poe-comments/2017Mar/0012.html
renato: we got a reply from EDRLabs
<renato> [19]https://github.com/w3c/poe/issues/118
[19] https://github.com/w3c/poe/issues/118
renato: raised some concerns regarding periods
… this needs an update of the definitions of date/time and
period constraints
renato: re Horizontal reviews:
… any news from Brian?
benws: has sent a reminder
renato: reviews seem to be on track
benws: refered to a proposoal of Victor to hold a special
meeting
… = a call
benws: asked Victor to launch a Doodgle survey for finding date
and time
best practices
benws: tried to reach out to James from Catapult, but the email
did not work
open Actions
benws: only 3 on the issue tracker
<phila> s/RESOLVED: last week's minutes approved//
<renato> [20]https://github.com/w3c/poe/issues/114
[20] https://github.com/w3c/poe/issues/114
London F2F
benws: open issue is providing hotel rooms at TR rates - but
Sabrina may have an alternative
victor: would appreciate to have times for the agenda items
bens: starting time 10am - ok?
renato: agenda will be based on requests from group members and
currently ongoing work
<ivan> will there be possibiltiies for dial in?
benws: suggested 5:30pm as closing time
<ivan> thanks
benws: it will be possible to dial in too
benws: AOB?
benws: none was raised - bye
Summary of Action Items
Summary of Resolutions
1. [21]last week's minutes approved
Received on Monday, 27 March 2017 13:35:13 UTC