[Minutes] 2017 03 27

As ever, the minutes of today's meeting are at 
https://www.w3.org/2017/03/27-poe-minutes with a text snapshot below. 
Thanks Michael for scribing.

Main topic today was Sabrina's new use case of modelling the GDPR using 
a profile of ODRL.


   Permissions and Obligations Expression Working Group Teleconference

27 March 2017

    [2]Agenda [3]IRC log

       [2] https://www.w3.org/2016/poe/wiki/Meetings:Telecon20170327
       [3] http://www.w3.org/2017/03/27-poe-irc

Attendees

    Present
           benws, benws110, ivan, michaelS, phila, renato, Sabrina,
           Serena, smyles, victor

    Regrets
           Brian, Caroline, Simon

    Chair
           Ben

    Scribe
           michaelS

Contents

      * [4]Meeting Minutes
          1. [5]Last week's minutes
          2. [6]New Use Case
          3. [7]Deliverables
          4. [8]best practices
          5. [9]open Actions
          6. [10]London F2F
      * [11]Summary of Action Items
      * [12]Summary of Resolutions

Meeting Minutes

    <benws110> nick benws

    <victor> hi all

    <renato> hi victor

    scribe michaelS

Last week's minutes

    benws: anybody want to raise an issue with last week's minutes

    <phila> [NOTUC]

    <phila> [13]Last week's minutes

      [13] https://www.w3.org/2017/03/20-poe-minutes.html

    Resolved: last week's minutes approved

    <renato> [14]https://www.w3.org/2016/poe/wiki/
    Use_Cases#POE.UC.37_Representing_regulations_using_ODRL

      [14] 
https://www.w3.org/2016/poe/wiki/Use_Cases#POE.UC.37_Representing_regulations_using_ODRL

New Use Case

    Sabrina: introduced the Use Case
    … it models the EU General Data Protection Regulation
    … it needs to cover that at a generic level but also in details
    … Article 12 added as an example
    … this article shows the important use of references to other
    articles
    … the numbering of the articles has at least two levels

    benws: any comments on that so far?

    benws: does this requirement belong to a profile or to the
    general ODRL model?

    Sabrina: this is a decision by this group

    renato: what does "refer to another article" mean?

    Sabrina: that are dependencies - look at Article 12. This may
    transform to many duties.
    … to check if Article 12 is fullfilled the fulfillment of other
    articles is required

    phila: GDPR is very important it would be a big PR win if ODRL
    could show that it can cover it.
    … key question: is ODRL is a good tool for that purpose.
    Sabrina do you feel that?

    Sabrina: ODRL is not a bad fit. We need to specify obligations
    and constraints
    … There is work on taxonomies by other parties but less
    fitting.

    renato: we could promote this as a profile. This would serve to
    explain how to create a profile
    … and this profile could be shown to a wide audience.
    … the relationships between the constraints and duties is
    demandingö

    Sabrina: we have dependencies between the duties, we have
    constraints on duties, actions and parties
    … supported to create a profile for that.

    benws: to show that we could express regulations and licences
    by the same language would be fine

    phil

    phila: supported using ODRL for this purpose

    Sabrina: we are basically defining obligiations = duties =
    complying with the regulations
    … if we run into problems we will come back to this group
    … when it comes to constraints: there are discretational ones

    smyles: suggested to model optional constraints as permissions

    Sabrina: that's not exactly the intention of the GDPR
    … there are statements like a recommendation - and we don't
    want to omit them

    renato: is thinking what this could look like in code:
    leftOperand say you may or may not use an icon

    Sabrina: need for a discretional constraint: it would be good
    to meet this constraint but it doesn't stop the policy
    … if it is not met

    Sabrina: for her and Simon some constraints a bit fuzzy, needs
    deeper reviews

    smyles: we may add a concept of recommendation = if you can,
    you should do that
    … there could be levels of recommendation: strongly recommended
    ... and more

    Sabrina: will review this suggestion

    <renato> [15]https://tools.ietf.org/html/rfc2119

      [15] https://tools.ietf.org/html/rfc2119

    <phila> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
    "SHALL

    <phila> NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and

    <phila> "OPTIONAL" in this document are to be interpreted as
    described in

    <phila> RFC 2119.

    phila: RFC2119 is a standard specifying things like that -
    could help

    Sabrina: Dispensation = something is required, but there is a
    dispensation under specific condiditions.
    … and some articles say "you are not allowed" others say
    "unless party X allows that"

    <victor> Dispensation: a : an exemption from a law or from an
    impediment, vow, or oath may be granted a dispensation from the
    rule b : a formal authorization requested a dispensation to
    form another lodge

    Sabrina: in fact: an exception on an exception
    … may also be used

    renato: went over some more details of transforming DGPR into
    ODRL

    victor: thinks like that can be expressed by ODRL.

    Sabrina: we are looking not only at GDPR but also legal
    regulations in general - is the existing ODRL data model work
    for us

    benws: what are "features"

    victor: we could think about synonyms for hardwired constraints

    Sabrina: two more things: "Feature" = article 12 has various
    obligations, some are well defined, some don't stand on their
    own.
    … we are looking at conjunctions and disjunctions in this
    context
    … transparency is the conjunction of all of them - we call them
    Features at the moment

    Sabrina: we need additional constraints on the asset - they
    will span across multiple duties

    renato: ODRL scope could work

    Sabrina: agreed
    … we have an issue with the type of processing - e.g. how
    personal data may be used for marketing

    smyles: the purpose is to define the nature of a party - right?

    Sabrina: yes, depending on who you are rules may apply

    smyles: why not to split up in constraints for group A and
    group B of persons

    smyles: wondered if inheritance could be used

    Sabrina: the controllers for different purposes are different
    … we look at what's there and then will come back to this group
    … the Wiki space could be used for discussions

    benws: timeline?

    Sabrina: there are different groups of work: e.g. transforming
    the article and the sub-points - but that's not very usable.
    … in a next step obligations have to be pulled out of the
    articles - and that's a big work, will take months.

    benws: does this timeline align with the ODRL timeline?

    Sabrina: yes.

    renato: do we need a new policy type "regulation"?

    Sabrina: yes

    benws: supported to use Wikipages for working on the
    transformation

Deliverables

    <renato> [16]https://www.w3.org/2016/poe/wiki/Deliverables

      [16] https://www.w3.org/2016/poe/wiki/Deliverables

    renato: went over [17]https://www.w3.org/2016/poe/wiki/
    Deliverables

      [17] https://www.w3.org/2016/poe/wiki/Deliverables

    <renato> [18]https://lists.w3.org/Archives/Public/
    public-poe-comments/2017Mar/0012.html

      [18] 
https://lists.w3.org/Archives/Public/public-poe-comments/2017Mar/0012.html

    renato: we got a reply from EDRLabs

    <renato> [19]https://github.com/w3c/poe/issues/118

      [19] https://github.com/w3c/poe/issues/118

    renato: raised some concerns regarding periods
    … this needs an update of the definitions of date/time and
    period constraints

    renato: re Horizontal reviews:
    … any news from Brian?

    benws: has sent a reminder

    renato: reviews seem to be on track

    benws: refered to a proposoal of Victor to hold a special
    meeting
    … = a call

    benws: asked Victor to launch a Doodgle survey for finding date
    and time

best practices

    benws: tried to reach out to James from Catapult, but the email
    did not work

open Actions

    benws: only 3 on the issue tracker

    <phila> s/RESOLVED: last week's minutes approved//

    <renato> [20]https://github.com/w3c/poe/issues/114

      [20] https://github.com/w3c/poe/issues/114

London F2F

    benws: open issue is providing hotel rooms at TR rates - but
    Sabrina may have an alternative

    victor: would appreciate to have times for the agenda items

    bens: starting time 10am - ok?

    renato: agenda will be based on requests from group members and
    currently ongoing work

    <ivan> will there be possibiltiies for dial in?

    benws: suggested 5:30pm as closing time

    <ivan> thanks

    benws: it will be possible to dial in too

    benws: AOB?

    benws: none was raised - bye

Summary of Action Items

Summary of Resolutions

     1. [21]last week's minutes approved

Received on Monday, 27 March 2017 13:35:13 UTC