Re: provenance, authorization, audit trails and licensing from Stephan Zednik on 2011-09-06 (public-prov-wg@w3.org from September 2011)

From: Stephan Zednik <zednis@rpi.edu>
Date: Tue, 6 Sep 2011 12:41:26 -0600
To: public-prov-wg@w3.org
Message-Id: <DB905710-6F7C-44FE-8AF4-AF0BEBC8508B@rpi.edu>

On Sep 6, 2011, at 11:34 AM, Deus, Helena wrote:

> Hi all,
>  
> In response to the availability of the second questionnaire, I am getting some nice feedback (and what they expect to see coming out of this workgroup).
> 1.       Will the provenance ontology provide a means for someone to specify authorization? I know that has more to do with policies than with provenance, but perhaps we can include some domain independent elements to describe authorization associated with provenance?

I think we should develop an example scenario.  Is it sufficient to state the access rights?

Dublin Core has a property to refer to the access rights of a resource:

http://dublincore.org/documents/dcmi-terms/#terms-accessRights

Or should we model a characterized entity (is this still a popular term in the modeling TF?) as 'authorized' in the provenance as the result of some process execution?

> 2.       Audit trails: who saw what, when and in which context – they seem to want provenance to go beyond describing a process transformation, but also who accessed things

Can this be represented using the current model?  Could an access be a process execution?

I think we should develop an example scenario and see if it can be presented using the current model.

> 3.       Licensing: there are situations in which datasets can be unlocked when a license is provided/included. Can/should we use our ontology to include this information?
>  
> Does anybody know of some ontologies that already combine both (provenance and authorization; provenance and audit trails; provenance and licensing)?

Dublin Core does provide a property to refer to a license:

http://dublincore.org/documents/dcmi-terms/#terms-license

--Stephan

>  
> We can, perhaps consider devising the “provenance ontology” (PIF or whatever it’s going to be named) and provide also a set of extensions to the core ontology. For example, one extension that covers authorization, other one covering audit trails. What we want to avoid is people redoing this work many times because they need it for their projects and we did not deliver.  
>  
> Alternatively, we can decide that these are completely out of the scope of provenance and identify the need for an “authorization” work group.
>  
> Comments? Ideas? Worth discussing in the next telco?
>  
> Kind Regards,
> Helena F. Deus
> Post-doctoral Researcher
> Digital Enterprise Research Institute
> National University of Ireland, Galway
> http://lenadeus.info
>

Received on Tuesday, 6 September 2011 18:41:54 UTC