Re: provenance, authorization, audit trails and licensing from Graham Klyne on 2011-09-09 (public-prov-wg@w3.org from September 2011)

From: Graham Klyne <GK@ninebynine.org>
Date: Fri, 09 Sep 2011 12:37:17 +0100
To: "Deus, Helena" <helena.deus@deri.org>
CC: public-prov-wg@w3.org
Message-ID: <4E69FA6D.8000009@ninebynine.org>

On 06/09/2011 18:34, Deus, Helena wrote:
> 1.       Will the provenance ontology provide a means for someone to
> specify authorization? I know that has more to do with policies than
> with provenance, but perhaps we can include some domain independent
> elements to describe authorization associated with provenance?

I was initially sceptical about the role of "authorization", but this 
characterization as policy makes more sense to me.  As in, maybe, policies 
governing or affecting the process executions whereby a particular entity/state 
is achieved.

> 2.       Audit trails: who saw what, when and in which context - they
> seem to want provenance to go beyond describing a process
> transformation, but also who accessed things

Could these be characterized as additional "using" PEs that don't generate 
further entities?

> 3.       Licensing: there are situations in which datasets can be
> unlocked when a license is provided/included. Can/should we use our
> ontology to include this information?

Hmmm... I'm wary of getting into access control territory, but there does seem 
to be some resonance with your notion of policies

> Does anybody know of some ontologies that already combine both
> (provenance and authorization; provenance and audit trails; provenance
> and licensing)?

There's widely used work around role based access control (RBAC) that uses 
notions of authorization and obligation policies, I think coming from work by 
Morris Sloman and Emil Lupu (http://hdl.handle.net/10044/1/5802), which I think 
is part of the underpinning for systems like PERMIS or XACML. (XACML cites an 
earlier 1994 paper http://hdl.handle.net/10044/1/4327.)

Provenance isn't mentioned directly, but I think it could be interpreted in 
terms of Sloman's "state based obligations".

There's some OASIS work on XACML and RDF: 
http://wiki.oasis-open.org/xacml/XACMLandRDF.

> We can, perhaps consider devising the "provenance ontology" (PIF or
> whatever it's going to be named) and provide also a set of extensions to
> the core ontology. For example, one extension that covers authorization,
> other one covering audit trails. What we want to avoid is people redoing
> this work many times because they need it for their projects and we did
> not deliver.

Or, identify existing work and provide pointers and examples?

I'd consider this could be good primer material.

#g
--

> Alternatively, we can decide that these are completely out of the scope
> of provenance and identify the need for an "authorization" work group.
>
>
>
> Comments? Ideas? Worth discussing in the next telco?
>
>
>
> Kind Regards,
>
> Helena F. Deus
>
> Post-doctoral Researcher
> Digital Enterprise Research Institute
>
> National University of Ireland, Galway
>
> http://lenadeus.info
>
>
>
>

Received on Friday, 9 September 2011 12:14:58 UTC