- From: Bob Wyman <bob@wyman.us>
- Date: Mon, 6 Mar 2023 18:38:31 -0500
- To: Johannes Ernst <johannes.ernst@gmail.com>
- Cc: public-swicg@w3.org
- Message-ID: <CAA1s49VwZbyK+59DTaFGCW7BFdcRXoJvO=RUyXHLtnSnX5Dh=w@mail.gmail.com>
Johannes,
You asked:
> is there a way to implement this minimally but usefully with a “shortcut",
> so all it would do is show an icon in the UI, or something like that? Like
> tell the user only?
and, in off-list email, you clarified that you were particularly interested
in the the prohibitions provided in an example:
"prohibition": [{
"action": ["Archive", "Index"],
First, I'd like to point out that the actual list of actions for which
permissions might be granted or withheld is something that we should
develop as the result of discussions among community members. The actions
in the example were just examples provided as food for thought. I have no
idea if they are among the right actions to control or how they might
eventually be defined. Nonetheless, they were taken from the ODRL Vocabulary
<https://www.w3.org/TR/odrl-vocab/> which defines them as:
- Archive <https://www.w3.org/TR/odrl-vocab/#term-archive>: To store the
Asset (in a non-transient form). Temporal constraints may be used for
temporal conditions.
- Index <https://www.w3.org/TR/odrl-vocab/#term-index>: To record the
Asset in an index. For example, to include a link to the Asset in a search
engine database.
The "temporal constraints" would be similar to what I used in an example
to show a temporary delegation of an account's operational rights when
someone goes on vacation. One might use a temporal constraint that limited
the right to "Archive" to no longer than than three months after the object
was created. Such a constraint would partially address the desires of the
many who have said that they want their posts to be ephemeral -- not part
of the permanent record of humanity... If you had something like a
weather-bot that posted regular outside-temperature reports, it might set
the temporal constraint of its Archive actions to a very short period of
time, perhaps a few hours, in order to prod servers to delete out-of-date
chaff from their databases. You might also use temporal constraints on the
"Read" action, combined with an "Archive" prohibition, to implement
something like Instagram's "Vanish Mode" disappearing messages. (Just set a
very short temporal constraint.) The cool thing here is that by using the
Rights Expression Language creatively, a content author can effectively
implement a "new feature."
I think these Archive constraints are within the legal rights of a content
creator. While a creator can't object to copying over the Internet and
within internal machine or screen memory, since that copying is technically
necessary to facilitate reading the data, I think that making a permanent
copy falls in the same category as scanning a book -- it need not be
allowed. However, digital technology gives us the ability to go beyond the
constraints of the physical world. We can use temporal constraints to limit
the period during which a copy may be stored. (Note: Those not willing to
or unable to honor temporal constraints should probably avoid storing
copies in anything other than temporary storage.)
Of course, these prohibitions and constraints should sometimes impact the
client's UI. For instance, one might disable a "Save" button if storage was
prohibited. Or, if there was a temporal constraint, pressing the Save
button might create a pop-up warning the user to delete the copy before
some date. (Yes, that would be hard to manage. But, it is best to allow the
author's intent to be expressed.)
As I read it, the Index action is intended to control the inclusion of
content in indexes, such as those of full-text search engines, which are
provided as a third-party service. Things like Google or TootFinder
<https://tootfinder.ch/>. As you know, many Mastodon users have said they
don't want their content indexed by search engines. On the other hand, many
users, including me, have given permission to TootFinder to index our
posts. But, I think even I would like to be able to withdraw that
privilege for some individual posts.
So, yes, I think the use of a Rights Expression Language might have a
variety of impacts on client's UIs. My personal opinion is that UI support
would not present significant difficulties. It should be remembered that
the primary goal of a REL is to "express" grants of permissions. It is
unreasonable to expect that software will be able to enforce all
constraints. So, in many cases, the UI's task will be limited to no more
than ensuring that the reader knows the author's intent.
bob wyman
Received on Monday, 6 March 2023 23:39:01 UTC