- From: Bob Wyman <bob@wyman.us>
- Date: Mon, 6 Mar 2023 18:38:31 -0500
- To: Johannes Ernst <johannes.ernst@gmail.com>
- Cc: public-swicg@w3.org
- Message-ID: <CAA1s49VwZbyK+59DTaFGCW7BFdcRXoJvO=RUyXHLtnSnX5Dh=w@mail.gmail.com>
Johannes, You asked: > is there a way to implement this minimally but usefully with a “shortcut", > so all it would do is show an icon in the UI, or something like that? Like > tell the user only? and, in off-list email, you clarified that you were particularly interested in the the prohibitions provided in an example: "prohibition": [{ "action": ["Archive", "Index"], First, I'd like to point out that the actual list of actions for which permissions might be granted or withheld is something that we should develop as the result of discussions among community members. The actions in the example were just examples provided as food for thought. I have no idea if they are among the right actions to control or how they might eventually be defined. Nonetheless, they were taken from the ODRL Vocabulary <https://www.w3.org/TR/odrl-vocab/> which defines them as: - Archive <https://www.w3.org/TR/odrl-vocab/#term-archive>: To store the Asset (in a non-transient form). Temporal constraints may be used for temporal conditions. - Index <https://www.w3.org/TR/odrl-vocab/#term-index>: To record the Asset in an index. For example, to include a link to the Asset in a search engine database. The "temporal constraints" would be similar to what I used in an example to show a temporary delegation of an account's operational rights when someone goes on vacation. One might use a temporal constraint that limited the right to "Archive" to no longer than than three months after the object was created. Such a constraint would partially address the desires of the many who have said that they want their posts to be ephemeral -- not part of the permanent record of humanity... If you had something like a weather-bot that posted regular outside-temperature reports, it might set the temporal constraint of its Archive actions to a very short period of time, perhaps a few hours, in order to prod servers to delete out-of-date chaff from their databases. You might also use temporal constraints on the "Read" action, combined with an "Archive" prohibition, to implement something like Instagram's "Vanish Mode" disappearing messages. (Just set a very short temporal constraint.) The cool thing here is that by using the Rights Expression Language creatively, a content author can effectively implement a "new feature." I think these Archive constraints are within the legal rights of a content creator. While a creator can't object to copying over the Internet and within internal machine or screen memory, since that copying is technically necessary to facilitate reading the data, I think that making a permanent copy falls in the same category as scanning a book -- it need not be allowed. However, digital technology gives us the ability to go beyond the constraints of the physical world. We can use temporal constraints to limit the period during which a copy may be stored. (Note: Those not willing to or unable to honor temporal constraints should probably avoid storing copies in anything other than temporary storage.) Of course, these prohibitions and constraints should sometimes impact the client's UI. For instance, one might disable a "Save" button if storage was prohibited. Or, if there was a temporal constraint, pressing the Save button might create a pop-up warning the user to delete the copy before some date. (Yes, that would be hard to manage. But, it is best to allow the author's intent to be expressed.) As I read it, the Index action is intended to control the inclusion of content in indexes, such as those of full-text search engines, which are provided as a third-party service. Things like Google or TootFinder <https://tootfinder.ch/>. As you know, many Mastodon users have said they don't want their content indexed by search engines. On the other hand, many users, including me, have given permission to TootFinder to index our posts. But, I think even I would like to be able to withdraw that privilege for some individual posts. So, yes, I think the use of a Rights Expression Language might have a variety of impacts on client's UIs. My personal opinion is that UI support would not present significant difficulties. It should be remembered that the primary goal of a REL is to "express" grants of permissions. It is unreasonable to expect that software will be able to enforce all constraints. So, in many cases, the UI's task will be limited to no more than ensuring that the reader knows the author's intent. bob wyman
Received on Monday, 6 March 2023 23:39:01 UTC