Copyright © 2017 W3C® (MIT, ERCIM, Keio, Beihang). W3C liability, trademark and document use rules apply.
This document includes a set of use cases and requirements, compiled by the Permissions & Obligations Expression (POE) Working Group, that motivate the expression of statements about digital content usage. All use cases provide realistic examples describing how people and organisations may (or want to be able to) specify statements about digital content usage. The requirements derived from these use cases will be used to guide the development of the POE WG recommendation deliverables for the Information Model, Vocabulary, and Encodings.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.
This is work in progress. The final version of this document planned to be published as a Working Group Note.
This document was published by the Permissions & Obligations Expression Working Group as a Working Draft. If you wish to make comments regarding this document, please send them to [email protected] (subscribe, archives). All comments are welcome.
Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. The group does not expect this document to become a W3C Recommendation. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
This document is governed by the 1 September 2015 W3C Process Document.
This document is organized as follows:
Víctor Rodríguez on behalf of W3C Linked Data For Language Technology Community Group
Language resources (lexicons, dictionaries, machine translation, etc.) are collected in repositories. Publishers would like to express what is permitted and what it is not.
Language resources are highly valuable resources now being massively translated to Linked Data. See the diagram here: Linguistic Linked Data Cloud. Different Language Resource Catalogs exist, like the one of CLARIN, or the one of META-SHARE, LRMAP, Linghub, etc. These resources need to be browsed and queried, and the permissions information must be in a machine-readable form in order to facilitate search-by-permission and in order to allow the automated processing of permission expressions.
Related Requirements: POE.R.DM.01, POE.R.DM.07, POE.R.DM.08, POE.R.V.01, POE.R.V.02, POE.R.V.11, POE.R.V.12, POE.R.E.01, POE.R.R.04, POE.R.R.09Víctor Rodríguez and Nandana Mihindukulasooriya (UPM) on behalf of the ODRL Linked Data profile editors.
A publisher of Linked Data (or in general a RDF dataset) wants to selectively make available parts (e.g. named graphs) of a dataset. Availability depend on ODRL policies, the context and the ODRL Request and ODRL Ticket. For example, given a dataset, one might want to serve it under the following conditions: "Anybody can access named graph ex:graph1
, but can only access ex:graph2
during 2016. Individual triples in ex:graph3
can be accessed at the price of 1 € cent."
Phil Archer & Keith Jeffery on behalf of the VRE4EIC Project
Researchers are strongly encouraged (and now routinely required) to publish data supporting their scholarly published papers. Irrespective of the terms under which the paper is published (although usually open access), the data is generally expected to be made freely and openly available. However, this may happen after an embargo period. The purpose of the embargo period is to allow the researcher or research team creating the dataset to have a publication based on it published before colleagues can access the dataset and generate their own publications.
Related Requirements: POE.R.DM.06, POE.R.DM.09Serena Villata (joint work with Guido Governatori) in the context of the MIREL Project
Technical documents describe how to handle and what are the functionalities of a certain product or process (e.g., telecommunication codes). They are intended to provide information about what can/cannot be done with the product or within a certain process. Given the huge dimension of this kind of legal texts and their diffusion in the companies, the advantages of returning a machine-readable representation of such texts would allow to have in this representation a kind of summary of the main constraints expressed in the documents, with invaluable time saving for every person that is expected to read the whole document before obtaining this information. A specific usage of such a kind of texts is that of manually extracting the set of obliged/prohibited/permitted actions in order to check whether certain business processes are compliant with the legal text they should refer to. Moreover, issues related to the merging of updated versions of the documents, with amendments with respect to the policies and duties expressed in the former versions.
Related Requirements: POE.R.DM.04, POE.R.R.01, POE.R.R.02, POE.R.R.03, POE.R.R.07Mo McRoberts, BBC
The Research & Education Space platform, developed jointly by the BBC and partners, indexes Linked Open Data describing media that is available both to the public, and specifically for those in formal education, primarily in the UK. Even within this latter group, there are a range of different licensing schemes and access mechanisms which are not mutually-exclusive. For queries against the index to return appropriate results for a user, we must track which schemes they (or their institution) is a member of and filter based upon these, which therefore translates into a requirement for the metadata being indexed to include information identifying which are applicable (we term these "audience URIs"). Note that this is not an access-control mechanism (this should be implemented and enforced at the media location), rather a means of ensuring that an optimal user experience is delivered.
Related Requirements: POE.R.DM.12Phil Archer for the Big Data Europe Project
OpenPHACTS integrates pharmacological data from a wide range of sources and provides an API through which different identifiers for the same thing can be reconciled, reducing barriers to drug discovery in industry, academia and for small businesses. Some data is open but not all. It may come with a variation of a Creative Commons License; some data is visible to all users, some to members, some only to the original data owner.
Rather than attempt to make assertions about what an end user can or cannot do with the data available through its API, OpenPHACTS is careful to simply make clear to its users where data came from and under what terms. It is then up to the end user to assess whether their intended use is, or is not, compliant with those terms.
Related Requirements: POE.R.R.05, POE.R.R.06Stuart Myles
In the news industry, rights holders and editors need to establish the permissions and restrictions associated with content.
Phil Archer
The European Data Portal (EDP) harvests and republishes metadata from across Europe. It therefore has to handle a wide variety of inputs, including a variety of licenses attached to datasets (and datasets with no license attached). In order to manage this, the EDP has examined each of the most commonly found licenses and derived a set of atomic permissions and obligations expressed in those licenses with the intention that users can assess whether or not a particular combination of datasets is permissible and, if so, under what conditions. Their work itself is available on the European Data Portal as Licence Assistant: European Data Portal Licence Compatibility Matrix.
Related Requirements: POE.R.V.15, POE.R.R.08Ben Whittam Smith on behalf of Thomson Reuters
A bundled data product, which is sometimes called a 'base product', brings together a set of permissions that can be separately bought into a policy [or package] that is sold for a single price - or provided for free. It is important that the pricing is set at the aggregate level.
Related Requirements: POE.R.DM.05Ben Whittam Smith on behalf of Thomson Reuters
Sometimes things are paid for on a per-usage basis. For instance a SaaS product might charge per account (or per seat), or a definition in legal treatise might be charged for every time it is printed or included in a PDF.
Related Requirements: POE.R.V.03Ben Whittam Smith on behalf of Thomson Reuters
There are some common obligations that must be transmitted if you are acting as an intermediary between the data owner and the data user. Often the owner and the user must sign a contract, the user must acknowledge the copyright of the owner, and the user must acknowledge some other documentation (like a 'Restriction On Distribution Statement').
Related Requirements: POE.R.V.08, POE.R.V.10Ben Whittam Smith on behalf of Thomson Reuters
Data sets are often combined (aggregation) and analysed to generate new data sets (derivation). Big data analytics generates extended workflows of such operations. What policies control each step of the process? For example, a synthetic instrument might be generated by following a simple rule: (equity price on NYSE - equity opening price on NYSE) * equity weighting on MSCI Technology Index)
Let's say we know the three policies that control equity prices on the New York Stock Exchange, their opening prices, and their index weighting. Then what is the policy that controls the resulting synthetic instrument?
Related Requirements: POE.R.R.01, POE.R.R.02, POE.R.R.05Ben Whittam Smith on behalf of Thomson Reuters
Assigners are often corporate entities. They may want to restrict the right to exercise the actions they 'own' to particular groups within their own organisation, or even to an individual. This doesn't feel like an rights assignment (as no rights are being assigned?) but a delegation.
Related Requirements: POE.R.V.01, POE.R.V.16Ben Whittam Smith on behalf of Thomson Reuters
Extended relations are an experimental feature of ODRL 2.1. In many cases, they would be necessary for commercial purposes. For example, it might be the case that on the 15th of every month the user must report usage by providing a list of either Access IDs OR Physical IDs. Extended relations would be a way of enabling this.
Related Requirements: POE.R.DM.10Ben Whittam Smith on behalf of Thomson Reuters
Permissions often vary depending on whether the data is used in real-time (expensive and restrictive) or after a specified delay (cheaper and less restrictive).
Related Requirements: POE.R.DM.06, POE.R.DM.09Ben Whittam Smith on behalf of Thomson Reuters
Access to historical data is often specified by the access period (how long can you go back in history) and access interval (how often can you sample the history). So a permission might be for access to 7 years of historical data but only on a monthly basis.
Related Requirements: POE.R.DM.06James Birmingham on behalf of Digital Catapult
In order to manage a common offer which is applied to many assets, a one-to-many relationship is more preferable than a one-to-one. If the offer can target a set of assets, it must also be able to state that what is offered is n items from the set rather than the whole set.
Related Requirements: POE.R.DM.08, POE.R.V.12Renato Iannella
A common use case is for a general policy statement to be asserted. This is simply a party stating what policy terms they believe they have. Either an assignee can assert what terms they have over an asset and/or an assigner can assert what terms they have over an asset. An assertion does not grant any of the statements. A policy assertion may state that a party is a general rights holder or other roles.
Related Requirements: POE.R.V.01, POE.R.V.16Michael Steidl
Sometimes it's required to be able to constrain the applicability of policies according to a relative point in time, e.g.:
Víctor Rodríguez-Doncel
META-SHARE is an open and secure network of repositories for sharing and exchanging language data, tools, and related web services. As of July 2016, it accounted more than 2700 resources. These resources are described with small pieces of metadata according to their schema.
While maintainers of META-SHARE's 32 repositories can edit simple metadata records, they are usually not skilled enough to edit ODRL expressions. Hence they would like to be able to:
Víctor Rodríguez-Doncel
Depending on the use case, it's often necessary to specify constraints on properties of different kinds of entities (e.g., assets, parties or any other external entities). The exact subject for which those constraints must hold is currently not encodable in ODRL, but has to be inferred from the textual semantics of each of ODRL's 25 constraint terms; which not only leads to ambiguities in terms of interpreted semantics, but might also prove to be not capable of fully covering new usages of ODRL.
Related Requirements: POE.R.DM.02Removed -> Duplicate of POE.UC.04
Brian Ulicny
Many data providers require that if a record or element of the data is deleted in the source, it must be deleted in any copy and/or aggregation of that data. For example, arrest records must be expunged in public datasets if they are expunged by a court. Twitter requires that deleted tweets not be used in datasets, and so on.
Related Requirements: POE.R.DM.09Laboratorio di Informatica Musicale (LIM), Department of Computer Science, Universitá degli Studi di Milano
IEEE 1599 is an international XML-based standard that aims to comprehensively describe music content by supporting the representation of heterogeneous music aspects within a single XML document. Moreover, IEEE 1599 lets spatio-temporal relationships emerge among such materials, thanks to the identification of music events inside a common data structure known as the spine: in this way, events can be described in different layers (e.g., a chord's graphical aspect and its audio performance), as well as multiple times within a single layer (e.g., different music performances of the same events). Consequently, the IEEE 1599 multilayer environment presents two complementary synchronization modes: inter-layer and intra-layer synchronization. Coupling these two categories of synchronization makes it possible to design and implement frameworks that allow new kinds of interaction with media contents and novel music-experience models, as shown in the Music Box area of the EMIPIU web framework (see URL above). Recognizing music events and their synchronization can be seen as an additional intellectual achievement that on one side does not affect the already existing IP rights on media contents, but on the other side requires adequate protection. Consequently, it is desirable to consider a new permission which allows the producer to synchronize different media contents with respect to the other possibly existing permissions, restrictions and duties associated with media contents.
Related Requirements: POE.R.DM.08, POE.R.DM.12, POE.R.V.12Dianne Kennedy, Idealliance
In the Magazine Industry, magazine media companies need the ability to communicate the legal terms of usage permissions (known as licensing terms) that are associated with content (article text and rich media). Specifically:
Antoine Isaac, Riccardo Albertoni
Example from the W3C Working Group Data on the Web Best Practices [dwbp], more specifically for the Data Quality Vocabulary [vocab-dqv]. This example specifies that the serviceProvider grants the permission to access the dataset and commits to serve the data with a certain quality, more concretely, 99% availability of a SPARQL endpoint associated with the dataset. This is expressed as a duty on the service provider with a constraint that is defined using a DQV metric (:sparqlEndpointUptime
) that has to be greater than a certain value (e.g., 99). The odrl:assignee
is the recipient of the policy statement and the odrl:assigner
is the issuer of the policy statement. For discussion about this example see http://lists.w3.org/Archives/Public/public-odrl/2016Feb/0000.html
The expression of constraints in ODRL seems quite unfit with expressing general constraints on values in RDF graphs, as we would require here. However, ODRL can be easily extended, and is schedule to undergo refinement in the context of the W3C Permissions & Obligations Expression Working Group. In the future DQV implementers should investigate whether a general constraint expression language like the coming SHACL provides a more appropriate mechanism to be used on top of ODRL permissions and duties.
Related Requirements: POE.R.DM.09Antoine Isaac, Riccardo Albertoni
Data providers who are also the rights holders of the digital objects in question may want to allow reuse of their digital objects for educational purpose only.
Related Requirements: POE.R.DM.09This section lists the requirements arising from the use-cases catalogued in this document. Specific requirements that have been de-prioritized or rejected have been left in the document for completeness, but are shown as struck out.
odrl:target
predicate.