Comments (15)
In addition to the linked "terms of use" field (URL, etc.), it would be good to be able to either embed the signed terms under which the data is shared, or at a minimum a hash of the terms at the time of disclosure.
In general, the resource residing at a URL cannot be treated as static. Even if the recipient were to immediately retrieve the resource and store it as a form of purpose binding, there would be no way to prove, in an audit or in court, that the recipient's terms were those actually provided by the discloser.
The issue here, is, in part, to enable tracking of the terms of use for shared data to facilitate purpose binding and prevent non-permissioned, potentially toxic data from being used inappropriately. What the recipient needs is a non-repudiable statement linking a specific verifiable claim to a specific terms of use, signed by the discloser of the data. A simple URL would not provide that.
from vc-data-model.
/cc @riannella - Would it be possible for POE to attend the VCWG meeting at W3C TPAC and give us an overview of ODRL and how we may be able to use it for Verifiable Claims and limiting their use?
from vc-data-model.
We have a Terms of Use field now: https://w3c.github.io/vc-data-model/#terms-of-use
Unless someone steps up to detail how DO_NOT_CORRELATE is done for VC 1.0, the group will have to proceed to REC w/o a stable example. Can someone please volunteer to write a DO_NOT_CORRELATE example and place it in the examples repo? Or maybe the test suite?
from vc-data-model.
Note: ODRL is now a formal W3C REC:
ODRL Information Model V2.2
w3.org/TR/odrl-model/
ODRL Vocabulary & Expression V2.2
w3.org/TR/odrl-vocab/
from vc-data-model.
@msporny (apologies) but what do you mean by "do not correlate" ?
from vc-data-model.
In example 5, could you add "issuer" and "verifier" to the ODRL Policy?
(They would be sub-properties of assigner and assignee, defined in the Profile)
Similar for example 6, holder is a sub-prop of assigner
from vc-data-model.
@msporny (apologies) but what do you mean by "do not correlate" ?
We mean "Do not use the information that I am giving you, the relying party website / verifier, to correlate me between the websites I'm visiting. Basically, do not sell my browsing behavior to anyone.
Do you mean this example 6? https://www.w3.org/TR/odrl-model/#asset-partof
from vc-data-model.
@msporny I mean examples 5 and 6 here: https://w3c.github.io/vc-data-model/#terms-of-use
from vc-data-model.
Example 6 is not correct (in the case shown, the correlate action is prohibited on the target asset).
I think you need to use an Obligation: https://www.w3.org/TR/odrl-model/#duty-policy
from vc-data-model.
I think that having the terms of use field is sufficient for the v1 data model document.
We could start a completely new document, entitled Terms of Use, which documents and standardises specific terms of use which are of general use and applicability. In this was we do not unduly delay the data model document, whilst we do not forget about useful terms of use.
from vc-data-model.
That's sounds reasonable. We (the ODRL Community Group now) can help out in defining the terms as an ODRL Profile.
from vc-data-model.
@riannella in order to close this issue out, we need to fix the examples and I'm having a hard time understanding what is and isn't possible via ODRL. Please help us fix the examples w/ something concrete that we can put in the spec. We're trying to finish up the spec and if we don't have valid examples that demonstrate how to use ODRL, we'll have to just remove all ODRL examples and use a simpler schema.org example.
Which mailing list should I request help on? Is it this one? https://lists.w3.org/Archives/Public/public-odrl/
from vc-data-model.
Yes, that is the list of the ODRL Community Group which you can post questions.
I can provide some input here too...
I think you can state that given an appropriate ODRL Profile for credentials (in this case, we define issuer as a sub-property of assigner, and verifier as a sub-property of assignee) then we can update Example 6 to be:
"termsOfUse": [{
"type": "Policy",
"uid": "http://example.com/policy:8473",
"profile": "http://example.com/odrl:credential:profile",
"prohibition": [{
"issuer": "https://dmv.example.gov/01",
"verifier": "https://autoclub.example.com/02"
"target": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"action": ["archive"]
}]
from vc-data-model.
In example 7, with the Profile also including holder as a sub-property of Assigner, and correlate as an instance of odrl:Action. I assume the target will then be the credential itself, as this is the target of the non-correlation. (Ie don't use this credential data with any other data).
"termsOfUse": [{
"type": "Policy",
"uid": "http://example.com/policy:4928",
"profile": "http://example.com/odrl:credential:profile",",
"prohibition": [{
"holder": "https://me.example.com/02"
"verifier": "https://wineonline.example.com/02"
"target": "http://me.example.gov/credentials/3732",
"action": ["correlate"]
}]
}
Perhaps apply these updates and post a query to the ODRL Community Group for other feedback.
from vc-data-model.
@riannella wonderful, thank you, that gives me something solid to create a PR for.
Next step, create a PR based on @riannella's suggestions above.
from vc-data-model.
Related Issues (20)
- Rewrite Proofs (Signatures) Section
- How should we refer to the Securing specifications? HOT 8
- Handle predicate for confidenceMethod in JSON-LD context HOT 4
- VC Vocabulary v2.0 does not have any term definitions HOT 3
- Media Types and HTTP HOT 4
- Update diagrams to use latest `proof` representations HOT 1
- Update diagrams to not use RSA, and generally be accurate HOT 2
- Remove reference to OdrlPolicy2017 HOT 2
- Remove reference to DocumentVerification2018 HOT 3
- Remove reference toCredentialManagerPresentation HOT 2
- Address "Credential" vs "VerifiableCredential" HOT 18
- Change `credentialSubject` to `subject` HOT 15
- Pull out `id` from `credentialSubject`. Change `credentialSubject` to `claims`. HOT 35
- Arrays of Arrays are problematic in VCDM HOT 5
- Make `validFrom` optional HOT 8
- Should we bundle contexts for credentialSchema and credentialStatus int he v2 core context? HOT 7
- Add VC-JWT diagrams to core specification HOT 6
- Collusion, i.e. collaboration, between Alice and Bob HOT 23
- Missing security considerations on MITM, cloning etc. HOT 3
- Respec VC plugin is breaking the build HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vc-data-model.