[Odrl-version2] A naive question...
Alapan
alapan at gmail.com
Mon Nov 22 18:52:51 EST 2010
There is a subtle difference, if you think of this from an "access control"
perspective. For any access control system, there are three ways to handle
rules - allow everything with denying specifics (blacklist), deny everything
with allowing specifics (whitelist) or a combination of a whitelist and a
blacklist with special rules for the "greylist".
The permission construct allows for whitelist, the prohibition construct
allows for "blacklist" and the combination of permissions and prohibitions
in the same license allows for the greylist scenario.
Alapan
Blog: http://idiots-mind.blogspot.com/
-------------------------------------------------------------
Life's a gamble - take a chance
On 21 November 2010 01:37, Francis Cave <francis at franciscave.com> wrote:
> I have a feeling that there is a subtle difference between a right to
> perform an action not being granted and an explicit prohibition of an
> action. But maybe this doesn’t make much difference in most practical cases.
>
>
>
> Francis
>
>
>
>
>
>
>
>
>
> *From:* Alapan [mailto:alapan at gmail.com]
> *Sent:* 20 November 2010 14:13
> *To:* francis at franciscave.com; ODRL-Version2
> *Subject:* Re: [Odrl-version2] A naive question...
>
>
>
> Effectively, rights granted by a policy are not activated if the policy
> constraints are not met. Thus, in your example, since the constraints are
> not met, the rights granted by the policy are not activated, and the user
> should not be able to get access to that right (in this case4 distribute)
>
> Alapan
> Blog: http://idiots-mind.blogspot.com/
> -------------------------------------------------------------
> Life's a gamble - take a chance
>
> On 19 November 2010 16:02, Francis Cave <francis at franciscave.com> wrote:
>
> If a Policy contains one Permission, and this Permission has a Constraint,
> how is the Policy interpreted when the Constraint condition is not
> satisfied? Is the Policy always interpreted as Prohibition in that case?
> Does it depend upon the value of the ‘conflict’ attribute?
>
>
>
> Here’s a concrete example:
>
>
>
> <o:policy
>
> xmlns:o="http://odrl.net/2.0"
>
> xmlns:a="http://assigner.com/identifiers"
>
> xmlns:xsdt="http://www.w3.org/2001/XMLSchema-datatypes#dateTime"
>
> type="o:set"
>
> inheritAllowed="true">
>
> <o:permission>
>
> *<o:asset uid="myAssetURI"/>*
>
> <o:action name="o:distribute"/>
>
> <o:constraint
>
> name="o:dateTime"
>
> operator="o:gteq"
>
> rightOperand="xsdt:2010-11-19T00:00:00Z"/>
>
> <o:constraint
>
> name="o:dateTime"
>
> operator="o:lteq"
>
> rightOperand="xsdt:2010-11-20T23:59:59Z"/>
>
> </o:permission>
>
> </o:policy>
>
>
>
> The policy is trying to express that the asset may be distributed between
> midnight on 2010-11-19 and one minute to midnight on 2010-11-20, *and not
> otherwise*. The *implication* of the expression is that distribution is
> prohibited at other times, but this is not made explicit above. Or is it? My
> understanding of Constraints is that they limit the applicability of a
> Permission or Prohibition, but that is not the same as saying that they
> should have the opposite interpretation when the Constraint is not
> satisfied.
>
>
>
> I am sure that this has an “obvious” answer. But maybe this needs to be
> spelt out somewhere?
>
>
>
> Thanks.
>
>
>
> Francis
>
>
> _______________________________________________
> Odrl-version2 mailing list
> Odrl-version2 at odrl.net
> http://odrl.net/mailman/listinfo/odrl-version2_odrl.net
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://odrl.net/pipermail/odrl-version2_odrl.net/attachments/20101122/a66db619/attachment.html>
More information about the Odrl-version2
mailing list