Meeting minutes
scribenick roba
<PWinstanley> https://
<annette_g> +1
<DaveBrowning> 0 (not present)
<nobu_ogura> +1
<PWinstanley> +1
proposed: accept minutes of meeting on 27-09
<riccardoalbertoni> +1
0
RESOLUTION: accept minutes of meeting on 27-09
DCAT update
<riccardoalbertoni> Discussion of the feedback from the privacy group https://
riccardoalbertoni: no meeting last week - outstanding from last plenary: feedback from privacy group
<riccardoalbertoni> https://
riccardoalbertoni: three issues
authenticity and integrity of dcat files and associated datasets #1526
<Github> https://
<riccardoalbertoni> https://
felt not to be in scope of DCAT - but seeking opinion from group.
draft reply here..
PWinstanley: needs to be expressed clearly its a model - and can be implemented in many ways - RDF for clarity of expression
security is a matter of implementation
based on best practices and case -by-case requirements
<riccardoalbertoni> ack
<PWinstanley> roba: I concur - the issue about a data model with multiple serialisations is interesting, and RDF is a good canonical model because it is lossless
<PWinstanley> ... but the issue here is that if you want extensions to DCAT then an application profile is required.
<PWinstanley> ... we haven't provided any guidance on this (e.g. for geoDCAT-AP etc)
<PWinstanley> ... and I think that it's a weakness not to have this in scope
annette_g: agree that there is a difference between spec and implementation - worth putting a note in regarding how to use it
<riccardoalbertoni> https://
we recommend that people publish checksum
riccardoalbertoni: we have a section on security and privacy - please look and suggest improvements if required.
<riccardoalbertoni> https://
does the response suffice?
we acknowledge the issue but its not in scope..
they are asking specifically re RDF integrity
<PWinstanley> roba: 3 things: 1/ response needs to be clear about scope early in the draft; 2/ checksum is not the only way of checking so perhaps it should be provided as an example of determining intergrity; 3/ is there anything in the W3C canon that addresses it
<PWinstanley> https://
roba: perfect - lets just reference this
<Zakim> annette_g, you wanted to talk about the checksums in particular
annette_g: i dont see anything re security there..
PWinstanley: once you have a canonical form you can do checksums
checksum for integrity
riccardoalbertoni: DCAT talking about checksums for distributions - not DCAT metadata
annette_g: nothing in security and privacy re checksums - can we add a note ?
annette_g: analogousto software - checksum for each distribution
roba: problem is metadata is designed to sit above distributions
riccardoalbertoni: summary - we cannot do much in this direction
PWinstanley: 1 - state its not in scope of model, 2 - point to new community group
3 - thanks for feedback and note timeliness
4 - may rely on canonical serialisation and is a significant technical challenge
annette_g: should we give people a note on how to use a checksum
annette_g: i dont read it as about integrity of DCAT - is it about someone else publishing a different DCAT record with a different checksum?
PWinstanley: can we seek refinement of the issue to clarify its scope
roba: as i read it the wording implies its about the integrity of the DCAT and hence the checksums for the distributions.
annette_g: i dont care about a checksum on the metadata - want to provide guidance on implementation on checksums
roba: need to avoid specifying an implementation
PWinstanley: make sure its clearly an example
content negotiation by profile
<PWinstanley> roba: both ConnegP and the profiles vocab are being used in OGC and a series of Australian Gov LD projects.
<PWinstanley> ... There is no published DCAT profile that allows for the description of the conformance of the data - no standard practice
<PWinstanley> ... Handling multiple representations is forward thinking, and it is at the API level
<PWinstanley> ... the implementation is working "well enough" in its current form
<PWinstanley> ... and there are no competitors. So we are waiting for requirements to emerge
roba: we have two independent implementations - but nothing in the wider community is obviously ready for semantic interoperability in this detail.
PWinstanley: fundamental "soft sand" around definition of a profile.
e.g. data profile only?
PWinstanley: issues with IETF and the use of HTTP headers
proposal to remove HTTP as normative
<annette_g> roba: there are any number of philosophical discussions about what's a profile, you could possibly add in extra classifications.
<annette_g> The big issue is that this was originally meant to dovetail with an IETF process, which is stalled.
<annette_g> The two independent implementations we have are around the QSA approach. There is a proposal to take the http part of out the specification.
<PWinstanley> roba: there are all sorts of views on what a 'profile' is, but the big issue is that there is a stalled IETF process and at present there doesn't seem to be any route to developing the HTTP model further.
<PWinstanley> ... There is also no alternative functionality we can reference.
<PWinstanley> ... The model is ready to go, and will operate whether using HTTP or QSA
<PWinstanley> ... The recommendation looks ready to go from the QSA perspective, and we could dissociate the HTTP angle and deliver an effective recommendation.