-
Notifications
You must be signed in to change notification settings - Fork 27
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c5d58a9
commit edb21bc
Showing
3 changed files
with
225 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| 14:54:20 <RRSAgent> RRSAgent has joined #dpvcg | ||
| 20:09:03 <harsh> Scribe: harshPandit | ||
| 20:09:23 <harsh> ScribeNick: harsh | ||
| 14:55:03 <harsh> repo: w3c/dpv | ||
| 14:55:13 <harsh> Meeting: DPVCG Meeting Call | ||
| 14:55:18 <harsh> Present: harshPandit, tyttiRintamaki, paulRyan, beatrizEsteves, julianFlake, julioHernandez | ||
| 14:55:18 <harsh> Regrets: delaramGolpayegani, georgKrog | ||
| 14:55:22 <harsh> Date: 24 SEP 2024 | ||
| 14:55:26 <harsh> Agenda: https://www.w3.org/events/meetings/0e21485e-d959-4f78-930a-bd66650adace/20240924T133000/ | ||
| 14:55:31 <harsh> Meeting minutes: https://w3id.org/dpv/meetings | ||
| 14:55:35 <harsh> purl for this meeting: https://w3id.org/dpv/meetings/meeting-2024-09-24 | ||
| 14:55:35 <harsh> \ AOB items | ||
| 14:55:35 <harsh> DPIA concepts by Tytti | ||
| 14:55:35 <harsh> Machine-actionable rights work by Beatriz, Harsh | ||
| 14:55:35 <harsh> Topic: Bias concepts | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/182 -> Issue 182 Adding AI bias concepts (by coolharsh55) | ||
| 14:55:35 <harsh> harsh: Daniel has updated the bias concept definition based on ISO definitions, and these will be added to RISK extension. There are also other ontologies that provide a larger corpus of bias concepts and this work has overlap with them. The distinguishing factor here is that our concepts are based on the ISO definitions and are grouped from the ISO standard, and the other concepts are from NIST and other sources. So in the HTML documentation we will be adding a note to this effect. | ||
| 14:55:35 <harsh> ACTION: Add bias concepts to RISK with a note to external source | ||
| 14:55:35 <harsh> Topic: Discrimination concepts | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/190 -> Issue 190 [Concept]: Discrimination Concepts in RISK (by coolharsh55) | ||
| 14:55:35 <harsh> harsh: Initially we proposed/discussed that there will be a corresponding /discrimination/ concept for each /bias/ concept. However, this does not make sense as there are bias concepts such as /Statistical Bias/ which would lead to /Statistical Discrimination/. Instead, we want a separate curated category for discriminations such as /gender, sex, race/ and so on. | ||
| 14:55:35 <harsh> Topic: Rights Impact concepts | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/184 -> Issue 184 Add Rights Impact concepts for each Right (by coolharsh55) | ||
| 14:55:35 <harsh> \ Discussed these concepts to model impacts. No comments / objections to proceeding with adding these concepts to the RISK extension, and then using these along with specific /Impact on X Right/ concepts to indicate how a right was impacted. | ||
| 14:55:35 <harsh> ACTION: Add rights impact concepts to RISK | ||
| 14:55:35 <harsh> ACTION: Create impact concept for each right in EU and GDPR extensions | ||
| 14:55:35 <harsh> Topic: Risk Taxonomy | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/181 -> Issue 181 Refine RISK taxonomy into a single consistent hierarchy (by coolharsh55) | ||
| 14:55:35 <harsh> harsh: based on previous discussion, the risk taxonomy was consolidated into a single taxonomy and the adopter has the option to choose what /role/ that concept takes within the use-case i.e. as a `RiskSource` or `Risk` or `Consequence` or `Impact`. The problem with this is that there is no /guidance/ or /suggestion/ as Delaram pointed out last time - which makes it difficult to use this taxonomy. | ||
| 14:55:35 <harsh> harsh: The proposal here is to tag each concept with what it could be used as i.e. as /Potential Risk Source/ or /Potential Risk/ and so on. With this, the adopter has a way to identify which concepts are likely to be risk sources, or see what roles a concept can take within use-cases. In the HTML documentation, this would then be a table for each concept and the roles it can take. | ||
| 14:55:35 <harsh> julianFlake: clarify this is consistent with previous approach and that it is non-normative - more like a guide. | ||
| 14:55:35 <harsh> paulRyan,: agree with going ahead | ||
| 14:55:35 <harsh> tyttiRintamaki: agree with going ahead | ||
| 14:55:35 <harsh> julioHernandez: agree with going ahead | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/138 -> Issue 138 Add CIA model to Tech/Org measures (by coolharsh55) | ||
| 14:55:35 <harsh> harsh: additionally, we also have the CIA infosec model to indicate whether the concept is within the /Confidentiality, Integrity, Availability/ dimensions. And we also plan to do the same categorisatino for TOMs | ||
| 14:55:35 <harsh> ACTION: Annotate Risk taxonomy concepts with roles and generate docs | ||
| 14:55:35 <harsh> Topic: Alignment with ODRL | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/130 -> Issue 130 Alignment with ODRL (by coolharsh55) | ||
| 14:55:35 <harsh> beatrizEsteves: no comms from ODRL CG regarding joint meeting at W3C TPAC. Once I finish that work re. ODRL update we can have a meeting within DPV first and then we share it with ODRL. I will present something here in DPVCG, and then present it to ODRL CG. | ||
| 14:55:35 <harsh> harsh: Does that mean we define DPV as a profile of ODRL? How do we do that? | ||
| 14:55:35 <harsh> beatrizEsteves: talked with Renato - chair of ODRL CG, who mentioned it is possible to do this as a joint report by both CG. Though this would require a new namespace. | ||
| 14:55:35 <harsh> harsh: AFAIK the W3C publishing process is tied to the WG/CG and there isn't a way to indicate a report was authored by more than one group. It might mean we have to publish two reports - one by each group, and then within the group indicate that its a joint report. | ||
| 14:55:35 <harsh> harsh: for the new IRI for concepts / namespace following ODRL best practices, we can reuse the DPV namespace e.g. `w3id.org/dpv/odrl` | ||
| 14:55:35 <harsh> harsh: So to implement such a profile, we would have to define the DPV concepts as operands, constraints, assets, etc. However, there is a problem where we have `odrl:Agreement` and other types - which in DPV are legal basis e.g. `Contract` and which would then be both operands and policy types in ODRL. I think this is disallowed? | ||
| 14:55:35 <harsh> beatrizEsteves: yes, this means we will have to create new concepts. | ||
| 14:55:35 <harsh> harsh: then these concepts would be distinct from those present in DPV and will only be present in the profile - not a problem | ||
| 14:55:35 <harsh> harsh: we have a project where Julio is also working on using DPV and ODRL together. We can start a process to create such as profile. Would be good for you two to meet and discuss this. | ||
| 14:55:35 <harsh> ACTION: Create a mapping between DPV and ODRL concepts | ||
| 14:55:35 <harsh> Topic: Machine-Actionable Rights | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/191 -> Issue 191 Create a guide for Machine-Actionable Rights (by coolharsh55) | ||
| 14:55:35 <harsh> beatrizEsteves: submitted a paper to JURIX based on my PhD work for using DPV and ODRL to exercise and manage rights; see https://besteves4.github.io/dpv-rights-exercising/ | ||
| 14:55:35 <harsh> harsh: would be good to put this back into the DPVCG as a guide or spec for managing/exercising rights - the (pure) ODRL stuff might be better documented in the ODRL CG rather than in a DPV report | ||
| 14:55:35 <harsh> beatrizEsteves: yes, also the document contains some new examples | ||
| 14:55:35 <harsh> harsh: these are good, though we should change the `hasScope` in example to `hasProcess` as the notion of /Scope/ here is about the legal interpretation rather than technically limiting something - we have `Process` to create modular parts within a process or service. | ||
| 14:55:35 <harsh> beatrizEsteves: in the guide, it also shows how to associate policy using `odrl:hasPolicy` e.g. payment and how much it is, and it has lifecycle concepts for rights exercise. It uses DCAT v3 `DatasetSeries` to show which came first, last, etc. | ||
| 14:55:35 <harsh> harsh: send as draft which we add to DPVCG, then we continue working on this within DPVCG | ||
| 14:55:35 <harsh> ACTION: Add the rights exercise guide/spec to DPVCG repo | ||
| 14:55:35 <harsh> Topic: DPIA concepts for DPV | ||
| 20:10:04 <ghurlbot> https://github.com/w3c/dpv/issues/183 -> Issue 183 https://github.com/w3c/dpv/issues/183 (by coolharsh55) | ||
| 14:55:35 <harsh> tyttiRintamaki: new concepts identified from analysis of DPIA requirements by Data Protection Authorities - have the term, parent, definition, and source. When proposing the new concepts, should I include the text from DPA document where the concepts came from? | ||
| 14:55:35 <harsh> beatriz: would be helpful to see the source | ||
| 14:55:35 <harsh> ACTION: Provide DPIA concepts to DPVCG for review | ||
| 14:55:18 <harsh> Topic: Next Meeting | ||
| 16:03:29 <harsh> \ next meeting will be in 1 week on TUESDAY 02 October at 13:30 WEST / 14:40 CEST. Agenda will be selecting the next set of items/issues on GitHub with any updates on github/mailing list and AOB. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.