Define semantics for encoding specific access requests

consumer-reports-innovation-lab / data-rights-protocol

The technical standard for exchanging data rights requests

https://datarightsprotocol.org

Apache License 2.0

58 stars 12 forks source link

Define semantics for encoding specific access requests #9

Open rrix opened 2 years ago

rrix commented 2 years ago

Do we want to cover how access requests are to be formatted (eg pdf, data structures, scans, other)? Such a standard schema would be helpful, and there are so many standard schemas to choose from, which is why this is a complex issue which should be out of scope. More simply, even the data categories has no schema at the moment. Is this something we wish to tackle? There probably should be some definition of the process for transmitting specific data requested to the requester even if the process does not define the data schema of the data. What is the flow for AA to process this data (for current blunt approach, see "fulfilled" state calling for URL w/expiration date for download of data directly to User Agent, in Section 3.02 of V.0.3).
There is more work to do on this URL approach, eg more detail on auth for the endpoint (JWT presented at this juncture? Is it a public URL?)

rrix commented 2 years ago

(Speaking as a potential individual user of DRP) I would love a world where I could make a DRR for access:categories, get back the list that comes out of my account (rather than from the well-known), then select some of those from a UI list and make a DRR access:specific request containing those elements.

each element in an access:categories request would need the following:

an identifier string
a descriptive name
details about the data category

This now becomes hard because a user will see two of these strings so they'll need to be localized in some fashion. Some companies "know" a user's locale or can infer it from User Agent's request headers, maybe? grimace.

jernst commented 2 years ago

This is a can of worms. Some of them:

is that list of categories supposed to be human or machine readable? If machine, it needs an agreement on what allowed values are. If human, which language?
if you say: JSON, what does this actually mean? A single JSON file? A lot of JSON files in a ZIP file? E.g. Facebook provides data in JSON, Amazon in CSVs, Google has a mix. Do you mean to force them to implement converters?
but even if you could get JSON, for example, how helpful is that? Everybody is going to use their own JSON structure anyway.

Suggest: part of the "maybe in the future" backlog.