nigel-phelan
commented
3 years ago We suspect line-of-business may be tricky to standardise, but it's worth looking into this; internal hierarchies are subject to constant re-organisation and aligning ODRL too closely to that will severely limit its usefulness. There is a commonly seen distinction between buy-side activities (asset management, for example) and sell-side (broking) and this distinction does impact contracts. I suspect we may end up with a compromise here where you can say this permission is constrained to a set of well defined "lines of business" (if we can agree such a list) or to a clearly specified organisational entity (I suspect in the latter case the contract is likely to have been defined as applying to a particular legal entity). We have also seen contracts that limit the data to a specific application or set of applications (specified in a schedule) or that impose different usage rights depending on which delivery channel the data is sourced from (e.g. data taken from exchange via trading platform may be given to external clients for the purposes of facilitating trading on the platform, but data taken from a data vendor is for internal use only)
Permissions are often constrained to be exercised at a particular location (i.e. place of business), geography, or by a specific line-of-business. (See IAtD-3 and IAtD-16)
Locations will always be specific to the assignee of the permission.
Geographies can be specified using the UN's standard M49 codes.
Can we standardise line-of-business (like geography) or not (like locations)? Is front/middle/back office enough or do we need to capture specific desks?
Are there other constraints we should consider?