w3c / odrl

ODRL Community Group Repository
https://www.w3.org/community/odrl/
Other
18 stars 10 forks source link

AccessControl vs Monitoring Scenario #72

Open AndreaCimminoArriaga opened 1 month ago

AndreaCimminoArriaga commented 1 month ago

In the formal semantics documentthese two scenarios, from the implementation point of view, seem similar to synchronous or asynchronous evaluations of the policies. The the document defines the Access Control scenario as In the access control scenario: when an action is **attempted** and the monitoring In the monitoring scenario: when an action is performed.

IMHO it seems that in the access control an actor performs a request (action can be a bit confusing with odrl actions) and this triggers the evaluation, instead, in the monitoring scenario it seems that something happens (which is monitored by the evaluator) and then the evaluation is triggered.

Also, access control denotes the idea of accessing something but policies unrelated to access control can be specified, e.g., open the smart lock (action) if time is between a range, otherwise, keep door locked. When someone tries to request the access to the door, depending on the day time it may or not pass through the door. Another policy could be to share the GPS position of an animal only if the animal is outside a geofence.

joshcornejo commented 1 month ago

I find the wording of access control and monitoring confusing. I would need a sequence diagram to understand the difference.

My understanding from the text is: that any monitoring scenario is a subset of states of the access control scenario.

AndreaCimminoArriaga commented 1 month ago

yes,I agree, just commented that as well #75