Update security considerations, note about non-RDF service desription, PROV-O link, acknowledgements
--- a/paq/prov-aq.html Mon Nov 05 16:25:24 2012 -0700
+++ b/paq/prov-aq.html Tue Nov 06 15:17:06 2012 +0000
@@ -57,9 +57,9 @@
"PROV-O":
"S. Sahoo; D. McGuinness. "+
- "<a href=\"http://dvcs.w3.org/hg/prov/raw-file/default/ontology/ProvenanceFormalModel.html\"><cite>PROV Ontology Model</cite></a>. "+
+ "<a href=\"http://www.w3.org/TR/prov-o/\"><cite>The PROV Ontology</cite></a>. "+
"2011, Work in progress. "+
- "URL: <a href=\"http://dvcs.w3.org/hg/prov/raw-file/default/ontology/ProvenanceFormalModel.html/\">http://dvcs.w3.org/hg/prov/raw-file/default/ontology/ProvenanceFormalModel.html</a>",
+ "URL: <a href=\"http://www.w3.org/TR/prov-o/\">http://www.w3.org/TR/prov-o/</a>",
"SPARQL-SD":
"G. T. Williams. "+
@@ -558,6 +558,8 @@
</p>
<p>A client may retrieve this service description and extract the associated value for <code>prov:provenance-URI-template</code>. This value is a string containing a URI template [[URI-template]] (level 2). A URI for the desired provenance information is obtained by expanding the URI template with the variable <code>uri</code> set to the resource-URI for which provenance is required. If the target-URI contains '#' or '&' these must be %-escaped as <code>%23</code> or <code>%26</code> respectively before template expansion.
</p>
+ <p>While use of RDF for service descriptions is a recommended option, this specification does not preclude the use of non-RDF formats that a service may choose to offer, and which can be selected using HTTP content negotiation.
+ </p>
<p class="TODO">
@@TODO: sync up term definitions with provenance ontology specification.
</p>
@@ -773,19 +775,16 @@
<section>
<h2>Security considerations</h2>
<p>
- Provenance is central to establishing trust in data. If provenance information is corrupted, it may lead agents (human or software) to draw inappropriate and possibly harmful conclusions. Therefore, care is needed to ensure that the integrity of provenance information is maintained.
+ Provenance is central to establishing trust in data. If provenance information is corrupted, it may lead agents (human or software) to draw inappropriate and possibly harmful conclusions. Therefore, care is needed to ensure that the integrity of provenance information is maintained. Just as provenance information can help determine a level of trust in some information, provenance information related to the provenance itself ("provenance of provenance") can help determine trust in the provenance itself.
</p>
<p>
Secure HTTP (https) SHOULD be used across unsecured networks when accessing provenance information that may be used as a basis for trust decisions, or to obtain a provenance URI for same.
</p>
<p>
- When retrieving a provenance URI from a document, steps SHOULD be taken to ensure the document itself is an accurate copy of the original whose author is being trusted (e.g. signature checking, or verifying its checksum against an author-provided secure web service).
+ When retrieving a provenance URI from a document, steps SHOULD be taken to ensure the document itself is an accurate copy of the original whose author is being trusted (e.g. signature checking, or use of a trusted secure web service).
</p>
- <p class="TODO">
- @@TODO ... privacy, access control to provenance (note to self: discussed in Edinburgh linked data provenance workshop). In particular, note that the fact that a resource is openly accessible does not mean that its provenance information should also be.
- </p>
- <p class="TODO">
- @@TODO Expand on trust-in-provenance issues. Suggested by Curt: Just as provenance information can help determine trust of the information content of a resource, provenance information related to the provenance itself ("provenance of provenance") can help determine trust of the provenance.
+ <p>
+ Provenance information may provide a route for leakage of privacy-related information, combining as it does a diversity of information types with possible personally-identifying information; e.g. editing timestamps may provide clues to the working patterns of document editors, or derivation traces might indicate access to sensitive materials. In particular, note that the fact that a resource is openly accessible does not mean that its provenance information should also be. When publishing provenance, its sensitivity SHOULD be considered and appropriate access controls applied where necessary. When a provenance-aware publishing service accepts some resource for publication, the contributors SHOULD have some opportunity to review and correct or conceal any provenance information that they don't wish to be exposed.
</p>
</section>
@@ -794,10 +793,10 @@
<section class='appendix'>
<h2>Acknowledgements</h2>
<p>
- The editors acknowledge the contribution and review from members of the provenance working group.
+ The editors acknowledge the contribution and review from members of the W3C Provenance working group for their feedback throughout the development of this specification.
</p>
<p>
- Many thanks to Robin Berjon for making our lives so much easier with his cool <a href="http://dev.w3.org/2009/dap/ReSpec.js/documentation.html">ReSpec</a> tool.
+ Thanks to Robin Berjon for making our lives easier with his <a href="http://dev.w3.org/2009/dap/ReSpec.js/documentation.html">ReSpec</a> tool.
</p>
</section>