Update security considerations with note about use of provenance as part of audit/enforcement mechanism
--- a/paq/prov-aq.html Sat Nov 10 18:07:25 2012 +0000
+++ b/paq/prov-aq.html Sat Nov 10 18:26:44 2012 +0000
@@ -75,6 +75,13 @@
"2011, Work in progress. "+
"URL: <a href=\"http://www.w3.org/TR/sparql11-http-rdf-update/\">http://www.w3.org/TR/sparql11-http-rdf-update/</a>",
+ "INFO-ACC":
+ "Weitzner, Abelson, Berners-Lee, Feigenbaum, Hendler, and Sussman. "+
+ "<a href=\"http://dig.csail.mit.edu/2008/06/info-accountability-cacm-weitzner.pdf\"><cite>Information Accountability</cite></a>. "+
+ "Communications of the ACM, Jun. 2008, 82-87, "+
+ "<a href=\"http://doi.acm.org/10.1145/1349026.1349043\">http://doi.acm.org/10.1145/1349026.1349043</a>, "+
+ "<a href=\"http://dig.csail.mit.edu/2008/06/info-accountability-cacm-weitzner.pdf\">http://dig.csail.mit.edu/2008/06/info-accountability-cacm-weitzner.pdf</a> (alt)",
+
};
var respecConfig = {
// specification status (e.g. WD, LCWD, NOTE, etc.). If in doubt use ED.
@@ -624,7 +631,7 @@
<section>
<h2>Find Provenance-URI given identifying information about a resource</h2>
<p>
- If the requester has identifying information that is not the URI of the original resource, then they will need to construct a more elaborate query to locate a resource description and obtain its provenance-URI(s). The nature of identifying information that can be used in this way will depend upon the third party service used, further definition of which is out of scope for this specification. For example, a query for a document identified by a DOI, say <code>1234.5678</code>, using the PRISM vocabulary [[PRISM]] recommended by FaBio [[FABIO]], might look like this:</p>
+ If the requester has identifying information that is not the URI of the original resource, then they will need to construct a more elaborate query to locate a resource description and obtain its provenance-URI(s). The nature of identifying information that can be used in this way will depend upon the third party service used, further definition of which is out of scope for this specification. For example, a query for a document identified by a DOI, say <code>1234.5678</code>, using the PRISM vocabulary [[PRISM]] might look like this:</p>
<pre class="example code">
@prefix prov: <http://www.w3.org/ns/prov#>
@prefix prism: <http://prismstandard.org/namespaces/basic/2.0/>
@@ -795,6 +802,10 @@
<p>
Provenance information may provide a route for leakage of privacy-related information, combining as it does a diversity of information types with possible personally-identifying information; e.g. editing timestamps may provide clues to the working patterns of document editors, or derivation traces might indicate access to sensitive materials. In particular, note that the fact that a resource is openly accessible does not mean that its provenance information should also be. When publishing provenance, its sensitivity SHOULD be considered and appropriate access controls applied where necessary. When a provenance-aware publishing service accepts some resource for publication, the contributors SHOULD have some opportunity to review and correct or conceal any provenance information that they don't wish to be exposed. Provenance management systems SHOULD embody mechanisms for enforcement and auditing of privacy policies as they apply to provenance information.
</p>
+ <p>Provenance information may be used by audits to establish accountability for information use [[INFO-ACC]] and to verify use of proper processes in information processing activities. Thus, provenance management systems can provide mechanisms to support auditing and enforcement of information handling policies. In such cases, provenance information itself may be a valuable target for attack by malicious agents, and care must be taken to ensure it is stored securely and in a fashion that resists attempts to tamper with it.
+ </p>
+
+
</section>
<!-- ===================================================================================== -->