Mary Vardigan, Alan Li, Ron Nakao met to explore how access control can be addressed in a broader sense. (Note: One specific use case/request comes from Bill Block and how to deal with access to "extreme values" for categories.)
Our proposal is that the OASIS XACML (eXtensible Access Control Markup Language) Version 3.0 provides what we need to address access control. We also found that a specific profile of the XACML for intellectual property rights management will also be usefule.
See Wendy Thomas' reference to OASIS - eXtensible Access Control Markup Language (XACML) Version 3.0:
https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#CURRENT
http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.zip
For the specialized profile, see http://docs.oasis-open.org/xacml/3.0/ipc/v1.0/xacml-3.0-ipc-v1.0-en.pdf
Can we take advantage of the thought and development of OASIS XACML and adopt (dynamically) the OASIS XACML into DDI? (versus hard code a static snapshot that would require periodic updates in the DDI as OASIS XACML changes). See related document on how DDI can relate to other standards
In further discussion, it was decided that Access Control and Library/Archive Management could be grouped together into a Collection Management view. This view addresses the information required to manage a collection of data and metadata within a DDI environment. It covers any specialization of processes used as input to process models, the description and application of access control information, and the purpose, organization, and relationships within a collection. The information in this section serves as an interface between information that may be captured in greater detail within DDI object descriptions (i.e. DDI Citation) and external systems which may require a simplified or selected set of information to populate external cataloging, preservation, or access systems.