[od-discuss] Registration for accessing open datasets
Mike Linksvayer
ml at gondwanaland.com
Sun Oct 19 19:42:40 UTC 2014
I don't feel strongly about any of this, but below reminds me of three
questions I have only considered idly:
(1) If an API key is available quickly and without discrimination, how does
it protect system resources? I guess it allows shutting down users who
don't intend to be malicious. I wonder when this is a strong use case, when
surely lower level protections against resource abuse are taken by any
serious API provider.
(2) OD 2.0 states that the "work shall be available as a whole"; IIRC other
statements about open data have emphasized bulk download. Where does this
place API access to individual records? The realtime case is interesting.
It seems for bulk download, the excuse for registration or keys is even
less compelling, but OTOH the application of "reasonable one-time
reproduction cost" a little more straightforward.
(3) We didn't take Karl Fogel's suggestion to address privacy in OD 2.0
(I'm not saying we should have; not sure appropriate and would've taken a
lot of work) but registration and API keys do remind me of this and of a
variant of the
https://en.wikipedia.org/wiki/Debian_Free_Software_Guidelines#debian-legal_tests_for_DFSG_compliance
"dissident test" -- keys and registration allows evil provider to send
different data to dissidents, identifying them later when they communicate
the data in some fashion.
Mike
On Sun, Oct 19, 2014 at 11:32 AM, Andrew Stott <andrew.stott at dirdigeng.com>
wrote:
> I agree that we should strongly recommend against registration and login.
> It creates a barrier – both actual and perceptual – to access to the
> information. Many of the reasons advanced by public agencies (such as that
> it allows the licensor to inform users about the availability of new data
> or to engage with its users) can be met by other means (such as allowing
> users to optionally enrol in a mailing list).
>
>
>
> However an absolute ban on registration could makes it difficult for
> information providers to offer meaningful amounts of information reliably
> through APIs – and for real time information it sometimes can *only* be
> offered through APIs. For instance API keys can be a reasonable mechanism
> for protecting other users, and the service as a whole, from the behaviour
> of a single user.
>
>
>
> In the UK the Transparency Board’s original “Public Data Principles” said
> that *as a principle* registration should not be required, but recognised
> that in API-type cases it might be necessary but in those cases it should
> be limited to the minimum amount of information needed. The final text of
> the Principle is incorporated in the 2012 UK Open Data White Paper [1] as
> follows:-
>
>
>
> “(11) Public data will be available without application or registration,
> and without requiring details of the user. It is an important part of the
> Government’s approach to Open Data that people should be able to use the
> raw data freely, and requiring application, registration or personal
> details militates against this. However, both the Government and the
> Transparency Board recognise that, in certain technical situations (such as
> APIs), developer keys would be needed in certain circumstances but that
> these must be readily and quickly available without discrimination, and
> that the data they access must be available under the Open Government
> Licence.”
>
>
>
> We did have some discussion about registration in the revision of the Open
> Definition and, as I recall, registration/login was one of use cases that
> the “no unnecessary obstacles” phrase in 1.3 was intended to cover. In my
> view that drafting, and in particular the test of *necessity* and the high
> barrier it creates, gets the balance right. Registration/login is only
> permitted only where, and only to the extent that, there is *no* practical
> alternative means of achieving the objective.
>
>
>
> As Herb suggests, a burdensome registration process could additionally
> offend against 1.2 of the definition. If the acceptance of registration is
> not automatic, it could also offend against the “convenient access”
> requirement in 1.3 of the definition.
>
>
>
> There is an additional consideration too. Although as Peter Troxler says
> registration and login may not be particularly burdensome for humans they
> can be much more difficult to achieve programmatically. I have seen some
> “open data” sources which require substantially amounts of reverse
> engineering to script the login, including overcoming Javascript coding
> seemingly deliberately included to prevent automation. This would also
> offend against the “convenient access” requirement.
>
>
>
> Regards
>
>
>
> Andrew
>
>
>
> [1]
> https://www.gov.uk/government/publications/open-data-white-paper-unleashing-the-potential
>
>
>
>
>
>
>
> *From:* od-discuss [mailto:od-discuss-bounces at lists.okfn.org] *On Behalf
> Of *Rufus Pollock
> *Sent:* 16 October 2014 09:20
> *To:* Herb Lainchbury
> *Cc:* od-discuss at lists.okfn.org
> *Subject:* Re: [od-discuss] Registration for accessing open datasets
>
>
>
> I'd second Herb here that registration requirements could well cause
> issues with conformance in 1.2 and/or 1.3. In general, we've recommended
> strongly against registration requirements.
>
>
>
> Rufus
>
>
>
> On 15 October 2014 23:25, Herb Lainchbury <herb at dynamic-solutions.com>
> wrote:
>
> Presumably publishers want their works to be given the best possible
> opportunity to be used and thus obstacles such as login should be
> discouraged.
>
>
>
> As it stands, the only cost allowed is a one time reproduction cost. One
> could argue that registration and login imposes a different kind of cost
> and significant impact on access and freedom and thus violates 1.2.
>
>
>
> 1.3 also states, "The work must be provided in a convenient and modifiable
> form such that there are no unnecessary technological obstacles to the
> performance of the licensed rights." Though this is typically seen with
> regard to formats it can also apply to access as in the case of a
> requirement to login. I would argue that login / authentication is both
> unnecessary and a technological obstacle.
>
>
>
> Herb
>
>
>
>
>
> On Wed, Oct 15, 2014 at 3:16 AM, Dr. Peter Troxler <trox at fabfolk.com>
> wrote:
>
> ihmo the Open Definition is silent on this issue
>
>
>
> one could consider
>
>
>
> "Knowledge is open if anyone is free to access” … does it become non-free
> if you have to register and log in? Why? Often, there is not even an
> identification required for registering … so I’d argue registering/logging
> in does not impact on “free to access"
>
>
>
> "(1.2) The work shall be available ... at no more than a reasonable
> one-time reproduction cost" … is registering and logging in “more than
> reasonable”? It’s annoying. Lot’s of things are annoying … you might need
> to register and login to access the Internet in the first place …
>
>
>
> my 2c
>
>
>
> On 15 Oct 2014, at 10:32, Lorena Hdez. Quirós <lhquiros at yahoo.es> wrote:
>
>
>
> Hi all,
>
>
>
> I would like to know which is your opinion on the need to be registered
> and logged in several portals for accessing open datasets. Is that
> requirement compatible with the Open Definition principles?
>
>
>
> Best regards,
>
>
>
> Lorena
>
>
>
> _______________________________________________
> od-discuss mailing list
> od-discuss at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/od-discuss
> Unsubscribe: https://lists.okfn.org/mailman/options/od-discuss
>
>
>
>
> _______________________________________________
> od-discuss mailing list
> od-discuss at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/od-discuss
> Unsubscribe: https://lists.okfn.org/mailman/options/od-discuss
>
>
>
>
>
> --
>
>
>
> Herb Lainchbury, Dynamic Solutions
>
> 250.704.6154
>
> http://www.dynamic-solutions.com
>
>
> _______________________________________________
> od-discuss mailing list
> od-discuss at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/od-discuss
> Unsubscribe: https://lists.okfn.org/mailman/options/od-discuss
>
>
>
>
>
> --
>
> Rufus Pollock
>
> Founder and President | skype: rufuspollock | @rufuspollock
> <https://twitter.com/rufuspollock>
>
> Open Knowledge <http://okfn.org/> - s*ee how data can change the world*
>
> http://okfn.org/ | @okfn <http://twitter.com/OKFN> | Open Knowledge on
> Facebook <https://www.facebook.com/OKFNetwork> | Blog
> <http://blog.okfn.org/>
>
>
>
> The Open Knowledge Foundation is a not-for-profit organisation. It is
> incorporated in England & Wales as a company limited by guarantee, with
> company number 05133759. VAT Registration № GB 984404989. Registered
> office address: Open Knowledge Foundation, St John’s Innovation Centre,
> Cowley Road, Cambridge, CB4 0WS, UK.
>
> _______________________________________________
> od-discuss mailing list
> od-discuss at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/od-discuss
> Unsubscribe: https://lists.okfn.org/mailman/options/od-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/od-discuss/attachments/20141019/eaea4e4b/attachment-0003.html>
More information about the od-discuss
mailing list