Identifies the version of SOL. Always "1" for SOL1.
Special value reserved to be used as ObligationId or in general to identify this dialect of SOL.
Special value reserved to be used as AttributeId
Special value reserved to be used as AttributeId
How information can or will be used and shared. A comma separated list of enumerators in the order of principally intended use (ordered here, in our opinion, from least aggressive to more aggressive as indicated; however this ordering is subjective and other opinions may exist). The urn:tas3:sol1:use:purpose should be favoured over urn:tas3:sol1:use, unless the vague meaning of urn:tas3:sol1:use is desired.
Information will only be used for the transaction for which it was collected
Information will only be used within the current session
Information can be used in the user's other sessions in the same app
Information will be used only for the purpose it was collected, in abstract. This usage is discouraged. Instead the specific purpose should be specified using format
urn:tas3:sol1:use:purpose=business-process-model-id; or
urn:tas3:sol1:use:purpose=business-process-instance-id
These two forms allow the obligation to be tied into the model in abstract, or to the specific business process instance in particular, e.g. for exceptional processing such as Break-the-Glass.
Information can be used by other processes on same server as long as user is not explicitly identified
Information can be used by other processes on same server (user may be identified)
Information can be used by the application towards other purposes as long as the user is not explicitly identified
Information can be used by the application towards other purposes (user may be identified)
Information can be used by the organization for other nonmarketing purposes as long as the user is not explicitly identified
Information can be used by the organization for other nonmarketing purposes (user may be identified)
Information can be used by the organization for marketing purposes as long as the user is not explicitly identified
Information can be used by the organization for marketing purposes (user may be identified)
Information can be used within the business group for other nonmarketing purposes as long as the user is not explicitly identified
Information can be used within the business group for other nonmarketing purposes (user may be identified)
Information can be used within the business group for marketing purposes as long as user is not explicitly identified
Information can be used within the business group for marketing purposes (user may be identified)
Information can be shared with anyone for other nonmarketing purposes as long as the user is not explicitly identified
Information can be shared with anyone for other nonmarketing purposes (user may be identified)
Information can be shared with anyone for marketing purposes as long as user is not explicitly identified
Information can be shared with anyone for marketing purposes (user may be identified)
Information can be used for any and all purposes without restriction.
Specific business process that is allowed to use the data. This can be specified either as abstract business-process-model-id or as business-process-instance-id. For example:
urn:tas3:sol1:use:purpose=business-process-model-id; or
urn:tas3:sol1:use:purpose=business-process-instance-id
These two forms allow the obligation to be tied into the model in abstract, or to the specific business process instance in particular, e.g. for exceptional processing such as Break-the-Glass.
Delete data on as Unix seconds since epoch. This obligation effectively allows control of data retention, but instead of being expressed in relative terms, it is expressed in absolute terms that are legally easier to interpret.
Maximum data retention period as Unix seconds. This obligation is meant for database storage. Upon act of data access, retention should be converted to delon using current wall clock time.
Certify deletion by legally binding report to the audit bus.
Before each use of the data, user's explicit consent - preauthorization - has to be obtained. Value specifies where to obtain preauthorization.
When about to use data, call back to the user for opportunity to modify the data, or deny it. Value specifies where to call back.
Report use to the audit bus. Comma separated list of enumerators:
No need to report use (seldom appears)
Report any and all use
Report operational use, but not statistical or administrative use.
Report use in near real time. for day need to be reported, if there was any use.
No need to report individual use, but summary statistics for day need to be reported, if there was any use.
No need to report individual use, but summary statistics for week need to be reported, if there was any use.
No need to report individual use, but summary statistics for month need to be reported, if there was any use.
No need to report individual use, but summary statistics for quarter (last 3 months) need to be reported, if there was any use.
No need to report individual use, but summary statistics for semester (last 6 months) need to be reported, if there was any use.
No need to report individual use, but summary statistics for year need to be reported, if there was any use.
If no urn:tas3:sol1:repouse:stat is specified, default is urn:tas3:sol1:repouse:stat:immed.
If conflicting enumerators are specified, the most strict one applies.
Enumerator describing what sort of cross border data sharing can occur:
Only within EU common market.
Common market and safe harbour participants
Use of information is subject to license specified in the value part. The value part should be either URL to online accessible license text, or it should be a URN pointing to a well known license.
The general assumption is that the license terms are either well known to the system (and programmed in) or machine readable. While the user may have to consent to the license at some level, it is not meant that this license reference be displayed to user and he required to read and consent on the spot.
Framework or governance contract identifier.
Contract identifier.
Subcontract or amendment identifier
Part, exhibit, annex, or clause identifier.