Clarify/Revise outlined semantics of Extended Relations

[simonstey]

I've some concerns with the outlined semantics of Extended Relations as defined in Section 6.1 [1].

For example, for Permissions and Prohibitions it reads as follows:

Permission

OR The related party may perform any (at least) one of the Actions
AND The related party MUST perform all of the Actions
XOR The related party MAY perform only one of the Actions

1. I would argue that by granting someone the permission to perform a certain action does NOT imply that respective party MUST actually perform permitted action. The Assignee is permitted to do it, but doesn't have to.

Prohibition

OR The related party MAY NOT perform at least one of the Actions
AND The related party MAY NOT perform all of the Actions
XOR The related party MAY NOT perform only one of the Actions

1. There is no definition of "MAY NOT" in RFC 2119 (afaik).
2. Apart from (1), "MAY NOT" doesn't reflect the intended semantics of, e.g., AND-ed Prohibitions (imho). E.g., if someone is prohibited to neither print nor display a certain asset, that person MUST NOT perform actions print AND display on a certain asset. (cf. SHOULD NOT)

Besides that, I'm actually wondering whether there's any use case that would motivate/require AND-/OR-/XOR-ing Permissions/Prohibitions?

[1] https://w3c.github.io/poe/model/#extended-relations
[2] https://tools.ietf.org/html/rfc2119

[riannella]

Now moved to: #63