Geographic Digital Rights Management: An alternate security implementation for Incident Management

1
Geographic Digital Rights Management An
alternate security implementation for Incident
Management

• John Herring
• ISO TC 211 / Oracle

2
GeoDRM Security Architecture

• Public-key cryptosystem
• Identity based on crypto-keys
• Digital signature for XML documents
• (Geographic) Licensing systems
• Service Oriented Architecture

3
Standards 1 ISO/IEC JTC 1, IEEE, W3C

• PKI (public key infrastructure)
• IEEE 1363 Public Key Cryptography
• W3C XML Encryption Syntax and Processing
• Digital Signature (DSIG)
• W3C XML Signature Syntax and Processing
• Digital Rights Management (MPEG 21)
• ISO/IEC 21000 Information technology Multimedia
  Framework
• ISO/IEC 21000-5 Rights Expression Language

4
Standards 2 OGC, ISO TC 211

• Geographic Digital Rights Management
• OGC, The OpenGIS Abstract Specification Topic 18
  Geospatial Digital Rights Management Reference
  Model (GeoDRM RM) (submitted as ISO 19153
  working draft)
• OGC Discussion Paper, Geographic information -
  Rights expression language for geographic
  information GeoREL(submitted as ISO 19149
  out for DIS vote)

5
Public Key Cryptographyasymmetric encryption

• Two keys, one private, one public each decrypts
  what the other encrypts
• They are not derivable from one another (produced
  as a pair)
• Creates a secure communication infrastructure
  with no need for private key communications
• Digital Signature comes for free

6
Digital Signaturenon-repudiations of documents

• Uses a cryptographic hash to checksum a document,
  and a private key to encrypt it
• When attached to the document, it means that key
  holder was to last to have control of its content

7
Digital Rights ManagementISO REL (ISO/IEC
21000-5)

• License is a XML document that grants to a
  principal rights (acts) against resources
  under specific conditions
• Currently in use mainly for multi-media files
• A better business model fit for geographic
  resources

8
ISO REL functionality

• Basic license functionality
• Create licenses that prove membership in a
  class
• Simple access to digital items (copy-print-display
  )
• Specification and invocation of services during
  authorization
• A here or reference elements for a style of
  pointers similar to GML
• Related conceptually abstract type/element
  pairs for principal, right, resource, and
  condition derived from abstract license part
• Restrictions on process for render rights i.e.
  limit service rights
• Basic license validation techniques
• Principals can subsume (contain others), rights
  must be equal
• Inventories (lists in single place for reference
  elsewhere)
• Variables (substitute for license parts, can
  limit by descriptions)

9
GeoREL Extends ISO REL

• Creating GeoProcess both as a principal (owner of
  a license) and as resource (service)
• Element rprincipal is already in the rresource
  substitution group
• Allows use of mxrenderer to specify GeoProcess
  as a principal
• Compliance as license simplifying license
  validation.
• GeoProcess as renderer
• Conditions based on location, or spatial limits,
  parameter values, derived products rights, etc.
• Side effects by using the pattern established by
  ISO REL tracking service calls
• Basic Mantra If ISO REL does it, Geo REL uses
  it, does not redefine it

10
Basic Principles of the Design

• Service Oriented Architecture
• Operations are request-response pairs, usually
  XML document pairs
• Access and rights are determined at runtime
  through licenses aggregated with the request
• Message encryption is optional

11
Server configurationrepeat as needed
12
Request Message Contents

• Contain identity information, using one or more
  license.
• Contain any property licenses that confer on
  the sender properties that might affect the
  evaluation of his licenses.
• Contain any process or data licenses, associated
  to that identity that may be needed to complete
  the request.
• Be signed as a unit by the sender to assure the
  correspondence between the request, the passed
  identity and the licenses.
• Optionally encrypted using the servers public
  key.

13
Request Handling Sequence

• Message routed to Security
• Decrypted and disassembled
• Message and parts signatures verified
• Gatekeeper checks message and context returns
  go/no-go based on rights
• If go, Service is invoked, response returned to
  Security. If not error handling routines.
• Security assembles message, any derived licenses,
  and encrypts returns to sender

14
Design Advantage

• Each server is independently implemented only
  needs to agree on common protocols for services,
  and a common PKI for encryption and/or
  signatures.
• New user is fully enabled when he gets his
  credential. There is no information propagation
  lag.
• No single point of failure. Most information can
  be cached on each server, so no global
  sign-on.
• Performance can be increased by adding servers
  (the grid computing argument)

15
Questions?