Title: Geographic Digital Rights Management: An alternate security implementation for Incident Management
1Geographic Digital Rights Management An
alternate security implementation for Incident
Management
- John Herring
- ISO TC 211 / Oracle
2GeoDRM Security Architecture
- Public-key cryptosystem
- Identity based on crypto-keys
- Digital signature for XML documents
- (Geographic) Licensing systems
- Service Oriented Architecture
3Standards 1 ISO/IEC JTC 1, IEEE, W3C
- PKI (public key infrastructure)
- IEEE 1363 Public Key Cryptography
- W3C XML Encryption Syntax and Processing
- Digital Signature (DSIG)
- W3C XML Signature Syntax and Processing
- Digital Rights Management (MPEG 21)
- ISO/IEC 21000 Information technology Multimedia
Framework - ISO/IEC 21000-5 Rights Expression Language
4Standards 2 OGC, ISO TC 211
- Geographic Digital Rights Management
- OGC, The OpenGIS Abstract Specification Topic 18
Geospatial Digital Rights Management Reference
Model (GeoDRM RM) (submitted as ISO 19153
working draft) - OGC Discussion Paper, Geographic information -
Rights expression language for geographic
information GeoREL(submitted as ISO 19149
out for DIS vote)
5Public Key Cryptographyasymmetric encryption
- Two keys, one private, one public each decrypts
what the other encrypts - They are not derivable from one another (produced
as a pair) - Creates a secure communication infrastructure
with no need for private key communications - Digital Signature comes for free
6Digital Signaturenon-repudiations of documents
- Uses a cryptographic hash to checksum a document,
and a private key to encrypt it - When attached to the document, it means that key
holder was to last to have control of its content
7Digital Rights ManagementISO REL (ISO/IEC
21000-5)
- License is a XML document that grants to a
principal rights (acts) against resources
under specific conditions - Currently in use mainly for multi-media files
- A better business model fit for geographic
resources
8ISO REL functionality
- Basic license functionality
- Create licenses that prove membership in a
class - Simple access to digital items (copy-print-display
) - Specification and invocation of services during
authorization - A here or reference elements for a style of
pointers similar to GML - Related conceptually abstract type/element
pairs for principal, right, resource, and
condition derived from abstract license part - Restrictions on process for render rights i.e.
limit service rights - Basic license validation techniques
- Principals can subsume (contain others), rights
must be equal - Inventories (lists in single place for reference
elsewhere) - Variables (substitute for license parts, can
limit by descriptions)
9GeoREL Extends ISO REL
- Creating GeoProcess both as a principal (owner of
a license) and as resource (service) - Element rprincipal is already in the rresource
substitution group - Allows use of mxrenderer to specify GeoProcess
as a principal - Compliance as license simplifying license
validation. - GeoProcess as renderer
- Conditions based on location, or spatial limits,
parameter values, derived products rights, etc. - Side effects by using the pattern established by
ISO REL tracking service calls - Basic Mantra If ISO REL does it, Geo REL uses
it, does not redefine it
10Basic Principles of the Design
- Service Oriented Architecture
- Operations are request-response pairs, usually
XML document pairs - Access and rights are determined at runtime
through licenses aggregated with the request - Message encryption is optional
11Server configurationrepeat as needed
12Request Message Contents
- Contain identity information, using one or more
license. - Contain any property licenses that confer on
the sender properties that might affect the
evaluation of his licenses. - Contain any process or data licenses, associated
to that identity that may be needed to complete
the request. - Be signed as a unit by the sender to assure the
correspondence between the request, the passed
identity and the licenses. - Optionally encrypted using the servers public
key.
13Request Handling Sequence
- Message routed to Security
- Decrypted and disassembled
- Message and parts signatures verified
- Gatekeeper checks message and context returns
go/no-go based on rights - If go, Service is invoked, response returned to
Security. If not error handling routines. - Security assembles message, any derived licenses,
and encrypts returns to sender
14Design Advantage
- Each server is independently implemented only
needs to agree on common protocols for services,
and a common PKI for encryption and/or
signatures. - New user is fully enabled when he gets his
credential. There is no information propagation
lag. - No single point of failure. Most information can
be cached on each server, so no global
sign-on. - Performance can be increased by adding servers
(the grid computing argument)
15Questions?