Interoperability of DRM Systems

Interoperability of DRM Systems F O R S C H U N G S E R G E B N I S S E D E R W I R T S C H A F T S U N I V E R S I TÄT W I E N Susanne Guth Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access The study deals with the cutting-edge subject of electronic contracts which have the potential to automatically process and control the access rights for (electronic) goods. It shows the design and the implementation of a rights expression exchange framework. The framework allows DRM systems to exchange electronic contracts, formulated in a standardized rights expression language, and thus provides DRM system interoperability. The work introduces a methodology for the standardized composition, exchange and processing of electronic contracts or rights expressions. Susanne Guth received her degree in Information Systems from the University of Essen in 2000. She specialized in software techniques and production/operations management and studied at Clemson University in Clemson, South Carolina (USA) in 1997. Since 2000, she has been an assistant professor in the Department of Information Systems at Vienna University of Economics and Business Administration. For the last six years, her research focus has been on contract and rights management for digital goods. Since 2005, Susanne Guth has been working for a German mobile network operator and designs products in the field of content distribution and DRM. Susanne Guth is co-leading the ODRL initiative. F O R S C H U N G S E R G E B N I S S E D E R W I R T S C H A F T S U N I V E R S I TÄT W I E N Susanne Guth Interoperability of DRM Systems Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access Interoperability of DAM Systems Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access Forschungsergebnisse der Wirtschaftsuniversitat Wien Band 14 • PETER LANG Frankfurt am Main · Berlin · Bern · Bruxelles· New York · Oxford · Wien Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access Susanne Guth Interoperability of ORM Systems Exchanging and Processing XML-based Rights Expressions £ PETER LANG Europaischer Verlag der Wissenschaften Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access Open Access: The online version of this publication is published on www.peterlang.com and www.econstor.eu under the interna- tional Creative Commons License CC-BY 4.0. Learn more on how you can use and share this work: http://creativecommons. org/licenses/by/4.0. This book is available Open Access thanks to the kind support of ZBW – Leibniz-Informationszentrum Wirtschaft. ISBN 978-3-631-75423-8 (eBook) Bibliographic Information published by the Deutsche Natlonalblbllothek The Deutsche Nationalbibliothek lists this publication in the Deutsche Nationalbibliografie; detailed bibliographic data is available in the internet at <http://www.d-nb.de>. Q) :f! Printed with support of the Wirtschaftsuniversitat Wien. ISSN 1613-3056 ISBN 3-631-53845-6 US-ISBN 0-8204-7718-4 © Peter Lang GmbH Europaischer Verlag der Wissenschaften Frankfurt am Main 2006 All rights reserved. All parts of this publication are protected by copyright. Any utilisation outside the strict limits of the copyright law, without the permission of the publisher, is forbidden and liable to prosecution. This applies in particular to reproductions, translations, microfilming, and storage and processing in electronic retrieval systems. Printed in Germany 1 2 3 4 5 7 www.peterlang.de Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access Fiir meine Felsen in der Brandung: Papi, Mutti und Kerstin, und fur Christian, der mein Leben versiiftt. Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access Acknowledgements First of all, I would like to thank Prof. Gustaf Neumann and Prof. Al- fred Taudes for supervising this thesis. In particular, I am indebted to Prof. Gustaf Neumann for numerous discussions and for his support in the rapid completion of this thesis. My thanks also go to my friends and all colleagues at the Department of Information Systems, especially to Mark Strembeck and Uwe Zdun who have always been open for discussions and who have given me a very agreeable working environment. Renato Iannella was always available for technical support and advice concerning the Open Digital Rights Language. I am indebted to Margit De Toma, who has ac- complished most of the technical implementation of the rights expression generator. Further more I am grateful to my friend Tina Litschauer who spent a good deal of her spare time to correct my English vocabulary and grammar mistakes. Again, thanks to all of you without whose promotion this promotion would not have been possible. Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access Contents Acronyms List of Figures List of Tables 13 14 16 1 Motivation 19 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 1.2 The Impact of Standardised Contracts to Electronic Commerce 21 1.3 Objectives of this Doctoral Thesis 23 1.4 Classification into Research Theory . 27 1.5 Structure of this Doctoral Thesis . . 33 2 Digital Rights Management Systems 2.1 Trading Digital Goods ....... 2.1.1 Characteristics of Digital Goods 2.1.2 Business Models for Digital Goods 2.2 Digital Rights Management (ORM). 2.2.1 DRM Definition ......... 37 38 38 38 41 41 2.2.2 Perspectives of DRM . . . . . . . . 42 2.3 A Sample Digital Rights Management System and its Functions 46 2.3.1 DRM System Functions 47 2.3.2 A Sample ORM System . . . . . 53 2.3.3 A Sample DRM Process . . . . . 54 2.3.4 Commercial ORM Products and DRM System Variants . . . . . . . . . . . . 59 2.4 The Role of Rights Expression Languages in DRM 63 Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access 10 3 Rights Expression Languages (RELs) 3.1 Definition of Terms ... 67 67 3.2 Requirements of RELs 68 3.3 Characteristics of RELs 70 3.3.1 REL Syntax. . . 71 3.3.2 Rights Data Dictionary (RDD) 72 3.4 Existing Rights Expression Languages and Initiatives . 73 3.4.1 Open Digital Rights Language (ODRL) . . . 73 3.4.2 eXtensible rights Markup Language (XrML) . 81 3.4.3 MPEG 21 . . . . . . . . . . . . 83 3.4.4 LicenseScript . . . . . . . . . . 3.5 Current Market Situation and Trends 4 Electronic Contracts 4.1 Contract Life Cycle. 4.2 Contract States . . . 84 84 87 89 90 4.3 Execution of Rights 92 4.3.1 Electronic Contracts, Electronic Tickets, and Licenses 93 4.3.2 Ticket-Driven Rights Execution . 4.3.3 Hybrid Rights Execution . . 4.4 Contract Objects and Contract Use .. 4.4.1 Core Contract Objects ..... 95 97 98 98 4.4.2 Sample Usage Scenarios for Electronic Contracts 101 4.4.3 Scenario-Specific Contract Objects . . . . . . . . 103 4.5 Contract Modelling and Creation . . . . . . . . . . . . . 104 4.5.1 Required Information for Specific Software Services . . 105 4.5.2 Modelling Scenario-Specific Contracts 4.5.3 Scenario-Specific Contract Composition 4.6 The Generic Contract Schema . . . . . . . . 4.6.1 Definition of Terms ......... 4.6.2 Application-Specific CoSa Example 4.6.3 The CoSa API . . . . . . . . . 4.6.4 CoSa Serialisation . . . . . . . 4. 7 Enforceability of Electronic Contracts 4.8 Contract Management Issues 4.9 Related Work . . . . . . . . . . . . . . 109 . 112 . 115 . 115 . 117 121 124 126 129 138 Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access 11 5 Design of a Rights Expression Exchange Framework 145 5.1 Exchanging Rights Expressions . . . . . . . . . . . . . 145 5.1.1 The Communication Model . . . . . . . . . . . 146 5.1.2 The Rights Expression Communication Model . 147 5.2 The Rights Expression Exchange Framework 149 5.2.1 Technical Design . . . . . . 150 5.2.2 Implementation Check List . . . . . . 153 6 Implementing the Rights Expression Exchange Framework157 6.1 Software Architecture . . . . . 157 6.1.1 The XOTcl Language . . . . . . . . . . . . . . . . . 158 6.1.2 ActiWeb . . . . . . . . . . . . . . . . . . . . . . . . 160 6.1.3 Document Object Model (DOM) Implementation . 161 6.1.4 MySQL . . . . . . . . . . . 163 6.1.5 OpenSSL . . . . . . . . . . 163 6.2 The Rights Expression Generator . 164 6.2.1 Functional Description . . . 165 6.2.2 Class Hierarchy . . . . . . . 168 6.3 The Rights Expression Interpreter . 169 6.3.1 Functional Description . . . 170 6.3.2 xoREL Packages and Classes 172 6.3.3 Mapping ODRL Elements to the Contract Schema . 176 6.4 The Rights Expression Wrapper and Unwrapper 179 6.4.1 Functional Description . . 180 6.4.2 Class Hierarchy and API 181 6.5 The Mediator . . . . . . . . . 182 6.6 Implementation Assumptions 183 6. 7 Related Work . . . . . . . . . 184 7 Case Study of the Rights Expression Exchange Framework189 7.1 Access Control with Context Constraints . . . . . . 191 7.2 Access Control Decision Based on Electronic Tickets 196 7.2.1 Application-Specific CoSa . . . . . . 197 7.2.2 Generating ORM-Specific Licenses . . . . . . 198 7.2.3 Wrapping DRM Licenses . . . . . . . . . . . 200 7.2.4 Unwrapping, Interpreting and Processing DRM Li- censes ........................... 200 8 Conclusion and Future Work 209 Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access 12 9 Appendix A 215 9.1 ODRL Foundation Model . . . . . . . . . . . . . . . 215 9.2 XML Schema of ODRL Syntax Version 1.1 . . . . . 215 9.3 XML Schema of ODRL Data Dictionary Version 1.1 222 10 Appendix B 229 10.1 CoSa Application Programming Interface . . . . . . . . . . . 229 10.2 Extended CoSa Application Programming Interface ...... 234 10.3 Wrapper/ Unwrapper Application Programming Interface .. 237 Bibliography 241 Index 260 Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access Acronyms API . . . . . . . . . . . . . . . . . . Application Programming Interface ATM . . . . . . . . . . . . . . . . . Automated Teller Machine B2B . . . . . . . . . . . . . . . . . . Business to Business B2C . . . . . . . . . . . . . . . . . . Business to Consumer C2C . . . . . . . . . . . . . . . . . . Consumer to Consumer CoSa .. .. .. .. .. .. .. Contract Schema CRM ................. Customer Relationship Management DAC . . . . . . . . . . . . . . . . . Discretionary Access Control DOI .................. Digital Object Identifier DOM ................. Document Object Model DTD . . . . . . . . . . . . . . . . . Document Type Definition EDI .................. Electronic Data Interchange FTP .. .. .. .. . . . .. . . . File Transfer Protocol HTML ............... Hytertext Markup Language HTTP . . . . . . . . . . . . . . . . Hypertext Transfer Protocol IEC . . . . . . . . . . . . . . . . . . International Electrotechnical Commission IPR . . . . . . . . . . . . . . . . . . Intellectual Property Rights IS . . . . . . . . . . . . . . . . . . . . Information Systems ISBN . . . . . . . . . . . . . . . . . International Standard Book Number ISO . . . . . . . . . . . . . . . . . . International Organization for Standardization ISSN . . . . . . . . . . . . . . . . . International Standard Serial Number LOM . . . . . . . . . . . . . . . . . Learning Object Metadata MAC . . . . . . . . . . . . . . . . . Mandatory Access Control MIS . . . . . . . . . . . . . . . . . . Management Information Systems MPEG ............... Moving Picture Experts Group OCR . . . . . . . . . . . . . . . . . Optical Character Recognition ODRL ................ Open Digital Rights Language OMA ................. Open Mobile Alliance PDA . . . . . . . . . . . . . . . . . Personal Digital Assistant 13 Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access 14 PDF . . . . . . . . . . . . . . . . . Portable Document Format PHP . . . . . . . . . . . . . . . . . Hypertext Preprocessor PKI . . . . . . . . . . . . . . . . . . Public Key Infrastructure RBAC . . . . . . . . . . . . . . . . Role Based Access Service RDBMS .............. Relational Database Management System RDD ................. Rights Data Dictionary RDF . . . . . . . . . . . . . . . . . Resource Description Framework RE . . . . . . . . . . . . . . . . . . . Rights Expression REL . . . . . . . . . . . . . . . . . . Rights Expression Language SGML ................ Standard Generalized Markup Language SIM . . . . . . . . . . . . . . . . . . Subscriber Identity Module SQL . . . . . . . . . . . . . . . . . . Structured Query Language SSL . . . . . . . . . . . . . . . . . . Secure Socket Layer Tel . . . . . . . . . . . . . . . . . . . Tool command language TCP . . . . . . . . . . . . . . . . . Transmission Control Protocol TLS . . . . . . . . . . . . . . . . . . Transport Layer Security W3C . . . . . . . . . . . . . . . . . World Wide Web Consortium XML . . . . . . . . . . . . . . . . . eXtensible Markup Language XOTel . . . . . . . . . . . . . . . . eXtended Object Tel XrML ................ eXtensible rights Markup Language Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access 15 List of Figures 2.1 The six perspectives of DRM . . . . . . . . . . . . . . . . . . 42 2.2 The DRM perspectives in the order of their influence on DRM systems . . . . . . . . . . . . . . . . . . . . . . 45 2.3 Basic and extended functions of DRM systems 48 2.4 A sample DRM system . . 53 2.5 A sample DRM process 56 2.6 InterTrust's DRM system 61 3.1 A subset of the ODRL language syntax 75 3.2 A simplified subset of XML schema defining ODRL . 77 3.3 A valid language instance of the simplified ODRL schema 78 4.1 A simple contract life cycle with four phases . . . . . . . 89 4.2 Basic states and state transitions of electronic contracts 91 4.3 Contract right versus permissions . . . . . . . . . . 93 4.4 Contracts and tickets - an example . . . . . . . . . 94 4.5 Combination of tickets and direct rights processing 97 4.6 The abstract core objects of electronic contracts 99 4. 7 Various usage scenarios for electronic contracts . 104 4.8 Assigning permissions in RBAC . . . . . . . . . . 106 4.9 Application-specific data model . . . . . . . . . . ll0 4.10 Example of mapping of objects instances and their attributes to software services . . . . . . . . . . . . . . . . . . . . . . ll2 4.ll Composing tailored electronic contracts . . . . . . . . . . ll4 4.12 Class diagram of an application-specific Contract Schema ll8 4.13 Application-specific contra.ct schema . . . . . . . . . ll9 4.14 Instance of an application-specific Contra.ct Schema . 120 4.15 The enforceability matrix . . . . . . . . . . . . . . . . 128 Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access 16 4.16 Sample operations when managing electronic contracts .... 130 4.17 General structure of an service level agreement [LDF+o2] .. 139 4.18 Simplified model of contracts applied in a WFWM [KGV99] 141 5.1 The communication model [Sch71] . . . . . . . . . . . . 146 5.2 The rights expression communication model . . . . . . . . 147 5.3 Components of a rights expression exchange framework 151 6.1 Technology used in the rights expression exchange framework 158 6.2 Features of XOTcl, OTcl, and Tel . . . 159 6.3 Basic architecture of ActiWeb [NZ00a) . 160 6.4 A general DOM-tree . . . . . . . . . . 162 6.5 Choice of ODRL tags . . . . . . . . . . 166 6.6 Display and store generated ODRL rights expression 166 6.7 Choosing constraints via the customised generator GUI . 167 6.8 Reused software packages in the rights expression generator 168 6.9 Class hierarchy of ODRL specific elements . . . . . 169 6.10 Functional layers of XML-based rights expressions 170 6.11 The interpretation process . . . . . . . 171 6.12 Classes of the package contract . . . . . . . . . . 173 6.13 Classes of the package reinterpreter . . . . . . . 175 6.14 Packages with wrapping respectively unwrapping functionality182 6.15 The mediator, using framework components and other packages183 7.1 Execution of an access request . . . . . . . . . . . . . . . 193 7.2 Sample access permission with constraints . . . . . . . . . 193 7.3 xoRBAC access control decisions with context constraints 195 7.4 The application-specific CoSa . . . . . . . . . . . . . . . . 198 7.5 Provide license templates with the generator . . . . . . . 199 7.6 Mediator code combining generator and wrapper functionality 201 7. 7 Sequence diagram with basic activities of the secure viewer 202 7.8 Runtime model of the DRM CoSa objects 204 9.1 The foundation model of ODRL [Ian02b). 216 Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access 17 List of Tables 4.1 Characteristics of application-specific and domain-specific CoSa. . . . . . . . . . . . . . . . . . . . . . . . . . 117 4.2 Possible role names in application-specific CoSa 121 6.1 6.2 6.3 6.4 Possible role names in application-specific CoSa . 174 . 178 . 179 Mapping of ODRL asset context to CoSaResource objects Mapping of ODRL party context to CoSaParty objects .. Mapping of ODRL agreement/offer context to CoSaContract objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access Susanne Guth - 978-3-631-75423-8 Downloaded from PubFactory at 01/11/2019 05:05:24AM via free access