SlideShare une entreprise Scribd logo

WDSI 2015-Design and Implementation of a Policy-based Service-oriented DRM System

Télécharger en tant que PPTX, PDF
育弘 林
育弘 林

1) The document proposes a policy-based service-oriented digital rights management (DRM) system to improve interoperability and security. 2) It streamlines the DRM system architecture to be service-oriented and implements security policies using the eXtensible Access Control Markup Language (XACML) to decouple authorization decisions. 3) The proposed system allows participants in the DRM system to autonomously manage their own systems through centralized security policies that control authorization and access across systems.

Internet
1  sur  24
Design and Implementation of a Policy-based Service-oriented DRM System Yung-Hsin Wang, Yu-Hong Lin Shing-Han Li Tatung University Nat’l Taipei Univ. of Business Taipei, Taiwan Taipei, Taiwan 1 WDSI 2015 - Maui, Hawaii
Outline2 4. Conclusion & Future Work Direction 3. Design and Implementation 2. Background and Technology 1. Introduction
Motivations3 DRM permits smooth, secure, trusted movement of digital contents from Content Providers and Distributors to Clearing House and Consumers Based on access, use, tracking, payment & reporting system Business functions automated to deliver creators’ win-distributors’ win-clearing house’s win-consumers’ win Access control and authorization implemented in proprietary manner results in extreme tight coupling of authorization decisions within applications
Motivations (cont.)4 SOA solution Not only a framework but a key mechanism for cost effectiveness Promoting organizational agility to adapt the most frequent changing environment Implementing SOA to improve DRM System Service interoperability, Loosing coupling, Reusing or composing shared service components during service orchestration Challenges in security issue!
To re-model DRM System based on SOA All participants well collaborate and equitably share sales benefits Adopt policy-based security mechanism Introduce the eXtensible Access Control Markup Language (XACML) technology to decouple authorization decisions from DRM system Fulfill autonomous management on authorization and access control for all resources via flexible policy-based SOA solution 5 Research Objective
2. Background and Technology 6 Outline 4. Conclusions & Future Works Direction 3. Design and Implementation 1. Introduction
Emphasizing on protection and management for digital contents The essential is to control publication, billing/payment and copyright for digital contents 7 DRM System
Usually combined with certain business models for the sales of digital contents 8 DRM System The integrated DRM solution
Service Contract Service Loose Coupling Service Abstraction Service Reusability Service Autonomy Service Statelessness Service Discoverability Service Composability 9 Service Oriented Design Principle
Interoperability problems arise within different DRM solutions DRM with SOA can increase interoperability for the system management and facilitate efficient collaboration Security is a major imperative for SOA Figueira Filho et al. (2006) in their proposed framework adopted SOA and a high-level policy modeling approach to promote interoperability among DRM systems; however, the policy model only focused on the copyright protection 10 DRM System Moves to SOA
eXtensible Access Control Markup Language Based on XML standards Define the general policy syntax for resources protection and access OASIS has regulated XACML as security standards to support security technology for access control 11 XACML frameworks for services security
12 TheimplementationprocessofXACML andaccesscontrolarchitecture
SOA-based DRM System’s security, privacy, resource authorizing and access control must be well managed. Help participants in SOA-based DRM System autonomously manage their own systems Security Policy applies to resource authorization and access control among systems Facilitate the abstraction of security jobs from the logic loop of business system to become public services achieve centralization of operation and management 13 Security Policy in SOA-based DRM System
2. Background and Technology 14 Outline 4. Conclusions & Future Works Direction 3. Design and Implementation 1. Introduction
15 Step 1. Streamline DRM system architecture to be service choreography The fundamental architecture of DRM system The streamlined architecture of DRM
16 Step 2. Achieve the service-oriented DRM system Relations between functions and/or systems among the DRM system TheDRMsystemwithlayeredSOA The SOMA layered mechanism
17 Step 3. Implement security policy with XACML
18 The example of XACML Policy converted from CMS Content Provider authorizes contents to Distributor
19 The inquiry example of XACML Request for Consumer or Distributor
20 The Example of XACML Response from PDP when Distributor inquires the authorized content
21 2. Background and Technology Outline 4. Conclusion & Future Work Direction 3. Design and Implementation 1. Introduction
This study has designed and implemented a policy-based service-oriented DRM system Transform a proprietary/tight-coupling DRM system into a loose-coupling/on-demand business processes Help participants' operation among DRM system be flexible and react agilely in data transmission, exchange or integration Not only to meet the security needs of web services, but also to achieve a loose coupling in resources perspective 22 Conclusion
23 Future Work Direction Apply to cloud computing via service-oriented features Parties who need to build up their systems can take advantages of Infrastructure as a Service (IaaS) to save hardware costs and maintenance expenses Functions of Multi-layered and remodeled DRM system can leverage Software as a Services (SaaS) Adopt XACML to fulfill the security and safety needs of inter–service in cloud computing .
Thanks for your attention! 24

Recommandé

WITDOM Data Protection Orchestrator
WITDOM Data Protection OrchestratorWITDOM Data Protection Orchestrator
WITDOM Data Protection OrchestratorElsa Prieto
 
Cyber Liability Coverage - Chiropractic Malpractice Insurance
Cyber Liability Coverage - Chiropractic Malpractice InsuranceCyber Liability Coverage - Chiropractic Malpractice Insurance
Cyber Liability Coverage - Chiropractic Malpractice Insurancejessica01077
 
How to set up your security policy
How to set up your security policyHow to set up your security policy
How to set up your security policyTim Wulgaert
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security SolutionsAegify Inc.
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 
GDPR Compliance in Digital Advertising (dmexco 2017)
GDPR Compliance in Digital Advertising (dmexco 2017)GDPR Compliance in Digital Advertising (dmexco 2017)
GDPR Compliance in Digital Advertising (dmexco 2017)Stefan Kotiia
 
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...ekyklos Κύκλος Ιδεών για τη Εθνική Ανασυγκρότηση
 
Infographic: Guide to the General Data Protection Regulation
Infographic: Guide to the General Data Protection RegulationInfographic: Guide to the General Data Protection Regulation
Infographic: Guide to the General Data Protection RegulationUCSC Silicon Valley Extension
 

Recommandé

WITDOM Data Protection Orchestrator
WITDOM Data Protection OrchestratorWITDOM Data Protection Orchestrator
WITDOM Data Protection OrchestratorElsa Prieto
 
Cyber Liability Coverage - Chiropractic Malpractice Insurance
Cyber Liability Coverage - Chiropractic Malpractice InsuranceCyber Liability Coverage - Chiropractic Malpractice Insurance
Cyber Liability Coverage - Chiropractic Malpractice Insurancejessica01077
 
How to set up your security policy
How to set up your security policyHow to set up your security policy
How to set up your security policyTim Wulgaert
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security SolutionsAegify Inc.
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 
GDPR Compliance in Digital Advertising (dmexco 2017)
GDPR Compliance in Digital Advertising (dmexco 2017)GDPR Compliance in Digital Advertising (dmexco 2017)
GDPR Compliance in Digital Advertising (dmexco 2017)Stefan Kotiia
 
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...ekyklos Κύκλος Ιδεών για τη Εθνική Ανασυγκρότηση
 
Infographic: Guide to the General Data Protection Regulation
Infographic: Guide to the General Data Protection RegulationInfographic: Guide to the General Data Protection Regulation
Infographic: Guide to the General Data Protection RegulationUCSC Silicon Valley Extension
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
Practical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud ComputingPractical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud ComputingCloud Standards Customer Council
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it securityEast Midlands Cyber Security Forum
 
Cloud Computing - A future prerogative
Cloud Computing - A future prerogativeCloud Computing - A future prerogative
Cloud Computing - A future prerogativeWayne Poggenpoel
 
Hybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have RequirementsHybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have RequirementsJamcracker Inc
 
CyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityCyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityHaluk Demirkan
 
Layer 7: Identity Enabled SOA Governance
Layer 7: Identity Enabled SOA GovernanceLayer 7: Identity Enabled SOA Governance
Layer 7: Identity Enabled SOA GovernanceCA API Management
 
What are the advantages of adopting public cloud
What are the advantages of adopting public cloudWhat are the advantages of adopting public cloud
What are the advantages of adopting public cloudNicole Khoo
 
Navigating the Cloud: Trends and Technologies Shaping Security and Compliance
Navigating the Cloud: Trends and Technologies Shaping Security and ComplianceNavigating the Cloud: Trends and Technologies Shaping Security and Compliance
Navigating the Cloud: Trends and Technologies Shaping Security and ComplianceUrolime Technologies
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Sia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS SolutionSia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS SolutionDaniel Connor
 
Cscc cloud-customer-architecture-for-e commerce
Cscc cloud-customer-architecture-for-e commerceCscc cloud-customer-architecture-for-e commerce
Cscc cloud-customer-architecture-for-e commercer_arorabms
 
GoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapGoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapAldo Pietropaolo
 
Hybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationHybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationSai P Mishra
 
Hybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfHybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfmanoharparakh
 
3822424.ppt
3822424.ppt3822424.ppt
3822424.pptahmad21315
 
IbmHybridCloud_E
IbmHybridCloud_EIbmHybridCloud_E
IbmHybridCloud_EAl Brodie
 
Governing in the Cloud
Governing in the CloudGoverning in the Cloud
Governing in the CloudRolf Frydenberg
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 

Contenu connexe

Similaire à WDSI 2015-Design and Implementation of a Policy-based Service-oriented DRM System

Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
Cloud Computing - A future prerogative
Cloud Computing - A future prerogativeCloud Computing - A future prerogative
Cloud Computing - A future prerogativeWayne Poggenpoel
 
Hybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have RequirementsHybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have RequirementsJamcracker Inc
 
CyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityCyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityHaluk Demirkan
 
Layer 7: Identity Enabled SOA Governance
Layer 7: Identity Enabled SOA GovernanceLayer 7: Identity Enabled SOA Governance
Layer 7: Identity Enabled SOA GovernanceCA API Management
 
What are the advantages of adopting public cloud
What are the advantages of adopting public cloudWhat are the advantages of adopting public cloud
What are the advantages of adopting public cloudNicole Khoo
 
Navigating the Cloud: Trends and Technologies Shaping Security and Compliance
Navigating the Cloud: Trends and Technologies Shaping Security and ComplianceNavigating the Cloud: Trends and Technologies Shaping Security and Compliance
Navigating the Cloud: Trends and Technologies Shaping Security and ComplianceUrolime Technologies
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Sia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS SolutionSia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS SolutionDaniel Connor
 
Cscc cloud-customer-architecture-for-e commerce
Cscc cloud-customer-architecture-for-e commerceCscc cloud-customer-architecture-for-e commerce
Cscc cloud-customer-architecture-for-e commercer_arorabms
 
GoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapGoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapAldo Pietropaolo
 
Hybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationHybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationSai P Mishra
 
Hybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfHybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfmanoharparakh
 
IbmHybridCloud_E
IbmHybridCloud_EIbmHybridCloud_E
IbmHybridCloud_EAl Brodie
 

Similaire à WDSI 2015-Design and Implementation of a Policy-based Service-oriented DRM System (20)

Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
Practical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud ComputingPractical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud Computing
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Cloud Computing - A future prerogative
Cloud Computing - A future prerogativeCloud Computing - A future prerogative
Cloud Computing - A future prerogative
 
Hybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have RequirementsHybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have Requirements
 
CyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityCyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT Security
 
Layer 7: Identity Enabled SOA Governance
Layer 7: Identity Enabled SOA GovernanceLayer 7: Identity Enabled SOA Governance
Layer 7: Identity Enabled SOA Governance
 
What are the advantages of adopting public cloud
What are the advantages of adopting public cloudWhat are the advantages of adopting public cloud
What are the advantages of adopting public cloud
 
Navigating the Cloud: Trends and Technologies Shaping Security and Compliance
Navigating the Cloud: Trends and Technologies Shaping Security and ComplianceNavigating the Cloud: Trends and Technologies Shaping Security and Compliance
Navigating the Cloud: Trends and Technologies Shaping Security and Compliance
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Sia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS SolutionSia Partners Insights when Considering a SaaS Solution
Sia Partners Insights when Considering a SaaS Solution
 
Cscc cloud-customer-architecture-for-e commerce
Cscc cloud-customer-architecture-for-e commerceCscc cloud-customer-architecture-for-e commerce
Cscc cloud-customer-architecture-for-e commerce
 
GoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the GapGoodDogLabs IAM Cloud Migration - Bridging the Gap
GoodDogLabs IAM Cloud Migration - Bridging the Gap
 
Hybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationHybrid Cloud and Its Implementation
Hybrid Cloud and Its Implementation
 
Hybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfHybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdf
 
3822424.ppt
3822424.ppt3822424.ppt
3822424.ppt
 
IbmHybridCloud_E
IbmHybridCloud_EIbmHybridCloud_E
IbmHybridCloud_E
 
Governing in the Cloud
Governing in the CloudGoverning in the Cloud
Governing in the Cloud
 

Dernier

Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 

Dernier (20)

Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 

WDSI 2015-Design and Implementation of a Policy-based Service-oriented DRM System

  • 1. Design and Implementation of a Policy-based Service-oriented DRM System Yung-Hsin Wang, Yu-Hong Lin Shing-Han Li Tatung University Nat’l Taipei Univ. of Business Taipei, Taiwan Taipei, Taiwan 1 WDSI 2015 - Maui, Hawaii
  • 2. Outline2 4. Conclusion & Future Work Direction 3. Design and Implementation 2. Background and Technology 1. Introduction
  • 3. Motivations3 DRM permits smooth, secure, trusted movement of digital contents from Content Providers and Distributors to Clearing House and Consumers Based on access, use, tracking, payment & reporting system Business functions automated to deliver creators’ win-distributors’ win-clearing house’s win-consumers’ win Access control and authorization implemented in proprietary manner results in extreme tight coupling of authorization decisions within applications
  • 4. Motivations (cont.)4 SOA solution Not only a framework but a key mechanism for cost effectiveness Promoting organizational agility to adapt the most frequent changing environment Implementing SOA to improve DRM System Service interoperability, Loosing coupling, Reusing or composing shared service components during service orchestration Challenges in security issue!
  • 5. To re-model DRM System based on SOA All participants well collaborate and equitably share sales benefits Adopt policy-based security mechanism Introduce the eXtensible Access Control Markup Language (XACML) technology to decouple authorization decisions from DRM system Fulfill autonomous management on authorization and access control for all resources via flexible policy-based SOA solution 5 Research Objective
  • 6. 2. Background and Technology 6 Outline 4. Conclusions & Future Works Direction 3. Design and Implementation 1. Introduction
  • 7. Emphasizing on protection and management for digital contents The essential is to control publication, billing/payment and copyright for digital contents 7 DRM System
  • 8. Usually combined with certain business models for the sales of digital contents 8 DRM System The integrated DRM solution
  • 9. Service Contract Service Loose Coupling Service Abstraction Service Reusability Service Autonomy Service Statelessness Service Discoverability Service Composability 9 Service Oriented Design Principle
  • 10. Interoperability problems arise within different DRM solutions DRM with SOA can increase interoperability for the system management and facilitate efficient collaboration Security is a major imperative for SOA Figueira Filho et al. (2006) in their proposed framework adopted SOA and a high-level policy modeling approach to promote interoperability among DRM systems; however, the policy model only focused on the copyright protection 10 DRM System Moves to SOA
  • 11. eXtensible Access Control Markup Language Based on XML standards Define the general policy syntax for resources protection and access OASIS has regulated XACML as security standards to support security technology for access control 11 XACML frameworks for services security
  • 13. SOA-based DRM System’s security, privacy, resource authorizing and access control must be well managed. Help participants in SOA-based DRM System autonomously manage their own systems Security Policy applies to resource authorization and access control among systems Facilitate the abstraction of security jobs from the logic loop of business system to become public services achieve centralization of operation and management 13 Security Policy in SOA-based DRM System
  • 14. 2. Background and Technology 14 Outline 4. Conclusions & Future Works Direction 3. Design and Implementation 1. Introduction
  • 15. 15 Step 1. Streamline DRM system architecture to be service choreography The fundamental architecture of DRM system The streamlined architecture of DRM
  • 16. 16 Step 2. Achieve the service-oriented DRM system Relations between functions and/or systems among the DRM system TheDRMsystemwithlayeredSOA The SOMA layered mechanism
  • 17. 17 Step 3. Implement security policy with XACML
  • 18. 18 The example of XACML Policy converted from CMS Content Provider authorizes contents to Distributor
  • 19. 19 The inquiry example of XACML Request for Consumer or Distributor
  • 20. 20 The Example of XACML Response from PDP when Distributor inquires the authorized content
  • 21. 21 2. Background and Technology Outline 4. Conclusion & Future Work Direction 3. Design and Implementation 1. Introduction
  • 22. This study has designed and implemented a policy-based service-oriented DRM system Transform a proprietary/tight-coupling DRM system into a loose-coupling/on-demand business processes Help participants' operation among DRM system be flexible and react agilely in data transmission, exchange or integration Not only to meet the security needs of web services, but also to achieve a loose coupling in resources perspective 22 Conclusion
  • 23. 23 Future Work Direction Apply to cloud computing via service-oriented features Parties who need to build up their systems can take advantages of Infrastructure as a Service (IaaS) to save hardware costs and maintenance expenses Functions of Multi-layered and remodeled DRM system can leverage Software as a Services (SaaS) Adopt XACML to fulfill the security and safety needs of inter–service in cloud computing .
  • 24. Thanks for your attention! 24

Notes de l'éditeur

  1. Thank u Mr. Chairman It’s a great privilege for me to be here to share our study to you. The study is about How to [ Design and Implementation of a Policy-based Service-oriented DRM System ] I am Yu-Hung Lin, from Taiwan’s Tatung University, and it’s a great honor for me to have Dr. Yung-Hsin Wang and Dr. Shing-Han Li to be my advising Professors.
  2. The goals of this presentation are fourfold. First, we introduce the motivations of this study. Second, we give a quick overview of the “Background and Technology”in our study Third, we elaborate more on the process of Designing and Implementation Finally, we provide conclusion and some future work direction
  3. DRM stands for Digital Rights Management. It’s a mechanism form protecting Digital Content with advance of digitalization, network and mobile technologies nowadays. In the most general case, DRM System should permits smooth, … … <Enter> Digital Contents’ transaction base on access, … … <Enter> These Business functions … … <Enter> Traditionally, Access control and …
  4. We found out the SOA solution is Not only a … <Enter> So SOA Solution can promote organizational agility to … <Enter> We propose to Implement SOA to improve DRM System since SOA highlit “Service inteoperability, …” <Enter> But we had to consider the Challenges in security issue!
  5. Key to our Reasearch Objective are To re-model … in order to let All participants … <Enter>
  6. What are the background and Technology we considered in this stydy
  7. Like our introduction in DRM obviously. DRM System is Emphasizing … <Enter> in Figure: Content Providers, who are owners of copyright of digital contents and the demanders of copyright protection. Distributors, who are licensees to sell digital contents on the property of copyright owners. They also provide their store channels to distribute digital contents. Those channels can be either online stores or any kind of shopping websites. Consumer, the users of digital contents who use Distributors’ store channels to consume and fetch by downloading or streaming legal digital contents. Clearing House are trusted third parties who are responsible for handling the transaction records clearly and sharing profits fairly.
  8. Generalizing the DRM System Usually combined with … As shown in Figure , the DRM platform is highly complex and extensive where a diversity of devices, media, functional modules, and a wide variety of system requirements regarding security, flexibility and manageability must be supported. It is not easy to create an integrated DRM platform with fairness and mutual interests for all parties.
  9. SOA as a design concept is a pattern of methodology. The Service Oriented Design Principles focus on …
  10. We wanner the DRM System moves to SOA, Because …
  11. So we adopt …. Figure shows “Security standards of web services”
  12. The process picture has 4 key points: PEP, PDP, PIP, and PAP, they are responsible for different jobs. PEP is responsible for the checking point for every request PDP is responsible for the decision of authorization PIP is responsible for providing information to PDP And PDP is responsible for the administration of policy rules. Figure 4 explains the implementation process of XACML and access control architecture (OASIS 2005). Access applicants have to enter the checking point of Policy Executing Point (PEP). Then PEP generates an XACML request and sends it to Policy Decision Point (PDP). Sequentially, PDP processes entire investigation and evaluation on related policies and rules; it then returns a response for the request. In order to obtain policy, PDP needs policy access point (PAP) which edits policies (in each policy set) for PDP to use. PDP can also call on the index service of policy information point (PIP) and retrieve attribution values (property values) of autonomy, resource or environment. After making the decision of authorization PDP will respond it to PEP. Then PEP does its duty to respond requester whether the access is allowed or denied.
  13. So we propose Security Policy in SOA-based DRM System, Because we consider the …
  14. What the next topic is our steps in Design and Implementation a policy-based Service-oriented DRM System
  15. We analysis the fundamental architecture of DRM system, <Enter> then come out the streamlined architecture of DRM.
  16. We apply Service-Oriented Modeling and Architecture (SOMA) method <Enter> First, Find out the Relations between functions and/or systems among the DRM system <Enter> Through the SOMA layered mechanism, <Enter> Come out the DRM system with layered SOA for service-oriented analysis and design of the DRM system.
  17. We embedded a conversion function in general User Interface For generating a specific security policy through common business operation Like the “Content Provider authorizes contents to Distributor” operation, which will generate the security policy to describe the Access Control List about which Content Provider has Authorized which Content to which Authorized Distributor
  18. Like our previous said, adopting security policy, any request needs to be enforced check out the privilege. So, it will be needed to transfer the inqiury to XACML Request. 說明xml是op01 want to retrieve cp01 ‘s code cp01_b01’s digital content
  19. All of XACML Response are permit, deny or not applicable. So ,this is The Example …
  20. Finally, Let’s give you conclusion & Future work direction from our perspective.
  21. It Transform … <Enter> It can Help … <Enter> The approach is Not only …