1) The document proposes a policy-based service-oriented digital rights management (DRM) system to improve interoperability and security.
2) It streamlines the DRM system architecture to be service-oriented and implements security policies using the eXtensible Access Control Markup Language (XACML) to decouple authorization decisions.
3) The proposed system allows participants in the DRM system to autonomously manage their own systems through centralized security policies that control authorization and access across systems.
WDSI 2015-Design and Implementation of a Policy-based Service-oriented DRM System
1. Design and Implementation of a Policy-based
Service-oriented DRM System
Yung-Hsin Wang, Yu-Hong Lin Shing-Han Li
Tatung University Nat’l Taipei Univ. of Business
Taipei, Taiwan Taipei, Taiwan
1
WDSI 2015 - Maui, Hawaii
2. Outline2
4. Conclusion & Future Work Direction
3. Design and Implementation
2. Background and Technology
1. Introduction
3. Motivations3
DRM permits smooth, secure, trusted movement of digital
contents from Content Providers and Distributors to
Clearing House and Consumers
Based on access, use, tracking, payment & reporting system
Business functions automated to deliver creators’ win-distributors’
win-clearing house’s win-consumers’ win
Access control and authorization implemented in proprietary
manner results in extreme tight coupling of authorization decisions
within applications
4. Motivations (cont.)4
SOA solution
Not only a framework but a key mechanism for cost effectiveness
Promoting organizational agility to adapt the most frequent
changing environment
Implementing SOA to improve DRM System
Service interoperability, Loosing coupling, Reusing or composing
shared service components during service orchestration
Challenges in security issue!
5. To re-model DRM System based on SOA
All participants well collaborate and equitably share sales benefits
Adopt policy-based security mechanism
Introduce the eXtensible Access Control Markup Language
(XACML) technology to decouple authorization decisions from
DRM system
Fulfill autonomous management on authorization and access
control for all resources via flexible policy-based SOA solution
5 Research Objective
6. 2. Background and Technology
6 Outline
4. Conclusions & Future Works Direction
3. Design and Implementation
1. Introduction
7. Emphasizing on protection
and management for
digital contents
The essential is to
control publication,
billing/payment and
copyright for digital
contents
7 DRM System
10. Interoperability problems arise within different DRM
solutions
DRM with SOA can increase interoperability for the system
management and facilitate efficient collaboration
Security is a major imperative for SOA
Figueira Filho et al. (2006) in their proposed framework adopted
SOA and a high-level policy modeling approach to promote
interoperability among DRM systems; however, the policy model
only focused on the copyright protection
10 DRM System Moves to SOA
11. eXtensible Access Control Markup Language
Based on XML standards
Define the general policy syntax for resources protection and
access
OASIS has regulated XACML as security standards to support
security technology for access control
11 XACML frameworks for services security
13. SOA-based DRM System’s security, privacy, resource
authorizing and access control must be well managed.
Help participants in SOA-based DRM System
autonomously manage their own systems
Security Policy applies to resource authorization and access
control among systems
Facilitate the abstraction of security jobs from the logic
loop of business system to become public services
achieve centralization of operation and management
13 Security Policy in SOA-based DRM System
14. 2. Background and Technology
14 Outline
4. Conclusions & Future Works Direction
3. Design and Implementation
1. Introduction
15. 15
Step 1. Streamline DRM system architecture
to be service choreography
The fundamental architecture
of DRM system
The streamlined architecture of DRM
16. 16
Step 2. Achieve the service-oriented DRM
system
Relations between functions and/or
systems among the DRM system
TheDRMsystemwithlayeredSOA
The SOMA layered
mechanism
20. 20
The Example of XACML Response from PDP
when Distributor inquires the authorized content
21. 21
2. Background and Technology
Outline
4. Conclusion & Future Work Direction
3. Design and Implementation
1. Introduction
22. This study has designed and implemented a policy-based
service-oriented DRM system
Transform a proprietary/tight-coupling DRM system into a
loose-coupling/on-demand business processes
Help participants' operation among DRM system be flexible and
react agilely in data transmission, exchange or integration
Not only to meet the security needs of web services, but also to
achieve a loose coupling in resources perspective
22 Conclusion
23. 23 Future Work Direction
Apply to cloud computing via service-oriented features
Parties who need to build up their systems can take advantages
of Infrastructure as a Service (IaaS) to save hardware costs and
maintenance expenses
Functions of Multi-layered and remodeled DRM system can
leverage Software as a Services (SaaS)
Adopt XACML to fulfill the security and safety needs of
inter–service in cloud computing
.
Thank u Mr. Chairman
It’s a great privilege for me to be here to share our study to you.
The study is about How to [ Design and Implementation of a Policy-based Service-oriented DRM System ]
I am Yu-Hung Lin, from Taiwan’s Tatung University,
and it’s a great honor for me to have Dr. Yung-Hsin Wang and Dr. Shing-Han Li to be my advising Professors.
The goals of this presentation are fourfold.
First, we introduce the motivations of this study.
Second, we give a quick overview of the “Background and Technology”in our study
Third, we elaborate more on the process of Designing and Implementation
Finally, we provide conclusion and some future work direction
DRM stands for Digital Rights Management.
It’s a mechanism form protecting Digital Content with advance of digitalization, network and mobile technologies nowadays.
In the most general case, DRM System should permits smooth, … …
<Enter>
Digital Contents’ transaction base on access, … …
<Enter>
These Business functions … …
<Enter>
Traditionally, Access control and …
We found out the SOA solution is Not only a …
<Enter>
So SOA Solution can promote organizational agility to …
<Enter>
We propose to Implement SOA to improve DRM System since SOA highlit “Service inteoperability, …”
<Enter>
But we had to consider the Challenges in security issue!
Key to our Reasearch Objective are
To re-model … in order to let All participants …
<Enter>
What are the background and Technology we considered in this stydy
Like our introduction in DRM obviously.
DRM System is Emphasizing …
<Enter>
in Figure:
Content Providers, who are owners of copyright of digital contents and the demanders of copyright protection.
Distributors, who are licensees to sell digital contents on the property of copyright owners. They also provide their store channels to distribute digital contents. Those channels can be either online stores or any kind of shopping websites.
Consumer, the users of digital contents who use Distributors’ store channels to consume and fetch by downloading or streaming legal digital contents.
Clearing House are trusted third parties who are responsible for handling the transaction records clearly and sharing profits fairly.
Generalizing the DRM System Usually combined with …
As shown in Figure ,
the DRM platform is highly complex and extensive where a diversity of devices, media, functional modules, and a wide variety of system requirements regarding security, flexibility and manageability must be supported. It is not easy to create an integrated DRM platform with fairness and mutual interests for all parties.
SOA as a design concept is a pattern of methodology.
The Service Oriented Design Principles focus on …
We wanner the DRM System moves to SOA,
Because …
So we adopt ….
Figure shows “Security standards of web services”
The process picture has 4 key points: PEP, PDP, PIP, and PAP, they are responsible for different jobs.
PEP is responsible for the checking point for every request
PDP is responsible for the decision of authorization
PIP is responsible for providing information to PDP
And PDP is responsible for the administration of policy rules.
Figure 4 explains the implementation process of XACML and access control architecture (OASIS 2005).
Access applicants have to enter the checking point of Policy Executing Point (PEP).
Then PEP generates an XACML request and sends it to Policy Decision Point (PDP).
Sequentially, PDP processes entire investigation and evaluation on related policies and rules; it then returns a response for the request. In order to obtain policy, PDP needs policy access point (PAP) which edits policies (in each policy set) for PDP to use. PDP can also call on the index service of policy information point (PIP) and retrieve attribution values (property values) of autonomy, resource or environment. After making the decision of authorization PDP will respond it to PEP. Then PEP does its duty to respond requester whether the access is allowed or denied.
So we propose Security Policy in SOA-based DRM System,
Because we consider the …
What the next topic is our steps in Design and Implementation a policy-based Service-oriented DRM System
We analysis the fundamental architecture of DRM system,
<Enter>
then come out the streamlined architecture of DRM.
We apply Service-Oriented Modeling and Architecture (SOMA) method
<Enter>
First, Find out the Relations between functions and/or systems among the DRM system
<Enter>
Through the SOMA layered mechanism,
<Enter>
Come out the DRM system with layered SOA
for service-oriented analysis and design of the DRM system.
We embedded a conversion function in general User Interface For generating a specific security policy through common business operation
Like the “Content Provider authorizes contents to Distributor” operation, which will generate the security policy to describe the Access Control List about which Content Provider has Authorized which Content to which Authorized Distributor
Like our previous said, adopting security policy, any request needs to be enforced check out the privilege.
So, it will be needed to transfer the inqiury to XACML Request.
說明xml是op01 want to retrieve cp01 ‘s code cp01_b01’s digital content
All of XACML Response are permit, deny or not applicable.
So ,this is The Example …
Finally, Let’s give you conclusion & Future work direction from our perspective.
It Transform …
<Enter>
It can Help …
<Enter>
The approach is Not only …