Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Kaiserslautern Department of Computer Science Integrated Communication Systems ICSY License4Grid: Adopting DRM for Licensed.

Published byBarbra Lewis Modified over 8 years ago

Similar presentations

Presentation on theme: "University of Kaiserslautern Department of Computer Science Integrated Communication Systems ICSY License4Grid: Adopting DRM for Licensed."— Presentation transcript:

1 University of Kaiserslautern Department of Computer Science Integrated Communication Systems ICSY http://www.icsy.de License4Grid: Adopting DRM for Licensed Content in Grid Environments Joachim Götze, Simon Schwantzer, Tino Fleuren & Paul Müller 8 th IEEE European Conference on Web Services Joachim Götze

2 2 Joachim Götze, University of Kaiserslautern Overview  Motivation  Application scenario  Open issues  Digital Rights Management  Distribution approaches  License4Grid  Participants  Requirements  Usage scenarios

3 3 Joachim Götze, University of Kaiserslautern Complex scientific applications  Goals of many scientific applications  Complex scenarios  Processing of large amounts of data  Common requirements  Utilize high performance computing capabilities  Handle licensed content

4 4 Joachim Götze, University of Kaiserslautern Flood Simulation  European Commission passed the “Flood Directive” (2007)  Identification of inundated areas  Creation of flood risk maps  Flood forecasting models are used to determine the extent of a flooding  Authorities require an estimation of the possible damages  Facilitate effective early warning measures for residents  In urban regions, the model becomes much more complex  Underlying terrain has to be taken in account  But also a detailed 3D city model  For an accurate simulation these data sets are needed in a very high spatial resolution  Increasing the amount of data to be processed exponentially.

5 5 Joachim Götze, University of Kaiserslautern Current solutions  Getting terrain and city models  Typically available via HTTP(S)  Content protection Access restricted by IP addresses Every user needs a personal account  Scientific community is one of the foremost users  Worries about losing data is not predominant  How to protect content with this solution?  There is no license attached

6  Aspects of licensed content  Basics of digital rights management  Distribution of licensed content Digital Rights Management

7 7 Joachim Götze, University of Kaiserslautern Licensed content  Terms focusing on different aspects of content  Intangible assets Copyright  Information goods Content exchange  Paid content Payment process  Licensed content here  Arbitrary content Not Software!  Technical focus Provisioning and protection of content Maintaining the association between license and data

8 8 Joachim Götze, University of Kaiserslautern Digital Rights Management  Aspects of DRM  Management of digital rights Identification of data Metadata creation Mapping to a license  Digital management of rights Content protection Distribution Control mechanisms Distribution tracing

9 9 Joachim Götze, University of Kaiserslautern Structure of Licensed Content  Content Object  The whole data package  Containing multiple content elements  Rights Object  Identification  License Information  Content Element  A specific element, e.g., file Content Object Rights Object Content Element

10 10 Joachim Götze, University of Kaiserslautern External Distribution Approach  Distribution node NOT part of the observed environment  Gaining flexibility for design and implementation  Total loss of data control after distribution

11 11 Joachim Götze, University of Kaiserslautern External Distribution Approach  Distribution node NOT part of the observed environment  Gaining flexibility for design and implementation  Total loss of data control after distribution

12 12 Joachim Götze, University of Kaiserslautern External Distribution Approach  Distribution node NOT part of the observed environment  Gaining flexibility for design and implementation  Total loss of data control after distribution

13 13 Joachim Götze, University of Kaiserslautern Internal Distribution Approach  Distribution node part of the observed environment  Allowing the use of existing functionality within the environment  Security  Data management  User management  Binding the distributor to the technical environment  Currently, all distribution approaches in Grid environments are external!

14  Participants and interest domains  Usage scenarios  Minimal requirements  Example communication workflows  Implementation overview License4Grid

15 15 Joachim Götze, University of Kaiserslautern Internal distribution within a Grid environment  Course of events  Preparation The licenser creates data packages at a distributor  Obtaining a license The licensee selects a data package and acquires a license  Using a computing resource A Grid service is utilizing the required data package in order to execute the desired function on a computing resource User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

16 16 Joachim Götze, University of Kaiserslautern Access and Content Protection  Two scenarios for an internal distribution approach  Without content protection Maintaining the mapping between license and content  With content protection Encrypting the content  Two options for accessing content  Direct access Content can be accessed directly by the user  Indirect access Content can only be accessed through a trusted service

17 17 Joachim Götze, University of Kaiserslautern Combining scenarios and options  Four scenarios  1a: Direct access without content protection  1b: Direct access with content protection  2a: Indirect access without content protection  2b: Indirect access with content protection

18 18 Joachim Götze, University of Kaiserslautern Minimal requirements for content distribution  Non-protected content distribution  Mutual authentication of participating users and services  Restricted data access to the distribution service  Creation of a container for combining data and license information  Support for maintaining this container  Possibility for data extraction at the computing resource  Additional requirements for distribution of protected content  Data encryption at the distribution service  A preparation phase including license validation

19 19 Joachim Götze, University of Kaiserslautern Interest domains User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

20 20 Joachim Götze, University of Kaiserslautern Content/License owner Service owner Resource owner Interest domains User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

21 21 Joachim Götze, University of Kaiserslautern Preparation Phase  Create metadata  Upload content to distribution service  Create content package  Optionally: encrypt and deliver decryption key Licenser Service Distribution Service Distribution Service

22 22 Joachim Götze, University of Kaiserslautern Direct Access without Content Protection  Prerequisite: License already acquired  Retrieve content (if license is valid)  Invoke service and send content  Execution requires a valid license  Retrieve results User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

23 23 Joachim Götze, University of Kaiserslautern Direct Access without Content Protection  Prerequisite: License already acquired  Retrieve content (if license is valid)  Invoke service and send content  Execution requires a valid license  Retrieve results User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

24 24 Joachim Götze, University of Kaiserslautern Direct Access without Content Protection  Prerequisite: License already acquired  Retrieve content (if license is valid)  Invoke service and send content  Execution requires a valid license  Retrieve results User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

25 25 Joachim Götze, University of Kaiserslautern Direct Access without Content Protection  Prerequisite: License already acquired  Retrieve content (if license is valid)  Invoke service and send content  Execution requires a valid license  Retrieve results User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

26 26 Joachim Götze, University of Kaiserslautern Indirect Access with Content Protection  Prerequisite: License already acquired  Invoke service and send license identifier  Retrieve content (if license is valid and service is trusted)  Execution requires a decryption key  Retrieve results User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

27 27 Joachim Götze, University of Kaiserslautern Indirect Access with Content Protection  Prerequisite: License already acquired  Invoke service and send license identifier  Retrieve content (if license is valid and service is trusted)  Execution requires a decryption key  Retrieve results User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

28 28 Joachim Götze, University of Kaiserslautern Indirect Access with Content Protection  Prerequisite: License already acquired  Invoke service and send license identifier  Retrieve content (if license is valid and service is trusted)  Execution requires a decryption key  Retrieve results User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

29 29 Joachim Götze, University of Kaiserslautern Indirect Access with Content Protection  Prerequisite: License already acquired  Invoke service and send license identifier  Retrieve content (if license is valid and service is trusted)  Execution requires a decryption key  Retrieve results User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

30 30 Joachim Götze, University of Kaiserslautern Indirect Access with Content Protection  Prerequisite: License already acquired  Invoke service and send license identifier  Retrieve content (if license is valid and service is trusted)  Execution requires a decryption key  Retrieve results User Computing Service Computing Service Computing Resource Computing Resource Licenser Service Distribution Service Distribution Service

31 31 Joachim Götze, University of Kaiserslautern Implementation  Technical details  Implemented as Grid services for Globus Toolkit  Advantages of the implementation environment  Existing functionalities and services Security by use of the Grid Security Infrastructure (GSI)  Authentication by certificates  Encryption of communication channels Data Management provided by GridFTP and OGSA-DAI  High-performance data transfer  Security based on GSI

32 32 Joachim Götze, University of Kaiserslautern Summary  Current situation  Scientific computation is making use of licensed content  Licensed content is introduced manually  Licenser is losing control of the provided content  An internal distribution approach for Grid environments is missing  Solution: License4Grid  Internal distribution Supporting multiple scenarios  Ensuring an intact DRM chain  Making use of existing functionality in Grids User management and security Data management

33 Integrated Communication Systems ICSY University of Kaiserslautern Department of Computer Science P.O. Box 3049 D-67653 Kaiserslautern Dipl.-Inform. Joachim Götze Phone:+49 (0)631 205-36 76 Fax:+49 (0)631 205-30 56 Email:j_goetze@informatik.uni-kl.de Internet:http://www.icsy.de

34 34 Joachim Götze, University of Kaiserslautern Direct Access without Content Protection

35 35 Joachim Götze, University of Kaiserslautern Indirect Access with Content Protection

Download ppt "University of Kaiserslautern Department of Computer Science Integrated Communication Systems ICSY License4Grid: Adopting DRM for Licensed."

Similar presentations

ContentGuard An Intellectual Property Company IPED Conference November 1, 2007 Presented By Eddie Chen CONTENTGUARD.

ContentGuard An Intellectual Property Company IPED Conference November 1, 2007 Presented By Eddie Chen CONTENTGUARD.
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
University of Southampton Electronics and Computer Science M-grid: Using Ubiquitous Web Technologies to create a Computational Grid Robert John Walters.

University of Southampton Electronics and Computer Science M-grid: Using Ubiquitous Web Technologies to create a Computational Grid Robert John Walters.
1 On Death, Taxes, & the Convergence of Peer-to-Peer & Grid Computing Adriana Iamnitchi Duke University “Our Constitution is in actual operation; everything.

1 On Death, Taxes, & the Convergence of Peer-to-Peer & Grid Computing Adriana Iamnitchi Duke University “Our Constitution is in actual operation; everything.
GridFTP: File Transfer Protocol in Grid Computing Networks

GridFTP: File Transfer Protocol in Grid Computing Networks
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Www.eu-eela.eu E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.

E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 31 August, 2007 ICSY Lab, University of Kaiserslautern, Germany A File System Service for the Venice Service Grid 33 rd Euromicro 28-31August 2007 Lübeck,

1 31 August, 2007 ICSY Lab, University of Kaiserslautern, Germany A File System Service for the Venice Service Grid 33 rd Euromicro 28-31August 2007 Lübeck,
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
8.

8.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © 2009. Chapter 1, pp 19-28. For educational use only.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
UMIACS PAWN, LPE, and GRASP data grids Mike Smorul.

UMIACS PAWN, LPE, and GRASP data grids Mike Smorul.
1 Exploring Data Reliability Tradeoffs in Replicated Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh Matei Ripeanu.

1 Exploring Data Reliability Tradeoffs in Replicated Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh Matei Ripeanu.

Similar presentations

Ads by Google