Federated Digital Rights Management

Slides:

Advertisements

Similar presentations

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Advertisements

ViDe Video-on-Demand Initiatives Mairéad Martin, University of Tennessee April 25, 2002.

Access Strategies for Digital Video and Digital Rights Management Grace Agnew, Georgia Institute of Technology Mairéad Martin, University of Tennessee.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Shibboleth: How It Relates to SAML Marlena Erdos Aug 27, 2001.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

The EC PERMIS Project David Chadwick

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

CORDRA Philip V.W. Dodds March The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Digital Rights Management on the Web Dr Renato Iannella IPR Systems Chief Scientist 10th World-Wide Web.

Addressing Metadata in the MPEG-21 and PDF-A ISO Standards NISO Workshop: Metadata on the Cutting Edge May 2004 William G. LeFurgy U.S. Library of Congress.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

Mairéad Martin The University of Tennessee September 13, 2015 Federated Digital Rights Management.

Copyright © 2000 Internet Document Security Alan Weintraub Research Director March 9, 2000.

Shibboleth Possible Features – Version 2 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

GridShib Grid-Shibboleth Integration Von Welch, Tom Barton, Kate Keahey, Frank Siebenlist GlobusWORLD 2005.

MPEG-21 : Overview MUMT 611 Doug Van Nort. Introduction Rather than audiovisual content, purpose is set of standards to deliver multimedia in secure environment.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Metadata and Geographical Information Systems Adrian Moss KINDS project, Manchester Metropolitan University, UK

OASIS XACML TC and Rights Language TC Hal Lockhart

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

Digital Rights Management with XML Eamonn Neylon Technology Director The YRM Group.

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.

Shibboleth Update Advanced CAMP 7/31/02 RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio State Marlena Erdos, IBM/Tivoli Michael Gettes,

Shibboleth: An Introduction

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.

Shibboleth: Technical Architecture Marlena Erdos and Scott Cantor Revised Oct 2, 2001 Marlena Erdos and Scott Cantor Revised Oct 2, 2001.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

GBIF Data Access and Database Interoperability 2003 Work Programme Overview Donald Hobern, GBIF Programme Officer for Data Access and Database Interoperability.

Digital Diversity: Multi- institutional Access to Distributed Course Resources Barry Ribbeck UT HSC - Houston.

Mairéad Martin The University of Tennessee December 16, 2015 Federated Digital Rights Management.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.

E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.

Open Access and Institutional Repositories. Accra, June 2007 Institutional repositories in SA research institutions: the DISA experience Dr D Peters.

WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.

Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.

Networked Information Resources Federated search, link server, e-books.

Blackboard Learning System r6 and Shibboleth Barry Ribbeck U.Texas Health Science Center at Houston Christopher Etesse Blackboard Inc.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Access Policy - Federation March 23, 2016

Geo Rights Management (GeoRM) Hats and Doors?

WEB SERVICES From Chapter 19 of Distributed Systems Concepts and Design,4th Edition, By G. Coulouris, J. Dollimore and T. Kindberg Published by Addison.

Shibboleth Project at GSU

e-Infrastructure Workshop 28th March 2006, University of Leeds

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Adding Distributed Trust Management to Shibboleth

PHP / MySQL Introduction

Scott Cantor April 10, 2003 Shibboleth and PKI Scott Cantor April 10, 2003.

Choosing the Discovery Model Martin Forsberg

What’s changed in the Shibboleth 1.2 Origin

Michael R Gettes, Duke University On behalf of the shib project team

Overview and Development Plans

Advances in Digital Rights Management

Shibboleth Deployment Overview

Shibboleth: Status and Pilots

WEB SERVICES From Chapter 19, Distributed Systems

The Attribute and the ecosystem

The JISC Core Middleware Call

KC-ROLO Project Kidderminster College – Repository Of Learning Objects

Distributed Digital Rights Management

Presentation transcript:

Federated Digital Rights Management Mairéad Martin The University of Tennessee December 6, 2018

Topics DRM Problem Space R&E vs. industry requirements NMI and DRM Workshop FDRM Project description Architecture

DRM Problem Space DRM - the management of intellectual property and distribution of digital content But different interpretations abound ….. Industry: DRM = protect the copyright owner’s rights through enforcement, and support licensing model Research & Education: DRM = enable access while managing intellectual property and protecting user’s privacy, (distributed sharing and collaboration model)

DRM Problems Industry driven: R&E reactive Existing Rights Expression Languages have limitations, and are immature Patent encumbrances (ContentGuard) Authorization Expressions: SAML vs. XACML vs. REL – overlap?

NMI and DRM Workshop Sept. 9, 2002 Funded by the NSF NMI program to: Explore DRM requirements in Research and Education Look at ways NMI development might be leveraged Endorsed by CNI, EDUCAUSE, I2, SURA, ViDe www.ait.utk.edu/drmworkshop

DRM Requirements for Research & Education Multiple roles in academia: consumers, producers, distributors of information Multiple applications: Instructional Management Systems, portals, databases, online content, electronic journals, online collaboration, ….. Gradations of risk

DRM Requirements for Research & Education Fair use “First Sale” principle Privacy of the end-user Derivatives Complex objects Inter-institutional collaboration and sharing of resources

DRM Models: Industry One-to-one Pay-per-view Trusted systems Use monitoring Static content User as consumer Proprietary hardware/software

DRM Model: Research & Education One-to-many Flexible access User as consumer and producer Dynamic content Inter-institutional, cross realm access Privacy Interoperability

Workshop Outcomes Conclusions: Additional DRM function - to record rights Access over enforcement Not one unifying architecture but balkanized landscape Need for more discussion DRM Requirements for R&E: Discussion Paper submitted to OASIS RLTC Creation of DRM WG within I2 Middleware Initiative

Federated DRM Project Fundamental Goal: Enable intersection of attributes about user, content and usage to manage objects An application of Shib Also federates rights administration Tennessee and Rutgers leading project

Why Shibboleth? Emphasis on federated administration Emphasis on flexible yet secure access Establishes trust communities Active privacy a core principle Open source, community development Project maturing

Project Status FDRM architecture published and presented Participating in Shibboleth Pilot Development of R&E requirements document -> refine design FDRM architecture in NMI 2.0 (October 2002) Need to secure funding for prototype development

FDRM Architecture: Components

FDRM Components Resource Attribute Authority (RAA) Function: A database of metadata containing rights records with rights, permissions and constraints associated with a digital resources. Shibboleth Object Attribute Resolver (SHOAR) Function: A component that interacts with the RAA in order to obtain the rights metadata associated with the requested resource.

FDRM Components Resource Manager (RM) Function: The RM resolves the user’s attributes with the resource attributes (rights, permissions and constraints), and forwards the details of the package request to the P/LS. The RM is the equivalent of a DRM Controller in a commercial DRM model. Packaging/License Service (P/LS) Function: A fundamental component of DRM architecture, the P/LS dynamically packages content for delivery. The licensing function of the P/LS entails specification of the rights the user is allowed to exercise on the content (e.g., play, annotate, edit, transfer, etc.).

FDRM Architectural Flows 1 A user in an origin site launches a web browser and selects a URL to access a managed resource from a HTTP server.

FDRM Architectural Flows 2 The Shibboleth Indexical Resource Establisher (SHIRE) receives the user's request and sends the location of the requested resource and the SHIRE's URL to an off-site "Where Are You From?“ (WAYF) server.

FDRM Architectural Flows 3 The WAYF server establishes a connection with the requesting user and the Handle Service responsible for the origin site.

FDRM Architectural Flows 4 The local Handle Service returns the handle package to the SHIRE. The handle package includes the opaque handle and the address of the user's local AA (UAA) server.

FDRM Architectural Flows 5 The SHIRE then passes the received handle package to the Shibboleth Attribute Requester (SHAR).

FDRM Architectural Flows 6 The SHAR constructs an Attribute Query Message (AQM) and submits it to the UAA defined in the handle package. The AQM includes the opaque handle, the target URL and the SHAR name.

FDRM Architectural Flows 7 The UAA responds to the AQM with an Attribute Response Message (ARM), which includes the SHAR name, target URL and the user attributes as allowed by the user's Attribute Release Policy (ARP).

FDRM Architectural Flows 8 The SHAR passes the results of the ARM to the Shibboleth Object Attribute Resolver (SHOAR).

FDRM Architectural Flows 9 The SHOAR constructs a Resource Attribute Query (RAQ) and submits it to the Resource Attribute Authority (RAA) associated with the requested resource.

FDRM Architectural Flows 10 The RAA returns a Resource Attribute Response (RAR) to the SHOAR detailing the supporting services and access rights associated with the requested resource.

FDRM Architectural Flows 11 Depending on the assertions received from the UAA and the RAA, the SHOAR sends a package request to the Resource Manager (RM).

FDRM Architectural Flows 12 The RM forwards the package request to the Packaging and License Service (P/LS).

FDRM Architectural Flows 13 The P/LS creates the requested package and sends it back to the RM.

FDRM Architectural Flows 14 The RM passes the requested resource to the user.