ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Experiences with the enforcement of access rights extracted from ODRL-based digital contracts
Full text PdfPdf (241 KB)
Source ACM Workshop On Digital Rights Management archive
Proceedings of the 3rd ACM workshop on Digital rights management table of contents
Washington, DC, USA
SESSION: Copyrights and access-rights table of contents
Pages: 90 - 102  
Year of Publication: 2003
ISBN:1-58113-786-9
Authors
Susanne Guth  Vienna University of Economics and BA, Austria
Gustaf Neumann  Vienna University of Economics and BA, Austria
Mark Strembeck  Vienna University of Economics and BA, Austria
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 3,   Downloads (12 Months): 29,   Citation Count: 5
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/947380.947392
What is a DOI?

ABSTRACT

In this paper, we present our experiences concerning the enforcement of access rights extracted from ODRL-based digital contracts. We introduce the generalized Contract Schema (CoSa) which is an approach to provide a generic representation of contract information on top of rights expression languages. We give an overview of the design and implementation of the xoRELInterpreter software component. In particular, the xoRELInterpreter interprets digital contracts that are based on rights expression languages (e.g. ODRL or XrML) and builds a runtime CoSa object model. We describe how the xorbac access control component and the xoRELInterpreter component are used to enforce access rights that we extract from ODRL-based digital contracts. Thus, our approach describes how ODRL-based contracts can be used as a means to disseminate certain types of access control information in distributed systems.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
A. Le Hors, et al. Document Object Model (DOM) Level 2 Core Specification. http://www.w3.org/DOM/, November 2000.
 
2
R. Anderson and M. Kuhn. Tamper Resistance - a Cautionary Note. In Proc. of the 2nd USENIX Workshop on Electronic Commerce, November 1996.
 
3
M. Bartel, J. Boyer, B. Fox, B. LaMacchia, and E. Simon. XML-Signature Syntax and Processing. http://www.w3.org/TR/xmldsig-core/, February 2002. W3 Consortium Recommendation.
 
4
T. Berners-Lee, R. Fielding, and L. Masinter. Uniform Resource Identifiers (URI): Generic Syntax. IETF RFC 2396, Standards Track, http://www.ietf.org/rfc/rfc2396.txt, August 1998.
 
5
Antoine Beugnard , Jean-Marc Jézéquel , Noël Plouzeau , Damien Watkins, Making Components Contract Aware, Computer, v.32 n.7, p.38-45, July 1999  [doi>10.1109/2.774917]
6
Jan Camenisch , Jean-Marc Piveteau , Markus Stadler, An efficient fair payment system, Proceedings of the 3rd ACM conference on Computer and communications security, p.88-94, March 14-15, 1996, New Delhi, India  [doi>10.1145/238168.238193]
 
7
J. Clark and S. DeRose. XML Path Language (XPath). http://www.w3.org/TR/xpath, November 1999. W3 Consortium Recommendation.
 
8
T. DeMartini, X. Wang, and B. Wragg. MPEG-21 Working Documents - Part 5 & Part 6, MPEG-21 Rights Expression Language. http://www.chiariglione.org/mpeg/working\_documents.htm, March 2003.
 
9
D. C. Fallside. eXtenisble Markup Language (XML) Schema Specification 1.0. http://www.w3.org/TR/XML/Schema/, May 2001. W3 Consortium Candidate Recommendation.
10
David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001  [doi>10.1145/501978.501980]
 
11
K. Fujimura and Y. Nakajima. General-Purpose Digital Ticket Framework. In Proc. of the 3rd USENIX Workshop on Electronic Commerce, September 1998.
 
12
S. Guth, G. Neumann, and M. Strembeck. Toward a Conceptual Framework for Digital Contract Composition and Fulfillment. In Proc. of the International Workshop for Technology, Economy, Social and Legal Aspects of Virtual Goods, May 2003.
 
13
Susanne Guth , Bernd Simon , Uwe Zdun, A Contract and Rights Management Framework Design for Interacting Brokers, Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9, p.283.1, January 06-09, 2003
 
14
Russ Housley , Tim Polk, Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure, John Wiley & Sons, Inc., New York, NY, 2001
 
15
R. Iannella. Open Digital Rights Language (ODRL), Version 1.1. http://odrl.net, August 2002.
 
16
ITU-T. ITU-T Recommendation X.500: Information Technology-Open Systems Interconnection-The Directory: Overview of Concepts, Models and Services, 1993.
 
17
J. Loewer and R. Ade. tDOM (DOM Implementation). available at: http://www.tdom.org/, 2003.
 
18
A. Keller, G. Kar, H. Ludwig, A. Dan, and J.-L. Hellerstein. Managing Dynamic Services: A Contract Based Approach to a Conceptual Architecture. In Proc. of the 8th IEEE/IFIP Network Operations and Management Symposium (NOMS), April 2002.
19
Carl E. Landwehr, Formal Models for Computer Security, ACM Computing Surveys (CSUR), v.13 n.3, p.247-278, Sept. 1981  [doi>10.1145/356850.356852]
20
David Lie Chandramohan Thekkath , Mark Mitchell , Patrick Lincoln , Dan Boneh , John Mitchell , Mark Horowitz, Architectural support for copy and tamper resistant software, Proceedings of the ninth international conference on Architectural support for programming languages and operating systems, p.168-177, November 2000, Cambridge, Massachusetts, United States
 
21
G. Medvinsky and C. Neuman. NetCash: A Design for Practical Electronic Currency on the Internet. November 1993.
22
Gustaf Neumann , Mark Strembeck, Design and implementation of a flexible RBAC-service in an object-oriented scripting language, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA  [doi>10.1145/501983.501992]
23
Gustaf Neumann , Mark Strembeck, An approach to engineer and enforce context constraints in an RBAC environment, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775421]
 
24
G. Neumann and U. Zdun. XOTcl, an Object-Oriented Scripting Language. In Proc. of Tcl2k: 7th USENIX Tcl/Tk Conference, February 2000.
 
25
John K. Ousterhout, Tcl and the Tk toolkit, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1994
 
26
J. Park , R. Sandhu, Originator Control in Usage Control, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.60, June 05-07, 2002
27
Jaehong Park , Ravi Sandhu, Towards usage control models: beyond traditional access control, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507722]
 
28
J.S. Park and R.Sandhu. Smart Certificates: Extending X.509 for Secure Attribute Services on the Web. In Proc. of 22nd National Information Systems Security Conference (NISSC), October 1999.
29
Joon S. Park , Ravi Sandhu, RBAC on the Web by smart certificates, Proceedings of the fourth ACM workshop on Role-based access control, p.1-9, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319172]
 
30
Joon S. Park , Ravi Sandhu, Secure Cookies on the Web, IEEE Internet Computing, v.4 n.4, p.36-44, July 2000  [doi>10.1109/4236.865085]
31
Birgit Pfitzmann , Michael Waidner, Strong loss tolerance of electronic coin systems, ACM Transactions on Computer Systems (TOCS), v.15 n.2, p.194-213, May 1997  [doi>10.1145/253145.253282]
 
32
Ronald L. Rivest, Electronic Lottery Tickets as Micropayments, Proceedings of the First International Conference on Financial Cryptography, p.307-314, February 24-28, 1997
 
33
S.Godik and T.Moses (eds.). eXtensible Access Control Markup Language (XACML) Version 1.0. OASIS Standard, February 2003.
 
34
B. Shand , J. Bacon, Policies in Accountable Contracts, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.80, June 05-07, 2002
 
35
J.G. Steiner, C. Neuman, and J.I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proc. of the USENIX Winter Conference, February 1988.
 
36
W/O. Syntax for the Digital Object Identifier. http://www.niso.org/standards/, December 2000.
 
37
W/O. eXtensible rights Markup Language (XrML), Version 2.0. http://www.xrml.org/, November 2001.
 
38
W/O. MARC Code List for Relators, Sources, Description Conventions. http://www.loc.gov/marc/relators/, January 2003.

CITED BY  5
Reihaneh Safavi-Naini , Nicholas Paul Sheppard , Takeyuki Uehara, Import/export in digital rights management, Proceedings of the 4th ACM workshop on Digital rights management, October 25-25, 2004, Washington DC, USA
Mark Strembeck , Gustaf Neumann, An integrated approach to engineer and enforce context constraints in RBAC environments, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.392-427, August 2004
Nicholas Paul Sheppard , Reihaneh Safavi-Naini, Sharing digital rights with domain licensing, Proceedings of the 4th ACM international workshop on Contents protection and security, October 28-28, 2006, Santa Barbara, California, USA
Alapan Arnab , Andrew Hutchison, Persistent access control: a formal model for drm, Proceedings of the 2007 ACM workshop on Digital Rights Management, October 29-29, 2007, Alexandria, Virginia, USA
Renato Iannella, On-line Trading of Rights-Enabled Learning Objects, International Journal of Electronic Commerce, v.8 n.4, p.99-113, Number 4/Summer 2004

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
        D.2.12 Interoperability
            Subjects: Data mapping

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

  E. Data
  E.2 DATA STORAGE REPRESENTATIONS
      Subjects: Object representation

  H. Information Systems
  H.3 INFORMATION STORAGE AND RETRIEVAL
      H.3.4 Systems and Software
          Subjects: Distributed systems

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)


General Terms:
Design, Experimentation, Security

Collaborative Colleagues:
Susanne Guth: colleagues
Gustaf Neumann: colleagues
Mark Strembeck: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player