wdsi 2015-design and implementation of a policy-based service-oriented drm system

1

Design and Implementation of a Policy-based Service-oriented DRM System

Yung-Hsin Wang, Yu-Hong Lin Shing-Han Li Tatung University Nat’l Taipei Univ. of Business Taipei, Taiwan Taipei, Taiwan

WDSI 2015 - Maui, Hawaii

2 Outline

4. Conclusion & Future Work Direction

3. Design and Implementation

2. Background and Technology

1. Introduction

3 Motivations

DRM permits smooth, secure, trusted movement of digital contents from Content Providers and Distributors to Clearing House and Consumers

Based on access, use, tracking, payment & reporting systemBusiness functions automated to deliver creators’ win-distributors’

win-clearing house’s win-consumers’ winAccess control and authorization implemented in proprietary

manner results in extreme tight coupling of authorization decisions within applications

4 Motivations (cont.)

SOA solutionNot only a framework but a key mechanism for cost effectivenessPromoting organizational agility to adapt the most frequent

changing environment Implementing SOA to improve DRM System

Service interoperability, Loosing coupling, Reusing or composing shared service components during service orchestration

Challenges in security issue!

5

To re-model DRM System based on SOAAll participants well collaborate and equitably share sales benefits

Adopt policy-based security mechanismIntroduce the eXtensible Access Control Markup Language

(XACML) technology to decouple authorization decisions from DRM system

Fulfill autonomous management on authorization and access control for all resources via flexible policy-based SOA solution

Research Objective

6

2. Background and Technology

Outline

4. Conclusions & Future Works Direction

3. Design and Implementation

1. Introduction

7

Emphasizing on protection and management for digital contents

The essential is tocontrol publication, billing/payment and copyright for digital contents

DRM System

8

Usually combined with certain business models for the sales of digital contents

DRM System

The integrated DRM solution

9

Service Contract Service Loose Coupling Service Abstraction Service Reusability Service Autonomy Service Statelessness Service Discoverability Service Composability

Service Oriented Design Principle

10

Interoperability problems arise within different DRM solutions

DRM with SOA can increase interoperability for the system management and facilitate efficient collaboration

Security is a major imperative for SOAFigueira Filho et al. (2006) in their proposed framework adopted

SOA and a high-level policy modeling approach to promote interoperability among DRM systems; however, the policy model only focused on the copyright protection

DRM System Moves to SOA

11

eXtensible Access Control Markup Language Based on XML standardsDefine the general policy syntax for resources protection and

accessOASIS has regulated XACML as security standards to support

security technology for access control

XACML frameworks for services security

12T

he implem

entation process of XA

CM

L and access control architecture

13

SOA-based DRM System’s security, privacy, resource authorizing and access control must be well managed.

Help participants in SOA-based DRM System autonomously manage their own systemsSecurity Policy applies to resource authorization and access

control among systems Facilitate the abstraction of security jobs from the logic

loop of business system to become public servicesachieve centralization of operation and management

Security Policy in SOA-based DRM System

2. Background and Technology

14 Outline

4. Conclusions & Future Works Direction

3. Design and Implementation

1. Introduction

15Step 1. Streamline DRM system architecture to be service choreography

The fundamental architecture of DRM system

The streamlined architecture of DRM

16Step 2. Achieve the service-oriented DRM system

Relations between functions and/or systems among the DRM system

The D

RM

system w

ith layered SOA

The SOMA layered mechanism

17Step 3. Implement security policy with XACML

18

The example of XACML Policy converted from CMS

Content Provider authorizescontents to Distributor

19 The inquiry example of XACML Request for Consumer or Distributor

20 The Example of XACML Response from PDPwhen Distributor inquires the authorized content

21

2. Background and Technology

Outline

4. Conclusion & Future Work Direction

3. Design and Implementation

1. Introduction

22

This study has designed and implemented a policy-based service-oriented DRM systemTransform a proprietary/tight-coupling DRM system into a

loose-coupling/on-demand business processesHelp participants' operation among DRM system be flexible and

react agilely in data transmission, exchange or integrationNot only to meet the security needs of web services, but also to

achieve a loose coupling in resources perspective

Conclusion

23 Future Work Direction

Apply to cloud computing via service-oriented featuresParties who need to build up their systems can take advantages

of Infrastructure as a Service (IaaS) to save hardware costs and maintenance expenses

Functions of Multi-layered and remodeled DRM system can leverage Software as a Services (SaaS)

Adopt XACML to fulfill the security and safety needs of inter–service in cloud computing

.

24

Thanks for your attention!