Design and semantics of a decentralized authorization language

We present a declarative authorization language that strikes a careful balance between syntactic and semantic simplicity, policy expressiveness, and execution efficiency. The syntax is close to natural language, and the semantics consists of just three deduction rules. The language can express many common policy idioms using constraints, controlled delegation, recursive predicates, and negated queries. We describe an execution strategy based on translation to Datalog with Constraints, and table-based resolution. We show that this execution strategy is sound, complete, and always terminates, despite recursion and negation, as long as simple syntactic conditions are met

A framework for usage management

This thesis proposes a formal framework for usage management in distributed systems. The principles of system design are applied in order to standardize certain features of the framework, such as the operational semantics, and leave free of standards areas that necessitate choice and innovation. The framework enables use of multiple policy languages, and dynamic interpretation of usage policies in different computing environments. In addition, the framework provides formal semantics to reason about interoperability of policies with respect to computing environments. The use of this framework in different usage management scenarios is demonstrated including multi-level security, cloud computing and digital rights management (DRM) systems. Furthermore, DRM is cast in a setting that allows the modeling of a number of current approaches within a game theoretic setting. Current strategies that attempt to influence the outcome of such games are analyzed, and a new type of architectural infrastructure that makes novel use of a trust authority is considered in order to create a suitable environment for constructing DRM games that may prove useful in the future

A Configurable Matchmaking Framework for Electronic Marketplaces

E-marketplaces constitute a major enabler of B2B and B2C e-commerce activities. This paper proposes a framework for one of the central activities of e-marketplaces: matchmaking of trading intentions lodged by market participants. The framework identifies a core set of concepts and functions that are common to all types of marketplaces and can serve as the basis for describing the distinct styles of matchmaking employed within various market mechanisms. A prototype implementation of the framework based on Web services technology is presented, illustrating its ability to be dynamically configured to meet specific market needs and its potential to serve as a foundation for more fully fledged e-marketplace frameworks

Interoperability of DRM Systems

The study deals with the cutting-edge subject of electronic contracts which have the potential to automatically process and control the access rights for (electronic) goods. It shows the design and the implementation of a rights expression exchange framework. The framework allows DRM systems to exchange electronic contracts, formulated in a standardized rights expression language, and thus provides DRM system interoperability. The work introduces a methodology for the standardized composition, exchange and processing of electronic contracts or rights expressions

Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations

The INDICARE project – the Informed Dialogue about Consumer Acceptability of DRM Solutions in Europe – has been set up to raise awareness about consumer and user issues of Digital Rights Management (DRM) solutions. One of the main goals of the INDICARE project is to contribute to the consensus-building among multiple players with heterogeneous interests in the digital environment. To promote this process and to contribute to the creation of a common level of understanding is the aim of the present report. It provides an overview of consumer concerns and expectations regarding DRMs, and discusses the findings from a social, legal, technical and business perspective. A general overview of the existing EC initiatives shows that questions of consumer acceptability of DRM have only recently begun to draw wider attention. A review of the relevant statements, studies and reports confirms that awareness of consumer concerns is still at a low level. Five major categories of concerns have been distinguished so far: (1) fair conditions of use and access to digital content, (2) privacy, (3) interoperability, (4) transparency and (5) various aspects of consumer friendliness. From the legal point of view, many of the identified issues go beyond the scope of copyright law, i.e. the field of law where DRM was traditionally discussed. Often they are a matter of general or sector-specific consumer protection law. Furthermore, it is still unclear to what extent technology and an appropriate design of technical solutions can provide an answer to some of the concerns of consumers. One goal of the technical chapter was exactly to highlight some of these technical possibilities. Finally, it is shown that consumer acceptability of DRM is important for the economic success of different business models based on DRM. Fair and responsive DRM design can be a profitable strategy, however DRM-free alternatives do exist too.Digital Rights Management; consumers; Intellectual property; business models

Case Study: DRM-protected Music Interoperability and e-Innovation

This report – representing one of three case studies that are part of a transatlantic research project aimed at exploring the potential relation between ICT Interoperability and eInnovation – examines issues surrounding DRM interoperability within the context of music content. Recognizing that interoperability will likely be defined differently by different stakeholders, we begin by establishing a rough, holistic working definition of interoperability and then assess the implementation of DRM in the music content market and associated problems with regard to interoperability. We then go on to explore the technological, market, and legal environments in their relation to and impact upon the achievement of interoperable DRM systems. In part 2, we analyze potential benefits and drawbacks of an interoperable DRM environment for the music content market. We then evaluate both private and public-initiated approaches towards the accomplishment of interoperability using a series of qualitative benchmarks. Lastly, we conclude by summing up the merits and demerits of the various approaches. Our findings lead us to surmise that normative considerations weigh in favor of greater interoperability in general. The challenge of determining the optimal level of interoperability and the best approach for attaining it, however, points toward consideration of a number of complex factors. We conclude that the best way to determine the optimal level of interoperability and means of accomplishing it is to rely upon economic-based assessments on a case-by-case basis