Geospatial DRM is as a set of technologies and legal frameworks that are fit for a certain organisational need, enabling rights-managed geospatial networks like SDIs, where all rights over geospatial assets are specified by licensors and any licensee would be trusted to honour the licensor’s conditions within and beyond the network’s trusted environment like remote clients.
Since the introduction of the OGC Web Map Service in 2000 many SDI components are available as products and many are already deployed worldwide. The released service implementation specifications do not cover business aspects at all and thus an OGC specific legacy problem is evident. A clear separation between expert service, like WFS, and business services, like Security, offers additional advantages. An example is that a single GeoDRM implementation can cover multiple OGC Services.
For the licensing of digital content, different standards already exist but the existing standards describe the licensing of digital media content and cannot be used for licensing of geographic information unless they are extended. In March, 2007 the Open Geospatial Consortium, Inc. (OGC®) membership approved the Geospatial Digital Rights Management Reference Model (GeoDRM RM), an abstract specification for the management of digital rights in the area of geospatial data and services. GeoDRM has legal and technological aspects. The GeoDRM Abstract Rights Model key purpose is to create a simplified model of geospatial Intellectual Property so that it may be practically licensed, and most importantly, rights to that Intellectual Property may be managed and protected. It is about establishing shared notions, conventions and practices that express the boundaries within the Intellectual Property “landscape”. With defined Intellectual Property boundaries, we are then able to share exchange and trade rights to geospatial resources in a clearly defined and managed way
The goal of the GeoDRM effort in the OGC is to make sure that a larger market has access to geospatial resources through a well understood and common mechanism that enables more than today’s “all or nothing” protection. A major motivation for this effort is the need to manage the “ownership obstacle to data sharing” in spatial data infrastructure scenarios.
As technology pushes various industries toward the digital frontier, many types of content are becoming available solely in digital format, and geospatial data is no exception. Copyright-protected geospatial content used to be sold on paper sheets but is now available in digital format. As a result, such content can now be used by a variety of users and devices. Digital geospatial datasets moving across computer networks can be easily copied, transformed, or incorporated into new value-added products and services. Geospatial-data producers and owners are faced with the challenge of controlling the dissemination of their digital geospatial assets downstream in the geospatial value chain.
Relevance of GeoDRM
The Rights Model for digital geographic content must accommodate licensing for different types of business relationships and participants with different roles. Direct licensing as well as sub-licensing can take place for business-to-business or business-to consumer relationships. For sub-licensing, it must be possible to grant licences for issuing licences, which is not covered by existing ISO-REL Rights Models.
Licensing in the GeoDRM domain must support the licensing of digital content, based on different infrastructures, licensing can take place for a static product as it can be delivered on CD-ROM. More important is the aspect that licensing can also take place on geographic information as it can be dynamically created by using OpenGIS Web Services. For example, maps can be created by using a Web Map Service and feature collections can be created by executing a Web Feature Service. The GeoDRM Rights Model therefore supports the capability to describe rights for executing a service using certain constraints on parameters. This capability is also not covered by other Rights Models.
Licensing of geographic information requires support to declare and enforce rights, as they are based on the geometry of the digital content. This capability is described in this standard by defining geo-specific conditions on a right.
To support GeoDRM-enabled licensing of geographic information, as it can be available offline or online in a Spatial Data Infrastructure (SDI), different functionalities can be identified as necessary. These will allow the definition of interfaces between the packages to ensure interoperability and responsibilities for each package to return the expected result upon a given request. Below are the possible packages:
It defines the basis for developing a geo-specific Rights Expression Language as well as other specifications necessary to establish a GeoDRM- enabled SDI.
Rights Expression Language
It provides the capabilities to express usage rights in the form of a machine-readable and machine-processible representation.
It includes required functionality to protect a GeoDRM-enabled SDI against fraud. Encryption enables the protection of a licence so that it cannot be modified by an adversary in order to obtain additional rights. Encryption is also useful to protect the digital geographic content against unlicensed use. An example from the music industry exists, where the encrypted music file can only be decrypted (and played) by a certified software or hardware device.
Every type of business relationship that has been represented in an electronic way needs a mechanism to differentiate between reliable and unreliable partners. In that sense, trust tells a relying partner that the other behaves in a certain predictable (loyal) way.
This package defines the functionality that is required to validate a licence. The licence verification has to occur before the rights of the licence can be enforced.
Enforcement and Authorization
The rights expressed in a Geo-License need to be enforced. In this specification, this package functionality is represented by the “Gate Keeper” metaphor. The acceptance or denial decision for a particular request (with its associated licences) is based on the authorization decision, as it is derived by the authorization engine.
The basic requirement for trust, licence verification and enforcement/authorization is proof of identity, as it is provided by the functionality of this package. Different international standards, which define how to enable this functionality, exist.