The Geospatial DRM architecture is a high-level architecture of loosely coupled services that manage digital licensing functionality for GeoDRM based on the study of current digital licensing infrastructures.
The key purpose of the GeoDRM Abstract Rights Model is to create a simplified model of geospatial Intellectual Property so that it may be practically licensed, and most importantly, rights to that Intellectual Property may be managed and protected. With defined Intellectual Property boundaries, we are then able to share and trade rights to geospatial resources in a clearly defined and managed way. Implementation of GeoDRM requires several aspects which act as the technical infrastructure and this includes:
i. Geospatial Resource
This is a well-defined set of geographic resources or functionality that can be either a resource set, a subset of a resource as specified by a filter encoding, etc.
ii. GeoLicense Extents
This is the mechanism to manage and protect a geospatial resource. It is the expression of the rights and constraints on those rights to be performed against a geospatial resource. GeoLicense rights and constraints may be expressed using the following dimensions:
Right: A privilege that is granted by the Owner, like the right to View, Print, Copy, and Update a geospatial resource.
Space: A geospatial area.
Time: A period of time.
This is the container expressing the rights to use a specified geospatial resource, for a given geographical space, over a specific period of time – subject to other conditions. Potentially, we have more than one time dimension, resource time or licence time. The time dimension of a GeoLicense means the period for which the licence applies (licence time). The spatial dimension could mean either the geospatial extents of the GeoLicense, or the legal jurisdiction where the license applies, or even the location of the licensee. The space dimension of a GeoLicense means the geospatial extents of the GeoLicense, namely that geospatial area of a given resource to which the licensee is granted rights.
iv. GeoLicense Expression
GeoLicenses may be expressed in different forms, which include:
a) Legal Expression
This is a legally binding expression of the terms and conditions of the licence, which may then be legally enforced.
b) Simplified Expression
A simplified, more “human” readable version of the licence, expressing key terms and conditions, which may be easily read and understood by a more general audience.
c) Formal Expression
This is a formal, computer encoding of the key terms and conditions, particularly the GeoLicense Extents. This encoded form of the GeoLicense may then be automatically enforced by the system, when the End-User requests access to the geospatial resource.
v. GeoLicense Creation and Enforcement
GeoLicenses are the containers to express the terms and conditions of a licensing agreement. GeoLicenses may be granted subject to conditions of acknowledgement, or GeoLicenses may be allocated based on a specific security and intelligence policy. GeoLicense creation and enforcement are separate workflows:
- GeoLicense Creation: requires some form of negotiation to define terms and conditions.
- GeoLicense Enforcement: Once GeoLicenses have been created, the System can enforce the formal expression of the licence. In the event that the terms and conditions of the legal expression are breached, then legal measures may be applied.
vi. GeoLicense Delegation and Management
Geospatial DRM is essentially the process of creating, delegating, managing, tracking, validating and enforcing GeoLicenses. The intention is that a GeoDRM-enabled network of services will automate some or all of these functions.
A key aspect of a scalable network is the ability to delegate responsibility to these actors in a controlled and managed way. The system would be unscalable if the administrative burden was placed on the content owner alone. Therefore a key capability for the success of a GeoDRM-enabled system is the ability to delegate these key functions. By necessity, intermediary actors may be needed to perform these administrative functions.
The owner (Licensor) of the Intellectual Property can delegate the creation and management of GeoLicenses to a Licensing Agent. Licensing Agents are granted the right (authority) to issue GeoLicenses subject to defined extents and conditions as defined in the agreement.
vii. GeoLicense Chaining
GeoLicenses need to be traceable back to the Owner of the geospatial resource. GeoLicenses may be “chained” where the Owner defines the top-level constraints and terms and conditions flow down the licence chain. GeoLicenses are managed by the Licence Manager, and licences are validated back up the licence chain. This is a key concept that is needed to allow the delegation of licensing responsibility and supporting the need for the distributed licensing of geospatial resources.
viii. GeoLicensing Communities
Data sharing between human beings requires the sharing of a common understanding of information structures and their meaning. Data sharing and trading tends to take place within communities of trading partners. Over time standard ways of exchanging information will evolve, for example, standard vocabularies to describe geographic features and processes, standard licence agreements or perhaps standardised pricing models. For the geospatial problem domain, the OGC has introduced the concept of an information community in their OpenGIS Reference Model.
One example to achieve a common understanding for the exchange of geographic information is based in GML. It defines the structure (XML encoding) of geographic phenomena and their meaning and uses the GML namespace to make them distinguishable from other definitions. In order to actually exchange GML structured data, the declaration of an application schema is required, but is not permitted to change either the structure or the definition of GML’s predefined elements.
Adopting this to the GeoDRM domain, a GeoLicense community can be characterized as a domain of participants (licensor, licensee, licence broker, service provider, etc.) that communicate to each other for the purpose of exchanging licensed geospatial data. In order to do so it is important that all members of the community obey the same structure of a licence (independent by which member it has been created or used) and to the meaning of rights, as they are expressed in the licence.
ix. GeoLicensing and Resource lineage
Lineage or provenance of a geospatial resource is an important factor for both producer and consumer of geospatial information. Consumers need the assurance that the data is fit for purpose and can be used to support critical decisions, whereas providers require recognition for their contribution to a final information product.
A GeoDRM-enabled set of processing resources will allow the lineage or provenance of the derived information product to be traced. As data is processed through a chain of processing resources, a process history could be generated listing those resources that have been used to generate a derived product.
x. Handling GeoLicense Violation and the break-the-glass principle
GeoLicense validation will be performed by the DRM Gatekeeper. Enforcement will be the combined responsibility of the associated Security system and the Gatekeeper. The Security system will verify the information passed to the Gatekeeper for the validation of the licence use. During the verification and validation of a GeoLicense, potential licence violations may be identified.
If the Security system performs strictly, no actual violation will occur and the user will be informed of the “error” in his request (the lack of sufficient licence information). The user may also be passed information as a side effect of the attempted resource access.
If the Security system is less strict, and allows the access requested despite the lack of Gatekeeper validation, then a licence violation would have occurred. In creating the context applicable to the resource in question, the Owner (or his agent) may place side affects to attempted use of invalid licences, which would include either the actions that the Owner feels appropriate to such attempts, or triggers that activate remediation efforts through the licence chair of agency, possibly all the way back to the Owner.
Two general principles should be applied when a GeoLicense violation is identified:
- The Owner is responsible for defining what action is performed in response to a licence violation.
- For those resources that may be needed in an emergency situation, the user should be able to override the license conditions (break the glass) and have unconstrained access to the resource.
xi. Automated license revocation/expiration
GeoLicenses are revocable and can expire. Once a license has been issued, a mechanism is needed to allow the license to be revoked. This capability is needed for the scenario where the content owner needs to revoke rights to a resource, or where the license has a limited lifetime and expires.
The mechanism for revocation is usually associated to the Licensor metadata in the license (see ISO 21000-5, 0). The licensor informs the Gatekeeper or Security systems how to verify a license document is still valid by including it with the information in the licensor “signature” included in or associated with the license.