| Issue Date: January - 2007, Posted On: 1/10/2007 Geospatial Digital Rights Management: More than Making Money Tina Cary |
 By Tina Cary Tina Cary is president, Cary and Associates; The entertainment industry's efforts to prevent uncompensated distribution of copyrighted works have been highly publicized, contributing to an impression that digital rights management (DRM) is "all about the money." In the geospatial world, however, GeoDRM is useful for many non-financial purposes. For example, GeoDRM can be used to protect privacy, assist in the maintenance of data integrity and enable rapid access to geospatial data in emergency situations. The value of GeoDRM is based on its usefulness in meeting the needs of geospatial data consumers and creators. In an ideal world, where everyone is trustworthy and knows everyone else (so that any temptation to betray trust can be resisted by envisioning grave social consequences), DRM would be, at most, an aid in tracking resource use. At the opposite extreme, in a nightmare world in which no one is trustworthy, a DRM system would be the only mechanism by which a user could gain access to any resource under any circumstance. Our "real world" is between such extremes. Access to a resource may have conditions that relate to security, privacy, geography, intended use, emergency or any other condition mutually agreed on by provider and user. Appropriate levels of trust vary with the parties involved. Beyond Temptation My mother says "it's not wise to tempt a person beyond his or her ability to resist." DRM provides a way to help keep our commitments about resource use. Such commitments are formalized as licenses. A "geoLicense" is an expression by which a licensor grants to a licensee a right, or set of rights, associated with specified resources. The expression also includes any conditions that apply to any principal (licensor or licensee), right or resource. A geoLicense typically is expressed in three ways, which must always be equivalent: plain language (as the principals describe their agreement), technical terms (for implementation via software in a GeoDRM system) and legal language (in case disputes arise that require adjudication).
Figure 1. Private-access data may be classified for security reasons or be sensitive in nature. Access must be limited, and security must be ensured. Public-access resources are available to anyone without payment, but conditions may be attached, such as a prohibition on selling or enlarging data. Commercial-access resources require monetary payment to be arranged, and emergency-access resources are used when an emergency situation exists. Government agencies, universities and commercial organizations worldwide participate in the Open Geospatial Consortium Inc. (OGC) GeoDRM Working Group. The participants are working to develop standards (e.g., open interfaces and encodings) that will enable users to implement geoLicenses in software and provide the means to make geographic information and services available and readily usable to the information-services community, while maintaining rights taken for granted in the offline world. The Working Group has drafted the Geospatial Digital Rights Management Reference Model, which is available on the Web at portal.opengeospatial.org/files/?artifact_id=14085. Geospatial resources (software and data) have four general user categories: Private, Public, Emergency and Commercial. This article examines the first three categories. OGC uses scenarios to illustrate and understand various situations in which users access rights-managed spatial data and applications. The descriptions cover what users see onscreen as well as what had to happen "behind the scenes," including how the electronic license was created and what the underlying framework did. Private Access Andreas works for a private company, Cleanups R Us, that has a contract with the Environmental Protection Agency (EPA) to clean up hazardous waste sites. He needs to plan his team's schedule for tomorrow, so he goes to his computer and accesses the EPA database, linking the site locations to his route-planning tool and the hazardous materials to his labor/time/materials calculator to create the schedule. What Andreas Saw Andreas noticed that the Web application was labeled "rights managed," but the label didn't appear to mean anything relevant to his task. He just got a map with the hazardous waste sites, volume and type of hazard, and he used the route planner and clean-up calculator to work out his team's schedule. He didn't agree to any license. What Andreas Didn't See Understandably, Andreas doesn't care how the hazardous waste data got to his screen. In this imagined scenario, the "rights-managed" Web application accessed an EPA hazardous-waste "rights-managed" database behind the scenes, and the system managing those rights ensured that he was allowed to see the data. The system was programmed to check the conditions of the electronic license that had been previously agreed between Cleanups R Us and the EPA. Unknown to Andreas, Graham in the contracts department at Cleanups R Us had spoken some time ago to Roland in the contracts department at EPA and agreed to private-access terms, so the company could access the data it needed to do the contracted work. The agreement specified access terms in an electronic license. What the Framework Did The rights management is enabled by the underlying framework. The Web-client application was implemented based on the GeoDRM standard, the terms of the license were computer-encoded based on the GeoDRM standard, and the rights to view and use the data were enabled when the system determined—based on the GeoDRM standard—that the license conditions were met. Variations In the aforementioned example, one license between the EPA and Cleanups R Us was required. In another fictional situation, Karen works for Maps R Us, a subcontractor to the prime contractor working for the U.S. Census Bureau to prepare for the next census. The license between Maps R Us and the prime contractor for data access is dependent on the license between the Census Bureau and prime contractor. The GeoDRM standard is general enough to cover such license chains.
Figure 2. An example of a rights-managed scenario includes a) the resources, b) offline work, c) electronic licenses and d) the underlying framework. Keyholes represent the rights-management function. Public Access Kathy is planning a day trip to the beach for her family. She finds the Web site of the local tourism board, which has a list of local beaches, with two useful facts for each beach: weather and water quality. What Kathy Saw Kathy sees a list of local beaches with the weather and water-quality reports. Long Beach looks good; the weather forecast is sunny and warm, and water quality is good. Without noticing the "rights-managed" symbol at the bottom of the screen, she is off, packing her beach bag. What Kathy Didn't See Kathy doesn't care where the information came from. However, for that information to be on her screen, the tourism board had agreed to the public-access terms of the weather company and the local environmental authority. John, who works for the tourism board, created the Web site that Kathy accessed. He accepted the public-access conditions of the weather company and the local environmental authority. Both organizations required that the board agree not to sell the data. In addition, as part of its risk-management efforts and concern for data integrity, the environmental authority required that the tourism board agree to convey the data as only original point values, not converting the point data to continuous surfaces. What the Framework Did Again, the rights management is enabled by the underlying framework. The Web application was implemented based on the GeoDRM standard, the terms of the licenses were computer-encoded based on the GeoDRM standard, and the weather-company and environment-authority data were accessed when the system determined—based on the GeoDRM standard—that the licenses' conditions were met. Variations Kathy didn't need to download the data to her machine for offline access. Cristian, however, a surveyor for ACME Construction, downloads maps from the planning office, subdivides the development into individual parcels, and uploads the new parcel boundaries (see Figure 2). This is a combination of public- and private-access scenarios, requiring licenses to cover the public-access aspect of downloading maps from the planning department as well as the private-access aspect of uploading the new parcel boundaries. The GeoDRM standard is general enough to cover such combinations of licenses. Emergency Access Joe works for the local fire department. A flooding emergency has been declared, and he's responsible for planning the evacuation of those at risk. He has good data of the river network, but he urgently needs accurate river-height information. The fire department has agreements with data providers for the data it regularly uses, but not for access to river-height data. Joe knows that a flooding emergency has been declared, and he has the authority to access and use such data. He also knows that his access to the data will be carefully tracked. What Joe Saw Joe uses the river-height information, combines it with his river-network data, and creates a flood-status map. He then uses that information to plan the evacuation of households most likely to be affected. What Joe Didn't See The water company maintains a database of current river heights. The company has a policy that river-height data may be used by emergency services in a genuine emergency. When Joe "broke the glass," an emergency-access license was created, and access by Joe, using that license, was carefully monitored. Some days later, the water company called the fire department to verify that the situation was an emergency. What the Framework Did Rights management is enabled by the underlying framework. The water company provided for emergency licensing based on the GeoDRM standard, the terms of the license were computer-encoded based on the GeoDRM standard, and access to the river-height data was made possible when the system determined—based on the GeoDRM standard—that the emergency-license conditions were met. Current and Future GeoDRM Activities A joint OGC/ISO project is developing the geographic information extensions of ISO 21000. The specific In addition, work is in progress in Germany with a focus on GeoDRM security aspects, using OASIS Security Assertion Markup Language and eXtensible Access Control Markup Language (XACML). While these activities proceed, efforts are underway to get the GeoDRM Reference Model designated as an ISO standard. The GeoDRM Working Group then will work on documents that provide any extensions to rights-expression languages that may be needed to implement GeoDRM standards as well as more details on profiles, engineering and implementation. These documents explain "best practices." Ludwig Maximilians University in Munich has a pilot project underway to use and further develop geospatial extensions to XACML to facilitate the fast, interoperable and secure exchange of spatial data for disaster management. In a presentation at the Symposium on Geo-Information for Disaster Management in September 2006 (see www.ssg.geo.uni-muenchen.de/cgi-bin/personalinformationen/zeige_forschungsprojekt.pl?ID=104), Jan Herrmann described this pilot project and reported that a prototype had been tested and validated; it proved to be ready for operation. GeoDRM serves a variety of purposes. User scenarios illustrate the role it can play in protecting private assets, enabling public access while preserving data integrity and facilitating emergency access. The GeoDRM framework is simultaneously general enough and specific enough to support all types of licenses. Author's Note: Anyone interested in GeoDRM is encouraged to become familiar with OGC's work and consider this an invitation to join. I'd also like to thank the members of the GeoDRM Working Group for their contributions, particularly Graham Vowles, who developed an initial set of User Scenarios that formed the basis of this article. |
