Originator control in usage control

Originator control is an access control policy that requires recipients to gain originator's approval for re-dissemination of disseminated digital object. Originator control policies are one of the generic and key concerns of usage control. Usage control is an emerging concept which encompasses traditional access control and digital rights management solutions. However, current commercial digital rights management (DRM) solutions lack enforcement of access control policies because their control of access to digital object is mainly based on payment. In this paper, we attempt to combine originator control policies and usage control. Then we show how this can extend traditional originator control solutions to enforce access control policies even outside of a local control environment where a central control authority is not available. License and ticket concepts are proposed and used for originator control in usage control. Also, we define seven different solution approaches to deal with various dissemination situations. In addition, we discuss some published DRM solutions and relate these to our solution approaches.

[1]  Jaehong Park,et al.  Security architectures for controlled digital information dissemination , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[2]  Xin Wang,et al.  XrML -- eXtensible rights Markup Language , 2002, XMLSEC '02.

[3]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[4]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  David Bernstein,et al.  The DigiBox: A Self-Protecting Container for Information Commerce , 1995, USENIX Workshop on Electronic Commerce.

[6]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Carl A. Gunter,et al.  Models and languages for digital rights , 2001, Proceedings of the 34th Annual Hawaii International Conference on System Sciences.