Home arrow Security arrow Page 7 - Trust, Access Control, and Rights for Web Services, Part 2

eXtensible Rights Markup Language (XrML) Management Specification - Security

Web services themselves provide a powerful new approach to PKI that prevents each Web service requestor and provider from having to build their own PKI: accessing a trusted PKI as a service. XKMS aims to do just that. This is part 2 of chapter 9 from Securing Web Services with WS-Security, by Rosenberg and Remy (ISBN 0672326515, SAMS, 2004).

TABLE OF CONTENTS:
  1. Trust, Access Control, and Rights for Web Services, Part 2
  2. The XKMS Services
  3. X-KRSS
  4. eXtensible Access Control Markup Language (XACML) Specification
  5. The XACML Data Model
  6. XACML Policy Example
  7. eXtensible Rights Markup Language (XrML) Management Specification
  8. XrML Use Case Example
  9. Summary
By: Sams Publishing
Rating: starstarstarstarstar / 6
October 12, 2004

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

The eXtensible Rights Markup Language specifies rights to control access to digital content and services. XrML is part of the effort to create an infrastructure to manage digital rights on copyright and for-fee content that is moved across the public networks.

XrML is a rights language that supports a wide variety of business models from free content that still must control who accesses it (for example, real estate home listings) to valuable content that must be purchased by the end user (for example, digital music). It can specify simple and complex rights. It is designed to handle any type of digital content or service. It gives precise meaning to all components of the system. A couple of its critical early design goals were that it be interoperable with other standards and specifications and that it be platform neutral.

The XrML Data Model

The data model for XrML consists of four entities and the relationship between those entities. The most important relationship is the XrML assertion Grant. A Grant is structured as follows:

  • The Principal to whom the Grant is issued

  • The Right that the Grant specifies

  • The Resource that is the direct object of the "rights" verb

  • The Condition that must be met for the right to be exercised

A Principal is an individual who must present identification credentials such as an X.509 certificate or a digital signature. If the authentication of this individual is successful, that person may be granted some Rights to the digital content. The Right is a verb that a Principal can be granted to exercise agaist some content. For example, the Right might be to read, view, print, forward, or even grant rights to others. The Resource is the object to which a Principal can be granted a Right. It might be an e-book, an audio or video file, or an image. It can also be a service such as email or a Web service. A Condition specifies the terms, conditions, and obligations under which the Rights can be exercised. This might be a time interval, or it might require that someone else has also granted some Rights first, such as a trusted third party. The relationships of the four key XrML constructs are shown in Figure 9.10.

Trust, Access Control, and Rights for Web Services

Figure 9.10  Core XrML constructs and their interrelationships.

SamsThis chapter is from Securing Web Services Security with WS-Security, by Jothy Rosenberg and David Remy (Sams, 2004, ISBN: 0672326515). Check it out at your favorite bookstore today.

Buy this book now.



 
 
>>> More Security Articles          >>> More By Sams Publishing
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

SECURITY ARTICLES

- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: