1、BSI Standards PublicationBS ISO 19153:2014Geospatial Digital RightsManagement Reference Model(GeoDRM RM)BS ISO 19153:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO 19153:2014.The UK participation in its preparation was entrusted to TechnicalCommittee IST/
2、36, Geographic information.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2014
3、. Published by BSI StandardsLimited 2014ISBN 978 0 580 64455 9ICS 35.240.70Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee on 28 February 2014.Amendments issued since
4、 publicationDate Text affectedBS ISO 19153:2014 ISO 2014Geospatial Digital Rights Management Reference Model (GeoDRM RM)Modle de rfrence pour la gestion numrique des droits dutilisation de linformation gographiqueINTERNATIONAL STANDARDISO19153First edition2014-02-15Reference numberISO 19153:2014(E)B
5、S ISO 19153:2014ISO 19153:2014(E)ii ISO 2014 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2014All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or
6、posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCase postale 56 CH-1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 749 09 47E-mail copyri
7、ghtiso.orgWeb www.iso.orgPublished in SwitzerlandBS ISO 19153:2014ISO 19153:2014(E) ISO 2014 All rights reserved iiiContents PageForeword vIntroduction vi1 Scope . 12 Conformance . 23 Normative references 24 Terms and definitions . 35 Conventions . 95.1 Abbreviated terms . 95.2 UML notation 96 GeoDR
8、M design principles 106.1 GeoDRM roadmap . 106.2 Basics 106.3 Flow model of GeoDRM 116.4 GeoDRM Gatekeeper . 116.5 DRM metadata licence model 156.6 Developmental guidelines 166.7 The components of managing risk 177 GeoDRM enterprise viewpoint and Abstract Rights Model.197.1 General 197.2 Geospatial
9、resource . 197.3 GeoLicence extents . 197.4 GeoLicence expression 217.5 GeoLicence creation and enforcement 217.6 GeoLicence delegation and management . 217.7 GeoLicence chaining 227.8 GeoLicensing communities . 237.9 GeoLicensing and resource lineage 257.10 Handling GeoLicence violation and the bre
10、ak-the-glass principle 257.11 Automated licence revocation/expiration need to revoke privilege 268 GeoDRM computational viewpoint 268.1 Overview roles and responsibilities .268.2 Principals 298.3 Resource owner. 308.4 Agent . 308.5 Licence broker or licensing agent 308.6 Service broker . 318.7 Servi
11、ce provider 318.8 End-user 318.9 Licence manager . 319 Information viewpoint 319.1 Overview . 319.2 User metadata . 339.3 Properties and patterns . 339.4 Resource metadata . 339.5 Licence metadata . 349.6 Process metadata . 44Annex A (normative) Abstract test suite .45Annex B (informative) GeoDRM UM
12、L model47Annex C (informative) Scenarios .82BS ISO 19153:2014ISO 19153:2014(E)iv ISO 2014 All rights reservedAnnex D (informative) Editors notes .88Bibliography .89BS ISO 19153:2014ISO 19153:2014(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national
13、 standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. Internationa
14、l organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.The procedures used to develop this document and those intended fo
15、r its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.or
16、g/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be
17、 in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO specific terms and expressions
18、 related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary informationThe committee responsible for this document is ISO/TC 211, Geographic information/Geomatics, jointl
19、y with the Open Geospatial Consortium, Inc. (OGC). ISO 2014 All rights reserved vBS ISO 19153:2014ISO 19153:2014(E)IntroductionTo create a marketplace, individuals who own something of value (here a resource) shall have some level of assurance that they will be able to obtain fair value for its use
20、or purchase. In a digital world, due to the nature of digital resources and commerce, most digital entities are not sold in the usual sense. When a user acquires an application, he actually acquires the right to use a copy of the application. Possession does not equate with ownership, and a system o
21、f software and resource licensing has grown up in the digital world that ensures the following types of things: The user can legitimately act upon a resource if he has a corresponding licence for that act. The owner will maintain the resource, fixing errors (“bug-fix”) and assuring a guaranteed leve
22、l of functionality. Optionally, the user can be asked to pay the owner of the resource based upon agreed criteria, whether that is a one-time fee, a per-machine fee, a usage fee, or some other mechanism stated in the legal contract or licence between user and owner. The user agrees to protect the ow
23、ners rights based on the agreement. This usually means he cannot backward engineer code or resource, nor redistribute the resource without proper permission. The owner agrees to maintain the resource and allow a reasonable access to the users for any fixes that can be required. Again, the extent or
24、degree of maintenance is stated in the user agreement. To create and support a large-scale, open market in geospatial resources, this type of protection is needed to ensure that a “fair value for work (investment)” ethic can be guaranteed so that suppliers can be sure of fair return on individual sa
25、les, and users can be sure of fair value for purchases of uses of resources.This International Standard describes how this is to be done.This International Standard does not replace any previous ISO or OGC international standards, but it is dependent upon them. Each resource and service standard tha
26、t exists or will exist becomes a resource description in this International Standard, and hopefully will be subject to the same sorts of protection that are afforded to other digital resources.vi ISO 2014 All rights reservedBS ISO 19153:2014Geospatial Digital Rights Management Reference Model (GeoDR
27、M RM)1 ScopeThis International Standard is a reference model for digital rights management (DRM) functionality for geospatial resources (GeoDRM). As such, it is connected to the general DRM market in that geospatial resources must be treated as nearly as possible like other resources, such as music,
28、 text, or services.This International Standard defines: A conceptual model for digital rights management of geospatial resources, providing a framework and reference for more detailed specification in this area. A metadata model for the expression of rights that associate users to the acts that they
29、 can perform against a particular geospatial resource, and associated information used in the enforcement and granting of those rights, such as owner metadata, available rights, and issuer of those rights. Requirements that are placed on rights management systems for the enforcement of those rights.
30、NOTE A rights management system must be necessary and sufficient: it must implement only those restrictions necessary to enforce the rights defined therein, and it must be sufficient to enforce those rights. How this is to work conceptually in the larger DRM context to ensure the ubiquity of geospat
31、ial resources in the general services market.A resource in this context is a data file, or service for geographic information or process.This abstract descriptive International Standard builds on and complements the existing standards, and defines at an abstract level a rights model to enable the di
32、gital rights management of standards-based geospatial resources. Future GeoDRM standards will be written to implement the concepts defined in this International Standard.GeoDRM Reference ModelISO Open Distributed ProcessingGeographic Reference Model Common Platforms GeoDRM Implementation SpecsImplem
33、entation SpecsFigure 1 GeoDRM reference model contextFigure 1 shows a simplified view of how this International Standard, the Geospatial Digital Rights Management Reference Model (indicated in grey), relates to the ISO Open Distributed Processing INTERNATIONAL STANDARD ISO 19153:2014(E) ISO 2014 All
34、 rights reserved 1BS ISO 19153:2014ISO 19153:2014(E)standard, OGC Reference Model, and OWS Common initiative. The purpose of this International Standard is to define the conceptual framework and rights model for the future GeoDRM Implementation Standards, which will enable the digital rights managem
35、ent of geospatial resources.This International Standard is not intended to delve into questions of morals, ethics, market model, or implementations any further than is necessary to express requirements against rights management functionalities and systems.2 ConformanceBecause the normative nature of
36、 a reference model is embedded in its “reference” description of the semantics of the environment which it describes, the central requirement of this International Standard is:Any standard or implementation conformant to this International Standard shall be consistent with the semantics described wi
37、thin this International Standard or within the normative references of this International Standard.Conformance with this specification shall be checked using tests specified in Annex A. Conformance classes for this International Standard are alignment of rights expression to the abstract rights mode
38、l, expression for applicability of rights for geospatial resources, and enforcement of rights for geospatial resources.Resources that are augmented by GeoDRM licence metadata will be referred to as GeoDRM extended or enabled resources. Processing resources that have met the requirements to maintain
39、GeoDRM resource and enforce the licensing procedures shall be referred to as GeoDRM enabled.This is a complex subject, and Annexes B to D are informative annexes that aid in understanding the normative specification of the rights expression language.3 Normative referencesThe following documents, in
40、whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO 2382-6, Information processing s
41、ystems Vocabulary Part 6: Preparation and handling of dataISO/IEC 15408, Information technology Security techniques Evaluation for IT securityISO/IEC 21000 (all parts), Information technology Multimedia framework (MPEG-21)1)ISO/IEC 21000-5, Information technology Multimedia framework (MPEG-21) Part
42、5: Rights Expression Language1) The MPEG 21 (ISO/IEC 21000) standard is a work in progress. It will eventually have at least 14 parts. Only the first few are available now. The intent is to eventually incorporate as much of ISO/IEC 21000 as appropriate in this International Standard in order to assu
43、re interoperability of geospatial resource DRM with that used for other multimedia information.2 ISO 2014 All rights reservedBS ISO 19153:2014ISO 19153:2014(E)4 Terms and definitionsFor the purposes of this document, the terms and definitions in ISO 2382-6 and ISO/IEC 15408 and the following apply.N
44、OTE If a term is not defined in this document, it will take the definition supplied in their original context in the last reference in the following list in which it occurs, or, if still undefined, its usual English Oxford English Dictionary (OED) or Webster definition. ISO 2382-6 for common process
45、ing terms such as read, write, copy, duplicate, input, output, collection, acquisition, transform, convert, encode, decode, search, index, edit, and extract. ISO/IEC 15408 for common information technology (IT) security terms such as authentication resource, authorized user, identity, security attri
46、bute, security policy, and trusted channel. OWS Common Implementation Specification OGC 05-00813. OGC Glossary14for terms and examples specifically related to OGC standardized web services. RM-ODP8for system modelling terms such as the enterprise, computational, and information viewpoints. ODRL,19OM
47、A DRM REL,15and ISO/IEC 21000 for terms specific to rights expressions languages, such as principal, licence, right, grant, condition, and resource.Terms that are repeatedly defined in these resources shall assume the definition supplied here in the context of GeoDRM.4.1access controlcombination of
48、authentication (4.4) and authorization (4.5)4.2agencylegal relationship of a person (called the agent 4.3) who acts on behalf of another person, company, or government (called the principal 4.35)4.3agentone who acts on behalf of another4.4authenticationverification that a potential partner in a conv
49、ersation is capable of representing a person or organizationSOURCE: W3C, Web Services Glossary4.5authorizationdetermination whether a subject is allowed to have the specified types of access to a particular resource (4.40)Note 1 to entry: Usually, authorization is in the context of authentication (4.4). Once a subject is authenticated, it can be authorized to perform different types of access.4.6bypassmechanism to defeat the purpose of a subsystem by avoiding its invocationSOURCE: W3C, We