Efficient design of interpretation of REL license using Expert Systems Chun Hui Suen, Munich...
-
Upload
caren-gallagher -
Category
Documents
-
view
214 -
download
0
Transcript of Efficient design of interpretation of REL license using Expert Systems Chun Hui Suen, Munich...
Efficient design of Efficient design of interpretation of REL interpretation of REL license using Expert license using Expert
SystemsSystems
Chun Hui Suen, Chun Hui Suen,
Munich University of Technology,Munich University of Technology,
Institute for Data ProcessingInstitute for Data Processing
ContentsContents
ProblemsProblems Current solutionCurrent solution Proposed solutionProposed solution Offline DemoOffline Demo ComparisonComparison ConclusionConclusion
1
Rights Expression LanguageRights Expression Language
•Buy•Rent•Promotion•Share•Gift
2
DRM System
Consumer Content Provider
Rights Expression LanguageRights Expression Language
•Direct payment•Payment information•Try before buying
.
.
.
2
DRM System
Consumer Content Provider
Rights Expression LanguageRights Expression Language
Expressive REL needed for user-friendly DRM Expressive REL needed for user-friendly DRM Complicated REL license interpreterComplicated REL license interpreter
2
ProblemProblem
License
Grant
Condition
Grant
ConditionLicense
Root Grant
…
Expressive Rights description – MPEG-21 RELExpressive Rights description – MPEG-21 REL Tree-based XMLTree-based XML ComplicatedComplicated
dependanciesdependancies
3
Current solutionCurrent solution Inperative programmingInperative programming Object-orientated mappingObject-orientated mapping
License
Grant
Condition
Grant
ConditionLicense
Root Grant
… 4
Current solutionCurrent solution Inperative programmingInperative programming Object-orientated mappingObject-orientated mapping
License
Grant
Condition
Grant
ConditionLicense
Root Grant
… 4
License Object
Grant Object
Condition Object
Grant Object
Condition ObjectLicense
Object
Root Grant Object
…
Proposed SolutionProposed Solution
Knowledge based parsingKnowledge based parsing
License
Grant
Condition
Grant
ConditionLicense
Root Grant
…
Knowledgedatabase
XML - Knowledge parser
5
Proposed SolutionProposed Solution
Knowledgedatabase
6
Root grant xx xx xx
License xx xx xx
Grant xx xx xx
Condition xx xx xx
Grant xx xx xx
Condition xx xx xx
License xx xx xx
Intelligence
Rule-based matchingRule-based matching(Experts System)(Experts System)
Root grant xx xx xx
License xx xx xx
Grant xx xx xx
Condition xx xx xx
Grant xx xx xx
Condition xx xx xx
License xx xx xx
Rule
pattern action
Rule
pattern action
. . .
Inference Engine
Pattern-matching
7
Intelligence
Rule-based matchingRule-based matching (Experts System) (Experts System)
Root grant xx xx xx
License xx xx xx
Grant xx xx xx
Condition xx xx xx
Grant xx xx xx
Condition xx xx xx
License xx xx xx
Rule
pattern action
Rule
pattern action
. . .
Inference Engine
Add / Mod. /Delete
7
ImplementationImplementation
8
XMLlicense
XML parser in c++
CLIPSexpert sys.
Hypothesis
Interpretation result
Rulesbase
Input to
inte
rpre
tatio
n e
ngin
e States
phase1 phase2
•What right is requested?•Who can perform it?•What resource to use?•Under what conditions?
•System States•counters
ImplementationImplementation
9
Hypothesis is true?
Grant valid?
Issuer valid?
Conditionsfulfilled?
Principalvalid?
Resource
valid?
Operationvalid?
Root grantLicense
Grant
Condition
Root Grant
Resources
Right
keyholder
Demo – Input License 1Demo – Input License 1<rootGrant><rootGrant>
<keyholder><keyholder>Company ACompany A</keyholder></keyholder><trustedRootIssuer/><trustedRootIssuer/>
</rootGrant></rootGrant>
„„Company A“ is a trusted issuerCompany A“ is a trusted issuer
<rootGrant><rootGrant><keyholder><keyholder>johnjohn</keyholder></keyholder><possessProperty/><possessProperty/><propertyUri><propertyUri>SubscriptionSubscription</propertyUri></propertyUri>
</rootGrant></rootGrant>
““John” has property “Subscription”John” has property “Subscription”
10
Demo – Input License 2Demo – Input License 2
<license><license>
<grant><grant>
<keyholder><keyholder>johnjohn</keyholder></keyholder>
<<playplay/>/>
<digitalresource><digitalresource>somewhere.mp3somewhere.mp3</digitalresource></digitalresource>
<prerequisiteRight><prerequisiteRight>
<keyholder><keyholder>johnjohn</keyholder></keyholder>
<possessProperty/><possessProperty/>
<propertyUri><propertyUri>SubscriptionSubscription</propertyUri></propertyUri>
</prerequisiteRight></prerequisiteRight>
</grant></grant>
“ “john” allowed to “play”, only if “john” has “Subscription” propertyjohn” allowed to “play”, only if “john” has “Subscription” property
11
Demo – Input License 3Demo – Input License 3
<issuer><issuer>Company ACompany A</issuer></issuer>
</license></license>
Issuer of license is “Company A”Issuer of license is “Company A”
13
Demo – Parsed License 1Demo – Parsed License 1 (rootGrant g0)(rootGrant g0) (keyholder "Company A" g0)(keyholder "Company A" g0) (trustedRootIssuer g0)(trustedRootIssuer g0) (rootGrant g1)(rootGrant g1) (keyholder “john" g1)(keyholder “john" g1) (right possessProperty g1)(right possessProperty g1) (property "Subscription" g1)(property "Subscription" g1) (license l0)(license l0) (grant g2 l0)(grant g2 l0) (keyholder “john" g2)(keyholder “john" g2) (right play g2)(right play g2) (digitalresource "somewhere.mp3" g2)(digitalresource "somewhere.mp3" g2)
14
Demo – Parsed License 2Demo – Parsed License 2
(condition-or c0 g2)(condition-or c0 g2)
(condition c0 prerequisiteRight p0)(condition c0 prerequisiteRight p0)
(keyholder “john" p0)(keyholder “john" p0)
(right possessProperty p0)(right possessProperty p0)
(property "Subscription" p0)(property "Subscription" p0)
(issuer "Company A" l0)(issuer "Company A" l0)
(time 20060504)(time 20060504)
(database-count 5 c2)(database-count 5 c2)
(predicate 0 “john" play "somewhere.mp3")(predicate 0 “john" play "somewhere.mp3")
15
Hypothesis & states
Demo – Interpretation 1Demo – Interpretation 1
(authorized-grant g0 -1)(authorized-grant g0 -1)
(authorized-grant g1 -1)(authorized-grant g1 -1)
(authorized-grant g2 l0)(authorized-grant g2 l0)
Grant blocks recognised as authorized/trusted15
Demo – Interpretation 1Demo – Interpretation 1
(authorized-grant g0 -1)(authorized-grant g0 -1)
(authorized-grant g1 -1)(authorized-grant g1 -1)
(authorized-grant g2 l0)(authorized-grant g2 l0)
=> (predicate p0 “john" possessProperty "Subscription")=> (predicate p0 “john" possessProperty "Subscription")
New hypothesis: Does john has the property Subscription15
Demo – Interpretation 1Demo – Interpretation 1
(authorized-grant g0 -1)(authorized-grant g0 -1)
(authorized-grant g1 -1)(authorized-grant g1 -1)
(authorized-grant g2 l0)(authorized-grant g2 l0)
=> (predicate p0 “john" possessProperty "Subscription")=> (predicate p0 “john" possessProperty "Subscription")
(keyholder_matched p0 g1)(keyholder_matched p0 g1) - john- john
(op_matched p0 g1)(op_matched p0 g1) - possessProperty- possessProperty
(cond-fulfilled g1)(cond-fulfilled g1) - none- none
(resource_matched p0 g1)(resource_matched p0 g1) - “Subscription”- “Subscription”
Conditions for new predicate fulfilled15
Demo – Interpretation 1Demo – Interpretation 1
(authorized-grant g0 -1)(authorized-grant g0 -1)
(authorized-grant g1 -1)(authorized-grant g1 -1)
(authorized-grant g2 l0)(authorized-grant g2 l0)
=> (predicate p0 “john" possessProperty "Subscription")=> (predicate p0 “john" possessProperty "Subscription")
(keyholder_matched p0 g1)(keyholder_matched p0 g1)
(op_matched p0 g1)(op_matched p0 g1)
(cond-fulfilled g1)(cond-fulfilled g1)
(resource_matched p0 g1)(resource_matched p0 g1)
(predicate-success p0)(predicate-success p0)
New hypothesis fulfilled15
Demo – Interpretation 1Demo – Interpretation 1
(authorized-grant g0 -1)(authorized-grant g0 -1)
(authorized-grant g1 -1)(authorized-grant g1 -1)
(authorized-grant g2 l0)(authorized-grant g2 l0)
=> (predicate p0 “john" possessProperty "Subscription")=> (predicate p0 “john" possessProperty "Subscription")
(keyholder_matched p0 g1)(keyholder_matched p0 g1)
(op_matched p0 g1)(op_matched p0 g1)
(cond-fulfilled g1)(cond-fulfilled g1)
(resource_matched p0 g1)(resource_matched p0 g1)
(predicate-success p0)(predicate-success p0)
(cond-true c0 prerequisiteRight p0)(cond-true c0 prerequisiteRight p0)
(cond-satisfied c0)(cond-satisfied c0)
Recursive condtion fulfilled15
Demo – Interpretation 2Demo – Interpretation 2
(keyholder_matched 0 g2)(keyholder_matched 0 g2) - John- John
(op_matched 0 g2)(op_matched 0 g2) - play- play
(resource_matched 0 g2)(resource_matched 0 g2) - somewhere.mp3- somewhere.mp3
(cond-fulfilled g2)(cond-fulfilled g2) - has property- has property
Conditions of first grant block fulfilled16
Demo – Interpretation 2Demo – Interpretation 2
(keyholder_matched 0 g2)(keyholder_matched 0 g2)
(op_matched 0 g2)(op_matched 0 g2)
(resource_matched 0 g2)(resource_matched 0 g2)
(cond-fulfilled g2)(cond-fulfilled g2)
(predicate-success 0)(predicate-success 0)
Final hypothesis fulfilled.16
Comparison - AdvantagesComparison - Advantages
Flat structure – aids in overcoming problems of Flat structure – aids in overcoming problems of complex dependanciescomplex dependancies OOP implementation requires global data to support recursive OOP implementation requires global data to support recursive
conditioncondition
Knowledge predicate is easily stored in databaseKnowledge predicate is easily stored in database Support high-volume operationSupport high-volume operation
““Proof” of authorization can be easily generatedProof” of authorization can be easily generated Logging of reason for authorizationLogging of reason for authorization Helps in making intelligent authorization decisionsHelps in making intelligent authorization decisions
17
Comparison - DisadvantagesComparison - Disadvantages
Additional knowledge creation stageAdditional knowledge creation stage(XML – pre-processing)(XML – pre-processing)
Unable to support XML-related conditions in Unable to support XML-related conditions in MPEG-21 RELMPEG-21 REL
18
Future workFuture work
Quantitative speed testQuantitative speed test Optimization of knowledge-based approachOptimization of knowledge-based approach
Partitioning of knowledge database into clearly Partitioning of knowledge database into clearly defined sets to reduce search range for rule defined sets to reduce search range for rule matchingmatching
Support more REL commandsSupport more REL commands
19
ConclusionConclusion
Knowledge-based parsing is feasibleKnowledge-based parsing is feasible Reduce REL parser design complexityReduce REL parser design complexity
20
QuestionsQuestions