Authentication and Authorization for Digital Rights Management for Information Distribution Systems

The problem of protecting digital information from unauthorized use and replication is the concern of many rights-holders. Widely distributed stakeholders are to an increasing degree independently developing a vision of more comprehensive access to information content in a networked environment such as the Internet. In this situation it has become clear that flexible Digital Rights Management (DRM) solutions for managing, unambiguously identifying and describing, protecting, trading, monitoring and tracking digital information should be examined and developed so that bona fide users can access information content from anywhere and at any time. The use of DRM systems in such a vision of global access will lead to new requirements for authentication and authorization. These will include the correct management of fine-grained access and usage controls, and the protection of users' privacy. The emergence of these new requirements and the need to meet them imply that authentication and authorization for DRM should, as has already been pointed out, be regarded as separate disciplines, and should be studied as such. As a step in this direction, this paper describes our authentication and authorization model for DRM in a distributed object oriented information distribution system that will meet most of these requirements