Geospatial Digital Rights Management Reference Model (GeoDRM RM)

ISO 19153:2014 is a reference model for digital rights management (DRM) functionality for geospatial resources (GeoDRM). As such, it is connected to the general DRM market in that geospatial resources shall be treated as nearly as possible like other resources, such as music, text, or services. It is not the intention to reinvent a market nor the technology that already exists and is thriving, but to make sure that a larger market has access to geospatial resources through a mechanism that it understands and that is similar to and consistent with the ones already in use. ISO 19153:2014 does not replace any previous standards, but it is dependent upon them. Each resource and service standard that exists or will exist becomes a resource description in ISO 19153:2014, and hopefully will be subject to the same protection that is afforded to other resources. This International Standard defines: A conceptual model for digital rights management of geospatial resources, providing a framework and reference for more detailed specification in this area. A metadata model for the expression of rights that associate users to the acts that they can perform against a particular geospatial resource, and associated information used in the enforcement and granting of those rights, such as owner metadata, available rights, and issuer of those rights. Requirements that are placed on rights management systems for the enforcement of those rights. A rights management system shall be necessary and sufficient: it shall implement only those restrictions necessary to enforce the rights defined therein, and it shall be sufficient to enforce those rights. How this is to work conceptually in the larger DRM context to ensure the ubiquity of geospatial resources in the general services market. A resource in this context is a data file, or service for geographic information or process. This abstract descriptive standard builds on and complements the existing standards, and defines at an abstract level a rights model to enable the digital rights management of standards-based geospatial resources. Future GeoDRM standards will be written to implement the concepts defined in ISO 19153:2014.

Modèle de référence pour la gestion numérique des droits d'utilisation de l'information géographique

L'ISO 19153:2014 est un modèle de référence pour la fonctionnalité de la gestion numérique des droits (DRM) des ressources géospatiales (géo-DRM). En tant que telle, elle est reliée au marché général de la DRM, étant donné que les ressources géospatiales doivent être traitées autant que possible comme d'autres ressources, telles que de la musique, des textes, ou des services. L'ISO 19153:2014 définit: - Un modèle conceptuel pour une gestion numérique des droits des ressources géospatiales, fournissant un cadre et une référence à une spécification plus détaillée dans ce domaine. - Un modèle de métadonnées pour l'expression de droits qui associe les utilisateurs aux actions qu'ils peuvent accomplir envers une ressource géospatiale particulière, et une information associée utilisée dans la mise en application et la concession de ces droits, tels que des métadonnées de propriétaire, des droits disponibles et des émetteurs de ces droits. - Des exigences placées sur des systèmes de gestion de droits pour la mise en application de ces droits. Un système de gestion des droits doit être nécessaire et suffisant: il doit mettre uniquement en oeuvre les restrictions nécessaires pour imposer les droits qui y sont définis, et doit être suffisant pour imposer ces droits. - La manière dont cela doit fonctionner du point de vue conceptuel dans le contexte plus vaste de DRM afin d'assurer l'omniprésence des ressources géographiques sur le marché général des services. Une ressource dans ce contexte est un fichier de données, un service d'information ou de méthodes géographiques. La présente norme descriptive abstraite se fonde sur les normes existantes et les complète, et définit à un niveau abstrait un modèle de droits qui permet la gestion numérique des droits des ressources géospatiales basées sur des normes. Les futures normes géo-DRM seront rédigées de manière à mettre en oeuvre les concepts définis dans l'ISO 19153:2014.

Referenčni model za upravljanje geoprostorskih digitalnih avtorskih pravic (GeoDRM)

Ta mednarodni standard je referenčni model za funkcijo upravljanja digitalnih avtorskih pravic (DRM) za geoprostorske vire. Kot takšen je povezan s splošnim trgom upravljanja digitalnih avtorskih pravic, kar pomeni, da je treba geoprostorske vire obravnavati na način, ki je čim bolj enak načinu, na katerega se obravnavajo drugi viri, kot so glasba, besedilo ali storitve. Ta mednarodni standard določa:
– konceptualni model za upravljanje digitalnih avtorskih pravic za geoprostorske vire, ki ponuja ogrodje in referenco za podrobnejšo specifikacijo na tem področju;
– metapodatkovni model za izražanje pravic, ki povezujejo uporabnike z dejanji, ki jih lahko izvedejo za določen geoprostorski vir, ter povezane informacije, uporabljene pri uveljavitvi in dodelitvi takšnih pravic, kot so metapodatki lastnika, razpoložljive pravice in izdajatelj takšnih pravic;
– zahteve za sisteme upravljanja pravic, ki urejajo uveljavitev teh pravic; OPOMBA Sistem upravljanja pravic mora izražati potrebnost in zadostnost: uvesti mora le tiste omejitve, ki so potrebne za uveljavitev pravic, določenih v tem dokumentu, in mora biti zadosten za njihovo uveljavitev;
– način konceptualnega delovanja v širšem kontekstu upravljanja digitalnih avtorskih pravic, s čimer se zagotovi vseprisotnost geoprostorskih virov na trgu splošnih storitev.
Vir v tem kontekstu je podatkovna datoteka ali storitev za geografske informacije ali postopek.
Ta povzetek opisa mednarodnega standarda temelji na obstoječih standardih in jih dopolnjuje ter na abstraktni ravni določa model pravic, da se omogoči upravljanje digitalnih avtorskih pravic za geoprostorske vire, ki temeljijo na standardih. Prihodnji standardi upravljanja geoprostorskih digitalnih avtorskih pravic bodo napisani z namenom uvedbe konceptov, določenih v tem mednarodnem standardu. Namen tega mednarodnega standarda ni poglabljanje v vprašanja moralnih in etičnih načel, tržnega modela ali uvedb, razen kolikor je to potrebno za izražanje zahtev v zvezi s funkcijami in sistemi upravljanja pravic.

General Information

Status
Withdrawn
Publication Date
09-Feb-2014
Withdrawal Date
09-Feb-2014
ICS
35.240.70 - IT applications in science
Technical Committee
ISO/TC 211 - Geographic information/Geomatics
Drafting Committee
ISO/TC 211/WG 9 - Information management
Current Stage
9599 - Withdrawal of International Standard
Start Date
30-Aug-2019
Completion Date
12-Feb-2026
Ref Project
SIST ISO 19153:2015 - Geospatial Digital Rights Management Reference Model (GeoDRM RM)
ISO 19153:2014 - Geospatial Digital Rights Management Reference Model (GeoDRM RM) - Page 1 previewISO 19153:2014 - Geospatial Digital Rights Management Reference Model (GeoDRM RM) - Page 2 previewISO 19153:2014 - Geospatial Digital Rights Management Reference Model (GeoDRM RM) - Page 3 previewISO 19153:2014 - Geospatial Digital Rights Management Reference Model (GeoDRM RM) - Page 4 preview
PreviousNext
Standard

ISO 19153:2014 - Geospatial Digital Rights Management Reference Model (GeoDRM RM)

English language
90 pages
sale 15% off
Preview
sale 15% off
Preview
ISO 19153:2015 - BARVE - Page 3 previewISO 19153:2015 - BARVE - Page 1 previewISO 19153:2015 - BARVE - Page 2 previewISO 19153:2015 - BARVE - Page 4 preview
PreviousNext
Standard

ISO 19153:2015 - BARVE

English language
96 pages
Preview
Preview
e-Library read for
1 day
ISO 19153:2014 - Modele de référence pour la gestion numérique des droits d'utilisation de l'information géographique - Page 1 previewISO 19153:2014 - Modele de référence pour la gestion numérique des droits d'utilisation de l'information géographique - Page 2 previewISO 19153:2014 - Modele de référence pour la gestion numérique des droits d'utilisation de l'information géographique - Page 3 previewISO 19153:2014 - Modele de référence pour la gestion numérique des droits d'utilisation de l'information géographique - Page 4 preview
PreviousNext
Standard

ISO 19153:2014 - Modele de référence pour la gestion numérique des droits d'utilisation de l'information géographique

French language
100 pages
sale 15% off
Preview
sale 15% off
Preview

Get Certified

Connect with accredited certification bodies for this standard

BSI Group

BSI (British Standards Institution) is the business standards company that helps organizations make excellence a habit.

UKAS United Kingdom Verified
Visit Website

NYCE

Mexican standards and certification body.

EMA Mexico Verified
Visit Website

Sponsored listings

Frequently Asked Questions

ISO 19153:2014 is a standard published by the International Organization for Standardization (ISO). Its full title is "Geospatial Digital Rights Management Reference Model (GeoDRM RM)". This standard covers: ISO 19153:2014 is a reference model for digital rights management (DRM) functionality for geospatial resources (GeoDRM). As such, it is connected to the general DRM market in that geospatial resources shall be treated as nearly as possible like other resources, such as music, text, or services. It is not the intention to reinvent a market nor the technology that already exists and is thriving, but to make sure that a larger market has access to geospatial resources through a mechanism that it understands and that is similar to and consistent with the ones already in use. ISO 19153:2014 does not replace any previous standards, but it is dependent upon them. Each resource and service standard that exists or will exist becomes a resource description in ISO 19153:2014, and hopefully will be subject to the same protection that is afforded to other resources. This International Standard defines: A conceptual model for digital rights management of geospatial resources, providing a framework and reference for more detailed specification in this area. A metadata model for the expression of rights that associate users to the acts that they can perform against a particular geospatial resource, and associated information used in the enforcement and granting of those rights, such as owner metadata, available rights, and issuer of those rights. Requirements that are placed on rights management systems for the enforcement of those rights. A rights management system shall be necessary and sufficient: it shall implement only those restrictions necessary to enforce the rights defined therein, and it shall be sufficient to enforce those rights. How this is to work conceptually in the larger DRM context to ensure the ubiquity of geospatial resources in the general services market. A resource in this context is a data file, or service for geographic information or process. This abstract descriptive standard builds on and complements the existing standards, and defines at an abstract level a rights model to enable the digital rights management of standards-based geospatial resources. Future GeoDRM standards will be written to implement the concepts defined in ISO 19153:2014.

ISO 19153:2014 is a reference model for digital rights management (DRM) functionality for geospatial resources (GeoDRM). As such, it is connected to the general DRM market in that geospatial resources shall be treated as nearly as possible like other resources, such as music, text, or services. It is not the intention to reinvent a market nor the technology that already exists and is thriving, but to make sure that a larger market has access to geospatial resources through a mechanism that it understands and that is similar to and consistent with the ones already in use. ISO 19153:2014 does not replace any previous standards, but it is dependent upon them. Each resource and service standard that exists or will exist becomes a resource description in ISO 19153:2014, and hopefully will be subject to the same protection that is afforded to other resources. This International Standard defines: A conceptual model for digital rights management of geospatial resources, providing a framework and reference for more detailed specification in this area. A metadata model for the expression of rights that associate users to the acts that they can perform against a particular geospatial resource, and associated information used in the enforcement and granting of those rights, such as owner metadata, available rights, and issuer of those rights. Requirements that are placed on rights management systems for the enforcement of those rights. A rights management system shall be necessary and sufficient: it shall implement only those restrictions necessary to enforce the rights defined therein, and it shall be sufficient to enforce those rights. How this is to work conceptually in the larger DRM context to ensure the ubiquity of geospatial resources in the general services market. A resource in this context is a data file, or service for geographic information or process. This abstract descriptive standard builds on and complements the existing standards, and defines at an abstract level a rights model to enable the digital rights management of standards-based geospatial resources. Future GeoDRM standards will be written to implement the concepts defined in ISO 19153:2014.

ISO 19153:2014 is classified under the following ICS (International Classification for Standards) categories: 35.240.70 - IT applications in science. The ICS classification helps identify the subject area and facilitates finding related standards.

ISO 19153:2014 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.

Standards Content (Sample)


INTERNATIONAL ISO
STANDARD 19153
First edition
2014-02-15
Geospatial Digital Rights Management
Reference Model (GeoDRM RM)
Modèle de référence pour la gestion numérique des droits d’utilisation
de l’information géographique
Reference number
©
ISO 2014
© ISO 2014
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2014 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Conformance . 2
3 Normative references . 2
4 Terms and definitions . 3
5 Conventions . 9
5.1 Abbreviated terms . 9
5.2 UML notation . 9
6 GeoDRM design principles .10
6.1 GeoDRM roadmap .10
6.2 Basics .10
6.3 Flow model of GeoDRM .11
6.4 GeoDRM Gatekeeper .11
6.5 DRM metadata — licence model .15
6.6 Developmental guidelines .16
6.7 The components of managing risk .17
7 GeoDRM enterprise viewpoint and Abstract Rights Model.19
7.1 General .19
7.2 Geospatial resource .19
7.3 GeoLicence extents .19
7.4 GeoLicence expression .21
7.5 GeoLicence creation and enforcement .21
7.6 GeoLicence delegation and management .21
7.7 GeoLicence chaining .22
7.8 GeoLicensing communities .23
7.9 GeoLicensing and resource lineage .25
7.10 Handling GeoLicence violation — and the break-the-glass principle .25
7.11 Automated licence revocation/expiration — need to revoke privilege .26
8 GeoDRM computational viewpoint .26
8.1 Overview — roles and responsibilities .26
8.2 Principals .29
8.3 Resource owner.30
8.4 Agent .30
8.5 Licence broker or licensing agent .30
8.6 Service broker .31
8.7 Service provider .31
8.8 End-user .31
8.9 Licence manager .31
9 Information viewpoint .31
9.1 Overview .31
9.2 User metadata .33
9.3 Properties and patterns .33
9.4 Resource metadata .33
9.5 Licence metadata .34
9.6 Process metadata .44
Annex A (normative) Abstract test suite .45
Annex B (informative) GeoDRM UML model.47
Annex C (informative) Scenarios .82
Annex D (informative) Editor’s notes .88
Bibliography .89
iv © ISO 2014 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/TC 211, Geographic information/Geomatics, jointly
with the Open Geospatial Consortium, Inc. (OGC).
Introduction
To create a marketplace, individuals who own something of value (here a resource) shall have some level
of assurance that they will be able to obtain fair value for its use or purchase. In a digital world, due to
the nature of digital resources and commerce, most digital entities are not sold in the usual sense. When
a user acquires an application, he actually acquires the right to use a copy of the application. Possession
does not equate with ownership, and a system of software and resource licensing has grown up in the
digital world that ensures the following types of things:
— The user can legitimately act upon a resource if he has a corresponding licence for that act.
— The owner will maintain the resource, fixing errors (“bug-fix”) and assuring a guaranteed level of
functionality.
— Optionally, the user can be asked to pay the owner of the resource based upon agreed criteria,
whether that is a one-time fee, a per-machine fee, a usage fee, or some other mechanism stated in
the legal contract or licence between user and owner.
— The user agrees to protect the owner’s rights based on the agreement. This usually means he cannot
backward engineer code or resource, nor redistribute the resource without proper permission.
— The owner agrees to maintain the resource and allow a reasonable access to the users for any fixes
that can be required. Again, the extent or degree of maintenance is stated in the user agreement.
— To create and support a large-scale, open market in geospatial resources, this type of protection is
needed to ensure that a “fair value for work (investment)” ethic can be guaranteed so that suppliers
can be sure of fair return on individual sales, and users can be sure of fair value for purchases of
uses of resources.
This International Standard describes how this is to be done.
This International Standard does not replace any previous ISO or OGC international standards, but it is
dependent upon them. Each resource and service standard that exists or will exist becomes a resource
description in this International Standard, and hopefully will be subject to the same sorts of protection
that are afforded to other digital resources.
vi © ISO 2014 – All rights reserved

INTERNATIONAL STANDARD ISO 19153:2014(E)
Geospatial Digital Rights Management Reference Model
(GeoDRM RM)
1 Scope
This International Standard is a reference model for digital rights management (DRM) functionality for
geospatial resources (GeoDRM). As such, it is connected to the general DRM market in that geospatial
resources must be treated as nearly as possible like other resources, such as music, text, or services.
This International Standard defines:
— A conceptual model for digital rights management of geospatial resources, providing a framework
and reference for more detailed specification in this area.
— A metadata model for the expression of rights that associate users to the acts that they can perform
against a particular geospatial resource, and associated information used in the enforcement and
granting of those rights, such as owner metadata, available rights, and issuer of those rights.
— Requirements that are placed on rights management systems for the enforcement of those rights.
NOTE A rights management system must be necessary and sufficient: it must implement only those
restrictions necessary to enforce the rights defined therein, and it must be sufficient to enforce those rights.
— How this is to work conceptually in the larger DRM context to ensure the ubiquity of geospatial
resources in the general services market.
A resource in this context is a data file, or service for geographic information or process.
This abstract descriptive International Standard builds on and complements the existing standards, and
defines at an abstract level a rights model to enable the digital rights management of standards-based
geospatial resources. Future GeoDRM standards will be written to implement the concepts defined in
this International Standard.
GeoDRM Reference Model
GeoDRM Implementation Specs
Implementation Specs
Common Platforms
Geographic Reference Model
ISO Open Distributed Processing
Figure 1 — GeoDRM reference model context
Figure 1 shows a simplified view of how this International Standard, the Geospatial Digital Rights
Management Reference Model (indicated in grey), relates to the ISO Open Distributed Processing
standard, OGC Reference Model, and OWS Common initiative. The purpose of this International Standard
is to define the conceptual framework and rights model for the future GeoDRM Implementation
Standards, which will enable the digital rights management of geospatial resources.
This International Standard is not intended to delve into questions of morals, ethics, market model, or
implementations any further than is necessary to express requirements against rights management
functionalities and systems.
2 Conformance
Because the normative nature of a reference model is embedded in its “reference” description of the
semantics of the environment which it describes, the central requirement of this International Standard
is:
Any standard or implementation conformant to this International Standard shall be consistent with
the semantics described within this International Standard or within the normative references of
this International Standard.
Conformance with this specification shall be checked using tests specified in Annex A. Conformance
classes for this International Standard are
— alignment of rights expression to the abstract rights model,
— expression for applicability of rights for geospatial resources, and
— enforcement of rights for geospatial resources.
Resources that are augmented by GeoDRM licence metadata will be referred to as GeoDRM extended or
enabled resources. Processing resources that have met the requirements to maintain GeoDRM resource
and enforce the licensing procedures shall be referred to as GeoDRM enabled.
This is a complex subject, and Annexes B to D are informative annexes that aid in understanding the
normative specification of the rights expression language.
3 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO 2382-6, Information processing systems — Vocabulary — Part 6: Preparation and handling of data
ISO/IEC 15408, Information technology — Security techniques — Evaluation for IT security
1)
ISO/IEC 21000 (all parts), Information technology — Multimedia framework (MPEG-21)
ISO/IEC 21000-5, Information technology — Multimedia framework (MPEG-21) — Part 5: Rights Expression
Language
1) The MPEG 21 (ISO/IEC 21000) standard is a work in progress. It will eventually have at least 14 parts. Only
the first few are available now. The intent is to eventually incorporate as much of ISO/IEC 21000 as appropriate in
this International Standard in order to assure interoperability of geospatial resource DRM with that used for other
multimedia information.
2 © ISO 2014 – All rights reserved

4 Terms and definitions
For the purposes of this document, the terms and definitions in ISO 2382-6 and ISO/IEC 15408 and the
following apply.
NOTE If a term is not defined in this document, it will take the definition supplied in their original context
in the last reference in the following list in which it occurs, or, if still undefined, its usual English [Oxford English
Dictionary (OED) or Webster] definition.
— ISO 2382-6 for common processing terms such as read, write, copy, duplicate, input, output, collection,
acquisition, transform, convert, encode, decode, search, index, edit, and extract.
— ISO/IEC 15408 for common information technology (IT) security terms such as authentication resource,
authorized user, identity, security attribute, security policy, and trusted channel.
[13]
— OWS Common Implementation Specification [OGC 05-008 ].
[14]
— OGC Glossary for terms and examples specifically related to OGC standardized web services.
[8]
— RM-ODP for system modelling terms such as the enterprise, computational, and information viewpoints.
[19] [15]
— ODRL, OMA DRM REL, and ISO/IEC 21000 for terms specific to rights expressions languages, such as
principal, licence, right, grant, condition, and resource.
Terms that are repeatedly defined in these resources shall assume the definition supplied here in the context of
GeoDRM.
4.1
access control
combination of authentication (4.4) and authorization (4.5)
4.2
agency
legal relationship of a person (called the agent [4.3]) who acts on behalf of another person, company, or
government (called the principal [4.35])
4.3
agent
one who acts on behalf of another
4.4
authentication
verification that a potential partner in a conversation is capable of representing a person or organization
[SOURCE: W3C, Web Services Glossary]
4.5
authorization
determination whether a subject is allowed to have the specified types of access to a particular resource
(4.40)
Note 1 to entry: Usually, authorization is in the context of authentication (4.4). Once a subject is authenticated, it
can be authorized to perform different types of access.
4.6
bypass
mechanism to defeat the purpose of a subsystem by avoiding its invocation
[SOURCE: W3C, Web Services Glossary]
Note 1 to entry: Security systems are bypassed usually by using security faults in the operating system. Such
infringements (4.21 and 4.22) are more an aspect of the operating system than of the security system. To correct
this, the relationship between the security system and the operating system shall be modified to prevent bypass
mechanisms.
4.7
chain of agency
sequence of agency (4.2) where the agent (4.3) in each relationship is the principal (4.35) of the next in
the chain
Note 1 to entry: A chain of agency, with the proper agreements at each step creates a transitive agency between
the agent of the first link and the principal of the last. This chain can be spoken of in either direction, either as
“principal → agent = principal → agent” (normal or granting order) or “agent → principal = agent → principal”
(reverse, acceptance, verification, or tracing order).
4.8
chain of licence
sequence of licences (4.26) that traces a chain of agency (4.7), where a licence is granted at each link of the
chain, allowing the agent (4.3) at that link to act as the principal (4.35) in the next
Note 1 to entry: As with the chain of agency, this chain can be spoken of in either direction.
4.9
contract
agreement between two or more principals (4.35) that creates in each principal a duty to do or not do
something and a right to performance of the other’s duty or a remedy for the breach of the other’s duty
[SOURCE: FindLaw, modified]
4.10
copyleft
licence (4.26) that accompanies some open source software that details how the software and its
accompanying source code can be freely copied, distributed, and modified
Note 1 to entry: A copyleft is a form of general public licence (4.15).
4.11
digital licence
document or its representation that specifies the rights (4.42) granted to a particular user or organization
with respect to a specific content or group of content
Note 1 to entry: The core concept in DRM (4.12) is the use of digital licences. Instead of buying the digital
content, the consumer purchases a licence (4.26) granting certain rights with respect to the content. A licence
is the mechanism by which a rights holder (4.43) conveys rights to another party (4.35), such as a consumer or
distributor.
4.12
digital rights management
DRM
packaging, distributing, controlling, and tracking content based on rights (4.42) and licensing information
Note 1 to entry: DRM covers a much broader spectrum of capabilities and underlying technologies supporting
description, identification, trading, protecting, monitoring, and tracking of all forms of rights usages for both
tangible and intangible (electronic) assets, including the management of rights-holders relationships. See,
for example, Reference [5]. “Digital” refers to the material over which the rights exist. “Rights” applies to the
Intellectual Property rights linked to the material. “Management” covers both the defining of policy and enforcing
that policy in such a way that rights are respected. The ultimate goal of a distributed DRM system is for content
authors to be able to project policies governing their content into remote environments with confidence that
[12]
those policies will be respected by the remote nodes. For the purposes of this International Standard, DRM
is taken to mean technology that enables the secure distribution (and where appropriate, sale) of digital media
[26]
content on the Internet.
4.13
expected risk
expected value (statistics) of loss
Note 1 to entry: Expected risk (4.45) is calculated by multiplying the probability of the types of infringement (4.21
and 4.22) by the cost of that infringement, summed up over all types of infringement.
4 © ISO 2014 – All rights reserved

4.14
fair use
uses of content that are considered valid defences to copyright infringement (4.21 and 4.22), such as for
criticism or educational purposes
[SOURCE: U.S. legal term derived from Title 17 of the United States Code, Section 107]
Note 1 to entry: Fair use is based on case-law precedents derived from general principles. The term is often
misapplied to refer to the reasonable expectations of consumers to be able to use purchased content on all owned
[29]
devices.
4.15
general public licence
GPL
licence (4.26) containing rights (4.42) accorded to the general public without an existing agreement
Note 1 to entry: GPLs can be granted by the owner (4.34) of a resource (4.40) or can be applied to a resource by
law, usually as part of the copyright law. The most obvious GPL concept is fair use (4.14) in the United States for
copyrighted material. Other GPL rights can be demanded by the source of the resource or other “public good”
considerations.
Note 2 to entry: The most widespread use of GPL is in reference to the GNU GPL, which is commonly abbreviated
simply as GPL when it is understood that the term refers to the GNU GPL. One of the basic tenets of the GPL is that
anyone who acquires the material shall make it available to anyone else under the same licensing agreement. The
GPL does not cover activities other than the copying, distributing, and modifying of the source code. A GPL is also
[29]
referred to as a copyleft (4.10), in contrast to a copyright, which identifies the proprietary rights of material.
4.16
GeoDRM enabled
capable of maintaining GeoDRM extended (4.17)resources (4.40) and enforcing GeoDRM defined rights
(4.42) and protections (4.38)
Note 1 to entry: Applied to processing resources.
4.17
GeoDRM extended (applied to resources)
associated to GeoDRM metadata indicating types of licences (4.26) that apply
4.18
GeoLicence
licence (4.26) related to geoinformation
4.19
GeoLicence resolution
settling or resolving the status of a GeoLicence (4.18)
4.20
GeoLicence infringement
act or an instance of the unauthorized access or use of protected, copyrighted, or patented material or
of a trademark, trade name, or trade dress
[SOURCE: FindLaw, modified]
4.21
infringement (of a licence)
act of a principal (4.35) contrary to rights (4.42) granted to that principal on a resource (4.40)
Note 1 to entry: Infringement of a licence (4.26) will require the DRM (4.12) system to be bypassed in some manner.
If licences can be infringed without bypassing the DRM system, then the system is not sufficient (4.48).
4.22
infringement (of a right)
prevention of an act of a principal (4.35) consistent with rights (4.42) granted to that principal on a
resource (4.40)
Note 1 to entry: Infringement of a right is a fault in the DRM (4.12) system. If rights can be infringed without
bypassing the DRM system, then the system is not properly restricted to that which is necessary (4.33).
4.23
joint ownership
ownership by two or more persons each having undivided shares in the property as a whole
[SOURCE: FindLaw, modified]
Note 1 to entry: In this case, the principal (4.35) as owner (4.34) is a principal group, i.e. a group of other principals.
4.24
lease
allowing the resource (4.40) to be made available for a fixed period of time then returned
Note 1 to entry: During this period, the resource is only available to the lessee. Temporal constraints are required
for downstream use.
4.25
lend
lease (4.24) without exchange of value
4.26
licence
representation of grants that convey to principals (4.35) the rights (4.42) to use specified resources (4.40)
subject to specified conditions
[SOURCE: XrML 2.0 specification, part 5, modified]
Note 1 to entry: A licence represents, but is not, a contract (4.9) that grants a party (4.35) explicit rights to use
Intellectual Property.
4.27
licence extents
scope or applicability of a licence (4.26)
Note 1 to entry: The extent can be described in spatial, temporal, or any other parameter range appropriate to the
rights (4.42) described in the licence.
4.28
licence manager
application that tracks licences (4.26) available within an organization and coordinates the issuing of
these licences to requesting clients
[SOURCE: New Concepts In BASIS Licensing, modified]
4.29
licensee
one to whom a licence (4.26) is given
[SOURCE: FindLaw]
4.30
licensing agent
principal (4.35) authorized to act on behalf of and under the control of another in dealing with third
parties in the context of issuing licences (4.26) for specified resources (4.40)
[SOURCE: Derived from FindLaw for “agent”]
6 © ISO 2014 – All rights reserved

4.31
licensor
issuer of a licence (4.26)
[SOURCE: FindLaw, modified]
Note 1 to entry: The licensor is a content owner (4.34) or a licensing agent (4.30).
4.32
map
portrayal of geographic information as a digital image file suitable for display on a computer screen
[SOURCE: ISO 19128:2005, 4.7]
Note 1 to entry: A map is not the resource (4.40) itself. A Web Map Service (WMS) produces maps of georeferenced
resource. Therefore, a WMS can provide many different representations of the same underlying geoinformation.
4.33
necessary
capable of recognizing and properly acting upon all legitimate requests, as defined by the requirements
of the system
Note 1 to entry: All aspects of a DRM (4.12) system are necessary if they do not prevent legitimate requests from
execution.
4.34
owner
one with an interest in and dominion over content as a) “legal owner” in this entry, b) one with the right
(4.42) to exclusive use, control, or possession of content, c) a purchaser under a contract (4.9) for the sale
of real content
[SOURCE: FindLaw, modified]
4.35
party
principal
person or organization that plays a role in a rights (4.42)transaction (4.49)
Note 1 to entry: These two terms are used as near synonyms from ORDL and ISO 21000. There will be no distinction
between these two terms made here, but there can be distinctions in legal documents depending on local laws.
EXAMPLE In some legal traditions, “party” refers to person in a legal dispute, while “principal” can be the
entity initiating a contract (4.9), such as an agency (4.2).
4.36
payment provider
party (4.35) that has an established billing relation with a consumer
Note 1 to entry: Payment providers can be telephone and cellular companies, banks, credit card corporations, ISPs,
network operators, and utility companies. The payment provider bills the consumer, deducts a fee, and forwards
the payment to the content provider. The payment provider is thus responsible for the balancing of accounts.
4.37
persistent protection mechanism
protection (4.38) mechanism that remains in force regardless of where the content of the original
resource (4.40) is located or reproduced
Note 1 to entry: Persistent protection mechanisms involve authentication (4.4), authorization (4.5), and encryption
technologies for effectively locking digital contents and limiting distribution to those who pay.
4.38
protection
aspect of the system that lowers the capability of a party (4.35) to commit infringement (4.21 and 4.22)
4.39
provenance
information on the place and time of origin or derivation or a resource (4.40) or a record or proof of
authenticity or of past ownership
4.40
resource
entity that is protected by a licence (4.26)
Note 1 to entry: In general, a resource is data, metadata (a type of data describing other resources), or some
service or process that can be invoked on other resources. Licences describe rights (4.42) on resources and, as
such, are resources in themselves.
4.41
remediation
act or process of correcting a fault or deficiency
Note 1 to entry: Remediation allows more trust (4.50) because it lowers expected risk (4.13). The first act in a
remediation sequence is detection of the fault.
4.42
right
permission to act that makes a party (4.35) entitled to act with respect to all or part of a
specified resource (4.40) under the terms of the license
[SOURCE: ISO/IEC 21000-5, modified]
Note 1 to entry: A right specifies an action (or activity) or a class of actions that a principal (4.35) can perform on
or using the associated resource. A right is essentially a legally recognized entitlement to do something to or with
the content of a resource.
4.43
rights holder
principal (4.35) that owns the right (4.42) to license rights to a resource (4.40)
Note 1 to entry: Rights can be by law (copyright), by agreement, or by contract (4.9) [the licence (4.26) agreement].
In the case of digital commerce, DRM (4.12) ensures that licences are adhered to, and that rights holders are
compensated as appropriate for each transaction (4.49). Agents (4.3) of the original rights holder can also issue
licences, but their ability is only under the agency (4.2) contract to the original principal.
4.44
rights management
tracking and controlling the use of content, rights (4.42), licences (4.26), and associated
information
[SOURCE: See Bibliography reference 18, modified]
4.45
risk
value of what can be lost if infringement (4.21 and 4.22) occurs
4.46
sublicence
licence (4.26) granted by the original licensee (4.29) to a third party (4.35) under the grants and condition
of the original licence granted to the original licensee by his licensor (4.31)
[SOURCE: Derived from Palmer & Dodge, LLP; (FindLaw)]
Note 1 to entry: This is essentially the right (4.42) to loan one’s licence to another principal (4.35).
4.47
sublicensee
principal (4.35) granted a sublicence (4.46)
8 © ISO 2014 – All rights reserved

4.48
sufficient
capable of enforcing the requirements of a system
Note 1 to entry: A sufficient DRM (4.12) system would have to be bypassed if an infringement (4.21 and 4.22)
would be possible. Proof of sufficiency can be difficult because it can be dependent on an “attack model”, which
describes the sorts of attacks to which the system is immune.
4.49
transaction
set of actions joined into the same unit of work, such that the actions either succeed or fail as a unit
[SOURCE: Web Services Glossary, modified]
4.50
trust
sum total of all mitigating factors with respect to a particular licensee (4.29) that reduces expected risk
(4.13)
Note 1 to entry: Trust allows the owner (4.34) [or his agent (4.3)] to act with a higher potential risk (4.45) because
the expected risk has been lowered. This is slightly different from the plain language of trust. Normally, trust
requires something, but if the principal (4.35) at risk decides that no risk exists, then trust exists (in the sense
here) because risk has been reduced, whatever the reason.
5 Conventions
5.1 Abbreviated terms
Abbreviated terms found in the references used in Clause 4 apply to this International Standard, plus
the following abbreviated terms.
API Application Program Interface
DCE Distributed Computing Environment
DRM Digital Rights Management
GeoDRM Geospatial Digital Rights Management
GI Geographic Information (services/systems) as an extension of IT
GPL General Public License
IDL Interface Definition Language
IT Information Technology
ODRL Open Digital Rights Language
REL Rights Expression Language
SDI Spatial Data Infrastructure (a distributed information system for geographic data)
UML Unified Modeling Language
5.2 UML notation
Diagrams that appear in this International Standard as conceptual models of software and information
systems are presented using the Unified Modeling Language, version 2.0 (UML 2.0), as described in
ISO/IEC 15901 and the follow-up OMG specifications.
6 GeoDRM design principles
6.1 GeoDRM roadmap
In order to support GeoDRM-enabled licensing of geographic information, as it can be available offline
or online in a Spatial Data Infrastructure (SDI), different functionalities can be identified as necessary.
Bundling a certain set of functionalities into a function package allows defining (i) the interfaces
between the packages to ensure interoperability and (ii) the responsibilities for each package to return
the expected result upon a given request. The following is a list of possible packages.
Rights model: The definition of an abstract rights model is the topic of this International Standard.
It defines the basis for developing a geo-specific Rights Expression Language (REL) as well as other
specifications necessary to establish a GeoDRM-enabled SDI. Basic definitions and concepts are defined
in the ISO 21000 series of standards, especially in ISO/IEC/TR 21000-1.
— Rights Expression Language (REL): This package provides the capabilities to express usage
rights in the form of a machine-readable and machine-processable representation. The definition
of a geo-specific Rights Expression Language is not part of this International Standard, but is to be
defined upon the rights model declared in this International Standard. The basic requirements and
operational semantics of a REL are defined in ISO/IEC 21000-5.
— Encryption: This package includes the required functionality to protect a GeoDRM-enabled SDI
against fraud. First, encryption enables the protection of a licence so that it cannot be modified
by an adversary in order to obtain additional rights. Second, encryption is also useful to protect
the digital geographic content against unlicensed use. An example from the music industry exists,
where the encrypted music file can only be decrypted (and played) by a certified software or
hardware device. Because security and trust are not geo-specific, no standardization is required
specific to this type of data. Standard encryption methods suffice and is not dependent (in modern
mechanisms) on data type.
— Trust: Every type of business relationship that has been represented in an electronic way needs
a mechanism to differentiate between reliable and unreliable partners. In that sense, trust tells
a relying partner that the other behaves in a certain predictable (loyal) way. One mechanism to
establish trust between entities in a service-oriented architecture (SOA) can be done by adding
authenticity information on the digital content that is being exchanged between the partners. This
mechanism, typically called a digital signature, is not geo-specific and therefore is not a relevant
topic for standardization by ISO/TC 211.
— Licence verification: This package defines the functionality that is required to validate a licence.
The licence verification has to occur before the rights of the licence can be enforced. Because
document authentication is not geo-specific, it is not a topic for standardization by ISO/TC 211.
— Enforcement and authorization: The rights expressed in a GeoLicence need to be enforced. In this
International Standard, this package functionality is represented by the “Gatekeeper” metaphor
(see Figure 2). The acceptance or denial decision for a particular request (with its associated
licences) is based on the authorization decision, as it is derived by the authorization engine. Because
enforcement and authorization is geo-specific, the appropriate standardization is an upcoming
work to be based on this International Standard.
— Authentication: The basic requirement for trust, licence verification, and enforcement/authorization
is proof of identity, as it is provided by the functionality of this package. Different International
Standards, which define how to enable this functionality, exist. Because authentication is not geo-
specific, it is not a topic for standardization by ISO/TC 211.
6.2 Basics
First, DRM is a metadata-tracking problem. Both resources and principals are associated with
descriptions (metadata) and those descriptions shall be tracked and matched for the controlled actions
10 © ISO 2014 – All rights reserved

to proceed. The resource metadata is the resource identity and description and the principal metadata
is the set of licences the user has or has access to.
Second, DRM is an enforcement problem. Once identity and licences have been checked, the results enter
into the stage where the principal wishes to take action with respect to that resource. The DRM system
controls the scope of those actions to a degree determined by the design of the system. This “degree of
control” is a measure of trust. The more the principals can be trusted, the less control is needed. In a
zero or negative trust (distrust) environment, the control can be great and become critical for protection
against malicious or licence-inconsistent acts of users.
6.3 Flow model of GeoDRM
In describing the acts on resources, consider the directed graphs, where each arrow in the graph is a
triple consisting of
— a set of one or more input resources (the start point of the arrow),
— an act (the arrow), and
— a set of zero or more of output resources (the end point of the arrow).
For example, the act of applying a WMS.GetMap to a feature collection to derive a (raster) map would be
represented as follows:
WMSG. etMap
FeatureCollectionM→ Image ap
If the act is to apply a licensable process resource to a licensable data resource, then the input resources
are the process resource and data resource, the act is to execute the process against the data, and the
output is the results of the act. If the result is not licensable, then the last part of the triple can be NULL
or empty. For the example above, the user would need to have
...


SLOVENSKI STANDARD
01-februar-2015
5HIHUHQþQLPRGHO]DXSUDYOMDQMHJHRSURVWRUVNLKGLJLWDOQLKDYWRUVNLKSUDYLF
*HR'50
Geospatial Digital Rights Management Reference Model (GeoDRM RM)
Modèle de référence de la gestion des droits numériques des données géographiques
Ta slovenski standard je istoveten z: ISO 19153:2014
ICS:
07.040 Astronomija. Geodezija. Astronomy. Geodesy.
Geografija Geography
35.240.70 Uporabniške rešitve IT v IT applications in science
znanosti
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

INTERNATIONAL ISO
STANDARD 19153
First edition
2014-02-15
Geospatial Digital Rights Management
Reference Model (GeoDRM RM)
Modèle de référence pour la gestion numérique des droits d’utilisation
de l’information géographique
Reference number
©
ISO 2014
© ISO 2014
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2014 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Conformance . 2
3 Normative references . 2
4 Terms and definitions . 3
5 Conventions . 9
5.1 Abbreviated terms . 9
5.2 UML notation . 9
6 GeoDRM design principles .10
6.1 GeoDRM roadmap .10
6.2 Basics .10
6.3 Flow model of GeoDRM .11
6.4 GeoDRM Gatekeeper .11
6.5 DRM metadata — licence model .15
6.6 Developmental guidelines .16
6.7 The components of managing risk .17
7 GeoDRM enterprise viewpoint and Abstract Rights Model.19
7.1 General .19
7.2 Geospatial resource .19
7.3 GeoLicence extents .19
7.4 GeoLicence expression .21
7.5 GeoLicence creation and enforcement .21
7.6 GeoLicence delegation and management .21
7.7 GeoLicence chaining .22
7.8 GeoLicensing communities .23
7.9 GeoLicensing and resource lineage .25
7.10 Handling GeoLicence violation — and the break-the-glass principle .25
7.11 Automated licence revocation/expiration — need to revoke privilege .26
8 GeoDRM computational viewpoint .26
8.1 Overview — roles and responsibilities .26
8.2 Principals .29
8.3 Resource owner.30
8.4 Agent .30
8.5 Licence broker or licensing agent .30
8.6 Service broker .31
8.7 Service provider .31
8.8 End-user .31
8.9 Licence manager .31
9 Information viewpoint .31
9.1 Overview .31
9.2 User metadata .33
9.3 Properties and patterns .33
9.4 Resource metadata .33
9.5 Licence metadata .34
9.6 Process metadata .44
Annex A (normative) Abstract test suite .45
Annex B (informative) GeoDRM UML model.47
Annex C (informative) Scenarios .82
Annex D (informative) Editor’s notes .88
Bibliography .89
iv © ISO 2014 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/TC 211, Geographic information/Geomatics, jointly
with the Open Geospatial Consortium, Inc. (OGC).
Introduction
To create a marketplace, individuals who own something of value (here a resource) shall have some level
of assurance that they will be able to obtain fair value for its use or purchase. In a digital world, due to
the nature of digital resources and commerce, most digital entities are not sold in the usual sense. When
a user acquires an application, he actually acquires the right to use a copy of the application. Possession
does not equate with ownership, and a system of software and resource licensing has grown up in the
digital world that ensures the following types of things:
— The user can legitimately act upon a resource if he has a corresponding licence for that act.
— The owner will maintain the resource, fixing errors (“bug-fix”) and assuring a guaranteed level of
functionality.
— Optionally, the user can be asked to pay the owner of the resource based upon agreed criteria,
whether that is a one-time fee, a per-machine fee, a usage fee, or some other mechanism stated in
the legal contract or licence between user and owner.
— The user agrees to protect the owner’s rights based on the agreement. This usually means he cannot
backward engineer code or resource, nor redistribute the resource without proper permission.
— The owner agrees to maintain the resource and allow a reasonable access to the users for any fixes
that can be required. Again, the extent or degree of maintenance is stated in the user agreement.
— To create and support a large-scale, open market in geospatial resources, this type of protection is
needed to ensure that a “fair value for work (investment)” ethic can be guaranteed so that suppliers
can be sure of fair return on individual sales, and users can be sure of fair value for purchases of
uses of resources.
This International Standard describes how this is to be done.
This International Standard does not replace any previous ISO or OGC international standards, but it is
dependent upon them. Each resource and service standard that exists or will exist becomes a resource
description in this International Standard, and hopefully will be subject to the same sorts of protection
that are afforded to other digital resources.
vi © ISO 2014 – All rights reserved

INTERNATIONAL STANDARD ISO 19153:2014(E)
Geospatial Digital Rights Management Reference Model
(GeoDRM RM)
1 Scope
This International Standard is a reference model for digital rights management (DRM) functionality for
geospatial resources (GeoDRM). As such, it is connected to the general DRM market in that geospatial
resources must be treated as nearly as possible like other resources, such as music, text, or services.
This International Standard defines:
— A conceptual model for digital rights management of geospatial resources, providing a framework
and reference for more detailed specification in this area.
— A metadata model for the expression of rights that associate users to the acts that they can perform
against a particular geospatial resource, and associated information used in the enforcement and
granting of those rights, such as owner metadata, available rights, and issuer of those rights.
— Requirements that are placed on rights management systems for the enforcement of those rights.
NOTE A rights management system must be necessary and sufficient: it must implement only those
restrictions necessary to enforce the rights defined therein, and it must be sufficient to enforce those rights.
— How this is to work conceptually in the larger DRM context to ensure the ubiquity of geospatial
resources in the general services market.
A resource in this context is a data file, or service for geographic information or process.
This abstract descriptive International Standard builds on and complements the existing standards, and
defines at an abstract level a rights model to enable the digital rights management of standards-based
geospatial resources. Future GeoDRM standards will be written to implement the concepts defined in
this International Standard.
GeoDRM Reference Model
GeoDRM Implementation Specs
Implementation Specs
Common Platforms
Geographic Reference Model
ISO Open Distributed Processing
Figure 1 — GeoDRM reference model context
Figure 1 shows a simplified view of how this International Standard, the Geospatial Digital Rights
Management Reference Model (indicated in grey), relates to the ISO Open Distributed Processing
standard, OGC Reference Model, and OWS Common initiative. The purpose of this International Standard
is to define the conceptual framework and rights model for the future GeoDRM Implementation
Standards, which will enable the digital rights management of geospatial resources.
This International Standard is not intended to delve into questions of morals, ethics, market model, or
implementations any further than is necessary to express requirements against rights management
functionalities and systems.
2 Conformance
Because the normative nature of a reference model is embedded in its “reference” description of the
semantics of the environment which it describes, the central requirement of this International Standard
is:
Any standard or implementation conformant to this International Standard shall be consistent with
the semantics described within this International Standard or within the normative references of
this International Standard.
Conformance with this specification shall be checked using tests specified in Annex A. Conformance
classes for this International Standard are
— alignment of rights expression to the abstract rights model,
— expression for applicability of rights for geospatial resources, and
— enforcement of rights for geospatial resources.
Resources that are augmented by GeoDRM licence metadata will be referred to as GeoDRM extended or
enabled resources. Processing resources that have met the requirements to maintain GeoDRM resource
and enforce the licensing procedures shall be referred to as GeoDRM enabled.
This is a complex subject, and Annexes B to D are informative annexes that aid in understanding the
normative specification of the rights expression language.
3 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO 2382-6, Information processing systems — Vocabulary — Part 6: Preparation and handling of data
ISO/IEC 15408, Information technology — Security techniques — Evaluation for IT security
1)
ISO/IEC 21000 (all parts), Information technology — Multimedia framework (MPEG-21)
ISO/IEC 21000-5, Information technology — Multimedia framework (MPEG-21) — Part 5: Rights Expression
Language
1) The MPEG 21 (ISO/IEC 21000) standard is a work in progress. It will eventually have at least 14 parts. Only
the first few are available now. The intent is to eventually incorporate as much of ISO/IEC 21000 as appropriate in
this International Standard in order to assure interoperability of geospatial resource DRM with that used for other
multimedia information.
2 © ISO 2014 – All rights reserved

4 Terms and definitions
For the purposes of this document, the terms and definitions in ISO 2382-6 and ISO/IEC 15408 and the
following apply.
NOTE If a term is not defined in this document, it will take the definition supplied in their original context
in the last reference in the following list in which it occurs, or, if still undefined, its usual English [Oxford English
Dictionary (OED) or Webster] definition.
— ISO 2382-6 for common processing terms such as read, write, copy, duplicate, input, output, collection,
acquisition, transform, convert, encode, decode, search, index, edit, and extract.
— ISO/IEC 15408 for common information technology (IT) security terms such as authentication resource,
authorized user, identity, security attribute, security policy, and trusted channel.
[13]
— OWS Common Implementation Specification [OGC 05-008 ].
[14]
— OGC Glossary for terms and examples specifically related to OGC standardized web services.
[8]
— RM-ODP for system modelling terms such as the enterprise, computational, and information viewpoints.
[19] [15]
— ODRL, OMA DRM REL, and ISO/IEC 21000 for terms specific to rights expressions languages, such as
principal, licence, right, grant, condition, and resource.
Terms that are repeatedly defined in these resources shall assume the definition supplied here in the context of
GeoDRM.
4.1
access control
combination of authentication (4.4) and authorization (4.5)
4.2
agency
legal relationship of a person (called the agent [4.3]) who acts on behalf of another person, company, or
government (called the principal [4.35])
4.3
agent
one who acts on behalf of another
4.4
authentication
verification that a potential partner in a conversation is capable of representing a person or organization
[SOURCE: W3C, Web Services Glossary]
4.5
authorization
determination whether a subject is allowed to have the specified types of access to a particular resource
(4.40)
Note 1 to entry: Usually, authorization is in the context of authentication (4.4). Once a subject is authenticated, it
can be authorized to perform different types of access.
4.6
bypass
mechanism to defeat the purpose of a subsystem by avoiding its invocation
[SOURCE: W3C, Web Services Glossary]
Note 1 to entry: Security systems are bypassed usually by using security faults in the operating system. Such
infringements (4.21 and 4.22) are more an aspect of the operating system than of the security system. To correct
this, the relationship between the security system and the operating system shall be modified to prevent bypass
mechanisms.
4.7
chain of agency
sequence of agency (4.2) where the agent (4.3) in each relationship is the principal (4.35) of the next in
the chain
Note 1 to entry: A chain of agency, with the proper agreements at each step creates a transitive agency between
the agent of the first link and the principal of the last. This chain can be spoken of in either direction, either as
“principal → agent = principal → agent” (normal or granting order) or “agent → principal = agent → principal”
(reverse, acceptance, verification, or tracing order).
4.8
chain of licence
sequence of licences (4.26) that traces a chain of agency (4.7), where a licence is granted at each link of the
chain, allowing the agent (4.3) at that link to act as the principal (4.35) in the next
Note 1 to entry: As with the chain of agency, this chain can be spoken of in either direction.
4.9
contract
agreement between two or more principals (4.35) that creates in each principal a duty to do or not do
something and a right to performance of the other’s duty or a remedy for the breach of the other’s duty
[SOURCE: FindLaw, modified]
4.10
copyleft
licence (4.26) that accompanies some open source software that details how the software and its
accompanying source code can be freely copied, distributed, and modified
Note 1 to entry: A copyleft is a form of general public licence (4.15).
4.11
digital licence
document or its representation that specifies the rights (4.42) granted to a particular user or organization
with respect to a specific content or group of content
Note 1 to entry: The core concept in DRM (4.12) is the use of digital licences. Instead of buying the digital
content, the consumer purchases a licence (4.26) granting certain rights with respect to the content. A licence
is the mechanism by which a rights holder (4.43) conveys rights to another party (4.35), such as a consumer or
distributor.
4.12
digital rights management
DRM
packaging, distributing, controlling, and tracking content based on rights (4.42) and licensing information
Note 1 to entry: DRM covers a much broader spectrum of capabilities and underlying technologies supporting
description, identification, trading, protecting, monitoring, and tracking of all forms of rights usages for both
tangible and intangible (electronic) assets, including the management of rights-holders relationships. See,
for example, Reference [5]. “Digital” refers to the material over which the rights exist. “Rights” applies to the
Intellectual Property rights linked to the material. “Management” covers both the defining of policy and enforcing
that policy in such a way that rights are respected. The ultimate goal of a distributed DRM system is for content
authors to be able to project policies governing their content into remote environments with confidence that
[12]
those policies will be respected by the remote nodes. For the purposes of this International Standard, DRM
is taken to mean technology that enables the secure distribution (and where appropriate, sale) of digital media
[26]
content on the Internet.
4.13
expected risk
expected value (statistics) of loss
Note 1 to entry: Expected risk (4.45) is calculated by multiplying the probability of the types of infringement (4.21
and 4.22) by the cost of that infringement, summed up over all types of infringement.
4 © ISO 2014 – All rights reserved

4.14
fair use
uses of content that are considered valid defences to copyright infringement (4.21 and 4.22), such as for
criticism or educational purposes
[SOURCE: U.S. legal term derived from Title 17 of the United States Code, Section 107]
Note 1 to entry: Fair use is based on case-law precedents derived from general principles. The term is often
misapplied to refer to the reasonable expectations of consumers to be able to use purchased content on all owned
[29]
devices.
4.15
general public licence
GPL
licence (4.26) containing rights (4.42) accorded to the general public without an existing agreement
Note 1 to entry: GPLs can be granted by the owner (4.34) of a resource (4.40) or can be applied to a resource by
law, usually as part of the copyright law. The most obvious GPL concept is fair use (4.14) in the United States for
copyrighted material. Other GPL rights can be demanded by the source of the resource or other “public good”
considerations.
Note 2 to entry: The most widespread use of GPL is in reference to the GNU GPL, which is commonly abbreviated
simply as GPL when it is understood that the term refers to the GNU GPL. One of the basic tenets of the GPL is that
anyone who acquires the material shall make it available to anyone else under the same licensing agreement. The
GPL does not cover activities other than the copying, distributing, and modifying of the source code. A GPL is also
[29]
referred to as a copyleft (4.10), in contrast to a copyright, which identifies the proprietary rights of material.
4.16
GeoDRM enabled
capable of maintaining GeoDRM extended (4.17)resources (4.40) and enforcing GeoDRM defined rights
(4.42) and protections (4.38)
Note 1 to entry: Applied to processing resources.
4.17
GeoDRM extended (applied to resources)
associated to GeoDRM metadata indicating types of licences (4.26) that apply
4.18
GeoLicence
licence (4.26) related to geoinformation
4.19
GeoLicence resolution
settling or resolving the status of a GeoLicence (4.18)
4.20
GeoLicence infringement
act or an instance of the unauthorized access or use of protected, copyrighted, or patented material or
of a trademark, trade name, or trade dress
[SOURCE: FindLaw, modified]
4.21
infringement (of a licence)
act of a principal (4.35) contrary to rights (4.42) granted to that principal on a resource (4.40)
Note 1 to entry: Infringement of a licence (4.26) will require the DRM (4.12) system to be bypassed in some manner.
If licences can be infringed without bypassing the DRM system, then the system is not sufficient (4.48).
4.22
infringement (of a right)
prevention of an act of a principal (4.35) consistent with rights (4.42) granted to that principal on a
resource (4.40)
Note 1 to entry: Infringement of a right is a fault in the DRM (4.12) system. If rights can be infringed without
bypassing the DRM system, then the system is not properly restricted to that which is necessary (4.33).
4.23
joint ownership
ownership by two or more persons each having undivided shares in the property as a whole
[SOURCE: FindLaw, modified]
Note 1 to entry: In this case, the principal (4.35) as owner (4.34) is a principal group, i.e. a group of other principals.
4.24
lease
allowing the resource (4.40) to be made available for a fixed period of time then returned
Note 1 to entry: During this period, the resource is only available to the lessee. Temporal constraints are required
for downstream use.
4.25
lend
lease (4.24) without exchange of value
4.26
licence
representation of grants that convey to principals (4.35) the rights (4.42) to use specified resources (4.40)
subject to specified conditions
[SOURCE: XrML 2.0 specification, part 5, modified]
Note 1 to entry: A licence represents, but is not, a contract (4.9) that grants a party (4.35) explicit rights to use
Intellectual Property.
4.27
licence extents
scope or applicability of a licence (4.26)
Note 1 to entry: The extent can be described in spatial, temporal, or any other parameter range appropriate to the
rights (4.42) described in the licence.
4.28
licence manager
application that tracks licences (4.26) available within an organization and coordinates the issuing of
these licences to requesting clients
[SOURCE: New Concepts In BASIS Licensing, modified]
4.29
licensee
one to whom a licence (4.26) is given
[SOURCE: FindLaw]
4.30
licensing agent
principal (4.35) authorized to act on behalf of and under the control of another in dealing with third
parties in the context of issuing licences (4.26) for specified resources (4.40)
[SOURCE: Derived from FindLaw for “agent”]
6 © ISO 2014 – All rights reserved

4.31
licensor
issuer of a licence (4.26)
[SOURCE: FindLaw, modified]
Note 1 to entry: The licensor is a content owner (4.34) or a licensing agent (4.30).
4.32
map
portrayal of geographic information as a digital image file suitable for display on a computer screen
[SOURCE: ISO 19128:2005, 4.7]
Note 1 to entry: A map is not the resource (4.40) itself. A Web Map Service (WMS) produces maps of georeferenced
resource. Therefore, a WMS can provide many different representations of the same underlying geoinformation.
4.33
necessary
capable of recognizing and properly acting upon all legitimate requests, as defined by the requirements
of the system
Note 1 to entry: All aspects of a DRM (4.12) system are necessary if they do not prevent legitimate requests from
execution.
4.34
owner
one with an interest in and dominion over content as a) “legal owner” in this entry, b) one with the right
(4.42) to exclusive use, control, or possession of content, c) a purchaser under a contract (4.9) for the sale
of real content
[SOURCE: FindLaw, modified]
4.35
party
principal
person or organization that plays a role in a rights (4.42)transaction (4.49)
Note 1 to entry: These two terms are used as near synonyms from ORDL and ISO 21000. There will be no distinction
between these two terms made here, but there can be distinctions in legal documents depending on local laws.
EXAMPLE In some legal traditions, “party” refers to person in a legal dispute, while “principal” can be the
entity initiating a contract (4.9), such as an agency (4.2).
4.36
payment provider
party (4.35) that has an established billing relation with a consumer
Note 1 to entry: Payment providers can be telephone and cellular companies, banks, credit card corporations, ISPs,
network operators, and utility companies. The payment provider bills the consumer, deducts a fee, and forwards
the payment to the content provider. The payment provider is thus responsible for the balancing of accounts.
4.37
persistent protection mechanism
protection (4.38) mechanism that remains in force regardless of where the content of the original
resource (4.40) is located or reproduced
Note 1 to entry: Persistent protection mechanisms involve authentication (4.4), authorization (4.5), and encryption
technologies for effectively locking digital contents and limiting distribution to those who pay.
4.38
protection
aspect of the system that lowers the capability of a party (4.35) to commit infringement (4.21 and 4.22)
4.39
provenance
information on the place and time of origin or derivation or a resource (4.40) or a record or proof of
authenticity or of past ownership
4.40
resource
entity that is protected by a licence (4.26)
Note 1 to entry: In general, a resource is data, metadata (a type of data describing other resources), or some
service or process that can be invoked on other resources. Licences describe rights (4.42) on resources and, as
such, are resources in themselves.
4.41
remediation
act or process of correcting a fault or deficiency
Note 1 to entry: Remediation allows more trust (4.50) because it lowers expected risk (4.13). The first act in a
remediation sequence is detection of the fault.
4.42
right
permission to act that makes a party (4.35) entitled to act with respect to all or part of a
specified resource (4.40) under the terms of the license
[SOURCE: ISO/IEC 21000-5, modified]
Note 1 to entry: A right specifies an action (or activity) or a class of actions that a principal (4.35) can perform on
or using the associated resource. A right is essentially a legally recognized entitlement to do something to or with
the content of a resource.
4.43
rights holder
principal (4.35) that owns the right (4.42) to license rights to a resource (4.40)
Note 1 to entry: Rights can be by law (copyright), by agreement, or by contract (4.9) [the licence (4.26) agreement].
In the case of digital commerce, DRM (4.12) ensures that licences are adhered to, and that rights holders are
compensated as appropriate for each transaction (4.49). Agents (4.3) of the original rights holder can also issue
licences, but their ability is only under the agency (4.2) contract to the original principal.
4.44
rights management
tracking and controlling the use of content, rights (4.42), licences (4.26), and associated
information
[SOURCE: See Bibliography reference 18, modified]
4.45
risk
value of what can be lost if infringement (4.21 and 4.22) occurs
4.46
sublicence
licence (4.26) granted by the original licensee (4.29) to a third party (4.35) under the grants and condition
of the original licence granted to the original licensee by his licensor (4.31)
[SOURCE: Derived from Palmer & Dodge, LLP; (FindLaw)]
Note 1 to entry: This is essentially the right (4.42) to loan one’s licence to another principal (4.35).
4.47
sublicensee
principal (4.35) granted a sublicence (4.46)
8 © ISO 2014 – All rights reserved

4.48
sufficient
capable of enforcing the requirements of a system
Note 1 to entry: A sufficient DRM (4.12) system would have to be bypassed if an infringement (4.21 and 4.22)
would be possible. Proof of sufficiency can be difficult because it can be dependent on an “attack model”, which
describes the sorts of attacks to which the system is immune.
4.49
transaction
set of actions joined into the same unit of work, such that the actions either succeed or fail as a unit
[SOURCE: Web Services Glossary, modified]
4.50
trust
sum total of all mitigating factors with respect to a particular licensee (4.29) that reduces expected risk
(4.13)
Note 1 to entry: Trust allows the owner (4.34) [or his agent (4.3)] to act with a higher potential risk (4.45) because
the expected risk has been lowered. This is slightly different from the plain language of trust. Normally, trust
requires something, but if the principal (4.35) at risk decides that no risk exists, then trust exists (in the sense
here) because risk has been reduced, whatever the reason.
5 Conventions
5.1 Abbreviated terms
Abbreviated terms found in the references used in Clause 4 apply to this International Standard, plus
the following abbreviated terms.
API Application Program Interface
DCE Distributed Computing Environment
DRM Digital Rights Management
GeoDRM Geospatial Digital Rights Management
GI Geographic Information (services/systems) as an extension of IT
GPL General Public License
IDL Interface Definition Language
IT Information Technology
ODRL Open Digital Rights Language
REL Rights Expression Language
SDI Spatial Data Infrastructure (a distributed information system for geographic data)
UML Unified Modeling Language
5.2 UML notation
Diagrams that appear in this International Standard as conceptual models of software and information
systems are presented using the Unified Modeling Language, version 2.0 (UML 2.0), as described in
ISO/IEC 15901 and the follow-up OMG specifications.
6 GeoDRM design principles
6.1 GeoDRM roadmap
In order to support GeoDRM-enabled licensing of geographic information, as it can be available offline
or online in a Spatial Data Infrastructure (SDI), different functionalities can be identified as necessary.
Bundling a certain set of functionalities into a function package allows defining (i) the interfaces
between the packages to ensure interoperability and (ii) the responsibilities for each package to return
the expected result upon a given request. The following is a list of possible packages.
Rights model: The definition of an abstract rights model is the topic of this International Standard.
It defines the basis for developing a geo-specific Rights Expression Language (REL) as well as other
specifications necessary to establish a GeoDRM-enabled SDI. Basic definitions and concepts are defined
in the ISO 21000 series of standards, especially in ISO/IEC/TR 21000-1.
— Rights Expression Language (REL): This package provides the capabilities to express usage
rights in the form of a machine-readable and machine-processable representation. The definition
of a geo-specific Rights Expression Language is not part of this International Standard, but is to be
defined upon the rights model declared in this International Standard. The basic requirements and
operational semantics of a REL are defined in ISO/IEC 21000-5.
— Encryption: This package includes the required functionality to protect a GeoDRM-enabled SDI
against fraud. First, encryption enables the protection of a licence so that it cannot be modified
by an adversary in order to obtain additional rights. Second, encryption is also useful to protect
the digital geographic content against unlicensed use. An example from the music industry exists,
where the encrypted music file can only be decrypted (and played) by a certified software or
hardware device. Because security and trust are not geo-specific, no standardization is required
specific to this type of data. Standard encryption methods suffice and is not dependent (in modern
mechanisms) on data type.
— Trust: Every type of business relationship that has been represented in an electronic way needs
a mechanism to differentiate between reliable and unreliable partners. In that sense, trust tells
a relying partner that the other behaves in a certain predictable (loyal) way. One mechanism to
establish trust between entities in a service-oriented architecture (SOA) can be done by adding
authenticity information on the digital content that is being exchanged between the partners. This
mechanism, typically called a digital signature, is not geo-specific and therefore is not a relevant
topic for standardization by ISO/TC 211.
— Licence verification: This package defines the functionality that is required to validate a licence.
The licence verification has to occur before the rights of the licence can be enforced. Because
document authentication is not geo-specific, it is not a topic for standardization by ISO/TC 211.
— Enforcement and authorization: The rights expressed in a GeoLicence need to be enforced. In this
International Standard, this package functionality is represented by the “Gatekeeper” metaphor
(see Figure 2). The acceptance or denial decision for a particular request (with its associated
licences) is based on the authorization decision, as it is derived by the authorization engine. Because
enforcement and authorization is geo-specific, the appropriate standardization is an upcoming
work to be based on this International Standard.
— Authentication: The basic requirement for trust, licence verification, and enforcement/authorization
is proof of identity, as it is provided by the functionality of this package. Different International
Standards, which define how to enable this functionality, exist. Because authentication is not geo-
specific, it is not a topic for standardization by ISO/TC 211.
6.2 Basics
First, DRM is a metadata-tracking problem. Both resources and principals are associated with
descriptions (metadata) and those descriptions shall be tracked and matched for the controlled actions
10 © ISO 2014 – All rights reserved

to proceed. The resource metadata is the resource identity and description and the principal metadata
is the set of licences the user has or has access to.
Second, DRM is an enforcement problem. Once identity and licences have been checked, the results enter
into the stage where the principal wishes to take action with respect to that resource. The DRM system
controls the scope of those actions to a degree determined by the design of the system. This “degree of
control” is a meas
...


NORME ISO
INTERNATIONALE 19153
Première édition
2014-02-15
Modèle de référence pour la gestion
numérique des droits d’utilisation de
l’information géographique
Geospatial Digital Rights Management Reference Model (GeoDRM
RM)
Numéro de référence
©
ISO 2014
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2014
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni utilisée
sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie, l’affichage sur
l’internet ou sur un Intranet, sans autorisation écrite préalable. Les demandes d’autorisation peuvent être adressées à l’ISO à
l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Publié en Suisse
ii © ISO 2014 – Tous droits réservés

Sommaire Page
Avant-propos .v
Introduction .vi
1 Domaine d’application . 1
2 Conformité . 2
3 Références normatives . 2
4 Termes et définitions . 3
5 Conventions .10
5.1 Termes abrégés .10
5.2 Notation UML .11
6 Principes de conception d’une géo-DRM .11
6.1 Feuille de route d’un carte routière géo-DRM .11
6.2 Principes fondamentaux .12
6.3 Modèle de flux de géo-DRM .12
6.4 Garde-barrière géo-DRM .12
6.5 Métadonnées DRM — Modèle de licence .16
6.6 Lignes directrices de croissance .17
6.7 Les composants du risque exécutif.18
7 Point de vue de l’entreprise et modèle de droits abstraits de la géo-DRM .20
7.1 Généralités .20
7.2 Ressource géospatiale .21
7.3 Étendue de la géo-licence .21
7.4 Expression d’un géo-licence .22
7.5 Création et mise en application d’une géo-licence.23
7.6 Délégation et gestion d’une géo-licence .23
7.7 Chaînage d’une géo-licence .24
7.8 Communautés de cession de géo-licence .25
7.9 Lignée de cession de géo-licence et de ressource .27
7.10 Traitement d’une violation de géo-licence — et le principe du «break-the-glass»
(«franchir une barrière invisible») .27
7.11 Révocation/expiration automatisée de licence — besoin de révoquer un privilège .28
8 Point de vue du calcul de la géo-DRM .28
8.1 Vue d’ensemble — rôles et responsabilités .28
8.2 Mandants .31
8.3 Propriétaire de ressource .32
8.4 Agent .32
8.5 Courtier de licence ou agent de cession de licence.32
8.6 Courtier de services .33
8.7 Fournisseur de services.33
8.8 Utilisateur final .33
8.9 Gestionnaire de licence .33
9 Point de vue d’information .33
9.1 Vue d’ensemble .33
9.2 Métadonnées de l’utilisateur .35
9.3 Propriétés et structures .35
9.4 Métadonnées de ressource .36
9.5 Métadonnées de licence .36
9.6 Métadonnées du processus .47
Annexe A (normative) Suite de tests abstraits .48
Annexe B (informative) Modèle UML du géo-DRM .50
Annexe C (informative) Scénarios .92
Annexe D (informative) Notes de l’éditeur — Orthographe de licence en anglais (license/licence)
dans ses différentes formes .98
Bibliographie .99
iv © ISO 2014 – Tous droits réservés

Avant-propos
L’ISO (Organisation internationale de normalisation) est une fédération mondiale d’organismes
nationaux de normalisation (comités membres de l’ISO). L’élaboration des Normes internationales est
en général confiée aux comités techniques de l’ISO. Chaque comité membre intéressé par une étude
a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,
gouvernementales et non gouvernementales, en liaison avec l’ISO participent également aux travaux.
L’ISO collabore étroitement avec la Commission électrotechnique internationale (CEI) en ce qui concerne
la normalisation électrotechnique.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/CEI, Partie 1. Il convient, en particulier de prendre note des différents
critères d’approbation requis pour les différents types de documents ISO. Le présent document a été
rédigé conformément aux règles de rédaction données dans les Directives ISO/CEI, Partie 2 (voir www.
iso.org/directives).
L’attention est appelée sur le fait que certains des éléments du présent document peuvent faire l’objet de
droits de propriété intellectuelle ou de droits analogues. L’ISO ne saurait être tenue pour responsable
de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant les
références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de l’élaboration
du document sont indiqués dans l’Introduction et/ou sur la liste ISO des déclarations de brevets reçues
(voir www.iso.org/brevets).
Les éventuelles appellations commerciales utilisées dans le présent document sont données pour
information à l’intention des utilisateurs et ne constituent pas une approbation ou une recommandation.
Pour une explication de la signification des termes et expressions spécifiques de l’ISO liés à l’évaluation
de la conformité, aussi bien que pour des informations au sujet de l’adhésion de l’ISO aux principes de
l’OMC concernant les obstacles techniques au commerce (OTC) voir le lien suivant: Avant-propos —
Informations supplémentaires.
Le comité chargé de l’élaboration du présent document est l’ISO/TC 211, Information
géographique/Géomatique, conjointement avec l’OGC (Open Geospatial Consortium, Inc.).
Introduction
Pour créer un marché, les individus possédant quelque chose ayant de la valeur (ici une ressource) doivent
s’assurer dans une certaine mesure qu’ils pourront obtenir une valeur correcte pour son utilisation ou
son achat. Dans un monde numérique, en raison de la nature des ressources numériques et du commerce,
la plupart des entités numériques ne sont pas vendues, au sens usuel du terme. Lorsqu’un utilisateur
acquiert une application, il acquiert en fait le droit d’utiliser une copie de l’application. La jouissance
n’est pas égale à la possession, et un système de cession de licences de logiciels et de ressources s’est
développé dans le monde numérique pour assurer les types de moyens suivants.
— L’utilisateur peut légitimement exécuter une ressource s’il possède une licence correspondant à
cette exécution
— Il convient que le propriétaire maintienne la ressource, corrige les erreurs («bug-fix») et assure un
niveau garanti de fonctionnalités.
— De manière facultative, sur la base de critères convenus, il peut être demandé à l’utilisateur de
payer au propriétaire de la ressource un droit unique, un droit par machine, un droit d’usage ou
quelque autre mécanisme, exprimés dans le contrat ou la licence en vigueur entre l’utilisateur et le
propriétaire.
— L’utilisateur accepte de protéger les droits du propriétaire sur la base de l’accord. Cela signifie
généralement qu’il ne peut pas désosser le code ou la ressource, ni redistribuer la ressource, sans
permission correcte.
— Le propriétaire accepte de maintenir la ressource et de permettre un accès raisonnable aux
utilisateurs, pour toute réparation qui pourrait être requise. Ici de même, l’étendue ou le degré de
maintenance sont indiqués dans l’accord de l’utilisateur.
— Pour créer et soutenir dans les ressources géospatiales un marché à grande échelle ouvert, ce type
de protection est nécessaire, afin d’assurer qu’une «valeur correcte de travail (investissement)»
éthique puisse être garantie, de sorte que les fournisseurs puissent être assurés d’un bénéfice correct
sur les ventes individuelles, et que les utilisateurs puissent être assurés d’une valeur correcte pour
les achats ou les utilisations de ressources.
La présente Norme internationale décrit la manière de parvenir à ce résultat.
La présente Norme internationale ne remplace aucune norme ISO ou OGC antérieure, mais dépend d’elles.
Chaque norme de ressource et de service qui existe ou existera devient une description de ressource
dans la présente Norme internationale, et espérons-le, doit être soumise à la même sorte de protection
que celle qui est concédée à d’autres ressources numériques.
vi © ISO 2014 – Tous droits réservés

NORME INTERNATIONALE ISO 19153:2014(F)
Modèle de référence pour la gestion numérique des droits
d’utilisation de l’information géographique
1 Domaine d’application
La présente Norme internationale est un modèle de référence pour la fonctionnalité de la gestion
numérique des droits (DRM) des ressources géospatiales (géo-DRM). En tant que telle, elle est reliée au
marché général de la DRM, étant donné que les ressources géospatiales doivent être traitées autant que
possible comme d’autres ressources, telles que de la musique, des textes, ou des services.
La présente Norme internationale définit:
— Un modèle conceptuel pour une gestion numérique des droits des ressources géospatiales,
fournissant un cadre et une référence à une spécification plus détaillée dans ce domaine
— Un modèle de métadonnées pour l’expression de droits qui associe les utilisateurs aux actions
qu’ils peuvent accomplir envers une ressource géospatiale particulière, et une information associée
utilisée dans la mise en application et la concession de ces droits, tels que des métadonnées de
propriétaire, des droits disponibles et des émetteurs de ces droits.
— Des exigences placées sur des systèmes de gestion de droits pour la mise en application de ces droits.
NOTE Un système de gestion des droits doit être nécessaire et suffisant: il doit mettre uniquement en œuvre
les restrictions nécessaires pour imposer les droits qui y sont définis, et doit être suffisant pour imposer ces
droits.
— La manière dont cela doit fonctionner du point de vue conceptuel dans le contexte plus vaste de DRM
afin d’assurer l’omniprésence des ressources géographiques sur le marché général des services.
Une ressource dans ce contexte est un fichier de données, un service d’information ou de méthodes
géographiques.
La présente Norme internationale descriptive abstraite se fonde sur les normes existantes et les
complète, et définit à un niveau abstrait un modèle de droits qui permet la gestion numérique des droits
des ressources géospatiales basées sur des normes. Les futures normes géo-DRM seront rédigées de
manière à mettre en œuvre les concepts définis dans la présente Norme internationale.
Figure 1 — Contexte géo-DRM du modèle de référence
La Figure 1 représente une vue simplifiée de la manière dont la présente Norme internationale, modèle
de référence de la gestion des droits numériques géospatiaux (indiqués en gris), se rattache à la norme
ISO relative au traitement réparti ouvert, au modèle de référence de l’OGC (Open Geospatial Consortium)
et à l’initiative commune des OWS (ou services web OGC pour OGC Web Services). La présente Norme
internationale vise à définir le modèle de cadre et de droits conceptuels pour les futures normes géo-
DRM de mise en œuvre qui permettront la gestion numérique des droits des ressources géospatiales.
La présente Norme internationale n’a pas pour but d’examiner les questions de morale, d’éthique, de
modèle de marché, ou de mises en œuvre, plus qu’il n’est nécessaire pour exprimer des exigences envers
les fonctionnalités et systèmes de gestion des droits.
2 Conformité
Étant donné que la nature normative d’un modèle de référence est intégrée dans la description de
«référence» de la sémantique de l’environnement qu’elle décrit, l’exigence centrale de la présente Norme
internationale est:
Toute norme ou mise en œuvre conforme à la présente Norme internationale doit être compatible
avec la sémantique décrite dans la présente Norme internationale ou dans les références normatives
de ladite présente Norme internationale.
La conformité à la présente spécification doit être vérifiée en utilisant les tests spécifiés à l’Annexe A.
Les classes de conformité de la présente Norme internationale sont:
— l’alignement de l’expression des droits sur le modèle des droits abstraits,
— l’expression de l’applicabilité des droits pour des ressources géospatiales, et
— la mise en application des droits des ressources géospatiales.
Les ressources qui sont ajoutées par les métadonnées d’une licence géo-DRM seront désignées comme
ressources géo-DRM étendues ou habilitées. Les ressources de traitement qui ont satisfait aux exigences
pour maintenir la ressource géo-DRM et imposer les procédures de cession de licence doivent être
désignées comme habilitées géo-DRM.
Il s’agit d’un sujet complexe, les Annexes B à D sont des annexes informatives permettant de mieux
comprendre la spécification normative du langage d’expression des droits.
3 Références normatives
Les documents suivants, en tout ou partie, sont référencés de manière normative dans le présent
document et sont indispensables pour son application. Pour les références datées, seule l’édition citée
s’applique. Pour les références non datées, la dernière édition du document de référence s’applique (y
compris les éventuels amendements).
ISO 2382-6, Systèmes de traitement de l’information — Vocabulaire — Partie 6: Préparation et manipulation
des données
ISO/CEI 15408, Technologies de l’information — Techniques de sécurité — Critères d’évaluation pour la
sécurité TI
1)
ISO/CEI 21000 (toutes les parties), Technologies de l’information — Cadre multimédia (MPEG-21)
ISO/CEI 21000-5, Technologies de l’information — Cadre multimédia (MPEG-21) — Partie 5: Langage
d’expression des droits
1) La norme MPEG 21 (ISO/CEI 21000) est en cours d’élaboration. Finalement, elle comportera au moins
14 parties. Seules quelques-unes des premières sont actuellement disponibles. L’objectif vise finalement à
incorporer dans la présente Norme internationale autant de l’ISO/CEI 21000 que possible, de manière à assurer
l’interopérabilité de la ressource géospatiale DRM avec celle utilisée pour une autre information multimédia.
2 © ISO 2014 – Tous droits réservés

4 Termes et définitions
Pour les besoins du présent document, les termes et définitions de l’ISO 2382-6 et l’ISO/CEI 15408 ainsi
que les suivants s’appliquent.
NOTE Si un terme n’est pas défini dans le présent document, il sera défini par le contexte original de la
dernière référence dans laquelle il apparaît dans la liste suivante, ou, s’il reste non défini, par sa définition usuelle
en anglais [Dictionnaire Anglais Oxford (OED) ou Webster].
— ISO 2382-6: Pour des termes communs de traitement tels que lire, écrire, copier, photocopier,
entrée, sortie, collecte, acquisition, transformer, convertir, encoder, décoder, chercher, index, éditer,
et extraire.
— ISO/CEI 15408: Pour des termes de sécurité dans la technologie commune de l’information (IT),
tels que ressource d’authentification, utilisateur autorisé, identité, attribut de sécurité, conduite de
sécurité, et canal de confiance.
[13]
— Spécification de mise en œuvre commune des OWS (OGC 05-008 ).
[14]
— Glossaire de l’OGC pour des termes et exemples spécifiquement liés aux services web normalisés
de l’OGC.
— Modèle de référence de traitement réparti ouvert (ou RM-ODP pour Reference Model of Open
[8]
Distributed Processing ) pour des termes de modélisation du système tels que l’entreprise, les
points de vue de calcul et d’information.
[19]
— ODRL (ou langage ouvert des droits numériques pour Open Digital Rights Language) , OMA (ou
Open Mobile Alliance) DRM (ou gestion numériques des droits pour Digital Rights Management)
[15]
REL (ou langage d’expression des droits pour Rights Expression Language) et ISO/CEI 21000,
pour des termes spécifiques aux langages d’expressions des droits, tels que mandant, licence, droit,
cession, condition, et ressource.
Les termes qui sont définis différemment dans ces ressources doivent, dans le contexte géo-DRM,
prendre la définition fournie ici.
4.1
contrôle d’accès
combinaison d’authentification (4.4) et d’autorisation (4.5)
4.2
Agence
relation légale d’une personne [nommée agent (4.3)] qui agit au nom d’une autre personne, société ou
gouvernement
[SOURCE: nommée mandant (4.35)]
4.3
agent
celui qui agit au nom d’un autre
4.4
authentification
vérification qu’un associé potentiel dans une conversation est capable de représenter une personne ou
organisation
[SOURCE: W3C, glossaire des services web]
4.5
autorisation
détermination si un sujet est autorisé à avoir les types spécifiés d’accès à une ressource (4.40) particulière
Note 1 à l’article: Généralement, l’autorisation a lieu dans le contexte de l’authentification (4.4). Une fois qu’un sujet
est authentifié, il peut être autorisé à accomplir différents types d’accès.
4.6
bypass
mécanisme pour faire échouer l’objet d’un sous-ensemble, en évitant son invocation
[SOURCE: W3C, Glossaire des services web]
Note 1 à l’article: L’utilisation de défaillances de sécurité dans le système d’exploitation permet en général
de contourner les systèmes de sécurité. De telles transgressions (4.21 et 4.22) sont plus un aspect du système
d’exploitation que du système de sécurité. Afin de corriger cela, la relation entre le système de sécurité et le
système d’exploitation doit être modifiée afin d’éviter des mécanismes de bypass.
4.7
chaîne d’agence
séquence d’agence (4.2) dans laquelle l’agent (4.3) de chaque relation est le mandant (4.35) du suivant
dans la chaîne
Note 1 à l’article: Une chaîne d’agence, avec les accords corrects à chaque phase, crée une agence transitive entre
l’agent du premier maillon et le mandant du dernier. On peut parler de cette chaîne dans l’une ou l’autre direction,
soit comme «mandant → agent = mandant → agent» (ordre normal ou ordre de cession) soit «agent → mandant =
agent → mandant» (l’inverse, acceptation, vérification ou ordre de repérage).
4.8
chaîne de licence
séquence de licences (4.26) qui suit la trace d’une chaîne d’agence (4.7), où une licence est attribuée à
chaque maillon de la chaîne, permettant à l’agent (4.3) de ce maillon d’agir comme mandant (4.35) dans
le suivant
Note 1 à l’article: Comme pour la chaîne d’agence, on peut parler de cette chaîne dans l’une ou l’autre direction.
4.9
contrat
accord, entre deux ou un plus grand nombre de mandants (4.35), créant pour chaque mandant un devoir
de faire ou de ne pas faire quelque chose et un droit d’exécuter le devoir de l’autre ou un remède à la
violation du devoir de l’autre
[SOURCE: FindLaw, modifiée]
4.10
copyleft
licence (4.26) accompagnant certains logiciels de source ouverts, détaillant la manière dont le logiciel et
son code source d’accompagnement peuvent être librement copiés, distribués et modifiés
Note 1 à l’article: Le copyleft est une forme de licence publique générale (4.15).
4.11
licence numérique
document ou sa représentation spécifiant les droits (4.42) concédés à un utilisateur ou organisation
particuliers par rapport à un contenu ou à un groupe de contenus spécifiques
Note 1 à l’article: Le concept fondamental du DRM (4.12) est l’utilisation de licences numériques. Plutôt que
d’acheter le contenu numérique, le consommateur achète une licence (4.26) qui octroie certains droits relativement
au contenu. Une licence est le mécanisme par lequel le détenteur de droits (4.43) transfère des droits à une autre
partie (4.35), par exemple à un consommateur ou un distributeur.
4 © ISO 2014 – Tous droits réservés

4.12
gestion numérique des droits
DRM
contenu d’emballage, de distribution, de contrôle et de dépistage, basé sur des droits (4.42) et une
information de cession de licence
Note 1 à l’article: La DRM couvre un spectre beaucoup plus large de capacités et de technologies sous-jacentes
confirmant la description, l’identification, l’échange, protégeant le contrôle et le dépistage de toutes formes
d’usages de droits pour des actifs à la fois tangibles et intangibles (électronique), y compris, la gestion des relations
de détenteurs de droits. Voir par exemple Iannella (Référence [5]).

«Numérique» se rapporte au matériel sur lequel le droit existe. «Droits» s’applique aux droits de la propriété
intellectuelle liés au matériel. «Gestion» couvre à la fois la définition d’une conduite et l’application de cette
conduite de telle manière que les droits soient respectés.

Le but ultime d’un système de DRM distribué est que les auteurs de contenu soient en mesure de projeter des
conduites dirigeant leur contenu vers des environnements distants, avec l’assurance que ces conduites seront
respectées par les nœuds distants (Référence [12]). Pour les besoins de la présente Norme internationale, DRM
prend la signification de technologie permettant une distribution sûre (et lorsque c’est approprié, la vente) du
contenu numérique du média sur l’internet(Référence [26]).
4.13
risque attendu
valeur attendue (statistique) de perte
Note 1 à l’article: Le risque (4.45) attendu est calculé en multipliant la probabilité des types de transgressions (4.21
et 4.22) par le coût de la transgression, récapitulée sur tous les types de transgressions.
4.14
utilisation correcte
utilisations de contenus considérés comme défenses valides d’une transgression (4.21 et 4.22) de
copyright, comme par exemple à des fins de critique ou d’éducation
[SOURCE: terme juridique américain dérivé du titre 17 du Code des États-Unis, Section 107]
Note 1 à l’article: L’utilisation correcte est basée sur des précédents jurisprudentiels provenant de principes
généraux. Le terme est souvent détourné pour se référer aux espérances raisonnables de consommateurs qui
veulent, sur tous les dispositifs qu’ils possèdent, être en mesure d’utiliser un contenu acheté (Référence [29]).
4.15
licence publique générale
GPL
licence (4.26), sans accord existant, contenant des droits (4.42) concédés au public en général
Note 1 à l’article: Des licences GPL peuvent être concédées par le propriétaire (4.34) d’une ressource (4.40) ou
peuvent, par la loi, être appliquées à une ressource, généralement comme partie de la loi sur le copyright. Le
concept GPL le plus évident est l’«utilisation correcte» (4.14) aux États-Unis d’un matériau ayant obtenu un
copyright. D’autres droits GPL peuvent être exigés par la source de la ressource ou d’autres considérations du
«bien public».
Note 2 à l’article: L’utilisation la plus répandue de la licence GPL se fait en référence à la GNU GPL, qui communément
est simplement abrégée en GPL lorsqu’il est entendu que le terme se rapporte à la GNU GPL. L’un des principes de
base de la licence GPL est que quiconque acquiert le matériel doit, aux termes du même accord de cession de licence,
le rendre disponible à tout autre. La licence GPL ne couvre pas d’activités autres que la copie, la distribution et
la modification du code de source. Il est également fait référence à une licence GPL en tant que copyleft (4.10), en
opposition à un copyright qui identifie les droits de marque déposée du matériel (Référence [29]).
4.16
habilité géo-DRM
en mesure de maintenir des ressources (4.40)étendues de géo-DRM (4.17) et d’appliquer des droits (4.42)
et des protections (4.38) définis par géo-DRM
Note 1 à l’article: S’applique aux ressources de traitement.
4.17
géo-DRM étendu (appliqué à des ressources)
associé aux métadonnées du géo-DRM, il indique les types de licences (4.26) qui s’appliquent
4.18
géo-licence
licence (4.26) liée à la géo-information
4.19
résolution de géo-licence
détermination ou résolution du statut d’une géo-licence (4.18)
4.20
transgression d’une géo-licence
acte ou instance d’accès ou d’utilisation non autorisés d’un matériel ou d’une marque de fabrique, d’une
dénomination commerciale, ou d’un emballage protégés, ayant obtenu un copyright ou étant brevetés
[SOURCE: FindLaw, modifiée]
4.21
transgression
action d’un mandant (4.35) contraire aux droits (4.42) concédés sur une ressource (4.40) à ce
mandant
Note 1 à l’article: La transgression d’une licence (4.26) devra requérir que le système de DRM (4.12) soit contourné
d’une certaine manière. Si des licences peuvent être transgressées sans contourner le système de DRM, ce système
alors n’est pas suffisant (4.48).
4.22
transgression
prévention de l’action d’un mandant (4.35) sur une ressource (4.40), compatible avec les droits
(4.12) concédés à ce mandant
Note 1 à l’article: La transgression d’un droit est une défaillance du système de DRM (4.12). Si des droits peuvent
être transgressés sans contourner le système de DRM, le système n’est alors pas correctement limité à ce qui est
nécessaire (4.33).
4.23
propriété conjointe
propriété de deux ou plusieurs personnes, chacune ayant des parts indivises de la propriété dans son
ensemble
[SOURCE: FindLaw, modifiée]
Note 1 à l’article: Dans ce cas, le mandant (4.35) en tant que propriétaire (4.34) est un groupe de mandants, c’est-
à-dire un groupe de plusieurs mandants.
4.24
location
permet que la ressource (4.40) soit disponible pour une durée fixe et soit rendue ensuite
Note 1 à l’article: Pendant cette période, la ressource n’est disponible que pour le locataire. Des contraintes
temporelles sont requises pour une utilisation en aval.
6 © ISO 2014 – Tous droits réservés

4.25
prêt
location (4.24) sans échange de valeur
4.26
licence
représentation de cessions qui, sous réserve des conditions spécifiées, transmettent à des mandants
(4.35) les droits (4.42) d’utiliser des ressources (4.40) spécifiées
[SOURCE: Spécification XrML 2.0, Partie 5,modifiée]
Note 1 à l’article: Une licence représente mais n’est pas un contrat (4.9) concédant à une partie (4.35) des droits
explicites d’utiliser la propriété intellectuelle.
4.27
étendue des licences
portée ou applicabilité d’une licence (4.26)
Note 1 à l’article: L’étendue peut être décrite dans toute une gamme de paramètres spatiaux, temporels ou autres
quelconques, appropriés aux droits (4.42) décrits dans la licence.
4.28
gestionnaire de licence
application suivant la trace de licences (4.26) disponibles à l’intérieur d’une organisation, et coordonnant
l’émission de ces licences à des clients demandeurs
[SOURCE: Nouveaux concepts dans Cession de licence de BASE, modifiée]
4.29
détenteur de licence
celui auquel une licence (4.26) est attribuée
[SOURCE: FindLaw]
4.30
agent de cession de licence
mandant (4.35) autorisé à agir au nom et sous le contrôle d’un autre en traitant avec des tiers dans le
contexte d’émission de licences (4.26) pour des ressources (4.40) spécifiées
[SOURCE: dérivé de FindLaw, pour «agent»]
4.31
bailleur de licence
émetteur d’une licence (4.26)
[SOURCE: FindLaw, modifiée]
Note 1 à l’article: Le bailleur de licence est propriétaire (4.34) ou agent de cession d’une licence (4.30) de contenu.
4.32
carte
évocation d’une information géographique en tant que fichier d’image numérique convenant à l’affichage
sur un écran d’ordinateur
[SOURCE: ISO 19128:2005, 4.7]
Note 1 à l’article: Une carte n’est pas une ressource (4.40) en elle-même. Un Webservice de carte (WMS) produit des
cartes de ressources géo-référencées. Par conséquent, un service WMS peut fournir différentes représentations
de la même géo-information sous-jacente.
4.33
nécessaire
capable de reconnaître et d’agir correctement sur toutes les demandes légitimes telles que définies par
les exigences du système
Note 1 à l’article: Tous les aspects d’un système de DRM (4.12) sont nécessaires s’ils n’évitent pas l’exécution des
demandes légitimes.
4.34
propriétaire
celui qui possède un intérêt et une domination sur le contenu, en tant que:
a) «propriétaire légal» dans cette entrée,
b) celui ayant un droit (4.42) exclusif à l’usage, au contrôle, ou à la possession du contenu,
c) un acheteur aux termes d’un contrat (4.9) pour la vente du contenu véritable.
[SOURCE: FindLaw, modifiée]
4.35
partie
mandant
personne ou organisation qui joue un rôle dans une transaction (4.49) de droits (4.42)
Note 1 à l’article: Ces deux termes sont utilisés comme quasi synonymes par l’ORDL et l’ISO/CEI 21000. Il n’y
aura pas de distinction faite ici entre ces deux termes, mais il pourra y avoir, en fonction des lois locales, des
distinctions entre les documents légaux.
EXEMPLE Dans certaines traditions légales, « partie » se rapporte à une personne dans un litige juridique,
tandis que «mandant» peut être l’entité initiant un contrat (4.9) comme par exemple une agence (4.2).
4.36
fournisseur de paiements
partie (4.35) qui possède une relation établie de facturation avec un consommateur
Note 1 à l’article: Les fournisseurs de paiements peuvent être des compagnies de téléphone et de portables, des
banques, des sociétés de cartes de crédit, des fournisseurs d’accès à Internet, des opérateurs de réseau et des
entreprises de service public. Le fournisseur de paiements facture le consommateur, déduit une redevance, et fait
suivre le paiement au fournisseur du contenu. Le fournisseur de paiements est donc responsable de l’équilibrage
des comptes.
4.37
mécanismes continus de protection
mécanisme de protection (4.38) qui demeure en vigueur quel que soit le lieu où le contenu de la ressource
(4.40) originale est situé ou reproduit
Note 1 à l’article: Les mécanismes continus de protection impliquent des technologies d’authentification (4.4),
d’autorisation (4.5) et de cryptage pour verrouiller de manière effective des contenus numériques et limiter la
distribution à ceux qui paient.
4.38
protection
aspect du système qui diminue la capacité d’une partie (4.35) à commettre une transgression (4.21 et
4.22)
4.39
provenance
information sur le lieu et le moment de l’origine ou sur une dérivation ou sur une ressource (4.40) ou sur
un rapport ou preuve d’authenticité ou de propriété passée
8 © ISO 2014 – Tous droits réservés

4.40
ressource
entité protégée par une licence (4.26)
Note 1 à l’article: En général, une ressource est une donnée, une métadonnée (un type de donnée qui décrit
d’autres ressources) ou un certain service ou processus pouvant être évoqués relativement à d’autres ressources.
Les licences décrivent des droits (4.42) relativement à des ressources et, en tant que telles, sont des ressources en
elles-mêmes.
4.41
réparation
action ou processus de correction d’une défaillance ou déficience
Note 1 à l’article: La réparation permet plus de confiance (4.50) parce qu’elle diminue le risque attendu (4.13). La
première action dans une séquence de réparation est la détection de la défaillance.
4.42
droit
permission d’agir faisant qu’une partie (4.35) est habilitée à agir relativement à l’ensemble
ou à une partie d’une ressource (4.40) spécifiée aux termes de la licence
[SOURCE: ISO/CEI 21000-5, modifiée]
Note 1 à l’article: Un droit spécifie une action (ou activité) ou catégorie d’actions qu’un mandant (4.35) peut
effectuer sur la ressource associée ou en l’utilisant. Un droit est essentiellement un droit légalement reconnu de
faire quelque chose à une ressource ou avec son contenu.
4.43
détenteur de droits
mandant (4.35) qui possède le droit (4.42) sur des droits de licence d’une ressource (4.40)
Note 1 à l’article: Les droits peuvent être acquis par la loi (copyright), par accord ou par contrat (4.9) [contrat de
«licence» (4.26)]. Dans le cas du commerce numérique, la DRM (4.12) assure que l’on adhère aux licences, et que les
détenteurs de droits sont, pour chaque transaction (4.49), dédommagés de manière appropriée. Les agents (4.3)
des détenteurs d’origine des droits peuvent également délivrer des licences, mais leur capacité n’existe que sous
le contrat de l’agence (4.2) du principal d’origine.
4.44
gestion de droits
dépiste et contrôle l’utilisation du contenu, des droits (4.42), des licences (4.26) et de
l’information associée
[SOURCE: voir Référence (18) en Bibliographie, modifiée]
4.45
risque
valeur de ce qui peut être perdu si une transgression (4.21 et 4.22) a lieu
4.46
sous-licence
licence (4.26) concédée à une tierce partie (4.35) par le détenteur de licence (4.29) d’origine, aux termes
des cessions et conditions de la licence d’origine concédée par son bailleur de licence (4.31) au détenteur
de la licence d’origine
[SOURCE: dérivé de Palmer & Dodge, LLP; (FindLaw)]
Note 1 à l’article: Il s’agit essentiellement du droit (4.42) de prêter sa licence à un autre mandant (4.35).
4.47
détenteur de sous-licence
mandant (4.35) auquel une sous-licence (4.46) a été concédée
4.48
suffisant
en mesure d’appliquer les exigences d’un système
Note 1 à l’article: Un système de DRM (4.12) suffisant, si une transgression (4.21 et 4.22) était possible, devrait être
contourné. La preuve de quantité suffisante peut être difficile à apporter étant donné qu’elle peut dépendre d’un
«modèle d’attaque» décrivant les sortes d’attaques contre lesquelles le système est immunisé.
4.49
transaction
ensemble d’actions reliées dans la même unité de travail, de sorte que les actions en tant qu’unité, soit
réussissent, soit échouent
[SOURCE: Glossaire du service web, modifiée]
4.50
confiance
somme totale de tous les facteurs atténuants réduisant le risque attendu (4.13) relativement à un
détenteur de licence (4.29) particulier
Note 1 à l’article: La confiance autorise le propriétaire (4.34) [ou son agent (4.3)] à agir avec un risque (4.45)
potentiel plus élevé parce que le risque attendu a été réduit. Cela est légèrement différent du langage clair de la
confiance. Normalement, la confiance requiert quelque chose, mais si le mandant (4.35) en danger décide qu’il n’y
a pas de risque, la confiance existe alors (au sens donné ici), étant donné que, quel qu’en soit le motif, le risque a
été réduit.
5 Conventions
5.1 Termes abrégés
Les termes abrégés qui se trouvent dans les références utilisées dans l’Article 4 s’appliquent dans la
présente Norme internationale, ainsi que les termes abrégés suivants:
API Interface du programme d’application
DCE Environnement de calcul distribué
DRM Gestion des droits numériques
Géo-DRM Gestion des droits numériques géospatiaux
GI Information géographique (services/systèmes) comme extension du terme IT
GPL Licence publique générale
IDL Langage de définition de l’interface
IT Technologie de l’information
ODRL Langage ouvert des droits numériques
REL Langage d’expression des droits
SDI Infrastructure des données spatiales (système d’information distribuée pour les don-
nées géographiques)
UML Langage de modélisation unifié
10 © ISO 2014 – Tous droits réservés

5.2 Notation UML
Les diagrammes apparaissant dans la présente Norme internationale comme modèles conceptuels
de systèmes de logiciel et d’information sont présentés en utilisant le langage de modélisation unifié,
version 2.0 (UML 2.0) comme décrit dans l’ISO/CEI 19501 et dans les spécifications OMG de rappel.
6 Principes de conception d’une géo-DRM
6.1 Feuille de route d’un carte routière géo-DRM
Selon ce qui est nécessaire, différentes fonctionnalités peuvent être identifiées afin de soutenir la cession
de licence d’information géographique pour la géo-DRM, telle qu’elle peut être disponible hors ligne ou
en ligne dans une infrastructure de données spatiales (SDI). Le fait de rassembler un certain ensemble
de fonctionnalités pour en faire une bibliothèque de logiciels permet de définir (i) les interfaces entre
les paquetages afin d’assurer une interopérabilité et (ii) les responsabilités de chaque pack pour, à une
demande donnée, restituer le résultat attendu. Ci-après une liste des paquetages possibles:
Modèle de droits: le thème de la présente Norme internationale est la définition d’un modèle abstrait de
droits. Elle définit la base du développement d’un langage d’expression des droits géo-spécifiques ainsi
que d’autres spécifications, nécessaires à l’établissement d’une SDI pour la géo-DRM. Des définitions et
des concepts basiques sont définis dans l’ISO/CEI 21000, en particulier dans l’ISO/CEI TR 21000-1.
— Langage d’expression des droits (REL): ce paquetage donne les
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...