Search results

The purpose of this Guest Editorial is to introduce the papers in this special issue.

A brief summary of the main contributions of the papers included in this issue is provided.

In order to combat the digital information war it was found that important work must be done to establish both users' and content providers' trust through fair e‐commerce/digital rights management (DRM).

The paper provides an overview of the basic requirements of DRM systems.

Distributed systems usually contain objects with heterogeneous security requirements that pose important challenges for the underlying security mechanisms and especially in access control systems. Access control in distributed systems often relies on centralised security administration. Existing solutions for distributed access control do not provide the flexibility and manageability required. This paper presents the XML‐based secure content distribution (XSCD) infrastructure, which is based on the production of protected software objects that convey contents (software or data) and can be distributed without further security measures because they embed the access control enforcement mechanism. It also provides means for integrating privilege management infrastructures (PMIs). Semantic information is used in the dynamic instantiation and semantic validation of policies. XSCD is scalable, facilitates the administration of the access control system, guarantees the secure distribution of the contents, enables semantic integration and interoperability of heterogeneous sources, provides persistent protection and allows actions (such as payment) to be bound to the access to objects.

Provide a secure solution for web services (WS). A new interoperable and distributed access control for WS is presented.

Based on the separation of the access control (AC) and authorization function.

Mechanisms presented allow seamless integration of external authorization entities in the AC system. The Semantic Policy Language (SPL) developed facilitates specification of policies and semantic policy validation. SPL specifications are modular and can be composed without ambiguity. Also addressed was the problem of the association of policies to resources (WS or their operations) in a dynamic, flexible and automated way.

The ACProxy component is currently under development. Ongoing work is focused on achieving a richer “use control” for some types of WS.

Administrators of WS can specify AC policies and validate them to find syntactic and semantic errors. Components for automated validation of policies at different levels are included. This ensures that the AC policies produce the desired effects, facilitating the creation and maintenance of policies. It also provides mechanisms for the use of interoperable authorizations.

A practical system that provides a secure solution to AC for WS. To the best of one's knowledge, no other system provides mechanisms for semantic validation of policies based on external authorization entities. Likewise, the mechanisms for interoperability of external authorization entities are also novel. The system provides content‐based access control and a secure, decentralized and dynamic solution for authorization that facilitates the management of complex systems and enhances the overall security of the AC.

The purpose of this paper is to show that a fingerprinting code is a set of code words that are embedded in each copy of a digital object, with the purpose of making each copy unique. If the fingerprinting code is c‐secure, then the decoding of a pirate word created by a coalition of at most c dishonest users, will expose at least one of the guilty parties.

The paper presents a systematic strategy for collusions attacking a fingerprinting scheme. As a particular case, this strategy shows that linear codes are not good fingerprinting codes. Based on binary linear equidistant codes, the paper constructs a family of fingerprinting codes in which the identification of guilty users can be efficiently done using minimum distance decoding. Moreover, in order to obtain codes with a better rate a 2‐secure fingerprinting code is also constructed by concatenating a code from the previous family with an outer IPP code.

The particular choice of the codes is such that it allows the use of efficient decoding algorithms that correct errors beyond the error correction bound of the code, namely a simplified version of the Chase algorithms for the inner code and the Koetter‐Vardy soft‐decision list decoding algorithm for the outer code.

The paper presents a fingerprinting code together with an efficient chasing algorithm.

The purpose of this paper is to examine clustering search results. Traditionally, search results from professional online information services presented the results in reverse chronological order. Later, relevance ranking was introduced for ordering the display of the hits on the result list to separate the wheat from the chaff.

The need for better presentation of search results retrieved from millions, then billions, of highly unstructured and untagged Web pages became obvious. Clustering became a popular software tool to enhance relevance ranking by grouping items in the typically very large result list. The clusters of items with common semantic and/or other characteristics can guide the users in refining their original queries, to zoom in on smaller clusters and drill down through sub‐groups within the cluster.

Despite its proven efficiency, clustering is not available, except for Ask, in the primary Web‐wide search engines (Windows Live, Yahoo and Google).

Smaller, secondary Web‐wide search engines (WiseNut, Gigablast, and especially Exalead) offer good clustering options.

The purpose of this paper is to introduce the advantages of semantics‐aware representation formalisms in the integration of digital rights management (DRM) infrastructures grounded on heterogeneous formats.

After discussing the notion of semantics‐aware IPR and its relationship with Semantic Web‐style metadata, we exemplify the advantages of adopting it by providing two different use cases. XML‐based DRMLs are mapped with a shared ontology‐based representation in such a way that dependencies between elements can be drawn.

Individual formalisms may take advantage of a semantics‐aware infrastructure to check consistency of DRM policies according to dependencies not explicit in the specification language. On the other hand, distinct formalisms can be integrated with each other according to fine‐grained translation mechanisms.

Inference procedures can pre‐process this knowledge base and derive implicit knowledge that can be used by programming logic in the actual enforcement of DRM policies.

The purpose of this paper is that of linking security requirements for web services with security patterns, both at the architectural and the design level, obtaining in a systematic way a web services security software architecture that contains a set of security patterns, thus ensuring that the security requirements of the internet‐based application that have been elicited are fulfilled. Additionally, the security patterns are linked with the most appropriate standards for their implementation.

To develop secure WS‐based applications, one must know the main security requirements specified that applications have to fulfil and find appropriate security patterns that assure, through combination or relationships between them, the fulfilment of the implicated security requirements. That is why a possible link or connection between requirements and patterns will have to be found, attempting to select for a determined security requirement the best security patterns that solve this requirement, thus guaranteeing the security properties for internet‐based applications.

Using security patterns, that drive and guide one towards a secure development as well as towards security software architecture, one can be sure that this design based on these patterns fulfils and guarantees the most important security requirements of the internet‐based applications through the design and implementation of security solutions that provide reliable security services.

Security architecture for internet‐based applications and web services can be designed considering the security requirement types that it must fulfil and using the most appropriate security patterns.

This paper proposes a relationship between security requirements that can be specified for internet‐based applications and the possible security patterns that can be used in the design and implementation of the secure system based on the internet, guaranteeing that these security requirements are fulfilled.

The purpose of this paper is to present different verification algorithms that will be used by digital rights management (DRM) systems to enable the governed distribution, super‐distribution and offers of multimedia content. An issue of increased interest in DRM systems is the control of the creation, distribution and consumption of multimedia content through the complete digital value chain.

The design and implementation of verification algorithms based on licences is described. Tools implementing these algorithms are used by DRM systems in B2B and B2C models where the distribution, offer and consumption of digital assets are controlled. Some use cases regarding the distribution, super‐distribution and offer models are presented.

It has been demonstrated that DRM systems governing the use of multimedia content through the complete distribution chain can use the verification algorithms proposed in this paper to enable governed distribution of multimedia content. By using these algorithms, they can determine whether the rights have been passed in a proper way from parent to child licences. Moreover, these systems can also enforce the rights when distributing multimedia content.

The algorithms proposed can be used by DRM systems that control the use of multimedia content through the complete digital value chain. These algorithms have been designed to ensure that the permissions and constraints passed from parent to child licences have been done according to the terms determined by content creators or distributors.

This research provides a contextual analysis of the introduction of a distributed inter‐organizational system (DIOS) in three organizations.

An exploratory case study was conducted to assess the user reactions and the consequences of implementing a videoconferencing system in the organizations.

Respondents reported radically different experiences with the DIOS videoconferencing. Activity theory is used as a framework for analyzing the organizational context at the three sites and exploring the consequences of using the system. It describes a range of human activities and innovation underlying the inter‐organizational work process and suggests that deficiencies in actors' activity of the process limit the value of DIOS process.

A context‐sensitive research approach to explain the DIOS design and use shows how human activities are included into DIOS. Meso level focus of activity analysis suggests an implication for IOS literature which supplements the findings from activity theory. The paper concludes by examining extant theorizing about innovation and suggests points of departure suggested by the conceptual frame.

The research provides a valuable reference for DIOS designers in particular public organizations' process innovation. It further gives a lesson that DIOS design engages not only technical innovations, but also accompanies significant organizational changes.

This research contributes to DIOS planning research by clarifying the relations of the DIOS planning process and its consequences. It further clarifies the environmental and organizational factors in terms of political economy perspective identified by previous IOS research.