Re: E-Forms and ODRL

Joe Chiusano asks:

> I am doing some research on how Digital Rights Management can be used in
> conjunction with electronic forms (such as Adobe, PureEdge, etc.). I've
> reviewed the ODRL 1.1 specification, and am interested in insight on how
> ODRL could be used to satisfy the following high-level requirements:
> (1) Assocate an access control list with an e-form, so that user access
> can be enforced
> (2) Enforce access of an e-form to a file system (perhaps through LDAP)
> to disallow an e-form from accessing a file system inappropriately

JSE: To ensure that your question is properly scoped, I'll restate: It appears
that it is your intention to use a REL (specifically ODRL) to create rights
specifications that would be the basis for access control for an eForm (e.g.
so that only certain parties could use a givien form); and, secondly, to
(somehow) control an eForm's access to a file system.

First level answer (to the first question) is, you'll need an
ODRL-interpreting DRM client written against the Acrobat plugin (as it applies
to forms). The applicable (based upon context, subject and target objects)
higher-level ODRL rights specification would get interpreted by the plugin and
would twiddle the bits (to control usage) as appropriate, based upon
evaluation of the policies.

Disclaimer: I know that such a plugin would enable an ODRL expression to
"hook" the set of generic Acrobat functions that would apply to both forms and
normal PDFs (open, print, etc). I DON'T know if there are additional,
forms-only actions that are exposed by the API and therefore can be "hooked"
by the client (and thus controlled by a rights specification).

| John S. Erickson, Ph.D.
| Hewlett-Packard Labs
| Norwich, Vermont USA

Received on Friday, 13 June 2003 11:32:14 UTC