FAQs
why open digital rights management?
odrl has a long history and support from W3C and the general business community, digital assets, verifiable credentials and other standards have odrl as their recommended policy management language.
such strong support guarantees the future of odrl, the interoperability of solutions and the emergence of new sources of revenue for those aiming at monetising digital content.
what is a digital asset?
rights management can be applied to any item, from the purely digital like an image or a catalog to a contract; api and database management systems are also good examples where rights management are key to deliverying service to the right stakeholders.
policies themselves could have references to the conditions under which they can be executed (“actionable”).
which are the most common use cases?
our work has taken us from management of the most extensive and complex contracts in some of the largest financial institutions, all the way to use cases for entire libraries and catalogues for photographers images across a lengthy and cumbersome supply chains.
we have been careful, by building a solid foundation that will allow for the addition of accelerators – wizards and natural language agents to expedite the creation of the most complex policies.
the environment is intuitive, preventing the user from going back-and-forth between important elements, it’s ultimate objective is to generate policies 100% compliant with the requirements of the creator.
what if i want to implement “on-device” access control?
our architecture allows for 3 different models:
- geo-available: your applications make calls over the internet
- private cloud or edge: we build an end-point connected in your private cloud or data center, they communicate to our core service
- embedded: a custom end-point with local-caching to provide your use case with negligible latency, some communication to fetch information will be required.
i work in finance, how is ODRL useful?
Our agent1 came up with an excellent answer:
Market data in finance can greatly benefit from ORDR (Optimising Rights for Digital Resources) in the following ways:
- Protection of Intellectual Property: ORDR ensures that the rights of creators and owners of digital assets are protected. In the financial sector, market data is often generated by sophisticated algorithms and complex computations. By using ORDR, these creators and owners can securely manage and distribute their intellectual property while maintaining control over its usage and distribution.
- Enhanced Revenue Streams: ORDR allows for the creation of new revenue streams by enabling the management and monetization of digital assets in real-time. In finance, this can enable financial institutions to generate income from market data they own, such as historical price and trading volume data.
- Increased Efficiency: ORDR streamlines the process of managing digital assets by automating tasks like licensing, royalty management, and auditing. This increased efficiency can lead to significant cost savings for financial institutions, allowing them to allocate more resources to core business activities.
- Improved Data Security: ORDR ensures that digital assets are securely managed and distributed, reducing the risk of data breaches or unauthorized access. Financial institutions can avoid potential legal and reputational risks associated with data security breaches by using ORDR.
- Compliance with Regulations: ORDR helps financial institutions comply with regulatory requirements related to digital assets, such as GDPR (General Data Protection Regulation) or MiFID II (Markets in Financial Instruments Directive). By utilizing ORDR, financial institutions can demonstrate their commitment to data protection and compliance.
- Enhanced Collaboration: ORDR facilitates collaboration between various stakeholders involved in the management of digital assets, such as creators, owners, distributors, and consumers. In finance, this can foster better communication and cooperation among financial institutions, data providers, and trading platforms.
- Innovation and Competition: ORDR can enhance innovation and competition in the financial sector by allowing for new business models and revenue streams based on digital assets. This can lead to increased efficiency and resilience in the financial industry as a whole, as well as improved services for customers.
- Better Customer Experience: ORDR can improve customer experience by providing easy access to high-quality market data through user-friendly platforms. Financial institutions can differentiate themselves from competitors and attract more clients by offering seamless access to market data integrated with ORDR features.
- Cost Savings: ORDR automates many tasks related to digital asset management, leading to significant cost savings for financial institutions. By leveraging these savings, they can invest in new technologies or allocate resources to core business activities.
- Flexibility and Scalability: ORDR is designed to be flexible and scalable, allowing it to adapt to changing market conditions and growth scenarios. This agility enables financial institutions to respond quickly to market trends and customer demands while maintaining a competitive edge.2
and if we are looking for a private solution?
that can be provided when requested, our solution is built for multi-tenancy with the benefit being that public policies and assets will be ‘recommended’ to users to expedite the supply chain lifecycle.
how do you integrate?
for enterprises, our integration is via SCIM (system for cross-domain identity management), for retail we have built a SCIM front-end to allow for individual management.
what about future proofing portability?
all our outputs are DID / Verifiable Credentials / ODRL / DCAT / JPG TRUST compliant, can be provided in RDF or JSON-LD
we have proposed and already implemented runtime portability for the context/state of the world to avoid service locking
can you do access control like read and write?
definitely, ODRL has built in read and modify (“write and/or append”), and it could be customised if necessary.
our profile allows for a special extensible agreement: allowed to add or remove assets for this use case.
and what about integrations with cloud platforms?
odrl is extensible by default, our design allows for the integration of any vocabulary, asset description, property and rule.
what about data mining, AI training and inference?
We’ve integrated the C2PA vocabulary into the list of actions.
what about embedding security?
we’ve built an API for the producer of embeddings to send the embeddings and their source asset, once this has been registered, the embeddings are treated as any normal asset and respects the relationships to it’s common origins.
what about agent delegation?
also a covered use case that has been shared across multiple groups for security reviews and adoptability.
allowing for ultra-fine grained delegation (in which context, under which role, which action, how many times it can be executed and its expiration date), all controlled within the decision point.
how do our consuming applications integrate?
we provide 3 types of end-points:
- a simple mechanism (for IoT devices) expecting 3 URI parameters [ subject, action, resource ]
- AuthZen
- RFC 9396
are there any advantages over other systems that implement the same standards?
our studio is focused on supporting non-technical users, with all the bells and whistles of a “hard core” IDE at the bottom (so products don’t have to wait for front-ends),
our decision and enforcement layer are thought for the developer, there are application-managed encryption options, interactions can be debugged with full detail of values evaluated and decisions made at each step:
if required we can develop adapters to OpenFGA, Cedar or REGO (but we believe that would add an unnecessary administrative burden)
how are you priced?
for the studio is per seat.
for the access management, per instance and necessary SLA