Copyright © 2006 Open Geospatial Consortium, Inc. All Rights Reserved. Copyright © 2006 Open Geospatial Consortium, Inc. All Rights Reserved. Page 36 of 131 • Accept manageable risks then manage them. The ultimate goal of geographic standards is to make geographic information and services available and readily usable to the entire information services community. Therefore the use of geographic information and other information should be minimally different.

6.7 The components of managing risk

Managing risk is about balancing trust with protection and remediation. The optimal balance among these components depends on the specific business context. For example, where high levels of trust exist, lower levels of protection and remediation may be acceptable. Re m e dia t ion En for ce m e n t Pr ot e ct ion Se cu r it y Tr u st Figure 7: Balancing trust with protection and remediation The following sections examine these components in more detail.

6.7.1 Trust

Digital rights management is about trust. Internet commerce cannot occur without some level of mutual trust, even more so when the parties are not in personal contact and resources are ethereal like digital data. These criteria often make business models based on classical business practices inappropriate – see [19]. The contract that exists between buyer and seller is a description of that trust, and the DRM system aids both parties by aiding in the enforcement of the contract through the software that accesses and processes the resource. Since the DRM system should enforce that which is not in the contract and only the contract, it aids in maintaining a position of fair enforcement that enhances the relationship and prevents misunderstanding while preserving the rights of both parties. The business environment for a DRM system can vary widely. In one extreme, everyone is trusted and the DRM is simply an aid for tracking process and data flows for the Copyright © 2006 Open Geospatial Consortium, Inc. All Rights Reserved. Copyright © 2006 Open Geospatial Consortium, Inc. All Rights Reserved. Page 37 of 131 purposes of the system possibly including remediation if the trust is broken. In the other extreme, no one is truly trusted and the DRM controls all resource flows that involve licences. In this case, the licensed resources are “locked” from general use and all software handling licensed transactions is “trusted” in the sense that it is integrated sufficiently with the DRM system to prevent the gatekeeper from being bypassed, and a licensed resource “leaking” into a freely available world. The most likely scenario is a trust model that is “gated,” capable of controlling the level of freedom in each transaction based on the rights and conditions stated in the various licences involved. While complex, such a system allows maximum flexibility based on the DRM business model in use. Most of the examples in this document are from this middle ground, where the control over how a resource is to be handled is embodied in the licences that are issued against it and not in the system design. This makes the licence content independent of implementation.

6.7.2 Protection - security