Introduction to Digital Rights Management Grace Agnew SURA/ViDe Digital Video Conference March 2004.

Introduction to Introduction to Digital Rights Digital Rights ManagementManagement

Grace AgnewSURA/ViDe Digital Video Conference

March 2004

Digital Rights Management Definitions

DRM ActionAuthorization decision based on intersection of attributes about user, content and usage

DRM SystemDigital application to apply and enforce organizational policies for the access and use of IP

Essential DRM Components

Directory Services supporting authentication and authorization; Rights Expression; Rights Enforcement

METADATA FOR DIGITAL RIGHTS

Intellectual Property Rights

Right of ownership and control of products of the creator’s mind. WTO-supported


Directory Services:

Identity Management

Authentication

Authorization (Role-based Access Control)

Procedures for establishing and maintaining identity including format, database structure, privacy and confidentiality

Determining that the user requesting a service has the required (“authentic”) identity through a secured system

Determining that the authenticated user possesses the authorized role to access a service or object. (e.g. student registered in History 101”)


Federated DRM

“Community of Trust”:

Common understanding. Shared agreement and enforcement among community members. Ex: Copyright

“Trusted Systems”

Standardized, shared technologies for establishing and enforcing DRM


Identity Management:


Privacy: Whether the user’s identity is exposed

Confidentiality: Whether the user’s activities are exposed

Trust: Authenticates any entity in a rights transaction—rights holder, rights requester and the content being requested.

“Developing architectures, policy structures, practical

technologies, and an open source implementation to

support inter-institutional sharing of web resources

subject to access controls.”

Enabling Technology: Internet2 Shibboleth Project

Source: Shibboleth Project:

http://shibboleth.internet2.edu


Why Shibboleth?

Active privacy a core principle

Emphasis on federated administration

Emphasis on flexible yet secure access

Establishes trust communities

Open source with active community development

Maturing project with increasing use in higher education and educational collaborations (e.g. NSF’s National Science Digital Library)

Utilizes mature, open source applications and standards, such as LDAP (lightweight directory access protocol


How Shibboleth Works

User requests a Shib-requested resource

Shib-protected resource

User is directed back to home institution to authenticate

Home institution generates a temporary “handle” for user – “active privacy”—”authenticated RU faculty member” not “John Smith”

1 23

How Shibboleth Works

User receives access to resource

Shib-protected resource

Uses temporary handle to request further attributes about the user (e.g., teaching in interinstitutional program with valid access to relevant e-resources at either institution

User’s home institution provides necessary attribute

4

5

6

The Structure of Information (IFLA)

Work

Expression Expression

Distinct intellectual or

artistic creation

Intellectual or artistic realization of a work (“interpretation”)

ManifestationManifestation Manifestation

ItemUnique physical

instance of a manifestation.

Physical manifestation of an expression. May differ in physical format, but not in content or interpretation

Issues for Trust and AuthenticityIssues for Trust and Authenticity

Key “Work” Concepts for Community Key “Work” Concepts for Community DefinitionDefinition

o Copy – identical in the abstract and the concrete

o Version – Intellectual content unchanged—concrete presentation differs (format, language)

oRevision – revisions should not impact reuse, according to community

o Edition – substantially the same but revisions impact use according to community policy. Attributes –expanded, reduced policy.

o Adaptation – object based on theme or premise of another object. Community decision how granular the attribution should be.

oDerivation – Theme or premise of original object is starting point for new object

o

Digital Provenance record in RUL repositoryDigital Provenance record in RUL repository

“Lots of Copies Keep Stuff Safe”

Stanford-initiated project—currently applied to e-journals—that uses a peer-to-peer network to create a “selective web cache” by polling a web journal at intervals, storing content, and providing to authorized local users.

Implications for DRM—Implications for DRM—Robust access through distributed, redundant management—beyond the rights holder or the authorized distributor.

http://lockss.stanford.edu/tortoise.html

Rights Expression Languages in DRMRights Expression Languages in DRM

Rights Expression Language:Rights Expression Language:

Documents offers & agreements between rights holders, intermediaries, and end users, providing rights to license, distribute, access and use resources.

Communicates rights, conditions on the exercise of rights, and other context relevant to the rights transactions.


Defines the parties and concepts engaged in offers or agreements for the exercise of rights that are exercised against content.

Expresses the underlying business model(s) of the community sharing the DRM.

Employs data dictionary and a standard syntax to provide interoperable, logically consistent, semantically precise documentation for rights transactions

Should be human and machine interpretable


RIGHTSRIGHTS Rights, Constraints, Agents and terms of agreement - tied to core IP processes - map readily.

EXPRESSIONEXPRESSION Logic for expressing IP offerings and licenses complex and incompatible - requires advanced parsing.

LANGUAGELANGUAGE XML provides common framework, grammar and syntax. Use of multiple schemas and subschemas adds parsing complexity


PassiveDocuments the copyright status

Identifies the rights holder

May provide guidance on attribution, reuse

Active Documents and enforces permissions to be granted to the user, often after conditions are met or constraints imposed. Enforcement can be at point of access to content or prior to access.

Rights Expression Implementations


Examples of Passive DRM: Creative Commons


Examples of Passive DRM: Rutgers Libraries RM

UserDescription

Rights Holder

Authentication

Rights

Video

Object

Permission

Administration

Authorization

Active Rights Management



Other resource metadata:Administrative metadata:

-- provenance, fixity, context, reference, structure, and management. Rights MD may be a subset

Descriptive Metadata: information to discover, identify, select and obtain the resource

Structural metadata: Information a bout the structured relationship between components of a complex object.


REL in Context: Integration of Administrative, Descriptive, Structural & Rights

Metadata: integrated lifecycle management

insures consistency of content information across applications Supports user decision-making in resource discovery and selection Supports complex content management - shared repositories, content

versioning; downstream management, multiple manifestations; multipart objects, etc.

Provides encoding and transmission of descriptive, administrative and structural metadata using XML

Provides for transmission of metadata.

Associates structure map, file types and behaviors with digital objects to provide “intelligent” complex objects - e.g. E-Journal with machine and human recognizable “table of contents,” “abstract,” “citation,” etc.

Metadata schema providing simple rights declaration issued for comment (Aug. 2003

METS: METS: Metadata Encoding & Transmission Metadata Encoding & Transmission StandardStandardhttp://www.loc/gov/standards/mets/http://www.loc/gov/standards/mets/



METS IMPLEMENTATIONMETS IMPLEMENTATION

Policies; Terms of Agreement and Offer;

Rights & Conditions

Identification of Agents/Roles

RELRELDRM System

USERUSER

Descriptive &

Admin MD

ResourceResource



Issues for Rights Metadata in R&E

Many IP models, including: open availability/public domain; educational fair use; e-commerce; archival materials with unclear provenance; government records/collaborations with retention schedules and classification statuses; copyright; patentable ideas, complex collaborations, etc.

Creators closely bound to IP - want and need active involvement in setting rights; revising rights.

Many agents with complex creation, publication, distribution roles. Resources are also varied, complex and dynamic


Two Developed languages: XrML and ODRL

XrMLXrML - Extensible Rights Markup Language- Extensible Rights Markup Language

www.xrml.orgwww.xrml.org

• Current version - 2.0 (2001-11-20)

• Developed from Xerox PARC’s Digital Property Rights Language (1996)

• ContentGuard - Patent/License owner; language developer


XrML Core Concepts:XrML Core Concepts:

License License - container of grants or grantgroups. - container of grants or grantgroups.

•Grant Grant - - bestows authorization to exercise rightbestows authorization to exercise right

• Principal Principal - - actors to whom rights are granted

• RightRight - - action that a principal can exercise on a resource

• ResourceResource - - object for which rights are granted

• Condition Condition - “- “terms, conditions or obligations” that affect the exercising of a right.

License

Contains Grants

authorize

Principals

Exercise

Right(s)

Subject to Conditions

Resource

Issued by Principals


XrMLXrML


XrML – Three Schemas

Core schema - Specifies semantics and rules for licenses, grants, core resource types and core rights related to licenses and grants

Standard Extension Schema - types and extensions for multiple scenarios (“sx”), particularly payment, conditions, and names.

Content extension schema - types and elements for describing rights, conditions and metadata specific to digital works. (cx)


XrML Highlights and Issues:

Integrates XML core technologies in a “hybrid” language/middleware implementation.

Xpath, UDDI, Dsig, etc. integrated into the rules of expression and syntax- requires careful versioning across technologies.

Emphasis on end-to-end “trusted systems” from digital signatures for licenses to direct payment to bank accounts.

Requires stateful conditions to point to location where state is maintained.


XrML Highlights and Issues:XrML Highlights and Issues:

Core concept of “trusted issuer” - digital signature for license integrity

“Hybrid language” is dense, not always eye-readable or hand-codable.

Can be intentionally opaque - rights and conditions can be referenced by directory pointers rather than explicit.

Patent issues with XrML license

Widespread adoption—MPEG21, Open EBook


Very functional and extensible -strong data integrity support; usage tracking; nested rights and conditions, downstream rights; preconditions, such as acceptance of terms and conditions and license revocation status calls;

Can imbed other MD schemas via namespaces; community extension schemas supported;

Copyright, attribution and watermarking supported.

XrML Highlights and Issues:XrML Highlights and Issues:


MPEG-21: Multimedia Framework:

Based on two concepts:

“Fundamental unit of Distribution and Transaction”—the Digital Item

Concept of Users interacting with Digital Items

Quoted From: MPEG-21 Home Page

http://www.chiariglione.org/mpeg/standards/mpeg-21/mpeg-21.htm


MPEG21 REL data model for a rights expression:

Four basic entities and the relationship among those entities.

This basic relationship is defined by the MPEG REL assertion “grant”, which consists of:

The principal to whom the grant is issued The right that the grant specifies The resource to which the right in the grant applies The condition that must be met before the right can be exercised “




MPEG-21 REL Data Model


ODRL - Open Digital Rights LanguageODRL - Open Digital Rights Language

http://odrl.nethttp://odrl.net

Developed and Managed by IPR Systems (Renato Iannella)

Current version: 1.1 (2002-08-08)

Open source - freely available


ODRL Core Concepts:ODRL Core Concepts:

Asset - uniquely-identified content

Rights - include permissions to interact with assets, which can include constraints (limits), conditions (exceptions that expire permissions) and requirements (obligations that must be met before permissions can be exercised.

Parties - end users who exercise permissions and rights holders who grant permissions (subject to constraints and conditions)

ODRL Schemas:ODRL Schemas:

Expression language (“ex”)

Data Dictionary language (“dd”)

“ODRL supports the expression of Permissions for both Offers and Agreements”

Ianella, R. Open Digital Rights Language (ODRL) v. 1.1 2002-08-08. http://odrl.net/1.1/ODRL-11.pdf. p. 5


Rights

Agreement Context

PartyRights Holder

Permission

Constraint

Requirement

Condition

Offer

ODRL - Adaptation of “ODRL Foundation Model”

Open Digital Rights Language (ODRL) v. 1.1 2002-08-08. http://odrl.net/1.1/ODRL-11.pdf. p. 4


Ianella, R. Open Digital Rights Language (ODRL) v. 1.1 2002-08-08. http://odrl.net/1.1/ODRL-11.pdf. p. 5



Concept of “context” adds unique identifiers and relevant information about any entity or the relationship between entities. “Roles” are an explicit attribute of parties (rights holders and end users). Rights for a single asset can be layered by party role.

Rights holders have explicit royalty attributes

Requirements and conditions can have boolean (“and” Requirements and conditions can have boolean (“and” “or”) logic“or”) logic

ODRL Highlights and Issues


Rights can be assigned to assets based on physical format (support for rights layered by physical or digital “manifestation,”) or subparts. “Quality” and “Format” are explicit attributes.

Language is very functional but lightweight and eye-readable. Technologies and protocols (“middleware”) to accomplish rights transactions is not specified.

“Transfer” permission explicitly embeds permissions to be passed on for downstream asset use, together with attributes “equal,” “less,” and “notgreater.”

Can imbed other MD schemas via namespaces

ODRL Highlights and Issues


Identifying the User as an authorized registrant in Identifying the User as an authorized registrant in the course, “301 History of Film”the course, “301 History of Film”

XrML and ODRL Comparison:


XrMLXrML

<grant> <keyholder licensePartId=“301 History Of Film Registrant"> <info> <dsig:KeyValue> <dsig:RSAKeyValue> <dsig:Modulus>n4rtmxz5/2x1uioP598tyu89olk /> <dsig:Exponent>AQABAA</dsig:Exponent> </dsig:RSAKeyValue> </dsig:KeyValue> </info> </cx:keyholder>


<possessProperty /> <library:identification> <library:scheme>http://www.history.rutgers.edu/301HistoryOfFilm/registration </library:scheme> <library:value>student</library:value> </library:identification> </grant>


ODRL ODRL

<o-ex:constraint id=“301 History Of Film Registrant"> <o-ex:group> <o-ex:context> <o-dd:uid> http://www.history.rutgers.edu/301HistoryOfFilm/registration

</o-dd:uid> </o-ex:context> </o-ex:group></o-ex:constraint>


Offer to registrant:Offer to registrant:

permission to view “Casablanca” for three weeks, permission to view “Casablanca” for three weeks, from first access.from first access.


<grant> <for all varName=“301 History of Film registrant”> <everyone> <library:identification>

<library:scheme> http://www.history.rutgers.edu/301HistoryOfFilm/registration </library:scheme>

<library:value>student</library:value> </library:identification> <trustedIssuer> <keyHolder licensePartIdRef="trustedissuer” /> </trustedIssuer> </everyone> </forAll><keyHolder varRef=“301 History of Film Registrant”>

XrMLXrML


<grant> <sx: play/>

<cx:digitalWork licensePartIdRef=“Casablanca"/><sx:validityIntervalFloating> <sx:stateReference>

<uddi> <serviceKey> <uuid>1F8903B0-FC03-4c5b-A445-

AAFCCEC01333 </uuid>

</serviceKey> </uddi></sx:stateReference></sx:validityIntervalFloating>

</grant>

XrMLXrML


ODRLODRL<o-ex:permission> <o-ex:asset idref=“Casablanca /> <o-dd:play> <o-ex:constraint idref=“301HistoryOfFilmRegistrant" type="http://odrl.net1.1#forEachMember” /> <o-ex:constraint> <o-dd:interval>PT90D</o-dd:interval> /o-ex:constraint> </o-dd:play></o-ex:permission>

Date post:	27-Mar-2015
Category:	Documents
Upload:	daniel-malloy
View:	221 times
Download:	0 times