Digital Rights Management with XML

Eamonn NeylonTechnology Director

The YRM Group

Information Commerce

"In the digital world all transactions are rights transactions"

Sally Morris, ALPSP

DRM Definitions Trusted exchange of digital content The management of digital rights and

the digital management of rights Protection of content to ensure that only

allowed operation will be performed The latest investment craze of venture

capitalists with money to burn in the States

A Pandora’s Box with fundamental consequences for the future of mankind

Types of rights Statutory – those rights provided by

legislation such as fair use and moral rights

Contractual – ensure that content is used within the limits established by the licensor

Permissions – extending usage beyond that conferred by right of sale or license for a one time use such as copying

Subrights – a portion of a copyright that is sold outright and transferred such as a translation or territorial exploitation

Negotiating Permissions Need to express both bibliographic

metadata and available rights metadata Context of use is usually a factor in

determining price and rights determined by the rightsholder

A particular type of license is constructed as the result of a permissions transaction

Distribution of monies collected makes transactions expensive to process (this role is often assumed by RROs using mandates)

Expressing granted rights Vocabulary for specifying what is being

bought or licensed Selling confers statutory rights whereas

licensing allows the explicit specification of what a user can do with content exchanged

It is necessary to uniquely identify the parties involved in a transaction and the content that is being licensed

Rights languages ContentGuard’s XrML available licensable

specification for XML based on work conducted at Xerox PARC

Assumes that all rights are unified under publisher – only occurs at point of creation

Can a vocabulary be protected by license – implications for all XML applications

Open Digital Rights Language (ODRL) proposed by IPR Systems to W3C - workshop in January 2001 with an aim for recommendation

Consumer

Protectedcontent

Rights &

Conditions

Prices &

Business models

Author / Artist

Originalcontent

Create Package & Protect SellView / Play

Digital Rights Management using

eTailer / Clearinghouse

Protectedcontent

Rights &Conditions

Publisher

Protectedcontent

Rights &Conditions

Prices &Business models

ClearRights &

PermissionsDistributeAggregate

Comparing XrML and ODRL Both are concerned with usage rights rather

than access rights They have very different governance models

– XrML is licensed intellectual property; ODRL seeks to be an open development

They have different levels of maturity – XrML is the result of many years development by Mark Steffik and now Xin Wang; ODRL is a proposal to W3C to be considered

XrML Example – EBX Voucher

<?xml version="1.0"?>

<!DOCTYPE XrML SYSTEM "ebx10-xrml.dtd">

<XrML>

<BODY type = "EBX" version="1.0">

<ISSUED>2000-06-07T8:30</ISSUED>

<TIME><FROM>2000-06-07T8:30</FROM><UNTIL>2001-06-07T8:30</UNTIL></TIME>

<DESCRIPTOR parentID="4d79ff1:e190afe163:-8000:df06d62">

<OBJECT type="EBX 1.0 Rights">

<ID type="CG-XrML-ID">1234-5678-ABCD-EFGH</ID>

<NAME>Usage Rights from Publisher XYZ</NAME>

<ADDRESS type="url">"http://rights.contentguard.com/1234-5678-ABCD-EFGH"</ADDRESS>

</OBJECT>

</DESCRIPTOR>

<ISSUER><OBJECT type="Publisher"><ID type="CG-Principal-ID">ABCD-1234</ID><NAME>XYZ</NAME></OBJECT>

<PUBLICKEY><ALGORITHM>DSA</ALGORITHM><PARAMETER name="Key Size"><VALUE encoding="integer32">512</VALUE></PARAMETER>

<PARAMETER name="first modulus"><VALUE encoding="base64" size="512">6eP+IDQFwjIz5XSFBV+NBF0eN ... </VALUE></PARAMETER>

<PARAMETER name="power"><VALUE encoding="base64" size="512">uuBciQnJ4xGaqRZ5AYoWRQ== ... </VALUE>

</PARAMETER>

<PARAMETER name="generator">

<VALUE encoding="base64" size="512">NdxoJ6mcIIAQVe6Droj2fxA= ... </VALUE></PARAMETER></PUBLICKEY>

</ISSUER>

<ISSUEDPRINCIPALS><PRINCIPAL><OBJECT type="Person"><ID type="licensed user">92840-AA9-39849-00</ID><NAME>John Doe</NAME></OBJECT>

ODRL Example – EBX Voucher

<?xml version=“1.0”?>

<ebx:voucher xmlns:ebx=“http://ebxwg.org/voucher/0.8/” xmlns=“http://odrl.net/0.7/” xmlns:xlink=“http://www.w3.org/1999/xlink”

xmlns:onix=“http://www.editeur.org/onix-i/Ref-Names/”>

<rights>

<admin><remark> Info about the Voucher </remark><datetime start=“2000-06-07” end=“2001-06-07”/></admin>

<asset ID=“Ebook-0001”><remark> The product ID info </remark><uid idscheme=“ISBN”> 0201433354 </uid><name> XML: A Managers Guide </name></asset>

<reward ID=“RH-PUB-1”>

<remark> The Rights Holders info </remark>

<party><uid idscheme=“URL”> http://www.awl.com/ </uid><name> Addison-Wesley </name><role> Publisher </role></party>

<reward>

<usage ID=“US-DIST-1”>

<remark> Usage Rights for the Distributor </remark>

<asset xlink:href=“#Ebook-0001”>

<reward xlink:href=“#RH-DIST-1”>

<sell><constraint> <count start=“0” end =“5000”/> </constraint><narrow/></sell>

<constraint>

<remark> The Distributor has Sell rights only </remark>

<group><uid idscheme=“CG-ID”> ABDC-1234 </uid><name> XYZ </name></group>

</usage>

<usage ID=“EU-00001”>

<remark> Usage Rights for a typical End User</remark>

<asset xlink:href=“#Ebook-0001”>

<reward xlink:href=“#RH-DIST-1”>

Metadata approach Metadata is information about things – in the

case of rights the metadata describes the resource being considered

Metadata provides a consistent view to serve a particular purpose requiring multiple representations of intuitive models

There is much research into good metadata formulation such as the indecs framework project

Standards groups developing metadata schema include MPEG, SDMI and Dublin Core

Need to identify components Unique identifiers required to track and

authenticate resources, parties and transactions

Identifying personas is needed to establish contexts and allow non-repudiation

Identifiers can operate at different levels of abstraction such as the work, the expression, the format or the instance

Digital Object Identifier accommodates other identification standards and is consistently actionable

Technical implementations Digital watermarking allows open distribution

but requires legal measures to enforce copyright

Access controls achieved through user authentication requiring trust which can be established using digital certificates

Usage control through content wrappers – outside-in and inside-out protection solutions

Superdistribution, the packaging of content for sharing, requires the dynamic negotiation of rights

Is there a forum for describing consumer de facto rights ? Legislation and common practice

determines what statuatory rights consumers have

Digital Millennium Copyright Act outlaws circumventing copy protection mechanisms

Exceptions include access for fair use, and research into cryptography

Access controls and first sale doctrine – is this applicable to digital works

Conclusions The detailed management of rights are

currently not a priority for publishers A substantial industry is growing around the

protection and transaction of media assets The traditional publishing industry will

embrace digital rights management when the publishers business models are supported

Eventually rights management will become part of the operating system as with television broadcast systems

The YRM Group

John Eccles House, Oxford Science Park, Oxford OX4 4GP

01865 338011