View
221
Download
0
Category
Tags:
Preview:
Citation preview
Introduction to Introduction to Digital Rights Digital Rights ManagementManagement
Grace AgnewSURA/ViDe Digital Video Conference
March 2004
Digital Rights Management Definitions
DRM ActionAuthorization decision based on intersection of attributes about user, content and usage
DRM SystemDigital application to apply and enforce organizational policies for the access and use of IP
Essential DRM Components
Directory Services supporting authentication and authorization; Rights Expression; Rights Enforcement
METADATA FOR DIGITAL RIGHTS
Intellectual Property Rights
Right of ownership and control of products of the creator’s mind. WTO-supported
Essential DRM Components
Directory Services:
Identity Management
Authentication
Authorization (Role-based Access Control)
Procedures for establishing and maintaining identity including format, database structure, privacy and confidentiality
Determining that the user requesting a service has the required (“authentic”) identity through a secured system
Determining that the authenticated user possesses the authorized role to access a service or object. (e.g. student registered in History 101”)
METADATA FOR DIGITAL RIGHTS
Federated DRM
“Community of Trust”:
Common understanding. Shared agreement and enforcement among community members. Ex: Copyright
“Trusted Systems”
Standardized, shared technologies for establishing and enforcing DRM
Essential DRM Components
Identity Management:
METADATA FOR DIGITAL RIGHTS
Privacy: Whether the user’s identity is exposed
Confidentiality: Whether the user’s activities are exposed
Trust: Authenticates any entity in a rights transaction—rights holder, rights requester and the content being requested.
“Developing architectures, policy structures, practical
technologies, and an open source implementation to
support inter-institutional sharing of web resources
subject to access controls.”
Enabling Technology: Internet2 Shibboleth Project
Source: Shibboleth Project:
http://shibboleth.internet2.edu
METADATA FOR DIGITAL RIGHTS
Why Shibboleth?
Active privacy a core principle
Emphasis on federated administration
Emphasis on flexible yet secure access
Establishes trust communities
Open source with active community development
Maturing project with increasing use in higher education and educational collaborations (e.g. NSF’s National Science Digital Library)
Utilizes mature, open source applications and standards, such as LDAP (lightweight directory access protocol
METADATA FOR DIGITAL RIGHTS
How Shibboleth Works
User requests a Shib-requested resource
Shib-protected resource
User is directed back to home institution to authenticate
Home institution generates a temporary “handle” for user – “active privacy”—”authenticated RU faculty member” not “John Smith”
1 23
How Shibboleth Works
User receives access to resource
Shib-protected resource
Uses temporary handle to request further attributes about the user (e.g., teaching in interinstitutional program with valid access to relevant e-resources at either institution
User’s home institution provides necessary attribute
4
5
6
The Structure of Information (IFLA)
Work
Expression Expression
Distinct intellectual or
artistic creation
Intellectual or artistic realization of a work (“interpretation”)
ManifestationManifestation Manifestation
ItemUnique physical
instance of a manifestation.
Physical manifestation of an expression. May differ in physical format, but not in content or interpretation
Issues for Trust and AuthenticityIssues for Trust and Authenticity
Key “Work” Concepts for Community Key “Work” Concepts for Community DefinitionDefinition
o Copy – identical in the abstract and the concrete
o Version – Intellectual content unchanged—concrete presentation differs (format, language)
oRevision – revisions should not impact reuse, according to community
o Edition – substantially the same but revisions impact use according to community policy. Attributes –expanded, reduced policy.
o Adaptation – object based on theme or premise of another object. Community decision how granular the attribution should be.
oDerivation – Theme or premise of original object is starting point for new object
o
Digital Provenance record in RUL repositoryDigital Provenance record in RUL repository
“Lots of Copies Keep Stuff Safe”
Stanford-initiated project—currently applied to e-journals—that uses a peer-to-peer network to create a “selective web cache” by polling a web journal at intervals, storing content, and providing to authorized local users.
Implications for DRM—Implications for DRM—Robust access through distributed, redundant management—beyond the rights holder or the authorized distributor.
Rights Expression Languages in DRMRights Expression Languages in DRM
Rights Expression Language:Rights Expression Language:
Documents offers & agreements between rights holders, intermediaries, and end users, providing rights to license, distribute, access and use resources.
Communicates rights, conditions on the exercise of rights, and other context relevant to the rights transactions.
Rights Expression Languages in DRMRights Expression Languages in DRM
Defines the parties and concepts engaged in offers or agreements for the exercise of rights that are exercised against content.
Expresses the underlying business model(s) of the community sharing the DRM.
Employs data dictionary and a standard syntax to provide interoperable, logically consistent, semantically precise documentation for rights transactions
Should be human and machine interpretable
Rights Expression Languages in DRMRights Expression Languages in DRM
RIGHTSRIGHTS Rights, Constraints, Agents and terms of agreement - tied to core IP processes - map readily.
EXPRESSIONEXPRESSION Logic for expressing IP offerings and licenses complex and incompatible - requires advanced parsing.
LANGUAGELANGUAGE XML provides common framework, grammar and syntax. Use of multiple schemas and subschemas adds parsing complexity
Rights Expression Languages in DRMRights Expression Languages in DRM
PassiveDocuments the copyright status
Identifies the rights holder
May provide guidance on attribution, reuse
Active Documents and enforces permissions to be granted to the user, often after conditions are met or constraints imposed. Enforcement can be at point of access to content or prior to access.
Rights Expression Implementations
Rights Expression Languages in DRMRights Expression Languages in DRM
Examples of Passive DRM: Creative Commons
Rights Expression Languages in DRMRights Expression Languages in DRM
Examples of Passive DRM: Rutgers Libraries RM
UserDescription
Rights Holder
Authentication
Rights
Video
Object
Permission
Administration
Authorization
Active Rights Management
Rights Expression Languages in DRMRights Expression Languages in DRM
Rights Expression Languages in DRMRights Expression Languages in DRM
Other resource metadata:Administrative metadata:
-- provenance, fixity, context, reference, structure, and management. Rights MD may be a subset
Descriptive Metadata: information to discover, identify, select and obtain the resource
Structural metadata: Information a bout the structured relationship between components of a complex object.
Rights Expression Languages in DRMRights Expression Languages in DRM
REL in Context: Integration of Administrative, Descriptive, Structural & Rights
Metadata: integrated lifecycle management
insures consistency of content information across applications Supports user decision-making in resource discovery and selection Supports complex content management - shared repositories, content
versioning; downstream management, multiple manifestations; multipart objects, etc.
Provides encoding and transmission of descriptive, administrative and structural metadata using XML
Provides for transmission of metadata.
Associates structure map, file types and behaviors with digital objects to provide “intelligent” complex objects - e.g. E-Journal with machine and human recognizable “table of contents,” “abstract,” “citation,” etc.
Metadata schema providing simple rights declaration issued for comment (Aug. 2003
METS: METS: Metadata Encoding & Transmission Metadata Encoding & Transmission StandardStandardhttp://www.loc/gov/standards/mets/http://www.loc/gov/standards/mets/
Rights Expression Languages in DRMRights Expression Languages in DRM
Rights Expression Languages in DRMRights Expression Languages in DRM
METS IMPLEMENTATIONMETS IMPLEMENTATION
Policies; Terms of Agreement and Offer;
Rights & Conditions
Identification of Agents/Roles
RELRELDRM System
USERUSER
Descriptive &
Admin MD
ResourceResource
Rights Expression Languages in DRMRights Expression Languages in DRM
Rights Expression Languages in DRMRights Expression Languages in DRM
Issues for Rights Metadata in R&E
Many IP models, including: open availability/public domain; educational fair use; e-commerce; archival materials with unclear provenance; government records/collaborations with retention schedules and classification statuses; copyright; patentable ideas, complex collaborations, etc.
Creators closely bound to IP - want and need active involvement in setting rights; revising rights.
Many agents with complex creation, publication, distribution roles. Resources are also varied, complex and dynamic
Rights Expression Languages in DRMRights Expression Languages in DRM
Two Developed languages: XrML and ODRL
XrMLXrML - Extensible Rights Markup Language- Extensible Rights Markup Language
www.xrml.orgwww.xrml.org
• Current version - 2.0 (2001-11-20)
• Developed from Xerox PARC’s Digital Property Rights Language (1996)
• ContentGuard - Patent/License owner; language developer
Rights Expression Languages in DRMRights Expression Languages in DRM
XrML Core Concepts:XrML Core Concepts:
License License - container of grants or grantgroups. - container of grants or grantgroups.
•Grant Grant - - bestows authorization to exercise rightbestows authorization to exercise right
• Principal Principal - - actors to whom rights are granted
• RightRight - - action that a principal can exercise on a resource
• ResourceResource - - object for which rights are granted
• Condition Condition - “- “terms, conditions or obligations” that affect the exercising of a right.
License
Contains Grants
authorize
Principals
Exercise
Right(s)
Subject to Conditions
Resource
Issued by Principals
Rights Expression Languages in DRMRights Expression Languages in DRM
XrMLXrML
Rights Expression Languages in DRMRights Expression Languages in DRM
XrML – Three Schemas
Core schema - Specifies semantics and rules for licenses, grants, core resource types and core rights related to licenses and grants
Standard Extension Schema - types and extensions for multiple scenarios (“sx”), particularly payment, conditions, and names.
Content extension schema - types and elements for describing rights, conditions and metadata specific to digital works. (cx)
Rights Expression Languages in DRMRights Expression Languages in DRM
XrML Highlights and Issues:
Integrates XML core technologies in a “hybrid” language/middleware implementation.
Xpath, UDDI, Dsig, etc. integrated into the rules of expression and syntax- requires careful versioning across technologies.
Emphasis on end-to-end “trusted systems” from digital signatures for licenses to direct payment to bank accounts.
Requires stateful conditions to point to location where state is maintained.
Rights Expression Languages in DRMRights Expression Languages in DRM
XrML Highlights and Issues:XrML Highlights and Issues:
Core concept of “trusted issuer” - digital signature for license integrity
“Hybrid language” is dense, not always eye-readable or hand-codable.
Can be intentionally opaque - rights and conditions can be referenced by directory pointers rather than explicit.
Patent issues with XrML license
Widespread adoption—MPEG21, Open EBook
Rights Expression Languages in DRMRights Expression Languages in DRM
Very functional and extensible -strong data integrity support; usage tracking; nested rights and conditions, downstream rights; preconditions, such as acceptance of terms and conditions and license revocation status calls;
Can imbed other MD schemas via namespaces; community extension schemas supported;
Copyright, attribution and watermarking supported.
XrML Highlights and Issues:XrML Highlights and Issues:
Rights Expression Languages in DRMRights Expression Languages in DRM
MPEG-21: Multimedia Framework:
Based on two concepts:
“Fundamental unit of Distribution and Transaction”—the Digital Item
Concept of Users interacting with Digital Items
Quoted From: MPEG-21 Home Page
http://www.chiariglione.org/mpeg/standards/mpeg-21/mpeg-21.htm
Rights Expression Languages in DRMRights Expression Languages in DRM
MPEG21 REL data model for a rights expression:
Four basic entities and the relationship among those entities.
This basic relationship is defined by the MPEG REL assertion “grant”, which consists of:
The principal to whom the grant is issued The right that the grant specifies The resource to which the right in the grant applies The condition that must be met before the right can be exercised “
http://www.chiariglione.org/mpeg/standards/mpeg-21/mpeg-21.htm
Rights Expression Languages in DRMRights Expression Languages in DRM
http://www.chiariglione.org/mpeg/standards/mpeg-21/mpeg-21.htm
MPEG-21 REL Data Model
Rights Expression Languages in DRMRights Expression Languages in DRM
ODRL - Open Digital Rights LanguageODRL - Open Digital Rights Language
http://odrl.nethttp://odrl.net
Developed and Managed by IPR Systems (Renato Iannella)
Current version: 1.1 (2002-08-08)
Open source - freely available
Rights Expression Languages in DRMRights Expression Languages in DRM
ODRL Core Concepts:ODRL Core Concepts:
Asset - uniquely-identified content
Rights - include permissions to interact with assets, which can include constraints (limits), conditions (exceptions that expire permissions) and requirements (obligations that must be met before permissions can be exercised.
Parties - end users who exercise permissions and rights holders who grant permissions (subject to constraints and conditions)
ODRL Schemas:ODRL Schemas:
Expression language (“ex”)
Data Dictionary language (“dd”)
“ODRL supports the expression of Permissions for both Offers and Agreements”
Ianella, R. Open Digital Rights Language (ODRL) v. 1.1 2002-08-08. http://odrl.net/1.1/ODRL-11.pdf. p. 5
Rights Expression Languages in DRMRights Expression Languages in DRM
Rights
Agreement Context
PartyRights Holder
Permission
Constraint
Requirement
Condition
Offer
ODRL - Adaptation of “ODRL Foundation Model”
Open Digital Rights Language (ODRL) v. 1.1 2002-08-08. http://odrl.net/1.1/ODRL-11.pdf. p. 4
Rights Expression Languages in DRMRights Expression Languages in DRM
Ianella, R. Open Digital Rights Language (ODRL) v. 1.1 2002-08-08. http://odrl.net/1.1/ODRL-11.pdf. p. 5
Rights Expression Languages in DRMRights Expression Languages in DRM
Rights Expression Languages in DRMRights Expression Languages in DRM
Concept of “context” adds unique identifiers and relevant information about any entity or the relationship between entities. “Roles” are an explicit attribute of parties (rights holders and end users). Rights for a single asset can be layered by party role.
Rights holders have explicit royalty attributes
Requirements and conditions can have boolean (“and” Requirements and conditions can have boolean (“and” “or”) logic“or”) logic
ODRL Highlights and Issues
Rights Expression Languages in DRMRights Expression Languages in DRM
Rights can be assigned to assets based on physical format (support for rights layered by physical or digital “manifestation,”) or subparts. “Quality” and “Format” are explicit attributes.
Language is very functional but lightweight and eye-readable. Technologies and protocols (“middleware”) to accomplish rights transactions is not specified.
“Transfer” permission explicitly embeds permissions to be passed on for downstream asset use, together with attributes “equal,” “less,” and “notgreater.”
Can imbed other MD schemas via namespaces
ODRL Highlights and Issues
Rights Expression Languages in DRMRights Expression Languages in DRM
Identifying the User as an authorized registrant in Identifying the User as an authorized registrant in the course, “301 History of Film”the course, “301 History of Film”
XrML and ODRL Comparison:
Rights Expression Languages in DRMRights Expression Languages in DRM
XrMLXrML
<grant> <keyholder licensePartId=“301 History Of Film Registrant"> <info> <dsig:KeyValue> <dsig:RSAKeyValue> <dsig:Modulus>n4rtmxz5/2x1uioP598tyu89olk /> <dsig:Exponent>AQABAA</dsig:Exponent> </dsig:RSAKeyValue> </dsig:KeyValue> </info> </cx:keyholder>
Rights Expression Languages in DRMRights Expression Languages in DRM
<possessProperty /> <library:identification> <library:scheme>http://www.history.rutgers.edu/301HistoryOfFilm/registration </library:scheme> <library:value>student</library:value> </library:identification> </grant>
Rights Expression Languages in DRMRights Expression Languages in DRM
ODRL ODRL
<o-ex:constraint id=“301 History Of Film Registrant"> <o-ex:group> <o-ex:context> <o-dd:uid> http://www.history.rutgers.edu/301HistoryOfFilm/registration
</o-dd:uid> </o-ex:context> </o-ex:group></o-ex:constraint>
Rights Expression Languages in DRMRights Expression Languages in DRM
Offer to registrant:Offer to registrant:
permission to view “Casablanca” for three weeks, permission to view “Casablanca” for three weeks, from first access.from first access.
Rights Expression Languages in DRMRights Expression Languages in DRM
<grant> <for all varName=“301 History of Film registrant”> <everyone> <library:identification>
<library:scheme> http://www.history.rutgers.edu/301HistoryOfFilm/registration </library:scheme>
<library:value>student</library:value> </library:identification> <trustedIssuer> <keyHolder licensePartIdRef="trustedissuer” /> </trustedIssuer> </everyone> </forAll><keyHolder varRef=“301 History of Film Registrant”>
XrMLXrML
Rights Expression Languages in DRMRights Expression Languages in DRM
<grant> <sx: play/>
<cx:digitalWork licensePartIdRef=“Casablanca"/><sx:validityIntervalFloating> <sx:stateReference>
<uddi> <serviceKey> <uuid>1F8903B0-FC03-4c5b-A445-
AAFCCEC01333 </uuid>
</serviceKey> </uddi></sx:stateReference></sx:validityIntervalFloating>
</grant>
XrMLXrML
Rights Expression Languages in DRMRights Expression Languages in DRM
ODRLODRL<o-ex:permission> <o-ex:asset idref=“Casablanca /> <o-dd:play> <o-ex:constraint idref=“301HistoryOfFilmRegistrant" type="http://odrl.net1.1#forEachMember” /> <o-ex:constraint> <o-dd:interval>PT90D</o-dd:interval> /o-ex:constraint> </o-dd:play></o-ex:permission>
Recommended