View
214
Download
0
Category
Tags:
Preview:
Citation preview
Rights Metadata: XrML and ODRL for Digital Video
Mairéad Martin University of TennesseeDoug Pearson Indiana University
August 15, 2001
Overview Digital Rights Management:
Definition and current landscape XrML ODRL Q&A
SEAM: Secure Econtent Attribute Management
Goal: To develop a dynamic, portable and granular rights management tool that will ensure the security and integrity of digital objects
Integrates XML-based rights language, digital objects, and digital access technologies
Digital Rights Management Management vs. enforcement of
rights
“Digital management of rights” vs. “Management of digital rights”
Players: <Indecs>,W3C, EBX, MPEG, ContentGuard, IPR Systems
DRM Definition
“DRM involves the description, layering, analysis, valuation, trading and monitoring of an enterprise’s assets; both in physical and digital form; and of tangible and intangible value.”
- Renato Ianella, ODRL Version: 0.9
DRM Languages eXtensible Rights Markup Language
(XrML) Open Digital Rights Language
(ODRL) Extensible Media Commerce
Language (XCML)
Rights Language Requirements Applicable and interoperable across media Integration with descriptive metadata Extensible Efficient in open or trusted systems Supports modularity and granularity Capacity to be integrated with trust and
tracking systems Open and non-proprietary
What is XrML?
eXtensible rights Markup Language
“A language in XML for describing specification of rights, fees and conditions for using digital contents (or properties), together with message integrity and entity authentication within these specifications.”
Intent of XrML
“[XrML] is intended to support commerce in digital contents, that is, publishing and selling electronic books, digital movies, digital music, interactive games, computer software and other creations distributed in digital form. It is also intended to support specification of access and use controls for secure digital objects in cases were financial exchange is not part of the terms of use.”
Trusted Systems
XrML enables trusted systems to exchange digital contents and interoperate.
A trusted system is a server, player or other device for holding or accessing digital content, which can be trusted to honor the rights, conditions and fees specified for digital contents.
Who Controls XrML?
XrML is licensed to the industry royalty-free by the developer, ContentGuard, Inc.
ContentGuard is a spin-off from Xerox; with strategic alliances and investment from Xerox and Microsoft. Xerox is the majority investor.
Microsoft considers XrML a key component of its DRM strategy.
Who’s using XrML?
Microsoft uses XrML to specify rights and content descriptions for licensing eBooks. The Microsoft Digital Asset Server uses the rights and content descriptions to issue a personalized LIT file to the consumer’s Microsoft Reader.
“XrML -The Technology Standard for Trusted Systems…”
http://www.xrml.org/about.htm
“A mature eContent marketplace requires a standard language…”
“XrML - forging the standard on which the eContent industry depends”
“Trusted systems require a standard. That standard – XrML…”
“Meeting the criteria demanded of an open standard…”
“An industry standard for creation of terms and conditions associated with the use and protection of eContent, XrML is licensed on a royalty-free basis…”
Is XrML an Open Standard?
ContentGuard declares commitment to “promoting and supporting a standard language that will enable content creators, providers, distributors and retailers to express rights and specifications…”
Is XrML an Open Standard?Guiding Principles: Enable XrML to meet the needs of all
stakeholders in the eContent industry Establish a community of practice
committed to develop a common rights language
Enable interoperability Encourage interested parties to submit and
share XrML Mods with the community of practice
Is XrML an Open Standard?
XrML is not an “open standard”.
Rather, XrML is an attempt to build an industry standard with a published specification and encouragement to a community of practice.
ContentGuard Patents
"System for Controlling the Distribution and Use of Digital Works Using Digital Tickets." (US Patent 6,236,971)
"System for Controlling the Distribution and Use of Digital Work Having Attached Usage Rights Where the Usage Rights are Defined by a Usage Rights Grammar" (US Patent 5,715,403)
"System for Controlling the Distribution and Use of Composite Digital Works" (US Patent 5,638,443)
"System for Controlling the Distribution and Use of Digital Works Having a Free Reporting Mechanism" (US Patent 5,634,012)
"System for Controlling the Distribution and Use of Digital Works" (US Patent 5,629,980)
"Interactive Contents Revealing Storage Device" (US Patent 5,530,235)
"System for Controlling the Distribution and Use of Rendered Digital Works through Watermarking" (US Patent 6,233,684)
<XrML><BODY>
(ISSUED)?(TIME)?(DESCRIPTOR)?(ISSUER)?(ISSUEDPRINCIPALS)?(WORK)?(AUTHENTICATEDATA)?
</BODY>(SIGNATURE)?
</XrML>
<XrML><BODY>
(ISSUED)?(TIME)?(DESCRIPTOR)?(ISSUER)?(ISSUEDPRINCIPALS)?(WORK)?(AUTHENTICATEDATA)?
</BODY>(SIGNATURE)?
</XrML>
Within the root XrML is a mandatory element BODY and an optional element SIGNATURE.
<XrML><BODY>
(ISSUED)?(TIME)?(DESCRIPTOR)?(ISSUER)?(ISSUEDPRINCIPALS)?(WORK)?(AUTHENTICATEDATA)?
</BODY>(SIGNATURE)?
</XrML>
SIGNATURE is the digital signature to insure integrity of the XRML specification
<XrML><BODY>
(ISSUED)?(TIME)?(DESCRIPTOR)?(ISSUER)?(ISSUEDPRINCIPALS)?(WORK)?(AUTHENTICATEDATA)?
</BODY>(SIGNATURE)?
</XrML>
BODY consists of an optional description of the digital WORK and some optional metadata about the XrML document.
<XrML><BODY>
(ISSUED)?(TIME)?(DESCRIPTOR)?(ISSUER)?(ISSUEDPRINCIPALS)?(WORK)?(AUTHENTICATEDATA)?
</BODY>(SIGNATURE)?
</XrML>
ISSUED is the time at which the the XrML document was issued.
<XrML><BODY>
(ISSUED)?(TIME)?(DESCRIPTOR)?(ISSUER)?(ISSUEDPRINCIPALS)?(WORK)?(AUTHENTICATEDATA)?
</BODY>(SIGNATURE)?
</XrML>
TIME is the time interval over which the XrML document is valid.
<XrML><BODY>
(ISSUED)?(TIME)?(DESCRIPTOR)?(ISSUER)?(ISSUEDPRINCIPALS)?(WORK)?(AUTHENTICATEDATA)?
</BODY>(SIGNATURE)?
</XrML>
DESCRIPTOR is a description of the XrML document – what this document represents.
<XrML><BODY>
(ISSUED)?(TIME)?(DESCRIPTOR)?(ISSUER)?(ISSUEDPRINCIPALS)?(WORK)?(AUTHENTICATEDATA)?
</BODY>(SIGNATURE)?
</XrML>
ISSUER is the principle who issues the XrML document.
<XrML><BODY>
(ISSUED)?(TIME)?(DESCRIPTOR)?(ISSUER)?(ISSUEDPRINCIPALS)?(WORK)?(AUTHENTICATEDATA)?
</BODY>(SIGNATURE)?
</XrML>
ISSUED-PRINCIPALS is a list of the principals the XrML document is issued to.
<XrML><BODY>
(ISSUED)?(TIME)?(DESCRIPTOR)?(ISSUER)?(ISSUEDPRINCIPALS)?(WORK)?(AUTHENTICATEDATA)?
</BODY>(SIGNATURE)?
</XrML>
AUTHENTICATE-DATA captures data which is necessary for an application which processes a XrML document.
<XrML><BODY>
(ISSUED)?(TIME)?(DESCRIPTOR)?(ISSUER)?(ISSUEDPRINCIPALS)?(WORK)?(AUTHENTICATEDATA)?
</BODY>(SIGNATURE)?
</XrML>
WORK defines a digital work and its usage rights.
<WORK>(OBJECT)(DESCRIPTION)?(CREATOR)?(OWNER)?(DIGEST)?(PARTS)?(CONTENTS)?(COPIES)?(COMMENT)?(SKU)?(RIGHTSGROUP |
REFERENCEDRIGHTSGROUP)+</WORK>
<WORK>(OBJECT)(DESCRIPTION)?(CREATOR)?(OWNER)?(DIGEST)?(PARTS)?(CONTENTS)?(COPIES)?(COMMENT)?(SKU)?(RIGHTSGROUP |
REFERENCEDRIGHTSGROUP)+</WORK>
OBJECT identifies the digital object of the WORK through a unique identifier such as ISBN or ISSN number.
<WORK>(OBJECT)(DESCRIPTION)?(CREATOR)?(OWNER)?(DIGEST)?(PARTS)?(CONTENTS)?(COPIES)?(COMMENT)?(SKU)?(RIGHTSGROUP |
REFERENCEDRIGHTSGROUP)+</WORK>
Self explanatory.
<WORK>(OBJECT)(DESCRIPTION)?(CREATOR)?(OWNER)?(DIGEST)?(PARTS)?(CONTENTS)?(COPIES)?(COMMENT)?(SKU)?(RIGHTSGROUP |
REFERENCEDRIGHTSGROUP)+</WORK>
DIGEST uses a cryptographic digest value of the work to insure integrity and originality of the work.
<WORK>(OBJECT)(DESCRIPTION)?(CREATOR)?(OWNER)?(DIGEST)?(PARTS)?(CONTENTS)?(COPIES)?(COMMENT)?(SKU)?(RIGHTSGROUP |
REFERENCEDRIGHTSGROUP)+</WORK>
PARTS specifies a list of works that are included as part of this WORK.
<WORK>(OBJECT)(DESCRIPTION)?(CREATOR)?(OWNER)?(DIGEST)?(PARTS)?(CONTENTS)?(COPIES)?(COMMENT)?(SKU)?(RIGHTSGROUP |
REFERENCEDRIGHTSGROUP)+</WORK>
CONTENTS gives the starting and stopping addresses which the rights in the WORK specification apply.
<WORK>(OBJECT)(DESCRIPTION)?(CREATOR)?(OWNER)?(DIGEST)?(PARTS)?(CONTENTS)?(COPIES)?(COMMENT)?(SKU)?(RIGHTSGROUP |
REFERENCEDRIGHTSGROUP)+</WORK>
COPIES specifies the number of copies of the digital work. It’s possible to transfer or loan a copy while exercising other rights on remaining copies.
<WORK>(OBJECT)(DESCRIPTION)?(CREATOR)?(OWNER)?(DIGEST)?(PARTS)?(CONTENTS)?(COPIES)?(COMMENT)?(SKU)?(RIGHTSGROUP |
REFERENCEDRIGHTSGROUP)+</WORK>
Stock Keeping Unit. Is included for extensibility; typically for use by retailer or distributor.
<WORK>(OBJECT)(DESCRIPTION)?(CREATOR)?(OWNER)?(DIGEST)?(PARTS)?(CONTENTS)?(COPIES)?(COMMENT)?(SKU)?(RIGHTSGROUP |REFERENCEDRIGHTSGROUP)+
</WORK>
Rights specification.
<RIGHTSGROUP>(COMMENT)?(BUNDLE)?(RIGHTSLIST)
</RIGHTGROUP>
One or more RIGHTSGROUP may exist; according to logical collections of rights for groups of users.
<RIGHTSGROUP>(COMMENT)?(BUNDLE)?(RIGHTSLIST)
</RIGHTGROUP>
Each right may separately specify parameters such as time limits, fees, access conditions. Shared parameters may be bundled.
<!ELEMENT RIGHTSLIST ((COPY | TRANSFER | LOAN |PLAY | PRINT | EXPORT | VIEW |EDIT | EXTRACT | EMBED |BACKUP | RESTORE | VERIFY | FOLDER | DIRECTORYDELETE | INSTALL | UNINSTALL)+)>
Classification of rights:
TransportRenderDerivative WorkFile ManagementConfiguration
Classification of rights:
TransportRenderDerivative WorkFile ManagementConfiguration
Governs the creation and movement of persistent copies of a work under the control of trusted repositories
COPY – create a new copy of a work
TRANSFER – an existing authorized copy moves to another repository
LOAN – loan a copy for a period of time
Classification of rights:
Transport
RenderDerivative WorkFile ManagementConfiguration
Governs the creation of representations of a digital work outside of the control of trusted systems.
PLAY – make an ephemeral copy available for use
PRINT – make permanent copies to external media
EXPORT – makes a digital source copy available outside of trusted system control
Classification of rights:
TransportRender
Derivative WorkFile ManagementConfiguration
Governs the reuse of a digital work, in whole or part, to create a new composite work. Not intended to cover all possible forms of reuse; rather automate the simple case where the rights owner can pre-determine fees and repository-testable conditions on a work.
EXTRACT, EDIT AND EMBED
Classification of rights:
TransportRenderDerivative Work
File ManagementConfiguration
Governs access to directory and file information in operations when two repositories are connected. E.g. when exercising rights that engage multiple repositories, such as TRANSFER or LOAN. Also, controls the making and restoring of backup copies.
FOLDER, DIRECTORY, DELETE, VERIFY, BACKUP
Classification of rights:
TransportRenderDerivative WorkFile Management
Configuration
Governs the adding and removing of system software from secure repositories.
INSTALL, UNINSTALL
<!ENTITY % termConditions“(TIME | ACCESS | FEE | TERRITORY | TRACK)+”>
XrML Definition for Microsoft eBook
Scenario:
On August 9, I purchased and downloaded a Microsoft Reader formatted eBook, Telecosm by George Gilder, from Amazon. The following XrML was included inside the .LIT file.
<XrML>
<BODY type="LICENSE" version="2.0">
<ISSUED>2001-08-09T19:27</ISSUED>
<DESCRIPTOR><OBJECT type="self-proving-EUL">
<ID type="MS-GUID">{B536F0B2-8755-4CF5-AE80-6E1F41A15A99}</ID></OBJECT>
</DESCRIPTOR>
<ISSUER><OBJECT type="Licensor-Certificate">
<ID type="MS-GUID">{EF649DC9-29A9-4EA8-9CF7-49A76C394407}</ID><NAME>Lightning Source, Inc.</NAME><ADDRESS type="URL">www.lightningsource.com</ADDRESS>
</OBJECT><PUBLICKEY><ALGORITHM>RSA-512</ALGORITHM><PARAMETER name="public exponent"><VALUE encoding="integer32">65537</VALUE></PARAMETER><PARAMETER name="modulus"><VALUE encoding="base64" size="512"i7rWoC+dyg...</VALUE></PARAMETER></PUBLICKEY>
</ISSUER>
<ISSUEDPRINCIPALS><PRINCIPAL internal-id="1">
<OBJECT type="MS Registration"><ID type="MS Registration ID">196608-…</ID><NAME>dodpears@indiana.edu</NAME>
</OBJECT><PUBLICKEY><ALGORITHM>RSA-512</ALGORITHM><PARAMETER name="public exponent"><VALUE encoding="integer32">65537</VALUE></PARAMETER><PARAMETER name="modulus"><VALUE encoding="base64" size="512">jykOvc...</VALUE></PARAMETER></PUBLICKEY>
</PRINCIPAL></ISSUEDPRINCIPALS>
<WORK>
<OBJECT type="BOOK-LIT-FORMAT"><ID type="SKU">074321594X</ID><NAME>074321594X</NAME>
</OBJECT>
<OWNER><OBJECT type="Licensor-Certificate">
<ID type="MS-GUID">{EF649DC9-29A9-4EA8-9CF7-49A76C394407}</ID><NAME>Lightning Source, Inc.</NAME><ADDRESS type="URL">www.lightningsource.com</ADDRESS>
</OBJECT><PUBLICKEY><ALGORITHM>RSA-512</ALGORITHM><PARAMETER name="public exponent"><VALUE encoding="integer32">65537</VALUE></PARAMETER><PARAMETER name="modulus"><VALUE encoding="base64" size="512">i7rWoC+dy...</VALUE></PARAMETER></PUBLICKEY>
</OWNER>
<WORK> [CONTINUED]
<RIGHTSGROUP name="Main Rights"><COMMENT>Rights description</COMMENT><RIGHTSLIST>
<VIEW><ACCESS>
<PRINCIPAL internal-id="1"><ENABLINGBITS type="sealed-des-key">
<VALUE encoding="base64" size="512">E75/0j...</VALUE></ENABLINGBITS>
</PRINCIPAL></ACCESS>
</VIEW></RIGHTSLIST>
</RIGHTSGROUP>
</WORK>
<AUTHENTICATEDDATA name="eBook 1.5 Authentication Data" size="160">0Gy1fRMXMm3pvpZakb3PVt4IVOA=
</AUTHENTICATEDDATA>
</BODY>
<SIGNATURE><DIGEST>
<ALGORITHM>SHA1</ALGORITHM><PARAMETER name="codingtype">
<VALUE encoding="string">surface-coding</VALUE></PARAMETER><VALUE encoding="base64" size="160">rXYVrtQ...</VALUE>
</DIGEST><VALUE encoding="base64" size="512">Jy1sGMtN9J...</VALUE>
</SIGNATURE>
</XrML>
<XrML>
<BODY type="LICENSE" version="2.0">
<ISSUED>2000-08-02T22:16</ISSUED>
<DESCRIPTOR><OBJECT type="Licensor-Certificate">
<ID type="MS-GUID">{EF649DC9-29A9-4EA8-9CF7-49A76C394407}</ID><NAME>Lightning Source, Inc.</NAME><ADDRESS type="URL">www.lightningsource.com</ADDRESS>
</OBJECT></DESCRIPTOR>
<ISSUER><OBJECT type="Corporation">
<ID type="MS-GUID">2</ID><NAME>Microsoft Corporation</NAME><ADDRESS type="URL">www.microsoft.com</ADDRESS>
</OBJECT><PUBLICKEY><ALGORITHM>RSA-512</ALGORITHM><PARAMETER name="public exponent"><VALUE encoding="integer32">65537</VALUE></PARAMETER<PARAMETER name="modulus"><VALUE encoding="base64" size="1024">5sqoaK...</VALUE></PARAMETER></PUBLICKEY>
</ISSUER>
<ISSUEDPRINCIPALS><PRINCIPAL internal-id="1">
<OBJECT type="Corporation"><ID type="MS-GUID">{EF649DC9-29A9-4EA8-9CF7-49A76C394407}</ID><NAME>Lightning Source, Inc.</NAME><ADDRESS type="URL">www.lightningsource.com</ADDRESS>
</OBJECT><PUBLICKEY><ALGORITHM>RSA-512</ALGORITHM><PARAMETER name="public exponent"><VALUE encoding="integer32">65537</VALUE></PARAMETER><PARAMETER name="modulus"><VALUE encoding="base64" size="512">i7rWoC+...</VALUE></PARAMETER></PUBLICKEY>
</PRINCIPAL></ISSUEDPRINCIPALS>
</BODY>
<SIGNATURE><DIGEST>
<ALGORITHM>SHA1</ALGORITHM><PARAMETER name="codingtype"><VALUE encoding="string">surface-coding</VALUE></PARAMETER><VALUE encoding="base64" size="160">IOYwWKd...</VALUE>
</DIGEST><VALUE encoding="base64" size="1024">pAcwJUWAuuN...</VALUE>
</SIGNATURE>
</XrML>
Open Digital Rights Language (ODRL) Developed by Renato Iannella of IPR
Systems (Australia) Expressed in XML Open source; submitted to W3C Goal: “will “plug into” an open
framework that enables P2P interoperability for DRM services.”
Version 0.9 published June 26, ’01
ODRL Standard Specification(Version 0.9) Expression Language Data Dictionary Scenarios XML schema for both
Digital Video Scenario
A digital video lecture at Georgia Tech is limited to registrants of the course, each of whom was issued a digital certificate identifying them as registrants. Non-registrants may view the course for a metered fee of $10 per hour during the course period. Non-registrants will receive a lower-resolution video file than registrants.
<Permissions>Expression
Use<Display> <Print><Play> <Execute>
Reuse<Modify><Copy><Annotate>
Transfer<Sell><Lend> <Give><Lease>
<Constraints>Expression
User
<Individual><Group>
Device<CPU><Network><Screen><Storage><Memory><Printer><Software>
Bound<Count><Range>
<Constraints>Expression
Temporal
<DateTime><Accumulated><Interval>
Aspect<Quality><Format><Unit><Recontext><Watermark>
Spatial<Country>
<Requirements>Expression
Payment Expression Fee<PrePay><PostPay><PerUse>
<Rights Holder>Expression
Royalties<Percentage><Fixed Amount>
Party
Context
<Context>Expression<UID><Name><Role><Remark><DateTime><Location><External Reference>
<Party>
<Asset>
<Individual>
<Group>
<Watermark>
<Network>
<Screen>
<Storage>
<Memory>
<Printer>
<Software>
<Country>
<CPU>
<Agreement>Expression
<Context>
<Asset>
<Party>
<Permission>
ODRL Next Version Extensibility
Additional data dictionary elements Specification of equivalent rights Mapping between rights languages
Signing ODRL Expressions Transporting ODRL Expressions
Will include the use of SOAP
Resources ODRL: http://www.odrl.net XrML: http://www.xrml.org
Credits Grace Agnew, GA Tech Anne Salter, GA Tech William Rhodes, UT
Recommended