A
walkthrough in the Interoperable DRM Platform v. 3.0 specification
Leonardo
Chiariglione
The Digital Media Project (DMP) is a non-profit Association registered in Geneva, Switzerland. In accordance to its founding principles, DMP promotes the development, deployment, and use of digital media that safeguard
DMP has taken both seriously. IDP-3.0 is 650 pages and the size of the Chillout reference software is several tens of Megabytes. Most of IDP-3.0 has become an ISO standard as a result of the approval of ISO/IEC 23000-5 Media Streaming Application Format.
Purpose of this paper is to illustrate the goals of the DMP (chapter 2), the main features of the Interoperable DRM Platform v. 3.0 Technical Specification (IDP-3) developed by DMP in furtherance of the stated goals (chapters 3 to 11) and some future DMP activities (chapter 12).
Media content has always played an important role in all societies and manifold technologies have been invented and deployed to provide means to store, distribute and consume it. The complexity of these technologies and the drive to enhance their performance have created very complex media content value-chains populated by an ever-growing number of interacting intermediaries, each providing increasingly sophisticated services to the two extremes of the value-chains – creators and end users – as well as to the various intermediaries in between. DMP calls all players in the value chain – creators, intermediaries and end-users – value-chain users or, simply, users.
The latest round of technologies – the digital technologies – have more than ever increased the distribution potential and augmented the end-user experience of media content. However, they have also caused a progressive and unstoppable loss of purpose of the traditional means to manage the value of media content along the value-chains.
Digital Rights Management (DRM) has been advocated by many as the set of technologies that can overcome these difficulties because users are given the possibility to manage media content while it moves along value-chains. DMP agrees that DRM has the potential to combine the benefit of digital technologies with the need for a virtuous circle that motivates creators to continue creating because remuneration is facilitated by DRM technologies. However, as long as DRM systems are implemented as closed and non-interoperable solutions, end users and value-chain users who are prevented from accessing the DRM solutions will feel disenfranchised and object.
Therefore DMP only supports DRM technologies that are interoperable.
Standards can bring benefits to the very special type of communication systems called DRM. However, with the changes forced by digital technologies in the way value-chain users conduct their business, it is hard to define what kinds of standards are required today, let alone to forecast what kind of standards will be needed in the future.
DMP approaches the problem of DRM Interoperability by specifying DRM technologies (called Tools) required to implement “Primitive Functions”, i.e. “smaller” Functions obtained by breaking down the Functions Value-Chain Users perform when they do business between themselves. It is expected that, while Functions may undergo substantial changes as a consequence of the evolution of the media business, Primitive Functions will generally remain stable. Note that words in upper case have the meaning defined in chapter 8 (extracted from IDP-3), unless another meaning is explicitly declared.
Therefore, far from targeting a universal “DRM standard” capable of providing Interoperability between Users in arbitrary Value-Chains or across different Value-Chains, DMP only provides
As the field of DRM is quite broad, specifications can only be developed in phases, each phase building on the results of the previous phases. DMP has adopted the following rigorous process:
In subsequent phases, repeat the above for Tools needed to support
DMP calls the ensemble of all standardised DRM Tools “Interoperable DRM Platform (IDP)”. Therefore the IDP is not a proper DRM System standard. Far from being a disadvantage, the IDP provides the following major advantages:
DMP has produced the following Approved Documents (AD):
The IDP-1, IDP-2 and IDP-3 specifications are tightly linked in the sense that the IDP-3 specification contains (i.e. is a superset of) the IDP-2 specification which contains the IDP-1 specification.
AD #1 documents the requirements upon which the Interoperable DRM specification has been developed. To achieve this, the following process – open to any party – has been invoked:
All documents produced at each of these steps have been made publicly available for comments on the DMP web site.
Representatives of the following value-chain users have contributed to the process:
Fig. 1 - General schematic case of a Value-Chain
Value-Chains handle objects that represent IP Entities with Intellectual Property (IP) associated to them. In the Figure dotted arrows mean that the output of a User can be Used by the same type of User to make objects representing the same type of IP Entity.For proper management in a Value-Chain it is useful to combine different types of Resources with different types of Metadata and possibly other information types. DMP calls this combination Content. The digital Representation of Content, needed to Use Content on Devices, is called DMP Content Information (DCI).
A User wishing to express conditions to Use a Content Item can associate a Licence to it Granting Permissions under specified Conditions. In this case the Content is called Governed Content. The party Granting Permissions is referred to as Licensor and the party receiving them is referred to as Licensee. A User who does not wish to express Conditions to Use a Content Item can do so by Releasing it without a Licence.
To enable a Device to interpret Permissions without human intervention, a machine readable language called Rights Expression Language (REL) is needed. The Licensee can be a Device, a User or a Domain and the Licence can be Bundled within the Content (i.e. it is part of the DCI) or not Bundled within the Content (i.e. the DCI references an external License). Other Content Elements (e.g. Resources) can be in-line or referenced.
The Content Elements in Governed Content can either be in a form that allows immediate Processing, e.g. for Rendering by a Device (so-called Clear-text) or in a protected (i.e. Encrypted) form. Keys and related DRM information can be conveyed by various means.
When the Device has limited capabilities (as in PAVs) it is useful to be able to make reference to a basic selection of Encryption Tools. However, when the Device does not have such restrictions (as in SAVs) it is important to be able to convey blocks of executable code (called DRM Tools) in a DCI that are required to Process various types of Governed Content.
XML is the technology selected by DMP to Represent Content. XML is very powerful and flexible but Content Represented by means of XML can easily become bulky and unwieldy. Therefore DMP has selected an XML binarisation technology that not only reduces the size of a DCI but also allows simpler Processing in a Device without loss of information.
To Deliver Content between Device Entities it is necessary to Package a DCI (in binary form) and its referenced Resources. Two forms of Delivery are possible: as File (DMP Content File - DCF) and as Stream (DMP Content Broadcast - DCB - in the case of an MPEG-2 Transport Stream, and DMP Content Streaming - DCS - in the case of Real Time Protocol on Internet Protocol).
In general Users require Devices to perform the Functions proper to their role in the Value-Chain. To entrust their Content to a Device, Rights Holders must have assurance that the Device will execute Functions as expected. Device Certification is the process that provides that assurance. This is performed by a number of organisations (Certification Agencies) that are appointed and overseen by a single root authority (Certification Authority) according to a process specified by IDP-3. DMP appoints the Certification Authority after approving the Authority’s Certification policies. The figure below depicts this three-layer arrangement.
Figure 2 – Authorities appoint Agencies that Certify Entities
In general interacting Devices require the establishment of a Trust relationship between them, e.g. when they Deliver Content between them. A precondition for this to be possible is that a Device be Identified. The task of Assigning Identifiers to Devices is performed by a number of organisations (Registration Agencies) that are appointed and overseen by a single root authority (Registration Authority). DMP appoints the Registration Authority after approving the Authority’s Registration policies. The same three-layer arrangement used for Certification is also used for Identification.
Content Items also require Identification. This are Assigned by Agencies appointed according to a process specified by PDP-3. When Identifiers are Assigned appropriate Metadata are also typically generated.
IDP-3 provides the following models
The Creation Model analyses the steps that lead to a Content Item that can be distributed in a Value-Chain.
The relationships between the 4 elements of the creation model are depicted in the figure below
Fig. 3 - Relationships among elements of the Creation Model
In the Distribution Model the following Users operate:
Figure 4 – Conceptual diagram of Distribution Model
Note that a specific Value-Chain need not involve all types of Users indicated in the Figure above.
A DCI is typically not suitable for Delivering Content between Devices. The Package Function, described later, enables Delivery of a Content Item over a variety of specific Delivery mechanisms. IDP-3 supports Delivery as a File (DCF), on an MPEG-2 Transport Stream (DCB) and on a Real-Time Protocol transport (DCS).
The way devices are assembled to perform specific functions depends on the specific value chain. However, IDP-3.0 provides general models for a number of Devices typical of some Value-Chains
|
# |
Device Name |
Acronym |
Notes |
|
1. |
Device Identification Device |
DID |
A Device whose Function is to assign Identifiers to other Devices |
|
2. |
Content Creation Device |
CCD |
A Device whose Function is to Create DCIs |
|
3. |
Content Identification Device |
CID |
A Device whose Function is to Assign Identifiers to DCIs and other Content Elements |
|
4. |
Content Provider Device |
CPD |
A Device whose Function is to make Content available for distribution |
|
5. |
License Provider Device |
LPD |
A Device whose Function is to provide Licences |
|
6. |
Role Verification Device |
RVD |
A Device whose Function is to Verify that a certain Function is compatible with a certain Role |
|
7. |
DRM Tool Provider Device |
DPD |
A Device whose Function is to provide DRM Tools |
|
8. |
Domain Management Device |
DMD |
A Device whose Function is to Manage Domains |
|
9. |
Domain Identification Device |
DoID |
A Device whose Function is to Assign Identifiers to Domains |
|
10. |
Content Consumption Device |
SAV |
A Device whose Function is to consume Content (with network access) |
|
11. |
PAV eXternal Device |
PXD |
A Device whose Function is to interface a PAV with the rest of the DMP environment |
|
12. |
Content Consumption Device |
PAV |
A Device whose Function is to consume Content (without network access) |
Of particular interest are the following Devices
PAV eXternal Device (PXD)
As PAV (Portable Audio-Visual) Devices target of IDP-1 do not have network or broadcast connections to Access Content or License, they have to rely on a PXD (or a SAV), that in turn is connected to a network or broadcast channel. The following figure depicts the relationship between the four relevant Devices.
Figure 5 – Operation of a PAV eXternal Device (PXD)
When a PXD has a DCI without a Bundled Licence, it will obtain it from a Licence Provider Device, add the Licence to the DCI, make a DCF, namely a file that can be moved between Devices, and then transfer it to the PAV DEvice.
Stationary Audio and Video Device (SAV)
The general model of a SAV is provided by the Figure below
Figure 6 – Stationary Audio and Video Device (SAV)
IDP-3 explores ways to provide hardware-based security. The first method considered is based on the work carried out by The Trusted Computing Group (TCG), an organisation that has issued specification of a trusted computing platform consisting of two stacks. The first is the software stack called “Trusted Software Stack (TSS)” and the second is the hardware stack called “Trusted Platform Module (TPM)”.
The figure below shows how devices can be interconnected in a value chain.
Figure 7 – Some typical Devices in a Value-Chain
To explain the DRM Tool Model it is necessary to expand part of the SAV Device Model, as in the following figure
Figure 8 – Handling of DRM Tools in a Device
The Device receives Content in Packaged form (DCF/DCB/DCS) and extracts a DCI. Resources referenced in a DCI are either locally Stored as a DCF or Processed in a Resource decoding pipeline. If Resources are protected, they are converted to a form that allows decoding at one of the Control Points. These are points where Resources can be subject to Decryption.
DRM Tools required to e.g. Decrypt Resources may be natively embedded in a Device and executed by the DRM Processor when such DRM Tools are required to Use Content. Alternatively DRM Tools may be Delivered as part of a DCI. If the DCI does not contain the required DRM Tool, the DRM Processor tries to Access it from the local Secure Storage. If the required DRM Tool is not found there, the DRM Processor Accesses the missing DRM Tool from the DRM Tool (or Service) Provider.
In addition to individual DRM Tools, IDP-3 gives the possibility to convey DRM Tool Packs in a DCI. A DRM Tool Pack is composed of a DRM Tools Agent and a set of DRM Tools called DRM Tool Group. A DRM Tool Pack may contain all the DRM Tools required or require other DRM Tools external to the Tool Pack. The figure below depicts the general case of a DRM Processor that can execute a number of DRM Tool Packs and DRM Tools using a standard set of DRM Messages.
Figure 9 – DRM Tools and DRM Tool Packs executed by a DRM Processor
In many cases it is useful to define groups of Devices or Users sharing some common properties. These groups are called Domains. Using Domains it becomes possible to implement more flexible Licensing modalities, e.g. to License a Content Item to all Devices or Users in a Domain. A Domain is managed by a special Device called Domain Management Device.
The figure below represents a possible Domain configuration with:
Figure 10 – An example of Domain
IDP-3 enables a variety of possibilities in managing Domains, e.g.
If a Device needs to access governed content from a value-chain, e.g. when a SAV accesses governed content broadcasted with a license expressed using the RMPI Rights Expression Language (note small initial letters), a Device performs the following steps:
Using a similar process a DCF with an appropriate License can be Exported to a device.
IDP-3 provides a rich set of data types. The figure below shows one example of Content and its Content Elements
Figure 11 – An example of DCI
Represent Content provides the means to:
The DCI is an XML structure, based on a DMP-defined subset of the MPEG-21 Digital Item Declaration Language (DIDL) [20], and extended by several DMP namespaces to express DMP-specific information. The DMP extends the DIDL with a profile of MPEG-21 IPMP Components [23] to convey various Governed Resources and a set of DMP defined namespaces covering the Representation of general and Governed Content Elements.
The IDP-3 gives the freedom to place any Metadata scheme desired into the designated location in the DCI.
In addition DMP natively supports a specific type of Metadata taken from the TV-Anytime Content Description Schema described in [11]. In order to suit the DMP requirements of describing resources to the End User, the DMP Metadata profile has been derived from the TV-Anytime Content Description by defining a smaller version of the TVAMain element that does not include the UserDescription table. It includes the remaining elements namely: CopyrightNotice, ClassificationSchemeTable and ProgramDescription. However, ProgramDescription has also been reduced by defining a dmp:ProgramDescriptionType based on the TV-Anytime ProgramDescriptionType but including only the TV-Anytime elements ProgramInformationTable, GroupInformationTable and CreditsInformationTable.
The TV-Anytime elements not included in the DMP profile are defined as optional in the TV-Anytime specification, and so instance documents conforming to the DMP profile are compatible with the larger TV-Anytime specification.
A Resource is Represented in the DCI by the element did:Resource, The data type of the Resource represented by the did:Resource element is identified by the mimeType attribute, as defined in IETF RFC 2045 [34]. A Resource is either defined in a did:Resource element by reference, specifying the Resource’s URI in the ref attribute, or by value, including it inline. The encoding attribute specifies the encoding format used when the Resource is included by value in the DMP2_DIDL XML document. Lastly, the contentEncoding attribute, if present, specifies the content-encoding(s) as defined in IETF RFC 2616 [35] indicating what additional content-encodings have been applied to the Resource.
DRM Information relates to the Governance of Content or Content Elements. It includes
DRM Information is expressed in XML and is based on MPEG-21 IPMP Components [23].
DRM Tools are software modules performing one or more DRM Functions such as Authentication, Decryption, watermarking, etc. and Represent DRM Tool describes how to indicate within DRM Information which DRM Tool or DRM Tools are required to Access the Content.
Represent DRM Tool is a DMP-specified profile of MPEG-21 IPMP Components [23] and MPEG-2/4 IPMP Extensions to allow the Representation of single DRM Tools. An extension of same allows the Representation of DRM Tool Packs.
Represent DRM Tool Body specifies the Representation of specific information associated with DRM Tool embodiments. When signaled, such Tool embodiments are instantiated on a Device to enable Access to the Governed Content.
Represent Rights Expressions specifies how to express usage rules associated with Content that in turn map onto specific Device behaviour consistent with the semantics of the Rights Expressions.
DMP Licenses may be used for different purposes; a non-exhaustive list is given below:
The IDP-3 Represent License extends the MPEG-21 REL Dissemination and Capture (DAC) Profile [25], in order to support Domains.
Represent Rights Data (RRD) is the digital Representation of the Ontology of IP Entities and associated actions taken upon them as well as those taken on their corresponding digital representations as described in the DMP Creation Model. RRD employs the Ontology Web Language (OWL).
With RRD the Creation Model is formalised so that IP Entities may be represented digitally irrespective of whether or not they were originally digital in nature. Thus, the RRD represents rights associated with IP in the analogue space such as First-Fixation (see nelow), Mechanical-reproduction and Public-communication and associates those rights to corresponding digital functions over Resources. In this way and for example, the Right to make an Instance would correspond to the Right of First-Fixation, the Right to make an Instance-Copy to the Right of Mechanical-reproduction and the Right to stream in a multicast to the Right of Public-communication. Thus, the actions associated with for example REL that are conceived to control access to Resources can be associated for example with the higher level Rights associated to IP regardless of whether the IP is represented in an analogue or digital form.
Represent Keys states how to Represent two different types of Keys:
Represent DRM Messages provides the means to Represent Information exchanged between different components on a Device, such as two DRM Tools or a DRM Processor and a DRM Tool.
DRM Messages are a translation of messages originally defined in the MPEG-2 and MPEG-4 IPMPX standards (see [14] and [11]) from a binary representation to XML.
Represent Authentication Messages defines two Messages which can be employed to achieve Authentication between two Entities, e.g. two Devices. These are: dmp2ram:InitAuthentication and dmp2ram:MutualAuthentication. IDP-3 specifies the Syntax of these messages, while their semantics is specified in [14], where these Messages were originally defined.
Represent Device Information specifies the Tools used to Represent the technical characteristics of a Device. This can be used to negotiate between a Device and a DRM Tool Provider for the correct DRM Tools. Represent Device includes information such as type of operating system, memory, CPU, etc.
Represent Domain has a similar role to Represent Device Information.
Represent Domain Protocol specifies the messages exchanged in Protocols to Manage Domain.
Represent Use Data provides a digital Representation of Use Data for the purpose of managing Domains.
This Tool enables the transformation of XML documents, representing any of the Entities in this "Represent" section, to a binary format for transmission, processing or storage.
DMP selects the XML binarisation technology called BiM standardised by MPEG-B part 1 [28].
Represent Event Report (RER) provides a right holder the means to monitor usage of his content. This is achieved by specifying “reportable events” at creation time, detecting the occurrence of any such event at a Device and, when an event has been detected, perform the actions specified at creation time. These events may relate to
In order to allow the specification of reportable events, Event Reporting introduces the concepts of
An ERR is used to specify:
A general model which reflects the functional
aspects of ERR handling and the subsequent creation of ER’s is shown in
the figure below where the set of functional blocks can provide the overall
Event Reporting functionality.
Figure 12 - Event reporting at a Device
The general model of Event Reporting is as follows:
IDP-3 currently specifies Protocols to Identify Devices. The Protocol comprises the generation protocol and exchange protocol. Two kinds of Device Identification are supported:
IDP-3 also includes several Protocols to Identify Content and Content Elements.
IDP-3 currently specifies Protocols to Authenticate Devices. Two kinds of Device Authentication are supported:
A Domain is set up by a Domain Management Device (DMD) at the request of a Domain Administrator, a User who is responsible for Use of Content on all Devices by all Users. The Domain is Identified by a Domain Identification Device (DID). This DomainID is composed of the DMD ID which has a unique for all DMDs and an Identifier of the Domain within that DMD.
The DMD makes the Domain Information and Stores it on the DMD. For each Device or User joining the Domain the DMD makes a Domain Context for Device or User and Delivers it to the appropriate Device or User.
A Device or a User requests a License Provider Device (LPD) to Provide a License for Content to be Used in a Domain. The License, possibly Bundled within the Content, is Delivered to a User or a Device (SAV or PAV, the latter via PXD). To be able to Use Domain-bound Content a Device or User must check that the Domain Context Stored in the Device or User matches the Domain Context in the License of the Domain bound Content.
The functionality of the “Protocols to Manage Domain” Protocols includes:
Figure 13 - Overview of Manage Domain
In summary to set up a Domain the following sequence of steps is required:
The DMD maintains a list of Devices and Users in all registered Domains managed. Every time a new Device or User joins a Domain, the Device Manager adds the Device ID or User ID to the corresponding Device or User list.
In order to manage the simultaneous usage of Content Items in a Content Grouping by the Devices or Users, an LPD may employ Content Group IDs in a License. Multiple Content Group IDs may appear within a License. Where required, it is possible to limit the number of Content Groups permitted within a Domain.
Manage DRM Tools is a set of Protocol between the DRM Processor and DRM Tools or between DRM Tools. When the DRM Processor parses the DCI and finds a Content Element Governed by a DRM Tool, it will look for the appropriate Tool Body identified by the DRM Tool ID signalled in the DCI. After employing the Local DRM Tool Access Protocol, the DRM Processor knows the pathname of the file corresponding to the required DRM Tool or DRM Tool Pack. At this point the DRM Processor instantiates the DRM Tool.
The Managing of a DRM Tool by the DRM Processor involves the exchange of DRM Messages between a DRM Processor and a DRM Tool according to a Messaging API which is particular to each Device. The DRM Processor chooses the DRM Tool which is characterised by the Messaging_API_ID supported by the Device it is part of.
The DRM Tool receiving DRM Messages will obtain from the container Message the information about the Context ID of the Sender (the “Sender” element) and the Context ID of the DRM Tools (the “Recipient” element).
The instantiation of a DRM Tool involves the connection of the DRM Tool instance in a specific Control Point and with a specific Sequence Code.
IDP-3 provides Protocols to Access Content Elements, namely
These Content Elements may be Packaged for Delivery as File or Stream for Use by a PAV Device (via PXD) or a SAV Device. Stecifically the following is provided
This is represented in the figure below.
Figure 14 – Conceptual diagram of DMP Content Format (DCF)
A number of transport mechanisms may be employed to transmit a DCI between Devices, e.g. the MPEG-2 Transport Stream (MPEG-2 TS) and the Real-Time Protocol over User Datagram Protocol over Internet Protocol (RTP/UDP/IP). When using these transmission protocols, Content must be packetised and then transmitted incrementally to the receiving Device. This includes packetisation of the Content Elements in the DCI.
IDP-3 specifies the means to incrementally transmit a DCI and its component Content Elements, either referenced or included, in a piece-wise fashion and with temporal constraints in such a way that a receiving Device may incrementally Use the DCI. At the receiving end, a potentially fragmented DCI is received, where, for instance, some parts may have been removed or transformed at the transmitting end according to some rules.
Package Content as a Stream is based on MPEG-21 Digital Item Streaming (DIS) [28]. The DIS standard specifies a Bitstream Binding Language (BBL) using which it is possible to describes how a DCI may be broken down for transmission and then mapped to the transmission channels of interest: MPEG-2 Transport Streams and RTP/UDP/IP.
There are two basic types of BBL document: Instance and Binding descriptions.
Binding is a set of abstract Bitstream Binding Language instructions which map a DCI into a collection of packets to be output to one or more handlers, as shown in the Figure below.
Figure 15: Streaming a DCI using Digital Item Streaming
This Use Case shows how it is possible to use IDP-3 Tools and build a community using a peer-to-peer network to share different types of Content such as User Generated Content released with, say, an Open Release Licence, and other professional Content released with, say, a more stringent Licence.
In this Use Case a light-weight form of content governance is applied to a digital TV broadcast service that may satisfy some concerns of Content Providers and Service Providers while not affecting the End User experience negatively.
This Use Case shows how it is possible to go beyond the current business models adopted by some Service Providers based on proprietary Conditional Access systems and set up Value-Chains that rely on an open, horizontal market of Interoperable Devices.
This Use Case collects a number of ways to broadcast TV Content using a broad variety of Licenses.
In this Use Case the distribution of interactive video Content, such as Video on Demand, carried by RTP/UDP/IP is considered.
This is provided by AD #6. IDP-3 provides a set of terms and corresponding definitions that are used throughout the ADs. Providing these terms with consistent meanings will hopefully overcome the problem of DRM being a new field that impacts many existing fields with their own established and sometimes conflicting terminologies.
|
Access (Content) |
The Function executed by a Device when making Content available so that the Device can execute Functions on it |
|
Adapt (Content) |
The Function of restricting the attributes of a Content Item, e.g. by reducing the Permissions in a License |
|
Adapt (Resource) |
The Function of modifying the attributes of a Resource, such as converting 5-channel music to 2-channel music, or sub-sampling a high-definition video to a standard-definition video, etc. |
|
Adaptation |
A Work that is derived from another Work |
|
Adaptor |
A User who produces an Adaptation |
|
Annotate (Resource) |
The Function of a User who
|
|
Approved Document |
Any of the following types of DMP documents
|
|
Assign (Identifier) |
The Function of allotting an Identifier to an Entity |
|
The Function of proving the identity of an Entity to a Device or User |
|
|
The Function that supports
|
|
|
XML data converted to binary form in a lossless fashion |
|
|
Broadcast |
The Function that Delivers Content to a Device in a point-to-multipoint modality |
|
The Function of binding two sets of Data |
|
|
The process whereby a Certification Agency issues a Certificate |
|
|
Certificate |
A token attesting that an Entity has passed the tests of a Certification Agency |
|
A User appointed by a Certification Authority to Certify Entities |
|
|
A User appointing and overseeing Certification Agencies |
|
|
Data that can be Processed as is by a Device |
|
|
The terms and obligations under which Permissions in a License can be exercised |
|
| Conformance |
The status of a Content or Device Entity that has been judged to positively meet the requirements of a Technical Specification |
|
A DMP-defined structure of Content Elements |
|
|
Any of the following Data types: Resource, Metadata, Content, License, DRM Information, DRM Tool, DRM Tool Pack and Use Data |
|
|
Content Entity |
Any of the following Entities: Content and Content Elements |
|
Content Interoperability |
The capability of governed content to be used by a device within the terms of a license. DMP Governed Content is Interoperable with DMP Devices |
|
A particular instance of Content |
|
|
Content Provider |
A User who Delivers Content to another User |
| A point in a Device under the control of a DRM Tool, e.g. in a Resource decoding pipeline | |
| Copy | The Function by which Device A Stores Content in Device B, preserving the original Content in Device A |
|
Creator |
A User who generates a Work and makes its first Manifestation, also referred to as author |
|
Credentials |
Information describing the security attributes of an Entity |
|
Information converted to digital form |
|
|
The Function of bringing previously unprocessable Data to a processable form using a Key |
|
|
Delete |
The Function of erasing a Content Item Stored on a Device |
|
The Function of transferring Content between any two or more Devices using a transport mechanism (file download, broadcast transport protocol or network streaming protocol) |
|
|
Delivery System |
A system designed to enable Delivery of Content between Devices |
|
Descriptor |
Data that describe the properties of a Resource |
|
A combination of hardware and software or just an instance of software that allows a User to execute Functions |
|
|
Device Entity |
Any of the following Entities: Device, User and Domain |
|
Data characterising a Device, e.g. CPU, OS etc. |
|
|
Device Interoperability |
The capability of a device to exchange data with other devices across standard interfaces, using standard protocols, and to be processed by the devices exchanging the data in a predictable fashion. DMP Devices are Interoperable |
|
DMP Content Broadcast (DCB) |
DMP Content Information Packaged for Delivery as Broadcast |
|
DMP Content File (DCF) |
DMP Content Information Packaged for Delivery as File |
|
DMP Content Information (DCI) |
The digital Representation of Content |
|
DMP Content Broadcast (DCS) |
DMP Content Information Packaged for Delivery as Streaming |
|
DMP DRM System |
A set of Devices that manage, possibly protect and Use Content in an Interoperable fashion. A DMP DRM system implementation allows Devices to Use Content from another DMP DRM System implementation even though the latter may use different technologies |
|
DMP Information |
Data used to describe Content and Content Elements not related to Governance |
|
A set of Devices sharing some common attributes, such as personal or group ownership that is appropriate for various business models |
|
|
Domain Context Information |
Data characterising a Domain that is Stored in a Device for the purpose of Managing and Licensing Use of Content in Domains |
|
Data characterising a Domain that is Stored in a Domain Management Device, e.g. the list of Devices, Users, Domain Key etc. |
|
|
Domain Management |
The set of Functions that relate to the
|
|
Data that describe Governance of Content |
|
|
A message exchanged between DRM Tool Bodies, DRM Processor and Devices |
|
|
A module within a Device Certified by a Certification Agency as being Trusted for executing DRM-related Functions |
|
| DRM System | A system of Information Technology components and services which strives to distribute and control content and its rights. This operates in an environment driven by law, policies and business models. |
| DRM Tool | An algorithm which implements one or more DRM Functions |
|
Executable code that instantiates, initialises, Authenticates, and supervises any operation performed between DRM Tools within a DRM Tool Group |
|
| DRM Tool Body | An executable computer code that implements a DRM Tool |
|
A combination of DRM Tools |
|
|
Executable code that comprises a DRM Tool Group and its DRM Tool Agent |
|
|
Edit |
The Function of Modifying a Content Item, such as by adding, deleting, or altering pieces of Content in a Content Item |
|
The Function of making Data unprocessable unless a Key is available to bring the Data to a processable form |
|
|
End-User |
A User in a Value-Chain who ultimately consumes Content |
|
Entity |
Any of the following: Intellectual Property Entities, Content Entities and Device Entities |
|
Environment |
A Device or set of interconnected Devices. An Environment can interact with other Environments using Protocols and can also interact with the outside of the Environment through appropriate interfaces using protocols |
|
Experience |
The End-User’s emotional and economic result of Using Content |
|
Export |
The Function of making available a Content Item to a non-DMP DRM system |
|
File |
Content Entity which is Stored on a Device |
|
Fixate |
The Function of Storing a Manifestation of a Work |
|
Footprint |
The geographic area, typically delimited by political boundaries, intended to be covered by a broadcast signal |
|
Fragment |
A time-marked portion within a Resource |
|
Any action implemented with DMP-specified technologies |
|
|
A Content Item that is at least Identified |
|
|
The Function of a User asserting to another User the Permission to Use a Content Item under specified Conditions |
|
|
Identify |
The Function of Assigning a unique signifier that establishes the identity of Entities |
|
The unique signifier Assigned by Identification |
|
|
Import |
The Function of Accessing a governed content item from a non-DMP DRM system |
|
Instance |
An object or event which is an example of an Identified Manifestation (e.g. a File) |
|
Instantiator |
A User who produces an Instance |
|
Integrity |
The state of a Content Item when the information contained has not been altered or corrupted |
|
A property created through efforts of a predominantly intellectual nature that can be generally protected by copyright or similar laws |
|
|
Interface |
The Data interchange point between
|
|
The ability of a User to technically execute Functions through Interfaces and Protocols, based on open specifications, with predictable results |
|
|
Concepts that are Represented by Content to which Intellectual Property is attributed, namely: Work, Adaptation, Manifestation, Instance |
|
|
Jurisdiction |
The geographic area over which a given set of laws is enforced |
|
Data used by a cryptographic method to make Clear-text Data Encrypted or, conversely, Encrypted Data Clear-text |
|
|
Key Management |
The set of processes employed to create, authenticate, issue, distribute, store, recover, and revoke Keys |
|
Lend |
The Function of Moving a Content Item Stored in one Environment for temporary Use into another Environment |
|
License |
The Function by which a User Grants Permissions to Use a Content Entity |
|
Data Representing the Permissions to a Content Entity under given Conditions expressed by Rights Expressions that are Granted by one User to another User |
|
|
The User to whom another User Grants Rights |
|
|
The User who Grants Rights to another User |
|
|
Link |
The establishment of a relationship between two Fragments |
|
An object or event which is an expression of a Work |
|
|
Data that describe Content and Content Elements |
|
| Move | The Function by which Device A Stores Content in Device B deleting the original Content in Device A |
|
Package (Content) |
The Function of Processing Content for the purpose of Delivering it between Devices |
|
Parse |
The Function of looking for useful Data in Data |
|
Pause |
The Function of suspending the Rendering of a Resource by a User |
|
Performer |
A type of Instantiator |
|
The ability to execute Functions on a Content Item |
|
|
The technology infrastructure that enables Users to Use Content |
|
|
Play |
The Function of Rendering a Resource |
|
Policy |
A principle accepted by a group of Users |
|
A Function typically embedded in more than one Function |
|
|
The User to whom Permissions are Granted |
|
|
Private Key |
A Key used to Encrypt Data that only the corresponding Public Key can Decrypt or Decrypt data Encrypted by the corresponding Public Key |
|
The Function of transforming Data executed by a Device |
|
|
A description of Data formats and rules a Device must follow to exchange those Data with other Devices |
|
|
Public Key |
A Key used to Encrypt Data that only the corresponding Private Key can Decrypt or Decrypt data Encrypted by the corresponding Private Key |
|
Publish |
The Function of making Content available to other Users |
|
Publisher |
A User who selects Content and makes it available to other Users |
|
Quote |
The Function of referencing or extracting a Content Item from another Content Item |
|
Rate (Content) |
The Function of measuring the Use of a Content Item by a set of Users |
|
The Function of Assigning an Identifier to an Entity and keeping a record of it |
|
|
Registered Content |
Content to which an Identifier has been Assigned by a Registration Agency |
|
A User appointed by a Registration Authority to Assign Identifiers |
|
| Registration Authority |
A User managing Identifier name spaces, and appointing and overseeing Registration Agencies |
|
Release |
The Function of a Producer who makes a Content Item available to other Users, e.g. at commercial terms |
|
The Function of converting a Resource to a human-perceivable form |
|
|
Rent |
The Function of Moving a Content Item that was Used in one Environment for Use in another Environment in an exchange based on a Value-Expression for a given period of time |
|
The Function of expressing information in a form that can be processed by a Device |
|
|
Data, whose Representation is not specified by DMP (e.g. an MP3 file or an executable code), that can be Processed by a Device |
|
|
Resource Type |
A Resource such as video, audio, audio-visual, text, synthetic audio, 2D/3D graphics etc. |
|
Restore |
The Function of Moving Content and the associated Stateless Rights Expression, if any, to the Device from which Backup had been performed |
|
Retailer |
A User who sells or Licenses Content to an End-User |
|
The Function of removing the ability of a Device to Use Content or recalling a Content Item |
|
|
Rewind |
The Function of restarting the Rendering of a Resource |
|
Right |
A consequence of ownership of Intellectual Property by legal prescription |
|
The semantic of Functions that relate to Permissions e.g. Rights Data of Copy is the semantic of Copy in a Device |
|
|
Data that can be Processed to obtain the list of Functions that can be performed on a Content Item and the Conditions under which they can be performed |
|
|
Rights Holder |
A User who has Rights to License Content |
|
Schema |
A description of the structure and rules an XML document must satisfy |
|
Secure Authenticated Channel (SAC) |
A Delivery System that is secure and Encrypted |
|
Service |
A set of Functions executed by a User on Content that is valuable for another User or Users |
|
Signature |
Data Encrypted with a private Key and appended to other Data typically for the purpose of guaranteeing the Integrity of the Data |
|
Stateless Rights Expression |
A Rights Expression that does not include any Use counts or overall Use duration etc. |
|
The Function by which Device A Delivers Content to Device B for the purpose of retaining it in Device B for Use at a different point in time |
|
|
Stream |
The Function of Delivering Content to a Device where the transferred Content is processed for Rendering only and not Stored |
|
Super Distribution |
A mechanism that
|
|
Synchronise |
The Function of incorporating pre-existing musical or literary musical Work into a determined audio-visual Work (e.g. publicity message) |
|
Syndicate |
The Function of Licensing Works or Content for Publication or Distribution by more than one Publisher or Distributor, typically simultaneously |
|
A type of Approved Document containing normative clauses. Its use in Devices, Contents and Services may require business agreements between relevant Users. Such business agreements are outside of DMP |
|
|
Territory |
The geographical area under the Jurisdiction of a sovereign state |
|
A technology capable of implementing a Function |
|
|
Trick Modes |
Any of the following Functions, or Functions of a similar type, performed on a Content Item during Rendering by a User:
|
|
A state where Entities enable Users to execute Functions on Governed Content |
|
|
Trust Management |
The set of mechanisms by which Trust can be established, preserved and severed |
|
Update (Content) |
The Function of changing a Content Item in a Device |
|
Use |
The execution of a Function on a Content Item by a Device |
|
A description of a specific case involving the establishment and operation of a Value-Chain that can be implemented using the Tools specified in Approved Documents |
|
|
Use Context |
The association of a Content Item with other Content Items and the circumstances of Use |
|
Data documenting the Functions performed by a Device Entity on a Content Item and the associated context |
|
|
Any person or legal entity in a Value-Chain connecting (and including) Creator and End-User. For the purpose of the current phase of Approved Documents a User is represented by a device or by a User Identity on the Device (e.g. username/password). |
|
|
User Data |
Data related to a User |
|
A group of interacting Users, connecting (and including) Creators to End-Users |
|
|
Value-Expression |
The equating of any two groupings of Content Items and/or Services |
|
The Function of assessing the Integrity of
|
|
|
Withdraw |
The Function of a Creator that discontinues any and all Licenses to Use one or more of his Works |
|
Work |
A creation that retains intellectual or artistic attributes independently of its Manifestations |
1. Core library: library of classes implementing the Primitive functions defined in the Technical Specification. This software is normative as much as the Technical Specification and provides the functionalities needed to:
Represent: a set of classes to generate and parse the XML structures defined by the DMP Technical Specifications;
Package: a set of classes to generate and parse the DCF and DCS;
Protocols: a set of classes to generate and parse the messages exchanged by two Devices performing the Protocols, and providing the functionality to send and receive such messages
2. Auxiliary library: library of classes encapsulating the functionalities of a number of modules which a Device may have as a hardware or software implementation. This library is not normative, in real Devices, these modules are supposed to be replaced by proprietary ones. However the interfaces made available by some or by all the components of this library may become part of the DMP Technical Specification. A preliminary list of the modules part of the Auxiliary library is given below;
Security manager: module incorporating all those functionalities such as secure storage of digital Certificates and Licenses, performing signature operations, etc...
DRM Processor: module parsing the DRM Information in a DCI, instantiating and managing the required DRM Tools, etc...
3. Applications: a set of sample applications with the purpose of showing how to use the classes part of the Core and Auxiliary library and to provide a number of demonstrators of the DMP functionalities. This category includes a number of Devices: SAV, CCD, LPD, CPD, CID, TPD, DID, DMD. This library also includes testing applications such as those for testing Protocols, well-formedness of DCI, License, etc. The figure below shows the list of all available Devices and a possible way of inter-connecting them.
The figure below shows the relationship between the software libraries described above.
Figure 16 – DMP Reference software layers
The DMP Reference Software is available from the Chillout Subversion repository. The code can be downloaded by any computer using a Subversion client, and it can be automatically built by Apache Maven 2 project management tool.
The figure below shows the Chillout Subversion repository when explored with a Subversion client:
Figure 17 – Overview of the Chillout software repository
The following modules are currently available in the trunk remote folder:
chillout_auxiliary: library of classes encapsulating the functionalities that every device must have when operating in a real environment. This library is not normative, as these modules may be replaced by those a developer needs.
chillout_ccd: The Content Creation Device is an application allowing a User (e.g. an author) to create Content: the DCI and the DCF.
chillout_cid: The Content Identification Device is a server application issuing identifiers to new content items created by a SAV or a CCD
chillout_core: library providing the functionalities needed to Represent (a set of classes to generate and parse the XML structures defined by IDP), to Package (a set of classes to generate and parse the DMP Content File and Streaming formats) and to perform the Protocols (a set of classes to generate and parse the messages exchanged by two devices performing the Protocols)
chillout_cpd: The Content Provider Device is a server application allowing Content creators/distributors/publishers to make available their Content via a streaming protocol or downloaded as a file.
chillout_did: The Device Identification Device is a server application providing Digital Certificates to other Devices upon request.
chillout_dmd: The Domain Management Device is a server application allowing, among the other functionalities, Domain Administrators to create Domains where Governed and un-Governed Content can be Accessed by any Device or User part of them, and Devices and Users to subscribe to them
chillout_lpd: The License Provider Device is a server application issuing Licences to Devices or Users, Granting them the Right to use Content.
chillout_sav: The Stationary Audio and Video Device is an application capable of playing audio-visual Governed and un-Governed Content either stored in files or streamed over network Protocols. By means of a browser integrated in the application, users can browse a Content Provider Devices' portal to select content for real time streaming or file download.
chillout_tpd: The DRM Tool Provider Device is a server application providing DRM Tool Bodies (modules performing DRM functions such as Decryption, watermarking, etc.) to a SAV or a CCD upon request.
maven-plugins: A folder containing source code not developed by Chillout which is needed for the correct installation of the Chillout software
mpegtools: A folder containing MPEG reference software which is used by Chillout code, among which the Digital Item Streaming [29] reference software.
In addition to the Project Object Model (POM) describing the whole software, each individual module has its own POM containing the instructions needed by Maven to build it.
The Chillout software needs a number of software tools in order to be compiled on a computer. These are:
JDK 5.0 or above
A Subversion client
Apache Maven
Each individual module also requires a number of libraries in order to be compiled; these are downloaded automatically by Maven when it is executed. In addition to these, each module may require additional external software in order to run, such as the Apache Tomcat servlet Container, Apache Ant, etc. Further details on the software dependencies for each module will be given in the sections describing all modules individually.
DMP Approved Documents provide Tools and guidance to Users on how to employ the DMP-specified Tools to set up Value-Chains. However, DMP Approved Documents #1 to #7 are in general not sufficient to respond to the following basic questions:
Being able to respond to the first question is a pre-requisite for building Interoperable Value-Chains based on Devices that are independently manufactured and Use independently Created Content. This is the first purpose of AD #8. The goal is achieved through the use of methodologies, test suites and software to test Entities for Conformance to the Technical Specifications.
By using this material Users will be in a position to:
In order to build Value-Chains that Users can entrust their assets to, with an expectation that they will be Used as expected, Users require means to obtain responses to the second question. This is a primary function of the Certification Authority and Agencies whose general role is described in AD #5 – Certification and Registration Authorities. Therefore AD #8 only provides general elements that help provide responses to Question 2, with the understanding that complete answers to this question with a level of satisfaction suitable for business practices in a specific environment can only be obtained from Certification Agencies.
11. Mapping of Traditional Rights and Usages to the Digital Space
DMP specifications provide interoperable technologies that help Use Governed Content (i.e. Content that is at least Identified). Some of these technologies (i.e. Identification) do not require Rights Holders’ Permissions, others (i.e. Licenses) provide a more complete set of possibilities to manage Content throughout the Value-Chain requiring Rights Holders’ Permissions.
Traditionally Users have had many ways of enjoying content they purchase or access some of which do not require rights holders’ permission. Some of these media usages are backed by law in some jurisdictions, some others are dealt with as exceptions to the law and some others are practices currently exercised simply because the state of technology enables them.
DMP feels that solutions that are based on the Interoperable DRM Platform (IDP) could be seen as a poor proposition, in spite of being superior to other DRM solutions thanks to the Interoperability they provide, because the experience gained from them may be perceived by Users as inferior to the current digital or even to the analogue experience.
DMP calls Traditional Rights and Usages (TRU) the ensemble of usages made possible by laws and exceptions or simply practiced by the general public. The DMP community has gone to a great pain collecting and studying as many TRUs as possible (88).
The objective of AD #9 is to provide illustrative examples of:
For each TRU/DMBM supported the following is provided:
A walkthrough complemented with the list of IDP Tools required
Additional actions that may be required to enable TRU/DMBM support.
Note that
Below is a sample TRU handling
An important feature of digital vs. analogue media is the low threshold of entry to creation because virtually anybody is in a position to create Content of high (technical) quality using inexpensive devices and software. With more and more Content that is being posted it becomes important for persons in their capacity of Creators to be able to make Quotes from Content that has been Released, possibly in a format that employs technical protection measures.
Tim wants to show 10 seconds from time code 1h 15m 25s of “My best quote of the year”, a movie that is only available as protected Content.
Tim performs the following sequence of steps:
|
Who |
Perform |
What |
Notes |
IDP Tool |
Ref. |
|
Tim |
Obtain |
License |
To quote 10 seconds of “My best quote of the year” |
Negotiate License |
|
|
Tim |
Make |
DCI |
Using a Content Creation Device (CCD). The DCI includes
|
Represent Content |
2.1 |
|
Tim |
Register |
DCI |
Protocol to Identify Content |
3.1.2 |
|
|
Tim |
Upload |
DCI |
To Content Provider Device |
CCD-CPD Protocol |
3.7 |
|
CPD |
Make |
DCF |
Package Content as File |
4.1.2 |
There are several ways in which this TRU can be actually implemented. Here follows a non-exhaustive list
IDP-3 is the third release of the Interoperable DRM Platform and represent a pretty mature specification. However the work is not finished and the work to be carried out is shown below.
Currently there is a large number of initiatives trying to provide some DRM standards. They can be classified as follows
1. Digital Media Project; Approved Document No. 1 – Technical Reference: Use Cases; 2005/04
2. Digital Media Project; Approved Document No. 2 – Technical Reference: Architecture; 2005/04
4. Digital Media Project; Approved Document No. 4 – Technical Specification: Value-Chains; 2005/04
6. Digital Media Project; Approved Document No. 6 – Technical Reference: Terminology; 2005/04
10. The Digital Media Manifesto, http://www.dmpf.org/manifesto/, 2003/09/30
17. ISO/IEC 15938-5, Information technology – Multimedia content description interface (MPEG-7) – Part 5: Multimedia Description Schemes
28. ISO/IEC 21000-9, Information technology – Multimedia framework (MPEG-21) – Part 9: File format
29. ISO/IEC 21000-15, Information technology – Multimedia framework (MPEG-21) – Part 15: Event Reporting
32. ISO/IEC 23000-7, Information technology – Multimedia Application Format (MPEG-A), Open Access Application Format
33. ISO/IEC 23001-1, Information technology – MPEG Systems Technologies (MPEG-B) – Part 1: Binary MPEG format for XML
37. IETF RFC 1737, K. Sollins and L. Masinter, Functional Requirements for Uniform Resource Names, December 1994.
39. IETF RFC 2141 R. Moats, URN Syntax, May 1997.
42. “XML-Encryption Syntax and Processing” - W3C Recommendation 10 December 2002. http://www.w3.org/TR/xmlenc-core/.
43. “XML-Signature Syntax and Processing” - W3C Recommendation 12 February 2002. http://www.w3.org/TR/xmldsig-core/.
45. W3C Candidate Recommendation, “XML Path Language (XPath) 2.0”, 3 November 2005, http://www.w3.org/TR/xpath20/
46. OWL Web Ontology Language (http://www.w3.org/TR/owl-features/)
47. The Chillout project, http://chillout.dmpf.org
48. The Mozilla Public License Version 1.1, http://www.mozilla.org/MPL/MPL-1.1.html
49. The Subversion project, http://subversion.tigris.org/
50. The Chillout software repository, http://dmp.jdl.ac.cn/svn/chillout
51. The Apache Maven project, http://maven.apache.org/
52. The Maven Project Object Model, http://maven.apache.org/pom.html
53. The Java SE Development Kit (JDK), http://java.sun.com/javase/downloads/index.jsp
54. Java Media Framework API (JMF), http://java.sun.com/products/java-media/jmf/
55. The Apache Tomcat project, http://tomcat.apache.org/index.html
56. The Apache Ant project, http://ant.apache.org/
57. Java Architecture for XML Binding, http://java.sun.com/webservices/jaxb/
58. The JUnit testing framework, http://www.junit.org/index.htm
59. The Apache Ant project, http://ant.apache.org/