The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: May 06, 2005
XML and Digital Rights Management (DRM)

"Officer, arrest that man. He's whistling a copyrighted song."

Several standards activities relating to digital rights management, access control, security, and encryption use or propose XML syntax. This document references some work relating to XML and digital rights management. A separate document covers patents and IP licensing issues in the sphere of markup language standards; see "Patents and Open Standards."

Key DRM Projects


Articles, Papers, News

  • [August 22, 2008] W3C Member Submission for Creative Commons Rights Expression Language (ccREL). Cover Pages news story. On August 20, 2008 W3C published the text of a Member Submission from Creative Commons: ccREL: The Creative Commons Rights Expression Language. ccREL builds upon the astronomical success of Creative Commons licenses, which are embeddable machine-readable legal instruments allowing authors to express permissions for others to share, remix, and reuse content. ccREL is a new XML/RDF machine-readable language to express copyright licensing terms and related information. As summarized in the W3C Team Comment on ccREL, the Creative Commons Rights Expression Language "provides a comprehensive approach, covering an abstract model using RDF, a definition of basic properties and classes that can be extended and reused by third parties, and recommended practices to serialize this abstract model. The abstract model separates the concept of License, which can be characterized by a number of predefined properties with possible values, and so called 'work properties', i.e., properties that relate a specific work to a specific instance of a License. ccREL is firmly rooted in RDF, meaning that the various syntax possibilities for ccREL are also bound to possible RDF serializations. For (X)HTML documents, RDFa is the preferred serialization format (discontinuing the previous practice of adding RDF/XML code as an HTML comment in the HTML source), and the document gives several examples of how to do that in practice. For other document formats, usage of GRDDL, direct embedding of RDF data, XMP, etc, are also described. The separation of the abstract RDF-based model from the specific syntax is rewarded insofar as many different syntaxes become possible depending on the underlying Web resource format. This is also a major step forward compared to the earlier Creative Common license recommendations..."

  • [May 06, 2005] In May 2005 the Open Archives Initiative published an Implementation Guideline specification for "Conveying Rights Expressions About Metadata in the OAI-PMH Framework". The specification defines mechanisms for data providers to associate XML-based rights expressions with harvested metadata that is queried and delivered via service providers using the Protocol for Metadata Harvesting (OAI-PMH). Markup examples using Creative Commons and GNU licenses are provided. See details in the 2005-05-06 news story: "Open Archives Initiative Releases Specification for Conveying Rights Expressions."

  • [February 2005] ODRL DCMI Profile. In February 2005 the Dublin Core Metadata Initiative (DCMI) and Open Digital Rights Initiative (ODRL) announced the formation of a joint ODRL/DCMI Profile Working Group to develop a profile of ODRL/DCMI metadata usage. This profile "will show how to make combined use of the rights-related DCMI metadata terms and the ODRL rights expression language. This will enable richer rights management information to be captured along with DCMI descriptive metadata and support wider interoperability with digital rights management and open content licensing systems. The joint Working Group Chairs are Andy Powell (UKOLN, University of Bath) and Renato Iannella (ODRL Initiative)." ODRL Profiles were first announced at the ODRL International Workshop in April in Vienna (2004) as a formal means of showing how to use ODRL in specific technical environments. Profile Working Groups have now been formed to create ODRL Profiles for Geospatial Data, for Dublin Core Metadata Initiative (DCMI) encoding, and for Creative Commons licenses. See also the ODRL DCMI Profile Working Group mailing list and archives.

  • [October 28, 2004] "RSA Throws Its Hat into the OMA DRM Ring." By [Bill Rosenblatt]. In DRM Watch (October 28, 2004). "RSA Security announced a DRM solution for mobile content, BSAFE Mobile Rights Management, in conjunction with the Jupiter DRM Strategies conference... BSAFE, which will be available in January 2005, supports the OMA DRM 2.0 standard and the ODRL 1.1 rights expression language. It is designed to integrate with RSA's server security software for identity, certificate, and access management... RSA has been a key (pun intended) contributor to the OMA DRM standards, so they have both proven expertise and strong relationships with the device makers and others that are implementing those standards. We had been wondering when one of the leading security infrastructure vendors (such as RSA, Verisign, or Entrust) would finally enter the DRM market... RSA's entry into the mobile content arena has broader implications for the trajectory of the OMA DRM standards. Because RSA's other products are standard features of corporate enterprise information security infrastructures, this could be a way for OMA DRM to find its way into corporate applications. Not all mobile content is for entertainment purposes; in the future, some will be strictly business..." See the text of the RSA announcement.

  • [October 11, 2004] "Digital Rights Management for Interoperable Mobile Services. How the Open Mobile Alliance Enables Increased Revenues for Handset Vendors and Mobile Operators." By Willms Buhse (CoreMedia). In Wireless Business and Technology Volume 4, Issue 3 (September/October 2004). "The Open Mobile Alliance (OMA) was created in June 2002; its membership now includes over 400 mobile operators, content, service and applications providers, wireless vendors, and IT companies. In late 2002, OMA released the OMA DRM version 1.0 enabler, its first set of specifications. Based on a subset of the Open Digital Rights Language (ODRL) Rights Expression Language, and entirely royalty-free, the OMA DRM v.1.0 has been adopted by all the major parties in the content value chain. This includes handset vendors such as Motorola, Nokia, and Siemens, and various European and Asian software providers, such as CoreMedia... While handset manufacturers are implementing DRM on their mobile phones, operators are integrating the DRM server components into their content delivery infrastructure... OMA DRM v.2.0 implements a DRM, REL v.2.0, defined as a mobile profile of the ODRL. This expression language addresses the principal concerns of content providers — protection of sensitive information and purchased content that is in possession of the customer; prevention of unauthorized use and distribution of content; and avoidance of tampering with content, either during transmission or as a case of unauthorized reuse. Accordingly, numerous content suppliers have announced support for OMA DRM v.2.0, among them Sony and Time Warner. Carriers and handset vendors, who see significant revenue enhancement opportunities by offering pervasive mobile access to premium rich content, are expected to release handsets that have implemented OMA DRM v.2.0 by 2005. Handsets and other mobile devices that support OMA-defined DRM technology are already on the market. Currently about 80 models are available in all categories. Given that the specifications were released 14 months ago, this can be considered a tremendous success. As OMA DRM has penetrated into the OS and into, for example, Nokia's widely used Series 60, it has become easy for handset manufacturers to implement DRM. Some leading handset vendors have decided to release DRM in all of their phone models. For these devices, the enhanced DRM v.2.0 specifications represent the next step in pervasive mobile access..." See also: "Open Mobile Alliance Releases Working Drafts for OMA DRM Version 2.0."

  • [October 06, 2004] "EU Wary of Microsoft DRM Purchase." By Wendy M. Grossman. In Wired News (October 06, 2004). "In a move to prevent Microsoft from using its dominance in PC operating systems to control the burgeoning field of digital rights management, European regulators are considering blocking the company's acquisition of an influential DRM patent holder. The EC's focus is primarily on Microsoft, against which it has mounted a number of recent actions. According to the EC's press statement, 'After a preliminary review, it appears to the commission that the transaction might create or strengthen a dominant position by Microsoft in the market for digital rights management (DRM) solutions.' Although the DRM market is still in flux, as it grows those patents could provide their owners significant control over all types of content. That control could arguably be even more significant if Microsoft is able to leverage its dominance in the desktop market so that its technology becomes the gateway through which all content must pass to reach consumers. This is especially true since ContentGuard claims that its patents cover all rights-expression markup languages, the tags that establish what people can do with digital content. If that claim is upheld in court, it could block the development of alternatives intended to aid libraries and other public domain sources. Gary Barnett, IT research director with London-based firm Ovum, believes that the ContentGuard case is in fact much more significant than the EC's recent Media Player action, in which it ordered Microsoft to unbundle its player from the Windows operating system..." See: (1) press coverage; (2) the 2004-08-25 European Commission announcement: "Commission Opens In-Depth Investigation into Microsoft/Time Warner/ContentGuard JV."

  • [August 25, 2004] "EU to Probe Microsoft-Time Warner Buy." By Dawn Kawamoto. From CNET (August 25, 2004). "European antitrust regulators are set to launch a thorough investigation into a plan by Microsoft and Time Warner to acquire digital rights management company ContentGuard, a development that's seen as a setback for the deal. 'After a preliminary review, it appears to the Commission that the transaction might possibly create or strengthen a dominant position by Microsoft in the market for digital rights management solutions,' the agency said in a statement. 'In the course of the investigation, the Commission will also investigate further competition concerns related to the vertical integration of Microsoft in other markets.' The Commission is concerned that, under joint ownership, ContentGuard may have both the 'incentives and the ability' to use its portfolio of intellectual-property rights to put Microsoft's rivals in that area at a competitive disadvantage. 'This joint acquisition could also slow down the development of open interoperability standards. As such, this would allow the (digital rights management) solutions market to 'tip' towards the current leading provider, Microsoft'... and because the digital rights technology is expected to become pervasive throughout the IT industry, the Commission said it is concerned Microsoft's position in the market 'may have spill-over effects on a number of related markets, ranging from mobile telephone to word processors'..." See the announcement: "Commission Opens In-Depth Investigation into Microsoft/Time Warner/ContentGuard JV."

  • [August 19, 2004] "OASIS Rights Language Committee Dissolves." By Bill Rosenblatt. From DRM Watch (August 19, 2004). "The OASIS Rights Language Technical Committee (RLTC) officially dissolved at the beginning of August 2004, thus ending what promised to be an important initiative in rights expression language standardization when the committee was formed in March 2002. OASIS is a body that oversees a wide range of XML-related standards; the RLTC was instigated primarily by ContentGuard, which sought to find an official standards body to take over the development of its XrML rights expression language. Membership of the RLTC included representatives from Microsoft, HP, Sun, CommerceOne, IBM, Verisign, Reuters, and others. ContentGuard's IP portfolio, which it initially inherited from Xerox, includes patents on the use of a 'rights grammar' in what we now call a DRM implementation. Although Mark Stefik of Xerox PARC invented a specific rights language, DPRL, and ContentGuard developed DPRL into XrML, the company's patents do not specify any one particular rights language. Therefore, ContentGuard sought to get XrML established in the market by giving it over to a standards body for further development, with the understanding that whatever language resulted from that development would still be covered by its patents. ContentGuard made a so-called RAND declaration to the RLTC, signifying that any implementations of the RLTC's language would read on its patents, which it would license under reasonable and non-discriminatory terms, in accordance with OASIS's policy on intellectual property licensing. Unfortunately, the RLTC became bogged down in a number of issues that impeded progress. These included concern over the implications of InterTrust's patent dispute with Microsoft over DRM intellectual property (coupled with InterTrust's lack of participation in the RLTC) and over proliferation of related standards initiatives in other bodies, such as IEEE and IETF. Some observers also felt that progress was held up by arguments over how to account for consumers' rights in copyright law, such as fair use in the US, fair dealing in the UK and Canada, and private copying in many EU countries..."

  • [July 09, 2004]   DCMI Usage Board Announces Approval of Metadata Terms for Digital Rights Declaration.    The Usage Board of the Dublin Core Metadata Initiative (DCMI) has announced approval of the rights-related terms "License" and "Rights Holder." The Dublin Core Metadata Initiative is "an open forum engaged in the development of interoperable online metadata standards that support a broad range of purposes and business models." The Dublin Core Metadata Element Set is a standard for cross-domain information resource description, implemented in markup languages perhaps more widely than any other metadata specification. Version 1.1 has been endorsed as ISO Standard 15836-2003, NISO Standard Z39.85-2001, and CEN Workshop Agreement CWA 13874. The new DCMI term "license" is an element-refinement for "rights" and provides for reference of a legal document giving official permission to do something with the resource. The DCMI recommended best practice is to identify the license using a URI. Examples of such licenses can be found at the Creative Commons web site. The new term "rightsHolder" identifies a Rights Holder as a person or organization owning or managing rights over the resource. The DCMI Recommended best practice for this element is to use the URI or name of the Rights Holder to indicate the entity. The proposal for adding new DCMI rights terms articulates a goal of supporting standard practice concerning rights declarations on the Internet. The design especially recognized that "the recent emergence of the Creative Commons as a clearinghouse for rights declarations affords an opportunity to improve standard practice, particularly for resources that have been developed with the intention of cost-free distribution, but whose creators wish to formally declare various rights." The authors believe that both Creative Commons proponents and Dublin Core adopters "will benefit by having a clear approach to formal rights declaration in a widely adopted metadata framework on the Internet." A growing collection of open source software tools supports the creation of Creative Commons machine-readable licenses and embedding of license metadata within digital objects.

  • [June 22, 2004] "The Hill's Property Rights Showdown." By Declan McCullagh. In CNET (June 22, 2004). "The Digital Millennium Copyright Act is under siege. For the first time since it was enacted in 1998, the DMCA has become the target of a large and growing number of critics seeking to defang the controversial law. The legislation says Americans aren't permitted to circumvent encryption guarding certain digital media products — even if the purpose is to make a backup copy of a computer program or DVD. On Tuesday, a new group called the Personal Technology Freedom Coalition is planning a press conference to reiterate its members' support for a proposal to repeal the portion of the DMCA that has drawn the most condemnation. Its organizers already have met with representatives of about 20 congressional offices, and they say the coalition includes key tech companies like Intel, Sun Microsystems, Gateway, and Philips Consumer Electronics North America. Rep. Rick Boucher, D-Va., introduced a bill called the Digital Media Consumers' Rights Act (HR 107). It would allow the circumvention of copy protection as long as no piracy is taking place. Boucher: 'Our intellectual-property laws have always been intentionally porous, and the porous nature of those laws, accommodating, for example, the Fair Use Doctrine, has enabled the society to have a right to use intellectual property in certain circumstances without having to obtain the permission in advance of the owner of the copyright... Many companies that primarily produce intellectual property oppose this [reform] measure. So does the Business Software Alliance, which is dominated by Microsoft. It is, some believe, sort of Microsoft's alternative voice in the nation's capital. The passage of the DMCA was the crown jewel of the legislative efforts of the content-creating community of the last two decades, because it was a dramatically blunt instrument. It criminalizes conduct that most people would believe should be innocent, such as circumventing technical protection in order to exercise a fair-use right'..."

  • [June 22, 2004] "Tech-heavy Coalition Supports Fair-Use Legislation. Support Grows to Allow Making a Limited Number of Copies of Restricted Products." By Grant Gross. In InfoWorld (June 22, 2004). "A group of technology vendors, consumer rights groups and Internet service providers (ISPs) have banded together to support 18-month-old U.S. House legislation that would allow consumers to make personal copies of copyrighted digital products, including movies and music. The Personal Technology Freedom Coalition on Tuesday kicked off its efforts to get the Digital Media Consumers' Rights Act, introduced in January 2003, through Congress. The legislation, sponsored by Representative Rick Boucher, a Virginia Democrat, would allow consumers to break copy controls to do such things as make personal copies of compact discs or movies. Supporters of the bill say it's necessary to protect consumers' so-called fair-use rights to make personal copies, which the Digital Millennium Copyright Act (DMCA) curtails. 'We don't think it's illegal to buy CDs and videos and make a small number of copies for personal use,' said Representative Joe Barton, chairman of the House Energy and Commerce Committee... The Personal Technology Freedom Coalition kicked off Tuesday with a Capitol Hill press conference and support from more than two dozen organizations and companies. Supporters ranged from the United States Student Association and Consumers Union to tech giants Intel Corp., Sun Microsystems Inc. and Gateway Inc. Four major telecommunications carriers and ISPs, including Verizon Communications Inc. and BellSouth Corp., also joined the coalition. The coalition launched on the same day that the Recording Industry Association of America (RIAA) announced 482 new lawsuits, including 206 in Washington, D.C., against alleged song uploaders using peer-to-peer services to trade music... Some companies are using the DMCA to stifle research into security holes, added Ed Black, president of the Computer and Communications Industry Association. 'It is an attempt to use intellectual property not really to protect intellectual property, but to block competition,' he said..."

  • [June 19, 2004] "Microsoft Research DRM Talk." By Cory Doctorow (Electronic Frontier Foundation). June 17, 2004. Text dedicated to the public domain, using a Creative Commons public domain dedication. This talk was originally given to Microsoft's Research Group and other interested parties from within the company at their Redmond offices on June 17, 2004. "Greetings fellow pirates! Arrrrr! I'm here today to talk to you about copyright, technology and DRM. I work for the Electronic Frontier Foundation on copyright stuff (mostly), and I live in London... Here's what I'm here to convince you of: (1) That DRM systems don't work; (2) That DRM systems are bad for society; (3) that DRM systems are bad for business; (4) That DRM systems are bad for artists; (5) That DRM is a bad business-move for MSFT... At the Broadcast Protection Discussion Group meetings where the Broadcast Flag was hammered out, the studios' position was, 'We'll take anyone's DRM except Microsoft's and Philips'.' When I met with UK broadcast wonks about the European version of the Broadcast Flag underway at the Digital Video Broadcasters' forum, they told me, 'Well, it's different in Europe: mostly they're worried that some American company like Microsoft will get their claws into European television.' American film studios didn't want the Japanese electronics companies to get a piece of the movie pie, so they fought the VCR. Today, everyone who makes movies agrees that they don't want to let you guys get between them and their customers. Sony didn't get permission. Neither should you. Go build the record player that can play everyone's records. Because if you don't do it, someone else will..." Source:

  • [May 31, 2004]   Open Mobile Alliance Releases Working Drafts for OMA DRM Version 2.0.    The OMA Browser and Content (BAC) Download and DRM Sub-Working Group has released several draft specifications as part of the OMA DRM 2.0 Enabler Release, announced in February 2004. The Open Mobile Alliance (OMA) Digital Rights Management technology "enables the distribution and consumption of digital content in a controlled manner, where content is distributed and consumed on authenticated devices per the usage rights expressed by the content owners. OMA DRM work addresses the various technical aspects of this system by providing appropriate specifications for content formats, protocols, and rights expression languages." OMA DRM 2.0 builds upon core DRM functionality specified in the OMA DRM 1.0 Enabler Release, now supported on more that fifty (50) mobile handsets. The new OMA DRM enabler release "takes advantage of expanded device capabilities and offers improved support for audio/video rendering, streaming content, and access to protected content using multiple devices, thus enabling new business models. It enables the protection of premium content such as music tracks, video clips, and games, with enhanced security and improved support to preview and share content." Support for OMA DRM 2.0 has been announced by numerous mobile device vendors and content suppliers. The OMA DRM 2.0 Enabler Release Specification Baseline introduces the five principal documents: DRM Rights Expression Language V2.0 defines the XML/ODRL-based rights expression language used to describe the permissions and constraints governing the usage of DRM protected media objects. The DRM Specification V2.0 defines the the format and semantics of the cryptographic protocol, messages, processing instructions and certificate profiles, including the Rights Object Acquisition Protocol (ROAP) messages, the domains functionality, transport mappings for ROAP, binding rights to user identities, exporting to other DRMs, the certificate profiles, and application to other services"; these features are outlined in the OMA DRM Requirements. A DRM Architecture document defines the overall architecture for DRM 2.0 including informative descriptions of the technologies and their uses. DRM Content Format V2.0 defines the content format for DRM protected (encrypted) media objects. XML schemas are provided for Rights Object Acquisition Protocol (ROAP) protocol data units, Rights Object Acquisition Protocol trigger media type, and the OMA DRM Rights Expression Language. The OMA DRM Rights Expression Language (REL) V2.0 is defined as a mobile profile of the Open Digital Rights Language (ODRL). ODRL is an XML-based rights expression language free of licensing restrictions, providing a lightweight formal mechanism for specifying rights independently of the content type and transport mechanism.

  • [June 01, 2004] "Rights Expression Languages: A Report for the Library of Congress." By Karen Coyle. Commissioned by the US Library of Congress, Network Development and MARC Standards Office. Published February 2004. 53 pages. See the background and introduction provided by Sally H. McCallum. "Rights expression languages (RELs) are part of the technology of digital rights management. Both are recent technologies and still in their formative stages. The first RELs were developed in the late 1990's and none can be considered to be fully deployed at this date (2004). This report provides an analysis of a representative sample of RELs that vary from relatively simple expressions of rights holders' preferences to highly complex components of a trusted systems environment. The four featured RELs are: CreativeCommons, METSRights, Open Digital Rights Language (ODRL), and MPEG-21, Part 5 (MPEG-21/5). The paper develops categories to aid in the analysis of the RELs. The goals and purposes of the RELs are characterized as: (1) expression of copyright, (2) expression of contract or license agreements, (3) control over access and/or use. An understanding of these different purposes can be used to explain many of the differences between these and other RELs. In particular, the degree to which RELs are intended to be machine-actionable is a determinant in the kinds of rights that can be expressed in the REL. A machine-actionable REL must use very precise language and can nearly guarantee compliance with the terms of the machine-readable license. This REL cannot, however, support social or legal concepts like "fair use." On the other hand, broader and less precise RELs must rely on agreement and trust for enforcement, which means that there is a risk that some unauthorized use of the digital resource could occur... The main purpose of this paper is to expose the underlying goals and assumptions of a range of existing rights expression languages, and to establish a taxonomy that will allow us to evaluate RELs in relation to sets of requirements. This taxonomy may also aid in the further development of languages that serve specific or general needs." The author notes in the section 'Business Models of Rights Expression Languages' that the RELs analyzed are "significantly different from each other in terms of their business models — that is, in terms of how they themselves can be licensed and used." Three of the four RELs studied have no license requirements for use: Open Digital Rights Language (ODRL), Creative Commons, and METSRights (METSR). They are open specifications, delivered patent-free by their designers, and are freely downloadable on the Internet. MPEG-21/5 must be purchased from ISO; it is based upon the legally encumbered (patented) XrML(TM) from ContentGuard, recently acquired by Time Warner and Microsoft. [cache]

  • [April 12, 2004] "Microsoft and InterTrust Settle Outstanding Litigation and License Intellectual Property." - "Microsoft Corp. and InterTrust Technologies Corp. today announced that Microsoft has taken a comprehensive license to InterTrust's patent portfolio for a one-time payment of $440 million. The agreement resolves all outstanding litigation between the two companies. InterTrust receives rights under Microsoft patents to design and publish InterTrust reference technology specifications related to digital rights management (DRM) and security. Microsoft and InterTrust believe this agreement will accelerate adoption and development of DRM technologies... The settlement agreement ensures that Microsoft's end-user customers can use Microsoft products and services as they are intended to be used without requiring a license from InterTrust. In addition, software developers who build products that use Microsoft platform technology will not require an InterTrust license for normal and expected uses of the Microsoft technologies... 'DRM solutions are essential to secure valuable personal, business and commercial content in a massively connected world,' said Will Poole, senior vice president of the Windows client business at Microsoft. 'With our existing technology and IP portfolio combined with our new agreement with InterTrust, Microsoft is committed to working with the broader industry to accelerate the promotion of DRM standards and solutions. Microsoft and our partners are delivering the most powerful and flexible rights management solutions in the industry, while assuring customers that we have the IP necessary in striving to secure our products'..."

  • [February 12, 2004] "How Will Office 2003 DRM Impact Interoperability?" By Paul Cesarini (Assistant Professor, Advanced Technological Education Program, Bowling Green State University, Bowling Green, Ohio). In IT Manager's Journal (February 12, 2004). "Last October, released the 1.1 version of its office productivity suite. This update included native PDF and Flash conversion, complex text layout language support, and increased compatibility with Microsoft Office file formats. Roughly a month later, Microsoft released Office 2003. This product was freshly-infused with digital rights management (DRM) technologies, dubbed 'information rights management' by Microsoft, designed to secure and restrict access to documents as needed. Documents employing DRM created in Office 2003 may well only be accessible via Office 2003. More recently, Microsoft filed for numerous patent applications in New Zealand and Europe, covering the interoperability of XML-based word processing documents... What do these tactics mean for interoperability between current and pending versions of Microsoft Office and competing products such as and StarOffice? Are the goals espoused by Microsoft, namely increased document security, the driving concern behind these moves, or is this a careful strategy designed to lock out competition? [...] Louis Suarez-Potts,'s community manager argues that the point of files using [Microsoft] DRM is not to simply to make them more secure, but rather to enable an end-run around interoperability. 'On a superficial level, the point of DRM is to limit free access to only those applications able to read DRM-delimited documents', Suarez-Potts said. 'Put another way, MS Office will generate a class of files which only people with the same kind of MS Office will be able to open, let alone edit.' Additionally, Suarez-Potts added that '[] will doubtless have better equivalents, ones that are just as secure and conceivably also as limiting.' Suarez-Potts also believes that Microsoft's strategy is unlikely to succeed, due to the required software investment in both server and client sides -- particularly since both the sender and receiver of IRM-enabled Office files would have to buy in to these upgrades..." See: (1) "Microsoft Files for Patents Related to XML Parsing and Word Processing"; (2) "Microsoft Announces Licenses for Use of Office 2003 XML Reference Schemas"; (3) "Microsoft Announces Windows Rights Management Services (RMS)."

  • [January 30, 2004] "Tech Giants Lock Down Wireless Content." By Ben Charny, Richard Shim, and John Borland. In CNET (January 30, 2004). ['A group of technology heavyweights is expected to announce new technology for securing music and video on wireless devices. Bottom line: Development of a wireless content security specification could help spur new mobile media services -- and pose a fresh challenge to Microsoft and others developing similar technology.'] Formerly known as "Project Hudson," the DRM effort "will kick off publicly Monday, with the announcement of new digital rights management (DRM) specification from industry group the Open Mobile Alliance (OMA), as well as the formation of a new licensing body led by Intel, Nokia, Panasonic and Samsung that will promote the technology, according to sources. Toshiba was originally a member of the licensing group but has since backed out. The licensing entity will be known as the Content Management License Administrator (CMLA) and will promote an implementation of the latest version of OMA's digital rights management standard... CMLA aims to ease piracy concerns among movie studios and record labels over a growing number of devices, including cell phones, capable of connecting to wireless networks. According to one source familiar with the plan, the DRM scheme will be built into mobile handsets, allowing encrypted files to be streamed onto compliant devices. Known as OMA DRM 2.0 Enabler Release, the specification could also potentially support devices connected in wireless networks based on the 802.11 standards, or Wi-Fi. Despite being a relative newcomer in the crowded DRM space, the CMLA plan has already won some early support from major content owners... Software makers hope to cash in on the media industry's demand for DRM by supplying security standards that could ultimately give them a slice of the profits every time a song or movie is bought or played online. They also stand to reap substantial fees from hardware companies that would be required to license their technology in order to legally play back most copyrighted music and videos. A wave of competing and incompatible DRM products has hit the market from Microsoft, Apple Computer, Sony, IBM, RealNetworks and others, creating interoperability headaches for consumers. For example, Apple's best-selling iPod digital-music player supports only the company's own flavor of DRM, which is used on songs purchased from its iTunes Music Store. DRM-protected songs purchased from other music download stores can't be played back on the iPod, nor will iTunes songs play on any MP3 player other than the iPod. Nokia, Motorola, Sony Ericsson Mobile Communications and Siemens make a total of 46 handsets that use an early version of OMA's DRM, while Ericsson and Openwave Systems make servers that use the technology, according to OMA's Web site..."

  • [December 2003] "Open Mobile Alliance: Digital Rights Management. Short Paper, copyright (c) 2003 Open Mobile Alliance Ltd. December 2003. 8 pages. "OMA began working on mobile Digital Rights Management (DRM) specification in 2001 in response to clear market demand. Content and service providers saw mobile phones as a lucrative channel to distribute their copyright protected content, thus a content copyright protection system was needed to protect their investment... The OMA DRM 1.0 Enabler Release was developed rapidly in order to reduce time to market. The Enabler Release was published in November 2002 and was immediately available for companies to implement in their mobile products. OMA DRM version 1.0 Enabler Release was created to meet the above listed content and service provider, and vendor requirements. OMA DRM 1.0 includes three levels of functionality: (1) Forward Lock -- prevents content from leaving device; (2) Combined Delivery -- adds rights definition; (3) Separate Delivery -- provides content encryption and supports superdistribution... The purpose of Separate Delivery is to protect higher value content. It enables so called superdistribution, which allows the device to forward the content, but not the usage rights. This is achieved by delivering the media and usage rights via separate channels. The content is encrypted into DRM Content Format (DCF) using symmetric encryption; the DCF provides plaintext headers describing content type, encryption algorithm, and other useful information. Rights object holds the symmetric Content Encryption Key (CEK), which is used by the DRM User Agent in the device for decryption. The Rights Object is created by using OMA Rights Expression Language (REL). OMA Right Expression Language is a mobile profile of ODRL (Open Digital Rights Language) Version 1.1..." See also "Open Digital Rights Language (ODRL)." [cache]

  • [October 02, 2003] "MPEG LA Announces Plan for Joint Patent License for DRM Technology. DRM Reference Model and Call for Essential DRM Patents Represent First Step." Dividing the loot: MPEG LA has "issued a call for patents that are essential to digital rights management technology (DRM) as described in DRM Reference Model v 1.0. DRM refers to technologies for managing the authorized use of digital content. The purpose of the DRM Reference Model is to begin a process of evaluating and determining patents that are essential for DRM in order to provide users with convenient, fair, reasonable, nondiscriminatory access to a portfolio of essential worldwide patent rights under a single license... The DRM Reference Model represents the first phase in a continuing three-step process. Phase II is a call for patents to be evaluated for their essentiality with respect to the DRM Reference Model, and Phase III will be the convening of an initial patent holder group in order to decide the terms of a joint patent license... Version 1.0 of the Model will serve as a tool for the initial call for patents and an evaluation of their essentiality by independent patent experts resulting in the prompt formation of an initial patent holder group to decide terms of license..." For background to this problem, see: "Navigating the Patent Thicket: Cross Licenses, Patent Pools, and Standard-Setting," by Carl Shapiro.

  • [September 26, 2003]   RoMEO and OAI-PMH Teams Develop Rights Solution Using ODRL and Creative Commons Licenses.    Project RoMEO (Rights Metadata for Open Archiving) has completed its first year of operation with funding from the Joint Information Systems Committee (JISC) and has published a rights solution report. A sixth interim Study and the Final Report describe an XML-based system for the expression of rights and permissions governing metadata and resources in institutional repositories. A principal goal of RoMEO, like that of the Creative Commons, is to neutralize the negative effects of (default) copyright law and controlling intermediaries in order to facilitate easy, open access to protected digital works. On this model, consumers do not need to ask permission for use of resources because permission in various forms has already been granted. The RoMEO Project team sought to develop an interoperable set of metadata elements and methods of incorporating the rights elements into document metadata processed by the Open Archives Initiative Protocol for Metadata Harvesting (OAI-PMH). The goal is to protect research papers and other digital resources in an open-access environment. The project team has developed an XML metadata notation using the Open Digital Rights Language (ODRL) and Creative Commons licenses for disclosure of the rights expressions under the OAI-PMH. The markup model covers both individual digital resources and collections of metadata records. A new 'OAI-RIGHTS' Technical Committee has been formed by members of the RoMEO and OAI project teams to further develop the proposals and to publish generic guidelines for disclosing rights expressions.

  • [September 23, 2003] "Experiences with the Enforcement of Access Rights Extracted from ODRL-Based Digital Contracts." By Susanne Guth [], Gustaf Neumann, and Mark Strembeck (Department of Information Systems, New Media Lab, Vienna University of Economics and BA, Austria). Prepared for presentation at DRM 2003, October 27, 2003, Washington, DC, USA. 13 pages (with 38 references). "In this paper, we present our experiences concerning the enforcement of access rights extracted from ODRL-based digital contracts. We introduce the generalized Contract Schema (CoSa) which is an approach to provide a generic representation of contract information on top of rights expression languages. We give an overview of the design and implementation of the xoRELInterpreter software component. In particular, the xoRELInterpreter interprets digital contracts that are based on rights expression languages (e.g. ODRL or XrML) and builds a runtime CoSa object model. We describe how the xoRBAC access control component and the xoRELInterpreter component are used to enforce access rights that we extract from ODRL-based digital contracts. Thus, our approach describes how ODRL-based contracts can be used as a means to disseminate certain types of access control information in distributed systems..."

  • [September 22, 2003] "Sun Touts Liberty for Digital Rights Management." By Gavin Clarke. In Computer Business Review Online (September 19, 2003). "Sun Microsystems hopes to replicate an industry initiative for federated identity in the field of Digital Rights Management (DRM), to stymie Microsoft Corp's own controversial plans to control distribution of electronic content. The company has thrown its weight behind the OMA wireless group's effort to define a DRM specification on mobile devices. Ultimately, though, Sun hopes to build a coalition of vendors and end-users similar to the Liberty Alliance Project to drive uptake of DRM. Sun CTO John Fowler said a Liberty-style group would have the advantage of including input into specifications from end-users. Sun has helped work on a DRM specification at the Open Mobile Alliance, whose list of 200 members includes hardware vendors, ISVs, mobile specialists and content providers such as AOL Time Warner and Sony Inc. Liberty's members include end-users such as Amex and General Motors... 'Liberty was less about vendors who have technology and about the user,' Fowler said. Sun additionally believes mobile DRM for mobile systems to be important, given the expected growth rates in use of cell phones and other devices. Mobile platforms are also dominated by Sun's Java 2 Micro Edition (J2ME), meaning any DRM specification could ultimately be built into the platform. Ironically, Microsoft is also an OMA member, meaning the company could end-up putting its name to DRM work that ultimately competes against its own. OMA is an amalgamation of formerly disparate wireless and mobile vendor groups, formed in June 2002..."

  • [September 06, 2003] "Don't Let DRM Lock You In. A Q and A with John Fowler, CTO, Sun Software." By John Fowler. In Features: Sun News, Video, and Resources (September 2003). "By including a proprietary digital rights management system into Microsoft Office, any data created in Microsoft Office can only readable and used by Microsoft tools which means that you must use the Microsoft platform. Don't think about this just in relation to PCs, this also extends to other kinds of devices that you use on your network. You are locking your data to a single vendor. This has always been Microsoft's strategy, but in the past it has been possible to work around this strategy. With Office 2003 and the inclusion of DRM, it will be impossible to work around. So in this case you can think of Microsoft as owning your data and it not being owned by you, because in order to read your data you have to have licensed technology from Microsoft and only Microsoft. From a long term strategic standpoint, this locks you into Microsoft into being your only technology provider to read your data..." See context in following reference.

  • [September 02, 2003] "New Office Locks Down Documents." By David Becker. In CNET (September 02, 2003). "As digital media publishers scramble to devise a foolproof method of copy protection, Microsoft is ready to push digital rights management into a whole new arena -- your desktop. Office 2003, the upcoming update of the company's market-dominating productivity package, for the first time will include tools for restricting access to documents created with the software. Office workers can specify who can read or alter a spreadsheet, block it from copying or printing, and set an expiration date. The technology is one of the first major steps in Microsoft's plan to popularize Windows Rights Management Services, a wide-ranging plan to make restricted access to information a standard part of business processes. Analysts say it represents a badly needed new avenue for boosting sales of Microsoft's server software and an opportunity to lock out competitors, including older versions of Office. It also gives businesses that skipped on the last round or two of Office upgrades a new reason to bite this time... The new rights management tools splinter to some extent the long-standing interoperability of Office formats. Until now, PC users have been able to count on opening and manipulating any document saved in Microsoft Word's '.doc' format or Excel's '.xls' in any compatible program, including older versions of Office and competing packages such as Sun Microsystems' StarOffice and the open-source OpenOffice. But rights-protected documents created in Office 2003 can be manipulated only in Office 2003. 'There's certainly a lock-in factor,' said Matt Rosoff, an analyst with Directions on Microsoft. 'Microsoft would love people to use Office and only Office. They made very sure that Office has these features that nobody else has.' Information Rights Management (IRM) tools will be included in the professional versions of all Office applications, including the Word processor and Excel spreadsheet programs. To use IRM features, businesses will need a server running Microsoft's Windows Server 2003 operating system and Windows Rights Management Services software. The server software will record permission rules set by the document creator, such as other people authorized to view the document and expiration dates for any permissions. When another person receives that document, they briefly log in to the Windows Rights Management server -- over the Internet or a corporate network -- to validate the permissions..." See other details in "Microsoft Announces Windows Rights Management Services (RMS)."

  • [May 15, 2003]   ACM Publishes CACM Special Issue on Digital Rights Management and Fair Use.    ACM's flagship journal Communications of the ACM dedicated a special issue to the theme "Digital Rights Management and Fair Use by Design." The April 2003 issue of CACM (ISSN: 0001-0782; Volume 46, Number 4) contains seven feature articles on the need to reconcile competing interests in the creation of DRM rules that govern fair use of copyrighted digital works. "Guest editor Deirdre Mulligan, Director of the Samuelson Law, Technology, and Public Policy Clinic at UC Berkeley, contends that content owners and policymakers have taken technology firms to task for their inability to enforce rules about access to copyrighted works. She calls on some of the most noted legal voices in the DRM debate to help provide technologists some answers, clarifications, and technical options." The articles document how "the public and its advocates, along with many copyright scholars, are voicing their concern that DRM -- whether legally mandated or privately adopted -- will lock up information in ways that thwart individuals' and institutions' rights to read, lend, resell, mix, and build on copyrighted works. A growing number of technology firms are deeply concerned over the dumbing down and locking up of the desktop computer."

  • [April 22, 2003] "Securing Digital Content." By Dennis Fisher. In eWEEK (April 22, 2003). "As Microsoft Corp. prepares to release the beta version of its anticipated and controversial Rights Management Services, a small security company has been quietly working on technology that could trump Microsoft's and make it easier for companies to control digital content... Cryptography Research Inc. has developed a technology that associates security measures with each piece of content instead of using a generic protection scheme for all copies. The security measures are contained in code that runs on a virtual machine inside a playback device. As the content is decrypted during playback, the virtual machine uses APIs in the playback device to determine whether or how the playback should proceed. The architecture includes a digital watermarking function that would let content owners identify every legal copy of a given piece of content. If a legal copy is duplicated, the illegal version could be traced. Under this system, each playback device would have a unique set of keys for decrypting content. The concept, which the company calls self-protecting digital content, grew from research to uncover a DRM (digital rights management) solution amenable to everyone in the debate over mandating copy protection. 'Both sides are missing the point. Mandating copy protection isn't realistic,' said Paul Kocher, president of Cryptography Research, based here. 'But [content owners] have a real problem. Piracy is illegal, and my job is to solve the security problem.' Kocher said the company has had discussions with Hollywood studios about licensing the technology..."

  • [April 17, 2003] "Sydney Firm to Protect 3G Content." By Nathan Cochrane. In Sydney Morning Herald (April 15, 2003). "A small Sydney maker of copyright enforcement technology has beaten Microsoft for the coveted crown of protecting content consumed by the next generation of multimedia mobile phones. IPR Systems' Open Digital Rights Language (ODRL) version 1.1 has been adopted by mobile makers such as Nokia, Samsung and Sony-Ericsson, operators including Vodafone and open-standards-setting body the Open Mobile Alliance to safeguard copyrighted content distributed over third-generation (3G) networks. ODRL gives content creators the power to determine exactly how their material is to be used, including how many times it can be consumed, for how long it can be consumed before it expires and how many times it can be forwarded, if at all. IPR's four engineers built the Digital Restrictions Management (DRM) language in about two years before version 1 was commercially adopted by Nokia and others in preference to Microsoft's XrML standard, in part due to political reasons, says chief scientist Renato Iannella. 'ODRL is more concise and this is a critical factor for network bandwidth for the telcos,' Iannella says... Research group Datamonitor predicts the market for content over mobile phones will kiss $US 38 billion ($A 62.7 billion) in three years. Iannella says the mobile phone operators and content producers wanted to avoid the 'Napsterisation' of their services... ODRL is an open standard provided free to developers and phone makers in an attempt to spur wide adoption. IPR makes its money by providing systems that best take advantage of the standard, says its business development manager, Fergus Stoddart. 'Nokia started using ODRL internally but they realised the need to follow emerging standards rather than invent another derivative so they decided to contact us and join the ODRL initiative and put their weight behind it,' he says. Iannella says users of devices such as Nokia's 3650 multimedia messaging service mobile phone benefit by having explicit rights to forward media once it has been consumed..." From Nokia: "The Nokia Content Publishing Toolkit 2.0 is stand alone off-line Windows application which generates OMA DRM and Download OTA files. These standardized technologies allow protection and control of paid content as well as improvement of the customer experience by ensuring that only compatible content is downloaded to terminal." [See the example screen image of the application and sample ODRL OMA output.] "Forum Nokia provides the information needed to develop applications using the technologies Nokia's products support. Today these technologies include the latest wireless standards and protocols such as Bluetooth, Java, SyncML, MMS and Symbian OS, as well as the established mobile technologies WAP and Smart Messaging..."

  • [April 08, 2003] "Driving Content Management with Digital Rights Management." By Renato Iannella and Peter Higgs. White Paper. IPR Systems Pty Ltd. April 09, 2003. 9 pages. "There is often confusion in the market between the functions of Content Management and Digital Rights Management systems. This is understandable as both are dealing with the production and supply of digital content and share common technologies and techniques. However they are best thought of two sides of the same coin bicycle: Both are necessary to have a valuable and practical marketplace that brings content and relevant usage rights from creators to customers... Content Management has evolved and has now been segmented into Enterprise Content Management, Digital Asset Management, Media Asset Management, and Web Content Management. Similarly IPR Systems divides DRM into: [1] Digital Property Management (DPM), and [2] Digital Rights Enforcement (DRE). Digital Rights Management (DRM) involves the description, layering, analysis, valuation, trading and monitoring of the rights over an enterprise's assets; both in physical and digital form; and of tangible and intangible value. DRM covers the digital management of rights -- be they rights in a physical manifestation of a work (e.g., a book), or be they rights in a digital manifestation of a work (e.g., an ebook). Clearly, systems that manage and supply content need to interface to, or be closely coupled with, systems that manage rights... As content is created and managed (e.g., version control, digitisation etc), traded via an ecommerce exchange, and delivered to the consumer, appropriate rights information is also captured and managed in parallel. In many cases the CM functions and the DRM functions have high dependencies, such as the protection of the content at the consumer end of the transaction. The terms and conditions agreed on in the trade will need to inform the content rendering systems to ensure that the content is only used for the purposes acquired... Current rights management technologies are focused on managing downstream rights: the flow of content from a publishing organisation to consumers. This flow is predominantly of relative simple usages or 'passive consumption.' For example, the sale of music content, in which the end consumer can only play the audio file. A more complex market requirement is the management of upstream (content sourcing) agreements which can then be aggregated, managed and transformed into downstream usage offers and agreements. A key feature of managing online rights will be the substantial increase in this re-use of digital material on the Web. The pervasive Internet is changing the nature of distribution of digital media from a passive one way flow (from Publisher to the End User) to a much more interactive cycle where creations are re-used, combined and extended ad infinitum. At all stages, the rights need to be managed and honoured with services of various degrees of sophistication... The next two years will see an explosion in the production and distribution of digital content over the Internet. Much of this content will be re-used, aggregated and transformed to increase its applicability to its various markets. Content Management systems alone will not be able to cope with this need without addressing the rights management requirements. There are applications that are currently being developed that couple Rights Enabled Content Management Systems with open, standards based Rights Management Systems. When the integration is completed they will be at the forefront of the revolution in digital content marketing..."

  • [April 04, 2003] "Rights-Expression Language Is Key to Interoperability. [Digital Rights Management.]" By Bill Rosenblatt (President, GiantSteps Media Technology Strategies). In The Seybold Report Volume 2, Number 24 (March 31, 2003). ISSN: 1533-9211. "Most of the pain points concerning digital rights are essentially political and cultural. But a few are technical, such as finding a standard method for describing exactly what rights are conveyed, for what price and under what restrictions. Many proprietary schemes have been proposed and (mostly) discarded. What seems likely to work in the long haul is a rights- expression language that's rich enough, simple enough and open enough to satisfy all parties in this turbulent industry. As it happens, there are two such languages. Trouble is, there needs to be one... One of the technical factors impeding the growth of the digital rights management market is the lack of interoperability among the increasing number of DRM solutions available. Rights expression languages (RELs) offer the promise of packaging assets in different DRM-enabled formats with a single set of business rules, which saves effort and promotes interoperability among different DRM-enabled components of digital-media value chains. We'll take a look at the background of RELs in general and the two most prominent emerging standard RELs: Extensible Rights Markup Language (XrML) from ContentGuard, Inc., and Open Digital Rights Language (ODRL) from IPR Systems Ltd... Today, a growing number of DRM technology vendors are adopting XrML, which is now at version 2.0; details are at Microsoft is incorporating either the full language or a subset in all of its DRM solutions, including Media Rights Manager for Windows Media audio and video, Digital Asset Server for Microsoft Reader eBooks and its recently announced Windows Rights Management Services for Windows Server 2003. Other adopters include the e-zine vendor Zinio and the Dutch infrastructure-software vendor DMDSecure. All of these companies have licensed ContentGuard's patents, as has Sony -- although the consumer electronics giant has yet to implement any technology based on XrML. ODRL, meanwhile, has made some headway in the wireless industry, thanks to efforts by the wireless giant Nokia. In addition to its adoption by the OMA, Nokia has released an SDK for implementing OMA download applications, and it has implemented the spec in its 3595 phone. ODRL is also supported in an open-source DRM package for the emerging MPEG-4 multimedia format called OpenIPMP, developed by New York-based ObjectLab Inc... For media applications, ODRL has the advantage of being more concise, meaning that rights descriptions in ODRL tend to be more compact than their equivalents in XrML and that ODRL interpreters can be smaller (in memory footprint) than XrML interpreters. The latter factor is especially important in the mobile-device space, where memory is at a premium; that is one reason why the Open Mobile Alliance ( favored ODRL over XrML. ODRL also has some media-specific constructs that XrML does not share, including the ability to specify attributes of media objects such as file formats, resolutions and encoding rates..."

  • [March 05, 2003] "Does Fair Use Apply? Software Vendors Want the Kind of Lock on Products That Has Never Been Allowed in Book Publishing." By Ed Foster. In InfoWorld (March 03, 2003). "If I loan a book to a friend to read, am I committing an act of piracy? The day is fast approaching when at least some people will answer that question in the affirmative. Amid the sound and fury generated by our recent discussions of TurboTax product activation, an important point had to take a backseat to the more immediate concerns readers were expressing about Intuit's move to restrict use of pass-along CDs... So why don't we feel like pirates when we loan someone a book? Or, for that matter, when we give away a video, music CD, or DVD? Books may not be as subject to casual copying as software programs, but the music and motion picture industries are crying piracy even louder than the software industry. And even the worst of the anti-fair-use laws their lobbyists are pushing Congress to pass wouldn't block resale of a legal copy..." [Ed Note: Foster highlights a concern of many, viz., that 'fair use' and 'first sale' as constitutional [or natural] rights are being contemptuously dismissed by leading DRM- and "rights language" developers: "It's not our problem," they say, "and besides, design for protecting these kinds of rights is too complicated, sorry..."

  • [March 03, 2003] "Experts: Copyright Law Hurts Technology." By Robert Lemos. In CNET (March 01, 2003). "Attempts to protect copyrighted material have strayed from their original purpose, say lawyers, technologists and academics, but few can agree on the solution. Speaking Friday at a University of California at Berkeley conference on the law and policy of digital rights management, experts from all circles seem to agree that more is going wrong than right with the current approach to protecting digital content. Moreover, they argue that current laws such as the Digital Millennium Copyright Act (DMCA) -- which makes cracking copyright protections illegal, even when otherwise acceptable under other laws -- are serving the extremes, not the mainstream populace. 'There has to be a way between the lunatics at the two extremes,' said Larry Lessig, a law professor at Stanford University and well-known opponent of the DMCA. 'We need to build a layer of reasonable copyright law on top of this background of unreasonable extremism.' Such sentiments for loosening the control of copyright holders are finding far more fertile ground these days, in the wake of a number of lawsuits that illustrate the dangers of the DMCA. Far fewer people believe that the DMCA is an appropriate method to stave off digital pirates in the Internet age David Farber, law professor for the University of Pennsylvania, said that digital rights management systems need to be in place to protect not the minority of big corporations but the masses of people. 'I am not talking about protecting the media companies from people using their content,' he said. 'I am concerned with protecting my information and finding out who made copies of it.' Until copyright policy tilts back to the populace, people will likely resist such systems, said John Erickson, a system program manager for Hewlett-Packard Labs, who spoke on one of four panels Friday. 'We are taking the human being out of the equation...and putting a chastity belt on technology,' he said. He stressed that laws and technology, such as digital rights management, need to take constitutional issues into account. 'There is not social governance of what goes into a rights management language,' he said. 'If we are to have the regimes, we need to figure out how to have people in the loop'..." See: (1) Berkeley DRM Conference website; (2) BLCT Digital Library publications; (3) "Patents and Open Standards."

  • [February 25, 2003]   Microsoft Announces Windows Rights Management Services (RMS).    Microsoft has announced its upcoming release of a Windows Rights Management Services (RMS) technology for Windows Server 2003 that "will work with applications to support a platform-based approach to providing persistent policy rights for Web content and sensitive corporate documents of all types." The RMS technology uses "tested and proven security technologies, including encryption, digital certificates, and authentication. Putting persistent protections in the documents themselves helps customers control and protect digital information both online and offline, inside and outside the perimeter of the firewall. Because Rights Management policy expressions can remain within files during and after transit, rather than residing on a corporate network, usage policies can be enforced even when rights-managed information leaves the network. Policies can be used to control forwarding, copying and printing, as well as establishing time-based expiration rules. Permissions can be set to expire at a specific point in time, such as a number of days after publishing or at regular intervals, requiring acquisition of a new license. Using Windows Rights Management Services, applications such as information portals, word processors, or e-mail clients can be built so that users will be able to easily designate both who can have access to specific content and what kinds of access rights they can have." RMS technology uses ContentGuard's XrML (Extensible Rights Markup Language). "Microsoft will release two software development kits in the second quarter of 2003 to enable developers to begin to build rights management capabilities into a broad range of intra-enterprise solutions and applications for Windows clients." See entry following.

  • [February 21, 2003] "Microsoft Announces Windows Rights Management Services For Windows Server 2003. Rights Management Solution Will Give Organizations and Employees New Ways To Protect Information." - "Microsoft Corp. today announced plans for Windows Rights Management Services (RMS), a new technology for Windows Server 2003 that will give organizations advanced ways to help secure sensitive internal business information including financial reports and confidential planning documents. Windows Rights Management Services will work with applications to provide a platform-based approach to providing persistent policy rights for Web content and sensitive corporate documents of all types. Beta code for Windows Rights Management Services will be broadly available in the second quarter of 2003..."

  • [February 07, 2003] "Why DRM Sucks." By Gord Larose. From Gord's DRM pages, The Digital Rights Management Page: An Impartial Eye On A Key Battleground of the Net Economy." "Here are the objections from the half-empty camp. They are not true for all DRM systems. But they are true often enough, on balance..." Counterpoint: "Why DRM is Great."

  • [February 03, 2003] "Microsoft Protecting Rights -- Or Windows?" By Joe Wilcox. In CNET (February 03, 2003). "Can Microsoft be trusted? How music labels, Hollywood studios and consumers answer that question could determine whether the software giant dominates digital media the way it does Web browsers or desktop productivity applications, say analysts... In mid-January, Microsoft unveiled a new toolkit that would let record labels create music CDs containing, along with the normal tracks, preripped Windows Media versions suitable for uploading to a buyer's MP3-type player or PC, but protected by Microsoft's digital rights management (DRM) technology to prevent copying and swapping. The toolkit, the DRM license and the use of the Windows Media Audio format is free for the labels, despite Microsoft's $500 million investment developing what many analysts regard as the best DRM technology available today..."

  • [January 28, 2003] "MPEG-4 on Road to Rights Management." By Stefanie Olsen. In CNET (January 28, 2003). "A streaming-media consortium set a schedule this week for finalizing technical specs for MPEG-4 security and rights management--components that are key to the open standard's adoption among content owners. The Internet Streaming Media Alliance (ISMA) -- a global group of companies including Apple Computer, Cisco Systems and Sun Microsystems--formulated steps to advance MPEG-4 into its final stages. MPEG-4 is a standard for compressing large audio and video files for delivery over digital multimedia platforms including Internet Protocol (IP) networks. It was developed by the Moving Picture Experts Group, the same group that designed MPEG-2 for digital television and MP3 for music files. First, the ISMA will open for review its technical specifications for the encryption and authentication of MPEG-4-compatible files at the National Broadcasters Association annual convention in April. It plans to set the standard by the end of the second quarter. Second, it will introduce a certification program that lets companies obtain an ISMA trademark proving that their products are interoperable with the standard. Finally, it has formed a content advisory board, which will direct the specification for digital rights management, one of the biggest hurdles to clear before content owners freely embrace the emerging standard... The Mountain View, Calif.-based nonprofit is pushing for the advancement of MPEG-4 technical standards at a time when proprietary systems are gaining traction among consumer-electronics manufacturers and content owners. The most formidable player, Microsoft, has pushed adoption of its latest multimedia delivery platform, Windows Media 9 Series, on PCs and beyond, recently licensing it for use on non-Windows operating systems. The lack of digital rights management has been the chief stumbling block for open standards and the companies whose products support MPEG-4, including Apple..."

  • [January 14, 2003] "Technology and Record Company Policy Principles." Issued Jointly by Business Software Alliance (BSA), Computer Systems Policy Project (CSPP), and Recording Industry Association of America (RIAA). January 14, 2003. "The undersigned organizations have therefore agreed upon a core set of principles that will govern our activities in the public and policy arenas during the 108th Congress. These principles are: [...] Technology and record companies support technical measures to limit illegal distribution of copyrighted works, subject to requirements that the measures be designed to be reasonable, are not destructive to networks, individual users' data or equipment, and do not violate individuals' legal rights to privacy or similar legally protected interests of individuals... Technology and record companies believe that technical protection measures dictated by the government (legislation or regulations mandating how these technologies should be designed, function and deployed, and what devices must do to respond to them) are not practical. The imposition of technical mandates is not the best way to serve the long-term interests of record companies, technology companies, and consumers. Technology can play an important role in providing safeguards against theft and piracy. The role of government, if needed at all, should be limited to enforcing compliance with voluntarily developed functional specifications reflecting consensus among affected interests. If government pursues the imposition of technical mandates, technology and record companies may act to ensure such rules neither prejudice nor ignore their interests..." According to an analysis of Bill Rosenblatt in DRM Watch: "... the music industry (through the RIAA) has agreed to lobby against legislation that would require copy protection technology in all digital media devices, such as Sen. Ernest Hollings's (D-SC) Consumer Broadband and Digital Television Promotion Act (CBDTPA). In exchange, leading technology vendors (including Adobe, Apple, HP, Intel, and Microsoft) will lobby against legislation, such as Rep. Rick Boucher's (D-VA) Digital Media Consumers' Rights Act, that affirms the rights of consumers to space-shift digital content to different devices and to make backup copies of content... This agreement is primarily a victory for the technology vendors... Thus, like almost all previous offline machinations around the copyright law, this agreement does not proactively take consumers' interests into account..." See also the announcement "Recording, Technology Industries Reach Groundbreaking Agreement on Approach to Digital Content Issues."

  • [December 12, 2002] "Information Technology: A Quick-Reference List of Organizations and Standards for Digital Rights Management." Prepared by Gordon E. Lyon (Convergent Information Systems Division, Information Technology Laboratory, National Institute of Standards and Technology - NIST). NIST Special Publication 500-241. October 2002. 20 pages. "The field of digital rights management (DRM), sometimes called intellectual property management and protection (IPMP), is today a chaotic and not always workable mix of technology, policy, law and business practice. There are many organizations active in DRM. Under such circumstances, even a modest guide or index of active organizations can be useful. In March 2002, experts at a NIST cross-industry DRM workshop recommended that NIST take first steps toward such a guide. With the help of numerous workshop participants and others, this is the first edition of a DRM quick-reference list... The list has definite tradeoffs to preserve compactness and to limit maintenance. For example, the text contains many secondary-level acronyms that are left undefined -- a reader must resolve these terms via Web searching or similar external referencing. Additionally, entries are placed, dictionary style, in alphabetical order rather than under topics. Entries in the table largely constitute an attempt to assemble a short set of descriptions about organizations in DRM (who they are, what they are doing). The left side of each entry is a descriptor. The entry right side supplements by helping a reader explore further, usually at some Web site of an organization..." Note: 'To overcome barriers to usability, scalability, interoperability, and security in information systems and networks, the NIST Information Technology Laboratory programs focus on a broad range of networking, security, and advanced information technologies, as well as the mathematical, statistical, and computational sciences. This Special Publication 500-series reports on ITL's research in tests and test methods for information technology, and its collaborative activities with industry, government, and academic organizations.'

  • [December 09, 2002] "Towards a Digital Rights Expression Language Standard for Learning Technology." Draft DREL White Paper for discussion. A Report of the IEEE Learning Technology Standards Committee Digital Rights Expression Language Study Group. Principal Authors: Norm Friesen, Magda Mourad, Robby Robson. Contributing Authors: Tom Barefoot, Chris Barlas, Kerry Blinco, Richard McCracken, Margaret Driscoll, Erik Duval, Brad Gandee, Susanne Guth, Renato Ianella, Guillermo Lao, Hiroshi Maruyama, Kiyoshi Nakabayashi, Harry Picarriello, Peter Schirling. 29 pages. Posted 2002-12-09 by Robby Robson (Eduworks) to the LTSC-DREL mailing list. "This report has been generated within the context of the Learning Technology Standards Committee (LTSC) of the Institute for Electrical and Electronic Engineers (IEEE). The LTSC develops accredited technical standards, recommended practices and guides for learning technology. 'Digital rights' is an area of vital importance to all industries that deal with digital content, including the industries of learning, education, and training. As a consequence the LTSC formed a study group in 2002 to examine digital rights standards and standards development efforts in light of applications to learning technology. This effort has focused on digital rights expression languages, i.e., languages in which rights can be expressed and communicated among cooperating technologies. Digital rights themselves exist as policy or law and are therefore not within the scope of a standards development organization. Technology is involved in enforcing digital rights, for example by disabling the ability to make unauthorized copies, but the LTSC almost exclusively deals with standards that support interoperability and not with implementation issues of this type. In this spirit the LTSC study group concentrated on making recommendations for standardizing a digital rights expression language with the specific charge to (1) Investigate existing standards development efforts for digital rights expression languages (DREL) and digital rights. (2) Gather DREL requirements germane to the learning, education, and training industries. (3) Make recommendations as to how to proceed. Possible outcomes included, a priori, recommending the adoption of an existing standard, recommending the creation of an application profile of an existing standard, or creating a new standard from scratch. (4) Feed requirements into ongoing DREL and digital rights standardization efforts, regardless of whether the LTSC decides to work with these efforts or embark on its own. This report represents the achievement of these goals in the form a of a white paper that can be used as reference for the LTSC, that makes recommendations concerning future work, and that can be shared with other organizations..." [source .DOC]

  • [December 03, 2002] "Contentguard Licenses Patented Digital Rights Management Technologies to Sony for Development, Manufacturing and Marketing of its Products and Services." - "ContentGuard Inc. today announced a global licensing agreement with Sony Corporation. Under the agreement ContentGuard, which has a large portfolio of Digital Rights Management (DRM) related technologies, including early foundation patents covering DRM systems and digital rights languages, has licensed its DRM intellectual property to Sony for the development, manufacturing and marketing of Sony products and services. ContentGuard will receive license fees for Sony products and services that utilize patented ContentGuard DRM technologies..."

  • [November 13, 2002] "Philips and Sony Lead Acquisition of Intertrust." - "Fidelio Acquisition Company, LLC, a company formed by Sony Corporation of America, a subsidiary of Sony Corporation, Royal Philips Electronics and certain other investors, has executed a definitive agreement to acquire InterTrust Technologies Corporation. As a result of the transaction, Fidelio will acquire all of the outstanding common stock of InterTrust for approximately $453 million on a fully diluted basis or $4.25 per share. The most important objective of the transaction is to enable secure distribution of digital content by providing wider access to InterTrust's key Digital Rights Management (DRM) intellectual property on a fair and reasonable basis..."

  • [November 13, 2002] "Sony, Philips Snap Up InterTrust." By Ryan Naraine. In (November 13, 2002). "Music and consumer electronic giants Sony Entertainment and Royal Philips Electronics on Wednesday announced a $453 million acquisition of DRM specialists InterTrust. The purchase -- done through Fidelio Acquisition Company (owned by Sony, Philips and other unnamed investors -- comes at a crucial time for Sony, which is in the midst of the ambitious Movielink paid subscription service... 'The most important objective of the transaction is to enable secure distribution of digital content by providing wider access to InterTrust's key Digital Rights Management (DRM) intellectual property on a fair and reasonable basis,' the companies announced. InterTrust holds 26 U.S. patents and has approximately 85 patent applications pending worldwide. The company's patent portfolio covers software and hardware technologies that can be implemented in products that use DRM, including digital media platforms, web services and enterprise infrastructure..." Related article from InfoWorld.

  • [October 02, 2002] "DRM Bill Proposed in US House." By Gretel Johnston. In InfoWorld (October 02, 2002). Digital Choice and Freedom Act of 2002 (DCFA). "Representative Zoe Lofgren, a Democrat from California whose district includes Silicon Valley, introduced the bill, saying the legislation seeks to maintain in the digital age the same balance that existing U.S. copyright law establishes between the interest of copyright holders in controlling the use of their works and the interests of the public in the free flow of ideas, information and commerce. The bill also prohibits shrink-wrapped licenses, also known as EULAs (end-user license agreements), that limit consumer rights, and the proposal clarifies the ways in which consumers can legally sell, archive or give away copies of digital works they purchased. In addition the law gives flexibility to digital content owners to develop new and innovative ways to protect their content and enable its use without violating copyright law... Lofgren's bill is supported by the Computer & Communications Industry Association, the Association of Research Libraries and the public interest advocacy organization Public Knowledge, all based in Washington. It also is backed by Stanford Law School Professor Larry Lessig, founder of the Stanford Center for Internet and Society..." See the press release: "Lofgren Vows to Protect Consumers in the Fight Over Digital Rights Management. Silicon Valley Congresswoman introduces bill to respect consumer rights and expectations." Also (1) the text, (2) summary, (3) support. Related news: "Tech Giants Back Fair Use bills" (Rick Boucher).

  • [October 02, 2002] "Dan Gillmor: Apple Stands Firm Against Entertainment Cartel." By Dan Gillmor (Mercury News Technology Columnist). In The Mercury News (October 01, 2002). "Intel's doing it. Advanced Micro Devices is doing it. Microsoft is doing it. Apple Computer isn't. What's Apple not doing? It's not -- at least so far -- moving toward an anti-customer embrace with Hollywood's movie studios and the other members of the powerful entertainment cartel... Unlike Microsoft, Apple hasn't asserted the right to remote control over users' operating systems. The era of Digital Rights Management, commonly called DRM, is swiftly moving closer, thanks to the Intels and AMDs and Microsofts. They're busy selling and creating the tools that give copyright holders the ability to tell users of copyrighted material -- customers, scholars, libraries, etc. -- precisely how they may use it. DRM, in the most typical use of the expression, is about owners' rights. It would be more accurate to call DRM, in that context, 'Digital Restrictions Management'..."

  • [September 16, 2002] "Microsoft to Expand DRM Push With Server." By Peter Galli. In eWEEK Volume 19, Number 37 (September 16, 2002), pages 1, 16. "Microsoft Corp. is pushing further into digital rights management with a plan for a DRM server due to go into beta testing later this year. DRM technology enables content creators, such as record companies, to encrypt content and define who can decrypt it and how they can use it. Microsoft is counting on increasing adoption of the technology to help drive demand for many of its current and future products. The company currently offers a DRM system, Microsoft Windows Media Rights Manager, which is being used by seven music and video subscription services. But its fate, once the DRM server is released, is not clear, as Microsoft sees a broader opportunity for the DRM server solution... 'Personal information such as medical and financial data; corporate information such as legal and business documents; and commercial content such as software, music and movies may all require DRM,' said a Microsoft spokeswoman, in Redmond, Wash. Other company officials are positioning the DRM server as an attempt to define read and write privileges more broadly than they are currently defined... Microsoft's goal is to find a way to incorporate a set of interfaces around DRM and its real-time communications server -- code-named Greenwich -- into the platform while still being able to develop and charge for solutions or services built on top of that..." Related news: "Microsoft Buys Liquid Audio DRM Patents."

  • [September 06, 2002] "OpenDRM: A Standards Framework for Digital Rights Expression, Messaging and Enforcement." By John S. Erickson (Hewlett-Packard Laboratories, Norwich, Vermont, USA). The OpenDRM Project. Revised September 2002. 11 pages. Paper prepared for the NSF Middleware Initiative (NMI) and Digital Rights Management (DRM) Workshop, September 9, 2002. ['The lack of open, accessible, interoperable standards for digital rights management has often been cited by stakeholders as a leading cause for the slow adoption of DRM technologies. The fact that layered standards can contribute to interoperability should be obvious; that DRM standards developed in an open environment can contribute to the public interest is a more subtle, but equally important point. This document is a collection of thoughts that I have been developing and maintaining for several years on the notion of a multi-layered, open DRM standards architecture, which I think of as OpenDRM. Some aspects of this argument have been articulated in earlier works...']. Excerpts: "At its core, OpenDRM should provide a framework that defines open interfaces between at least three architectural levels of abstraction: rights expression languages, rights messaging protocols and mechanisms for policy enforcement and compliance... So-called rights expression languages provide the basis for expressing rights information and usage control policies, and as such can supply the payload vocabularies for a variety of rights messaging applications including: (1) Intellectual property rights (IPR) information discovery; (2) Simple policy expression, including constraints on access to resources; (3) Rights negotiation and trading, including rights requests and/or claims by information users; (4) The expression of rights agreements and electronic contracts (e-Contracts). Minimally, a rights language should provide vocabulary and syntax for the declarative expression of rights and rights restrictions. In order to guarantee interoperability and evolvability, we would expect a rights language to be inherently extensible: it must provide an open-ended way to express rights not anticipated by the language 'core.' Such extensions might accommodate new operations on content, including uses that are specific to particular media domains, or new contextual constraints... We believe that rights languages will prove to be important enablers of interoperability for systems that mediate access to resources. Although the principles underlying IPR-specific metadata have been around since at least 1993, the importance of standardized vocabularies and formats for expressing IPR policies has only recently begun to be appreciated at the application level [e.g., XRML, ODRL]. More recently, at least one alternative rights metadata schema has been developed for articulating a rightsholder's desire to turn over the public domain specific rights to works [Creative Commons]. It should be assumed that IPR policies must be expressed at different levels of abstraction, and therefore different vocabularies will be appropriate. To avoid chaos and to facilitate interoperability, we believe that some sort of rights language ontology will be required: a set of reusable terms for the basic rights concepts that can be mapped to different syntaxes. This is precisely the work that was begun by the <indecs> project in 1998, and is a fundamental basis of ODRL and, more completely, the <indecs>2-RDD Rights Data Dictionary project... This concept of interoperability through shared ontology is similar to what the ebXML working group has been trying to achieve with their core components approach to building interoperable business objects. Following that model, existing or future IPR expression languages could interoperate through translation via this shared semantic layer, rather than necessarily forcing applications and services to use a single common language..." [cache]

  • [August 15, 2002] Enshrining Fair Use in DRM: Submission to the OASIS Rights Technical Committee. By: Cory Doctorow (Electronic Frontier Foundation). August 14, 2002. Version: 1.5. "A copyright-complete DRM scheme must uphold the public's rights in copyright as well as those of rights-holders. Since fair use relies on the combination of unauthorized uses and the courts to evolve, a copyright-complete DRM scheme must permit unauthorized uses. To date, one proposed use-case has accommodated unauthorized uses consistent with fair use. If this standard is to "address the needs of the diverse communities that have recognized the need for a rights language," then the OASIS Rights TC should ensure that the standard can accommodate this use-case..." See also the collection of Requirements contributions to the Requirements Subcommittee, OASIS RLTC.

  • [August 15, 2002] "Supporting Limits on Copyright Exclusivity in a Rights Expression Language Standard. A Requirements Submission to the OASIS Rights Language TC." By Deirdre K. Mulligan and Aaron Burstein, with John Erickson (Principal Scientist, Digital Media Systems Lab, Hewlett-Packard Laboratories). August 13, 2002. 17 pages. Comments submitted by the Samuelson Law, Technology & Public Policy Clinic on behalf of the Clinic and the Electronic Privacy Information Center (EPIC). "Copyright law grants certain rights to purchasers and other users of copyrighted works. It is neither a legal nor a practical requirement for users to declare (or claim) these rights explicitly in order to enjoy them. While the public's legal rights cannot be altered by Digital Rights Management (DRM) systems per se, we can imagine scenarios in which DRM systems may require users to make these kinds of declarations, in order to work around inherent technical limitations. It is therefore essential that a rights expression language (REL) provide the vocabulary necessary for individuals to express, in a straightforward way, the rights that copyright law grants them to use materials. The user's claim of right would provide the essential information for a usage-rights issuing agency to give the user the technical capability to use the work in a particular way... In many instances it is important that both parties in the relationship be able to assert their rights and/or desired terms. True negotiation between parties requires that, at a minimum, the REL provide the vocabulary and syntax to support bi-directional exchanges. Otherwise, the rights transaction reduces to the mere request for and acceptance of an offer of permissions asserted by the rights holder. This document therefore suggests certain accommodations that DRM architectures, and especially their rights expression language components, must make to adequately express certain core principles of copyright law. Rights holders must have the means to express that a work is available on terms that reflect existing copyright law, as opposed to the limitations of a simple contract. The REL must also enable rights holders to express the more generous terms -- i.e., copyleft, with attribution -- commonly attached to digital resources today. At a minimum, recipients of works must have the ability to assert their rights as recognized under copyright law, and have these assertions reflected in their ability to use the work. Extending an REL to support a broader range of statements that reflect current law is, however; insufficient. The rights messaging protocol (RMP) layer must also be extended to accommodate both the downstream and upstream assertion of rights. We recognize that the RMP layer is not currently within the scope of this discussion, but we believe that the assumption of a one-way expression of rights has in part led to the current deficiencies in the REL..." Available also in original Word/.DOC format.

  • [July 15, 2002] "Federated Digital Rights Management: A Proposed DRM Solution for Research and Education." By Mairéad Martin, Grace Agnew, David L. Kuhlman, John H. McNair, William A. Rhodes, and Ron Tipton. In D-Lib Magazine Volume 8 Number 7/8 (July/August 2002). ISSN: 1082-9873. "This article describes efforts underway within the research networking and library communities to develop a digital rights management (DRM) solution to support teaching and research. Our specific focus is to present a reference architecture for a federated DRM implementation that leverages existing and emerging middleware infrastructure. The goals of the Federated Digital Rights Management (FDRM) project are to support local and inter-institutional sharing of resources in a discretionary, secure and private manner, while endeavoring to maintain a balance between the rights of the end-user and those of the owner. 'Federated' in our project title refers to the shared administration of access controls between the origin site and the resource provider: the origin site is responsible for providing attributes about the user to the resource provider. FDRM applies and extends the federated access control mechanisms of Shibboleth, a project of the Internet2 Middleware Initiative to develop 'architectures, policy structures, practical technologies, and an open source implementation to support inter-institutional sharing of web resources subject to access controls.' FDRM is being pursued by members of the VidMid Video-on-Demand Working Group, a collaboration between the Internet2 Middleware Initiative and the Video Development Initiative. The VidMid agenda is aligned with the goals of the National Science Foundation Middleware Initiative, a national effort to develop enabling middleware for applications in science, engineering, and education. While VidMid work is centered on enabling digital video applications, the application of FDRM is extensible to digital content in any format... FDRM employs existing Shibboleth federated authentication and authorization mechanisms and uses open source protocols, such as the Security Assertions Markup Language (SAML) and the Simple Object Access Protocol (SOAP)... FDRM is designed for use with any authentication and authorization system, be it simple .htaccess files, Windows Domain Authentication, or LDAP authentication modules (LDAP). The architecture presented here is modeled on the Internet2 Shibboleth project. The Shibboleth model and architecture make a compelling foundation on which to build FDRM, since it is designed for federated application, built on open source XML-based messaging standards and open source directories, and is extensible, as our proposed reference architecture demonstrates. Shibboleth is also predicated on the establishment of trust communities. Most significantly, Shibboleth's emphasis on user privacy is one that is wholly shared by FDRM. This emphasis will mark a significant distinction between the FDRM solution and some current commercial DRM systems. The ability to track usage, protect the integrity of a resource, and manage version control is possible in FDRM, without compromising the privacy of the individual. In addition to applying the federated authentication and authorization mechanisms of Shibboleth, FDRM federates asset management..." See also: "Security Assertion Markup Language (SAML)."

  • [July 04, 2002] "Microsoft Discloses Ambitious New Security Effort." From CNN News. June 25, 2002. "Microsoft Corp. has disclosed an ambitious new project to improve security by creating within its Windows software a virtual 'vault'" where customers would conduct electronic transactions and store sensitive information. The effort, called 'Palladium,' would require consumers to buy new computers and other devices equipped with ultra-secure computer chips from Intel Corp. and Advanced Micro Devices Inc., which already are involved in the project, or other companies... Under Palladium, Intel and AMD, the world's largest chipmakers, will redesign computer processors to include cryptography features. Palladium also will require changes to video and keyboard technologies to ensure that a customer's typed information is displayed without changes on the screen. That would require billions of dollars in new equipment upgrades by consumers, corporations and governments. Further, since a consumer's personal information will be scrambled within a vault and tied to a specific computer chip, that information could not readily be stored elsewhere in case of disaster or if the computer fails..." See the FAQ document by Ross Anderson and the Palladium reference page from EPIC. In this connection, note also the report that 'Palladium' style control is already being implemented by Microsoft. Thomas C. Greene reports 2002-06-30 in The Register article "MS Security Patch EULA Gives BillG Admin Privileges on Your Box": "If you caught our recent coverage of the Windows Media Player trio of security holes you may have followed a link to the TechNet download site for a patch, or you might have activated Windows Update. If you did the former (though, oddly, not if you did the latter), you would have been confronted with an End User License Agreement (EULA) stating, most ominously, that: "You agree that in order to protect the integrity of content and software protected by digital rights management ('Secure Content'), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update'..."

  • [May 31, 2002] "Hollywood's Flawed Ploy for Stricter Copy Protection. [Will Uncle Sam Mandate DRM? Digital Right Management.]" By Matt McKenzie. In Seybold Report: Analyzing Publishing Technology [ISSN: 1533-9211] Volume 2, Number 5 (June 3, 2002). ['Hollywood's latest rear-guard attack on digital distribution is the Consumer Broadband and Digital Television Promotion bill that was recently filed in the U.S. Senate. It's bad law and bad economics. And it pits the normally apolitical Silicon Valley entrepreneurs squarely against the movie studios' PACs.']

  • [May 24, 2002] "Sony Licenses InterTrust's Digital Rights Technology." By Cara Garretson. In InfoWorld (May 23, 2002). "Consumer electronics giant Sony has agreed to license patents from beleaguered InterTrust Technologies to create digital rights management (DRM) technology, a deal valued at over US$28.5 million. InterTrust will receive this one-time fee plus future royalties from Sony, which plans to use InterTrust's patents as a basis for DRM features that will be integrated into its digital media products and services, InterTrust officials said on Thursday. The deal gives Sony rights to InterTrust's 24 existing U.S. patents, plus future rights to the 90 patents that are pending... Twelve-year-old InterTrust, which earlier this month announced plans to forgo product manufacturing and focus on licensing its intellectual property instead, is currently embroiled in a legal spat with Microsoft. In April of 2001 InterTrust filed a suit with the U.S. District Court for the Northern District of California claiming Microsoft's Windows Media Player and other products infringed upon its DRM patents..."

  • [May 2002] "Rights Markup Extensions for the Protection of Indigenous Knowledge." By Jane Hunter (DSTC Pty Ltd). Presented at The Eleventh International World Wide Web Conference, Sheraton Waikiki Hotel Honolulu, Hawaii, USA; 7-11 May 2002. "Indigenous cultures have experienced a renaissance over the past 5-10 years as indigenous communities have recognized the importance of documenting and sharing their cultural heritage and history. This has coincided with the explosion of the internet and the widespread application of multimedia technologies to the construction of large online cultural collections. Together these developments have triggered a demand for copyright protection mechanisms. A number of XML-based markup languages (XrML, ODRL) have been developed to support the expression of rights asssociated with the intellectual property of resources. The MPEG-21 Multimedia Framework standard being developed by the Moving Picture Experts Group (MPEG) aims to standardize such a language to enable the management and protection of intellectual property associated with multimedia content. However it has been widely recognized that modern intellectual property laws, which are rapidly assuming global uniformity, fail to protect indigenous knowledge adequately or to support traditional or customary laws governing rights over indigenous knowledge. This paper considers some of the requirements for the protection of indigenous knowledge and the enforcement of tribal customary laws associated with knowledge, which have been expressed by Australian Aboriginal and Torres Strait Islander communities. It assesses the ability of the two major XML-based rights markup languages (XrML and ODRL) to satisfy these requirements and suggests extensions to these languages to improve their support for indigenous knowledge protection. The aim of this paper is to provide a starting point which will encourage input, feedback and suggestions from indigenous communities. This will enable a clearer understanding of their diverse requirements with respect to the protection of intellectual property and traditional knowledge and the development of a satisfactory solution through future collaboration and consultation..." [cache]

  • [April 24, 2002] "[Adobe and DRM]." By Bill Rosenblatt. In DRM Watch Update. The Adobe PDF format "got a boost in the market for DRM-controlled academic content with launches of several new content delivery services. One involves a partnership between OverDrive and Netherlands-based Kluwer Academic Publishers, whereby OverDrive will run an eBookstore based on Adobe Content Server that sells Kluwer titles at In the other, Ebrary announced partnerships with three information providers to make its academic and literary content, also in PDF format, available in Europe, Asia, Latin America, and Australia." [Analysis:] "These two announcements provide further evidence of Adobe's head start over Microsoft and other eBook technology providers as the format of choice for paid content in the academic market. Because of its "captive audience" properties, the academic market is a landmark early adopter market for DRM-based content delivery. Therefore, success in that market is an important stepping-stone to mass market acceptance for DRM technology..."

  • "Standardisation Initiatives Around Digital Rights Management." By Jaime Delgado (Department de Tecnologia Universitat Pompeu Fabra (UPF), Barcelona). April 23, 2002. Presented at the Interactive Electronic Publishing Workshop [6th Framework Programme], Barcelona. 30 slides (PDF). [cache]

  • [April 02, 2002] "ContentGuard Turns Over XrML to OASIS." From Bill Rosenblatt, in "DRM Watch Update." April 02, 2002. [DRM Standards. GiantSteps/Media Technology Strategies.] "ContentGuard turned over XrML to OASIS (Organization for the Advancement of Structured Information Standards), the body that oversees standards related to XML and e-business... ContentGuard has been promising for quite a while that they will turn the language over to a suitable standards body for definition and stewardship. OASIS is a fine choice: it ties XrML in with other XML standards, some of which already form part of the basis for the language. OASIS' membership consists primarily of technology vendors, not publishers or other media companies... ContentGuard is able to relinquish control of OASIS' rights language design while retaining the ability to charge for licenses to the language. ContentGuard can do this because it holds patents on any rights language, not just XrML as it exists today. OASIS, unlike other standards bodies (such as the W3C), allows companies like ContentGuard to contribute technology that can be licensed for money, as long as it's on RAND (reasonable and nondiscriminatory) terms. The move to OASIS is a positive step in ContentGuard's ongoing process of making the industry comfortable that it wants to help set good standards that the DRM industry will want and that will move it forward. ContentGuard's patents allow it to take legal action against other organizations that would advance their own rights language. As another important step towards market acceptance, ContentGuard will need to assure the industry that it does not intend to use its patent portfolio as a stick with which to beat other organizations. Only the passage of time will provide this assurance..." References: (1) proposal in OASIS Members Propose a Rights Language Technical Committee"; (2) announcement of 2002-04-02: "OASIS Members Form Technical Committee to Advance XML Rights Language. ContentGuard, HP, Microsoft, Reuters, Verisign, and Others Collaborate on Standard to Express Usage and Access Rights Across Industries."

  • [April 02, 2002] "ContentGuard Turns XrML Over to OASIS." By [Seybold Bulletin Staff.] In The Bulletin: Seybold News and Views on Electronic Publishing Volume 7, Number 26 (April 3, 2002). "ContentGuard has found a new home for its XrML rights specification language: the OASIS vendor consortium. The recently formed Rights Language technical committee of OASIS will draft a rights language specification using XrML as the initial submission. Initial members of the technical committee include Hewlett-Packard, Microsoft, Reuters and Verisign, in addition to ContentGuard... According to Bruce Gitlin, ContentGuard's VP of business development and its representative on the OASIS committee, the plan is to develop a core specification, with extensions handling media- and market-specific requirements. This is the same approach taken by MPEG, which recently adopted XrML as its rights specification language... According to Gitlin, because ContentGuard's patent covers any rights language, not just XrML, ContentGuard expects to extract license fees from vendors implementing whatever rights language emerges from OASIS' standards process. The terms and conditions of the license will depend on the implementation, and ContentGuard has pledged that it will license XrML to other vendors under reasonable and nondiscriminatory terms..."

  • [March 25, 2002] News item: "OASIS Members Propose a Rights Language Technical Committee." See the TC call in "OASIS Rights Language TC: Call For Participation." See also the announcement: "OASIS Members Form Technical Committee to Advance XML Rights Language. ContentGuard, HP, Microsoft, Reuters, Verisign, and Others Collaborate on Standard to Express Usage and Access Rights Across Industries."

  • [March 15, 2002] MPEG-REL WD 2.0 from N4639. Information Technology - Multimedia Framework - Part 5: Rights Expression Language - Working Draft. MDS Title: MPEG-REL WD 2.0. International Organization For Standardization. ISO/IEC JTC 1/SC 29/WG 11 - Coding Of Moving Pictures and Audio. Document: ISO/IEC JTC 1/SC 29/WG 11/N4639. [ISO/IEC WD 21000-5.] March 15, 2002, Jeju, KR. Status: Draft. 36 pages. Check the MPEG website for the official text and for more up-to-date versions of this draft document. [Draft 'distributed for review and comment; subject to change without notice and may not be referred to as an International Standard. Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation.'] Excerpts: Namespace: "The namespace for the REL will be urn:mpeg:mpeg21:2002:REL-NS-01. The '01' [portion] represents a serial number that is expected to change as the REL schema evolves along with this part of ISO/IEC 21000." Draft Section 4 defines a number of "rights" elements and corresponding semantics (e.g., for "play, print, export, edit, extract, embed, copy, transfer, loan, read, write, execute, delete, backup, restore, verify, manageFolder, accessFolderInfo, install, and uninstall." For example, play "represents the right to render the work into a transient form, as appropriate to the resource type. Depending on the content type, exercising this right might result in displaying a book, playing a video or audio clip, or playing a computer"; print "represents the right to make a permanent rendered copy of the work outside the control of a repository. Renders and helpers may be used during the exercise. Exercising this right might result in a printing a hard copy of a book, creating a bitmap image on a removable disk, or creating an audio recording on a magnetic tape." Draft Section defines a 'DigitalWork' as a "sequence of bits that can be a resource. It represents the content to which rights and conditions are being applied. The DigitalWork type is composed of four different kinds of elements: description, metadata, locator, and parts. The description describes the DigitalWork, but does not define it. That is to say that two DigitalWork instances that are identical -- except for their description elements -- declare the same DigitalWork. On the other hand, the metadata, locator, and parts elements define the DigitalWork..." Draft Section defines a 'Watermark' as a "list of information to be embedded in a copy of the work by a device while producing this copy': The Watermark type is composed of three different kinds of elements: string, watermark token, and object. The string element declares the textual information. Each watermark token declares the corresponding information shown in the table below. The object element declares the information declared by its content's type (DigitalWork, by default)..." See: "MPEG Rights Expression Language." [See the official source, .ZIP/.DOC]

  • [February 27, 2002] "Digital Rights Management and Digital Repositories." By Renato Iannella (IPR Systems). Presentation at the IMS Technical Forum on 27-February-2002 in Sydney, Australia. 10 pages. [cache]

  • [February 26, 2002]   W3C Publishes Royalty-Free Patent Policy Working Draft.    The W3C Patent Policy Working Group has released a new working draft document Patent Policy Working Group Royalty-Free Patent Policy, superseding the W3C Patent Policy Framework. The WD Royalty-Free patent policy "addresses a large number of issues raised by comments from W3C Members and the general public." One of the significant changes in the new WD (since the 16-August-2001 Last Call draft) relates to the W3C's position on RAND. Under the terms of the previous document, a preference was confirmed for W3C Recommendations that can be implemented on a royalty-free (RF) basis, but allowing, where RF is not possible, "a framework to assure maximum possible openness based on reasonable, non-discriminatory (RAND) licensing terms." In response to public comments, the RAND track has now been dropped. Comments have expressed concern that RAND-encumbered specifications would not be implemented and that RAND would lead to discrimination and fragmentation (e.g., RAND would hurt open source developers, would discriminate against the poor, would stifle innovation and reduce choice, would harm end users as well as developers, universal access and RAND are incompatible; patents and standards are incompatible, etc.). A number of issues remain to be resolved in the W3C patent policy. [Full context]

  • [February 15, 2002] "Digital Rights Management (DRM) in Education - The Need for Standardisation." A Briefing Paper for IMS. By Neil Mclean (IMS Australia Centre) and Renato Iannella (IPR Systems). February 2002. Version 1.0. 11 pages (with 7 references). The briefing paper provides an overview of DRM in the Education sector, and a proposed outline of an IMS DRM work item. "The objective of the IMS Digital Rights Management work item is to develop a cohesive framework of open DRM standards for the management of rights-enabled Learning Objects (LO). The DRM framework will support the full lifecycle of Learning Objects including creation, acquisition, use, and re-use. The DRM framework will also address obligations to rights holders and both upstream and downstream rights information. It is envisaged that entities within the Learning Object Management System (LOMS) framework will support the expression, management, and control of rights information attached, or available, to LOs." [cache]

  • [February 08, 2002] "[DRM] Technology Standards: Leveling the Playing Field." By Bill Rosenblatt, Bill Trippe, and Stephen Mooney. Chapter 6 [pages 103-137] in Digital Rights Management: Business and Technology (Hungry Minds, Inc, A Wiley Company, 2001-11; ISBN: 0764548891; 288 pages). This chapter (reprinted with permission) provides an overview of DRM standards as of 2002-11, with particular emphasis on DOI and Extensible Rights Markup Language (XrML). Excerpt: "... Rights metadata schemes can be standardized by adopting a rights model, [but] real-world rights specifications are often hard to pin down in a formal rights model, and many uses of content (such as fair use) cannot be accurately represented by a rights model. This implies that a truly comprehensive rights model would have to be large and powerful in order to be useful. The most comprehensive open standard rights model available now is XrML, which is discussed in detail later in this chapter... A useful subset rights model is embodied in the Information and Content Exchange (ICE) protocol, which deals with business-to-business content syndication. ICE is also covered in detail later in this chapter, in the section 'Information and Content Exchange.' A lightweight rights model is also included in the PRISM standard for magazines. The standard includes a set of rights description fields designed to be read and understood by humans rather than machines -- that is, they are really just text descriptions of the rights available on a given piece of content (for example, a magazine article). The more recent MPEG standards for audio, video, and multimedia include hooks for rights models and rights management tools, although they do not specify rights information per se. MPEG-7 also includes rights information, but not in detail -- its content management model includes pointers to detailed rights info, which are outside the scope of the standard (and possibly intended to be the domain of a language such as XrML)... [we here show] various layers of DRM-related standardization and how they relate to the basic standards of the Internet. The lowest layer shows the bedrock Internet standards, HTTP, HTML, and XML. The XML metalanguage forms the basis for many of the DRM-related standards at higher levels, including XrML, ICE, PRISM, and NewsML. The next layer up shows components of DRM that are necessary but not unique to DRM or to the media/publishing industries. These are mostly e-commerce elements, such as transaction processing, encryption, and authentication. The third layer (second from the top) is where most of the action is. These are standards that are specific to the content industries, and they are as we just specified. Some are pure metadata standards, whereas others are protocol standards that contain metadata models. The principal ones are DOI for content identification, XrML and ICE for rights metadata, industry-specific discovery metadata standards, and the various popular content formats. The top layer of the diagram shows those elements that are unlikely to ever become standardized..." For book details, see the online preface and table of contents; available from Amazon. Bill Rosenblatt maintains a DRM information web site.

  • [Review of] Digital Rights Management: Business and Technology. Reviewed by John S. Erickson, Ph.D. (Hewlett-Packard Laboratories). The book is authored by William Rosenblatt, William Trippe and Stephen Mooney (Hungry Minds, Inc., Indianapolis, IN, November 2001; ISBN: 0-7645-4889-1.) "This book was [...] the best, most comprehensive treatment of digital rights management that I have seen to date. The book excels primarily because the authors continually emphasize the overarching business imperatives while considering the applicable technologies, at times in depth..."

  • [February 06, 2002] "Freedom of Expression: Emerging Standards in Rights Management. [Feature Story.]" By Neil McAllister (Senior Technology Editor). In New Architect: Internet Strategies for Technology Leaders Volume 7, Issue 3 (March 2002), pages 36-39. ISSN: 1537-9000. [New Architect was formerly WebTechniques] ['XrML, ODRL, XMCL -- Rights expression languages promise standards-based DRM. But can we really all just get along? Demand for digital content has never been higher, but widespread copyright violations threaten the success of the online media marketplace. Enter DRM. Neil explores how this set of breakthrough technologies is securing intellectual property and making content-driven revenue a reality.'] "It's one thing to standardize a language, but quite another for any one language to become a standard. To help legitimize their efforts, the creators of XMCL, ODRL, and XrML have each announced their intent to submit their work to various prominent standards bodies for ongoing development. The extent to which they've followed through on those promises, however, has varied... In the past, RealNetworks has had a good track record of support for open standards. The company's efforts contributed significantly to the development of the Realtime Streaming Protocol (RTSP) and the Structured Multimedia Integration Language (SMIL). But while RealNetworks's Jeff Albertson announced in June 2001 that the company planned to submit XMCL to the W3C standards body 'within a month,' so far that promise has gone unfulfilled. Supporters of the ODRL Initiative have been somewhat more proactive. In November 2001, the ODRL 1.0 specification was submitted to the ISO/IEC MPEG standards body for consideration as the rights expression language component for the developing MPEG-21 media distribution standard. The submission was backed by companies as diverse as Adobe, IBM, IPR Systems, Nokia, and Panasonic. Surprisingly, RealNetworks also supported it, choosing to merge the XMCL specification into ODRL rather than submit its own language independently. But in the end, it was XrML, and not ODRL, that was chosen as the starting point for the eventual MPEG-21 rights expression language... One way or another, consolidation amongst the various rights expression languages seems inevitable. ContentGuard's track record of success, though limited, makes it the current front-runner. Yet the reputation of the MPEG group may draw more attention to its own eventual, XrML-derived language, which will be specified with the input of both RealNetworks and the ODRL Initiative members. Whatever the outcome, a standard rights expression language is but one brick in the foundation of a viable DRM platform, albeit an important one. True, gaining the support of standards bodies is an essential step. But the long-term goal -- gaining the support of consumers and business customers alike -- still lies ahead..."

  • [February 06, 2002] "Integrating DRM." By Steve Franklin. In New Architect: Internet Strategies for Technology Leaders Volume 7, Issue 3 (March 2002), pages 28-31. "At its simplest level, digital rights management (DRM) technology is all about controlling access to information. Customers want convenient access to their purchased products, while companies seek to protect their intellectual property from unauthorized use or duplication. DRM sits squarely between these two parties, trying to present an amicable compromise between the customers and the vendor. You could argue that hardware keys, software licenses, and serial numbers all fall under the DRM umbrella. However, the term more commonly refers to any of several advanced architectures for producing, providing, and protecting digital media. Although DRM infrastructures are sophisticated, they frequently employ familiar technologies like public key infrastructure (PKI), encryption, distributed architectures, Web storefronts, and various media formats... Key aspects of an effective DRM system include: (1) data protection, so files aren't easily viewed without proper privileges; (2) unique identification of each customer to ensure that rights are applied appropriately; (3) central management of rights to allow for free distribution, anti-fraud measures, and revocation; (4) flexibility, so the system can be tailored to various business models (rental, ownership, and read-only, for example)..."

  • [Febuary 5, 2002]   XrML Under Review for the MPEG-21 Rights Expression Language (REL).   The MPEG Multimedia Description Schemes (MDS) Group has produced a skeletal working draft for MPEG-21 Part 5 'Rights Expression Language' (REL). MPEG experts selected ContentGuard's Extensible Rights Markup Language (XrML) as a working model for MPEG-21 REL following receipt of submissions in response to the MPEG Call for Proposals. A final version is expected mid-2003.   [Full Context]

  • [December 14, 2001] [Patent for] Digital Rights Management Operating System, United States Patent 6,330,670. December 11, 2001. Assignee: Microsoft Corporation. Abstract: "A digital rights management operating system protects rights-managed data, such as downloaded content, from access by untrusted programs while the data is loaded into memory or on a page file as a result of the execution of a trusted application that accesses the memory. To protect the rights-managed data resident in memory, the digital rights management operating system refuses to load an untrusted program into memory while the trusted application is executing or removes the data from memory before loading the untrusted program. If the untrusted program executes at the operating system level, such as a debugger, the digital rights management operating system renounces a trusted identity created for it by the computer processor when the computer was booted. To protect the rights-managed data on the page file, the digital rights management operating system prohibits raw access to the page file, or erases the data from the page file before allowing such access. Alternatively, the digital rights management operating system can encrypt the rights-managed data prior to writing it to the page file. The digital rights management operating system also limits the functions the user can perform on the rights-managed data and the trusted application, and can provide a trusted clock used in place of the standard computer clock..."

  • [December 13, 2001] "Digital Rights Management: Reviewing XrML 2.0. How well is ContentGuard responding to challenges to its rights description language?" By Bill Rosenblatt (President, GiantSteps Media Technology Strategies). In Seybold Report: Analyzing Publishing Technology [ISSN: 1533-9211] Volume 1, Number 18 (December 17, 2001). ['ContentGuard's second effort at a rights specification language offers more expressive power and now supports non-document content types, but it hasn't cured the complexity problem. Openness and outreach are the challenges that ContentGuard still faces.'] "With Extensible Rights Markup Language (XrML) 2.0 (, the rights specification language from ContentGuard takes a further evolutionary step away from its roots in the Digital Property Rights Language (DPRL) invented by Dr. Mark Stefik of Xerox PARC in 1996. The first version of XrML moved the language's syntactic basis from its original Lisp to XML, but kept the semantics largely intact. Version 2.0 moves the syntax slightly from XML DTD to XML Schema and alters the semantics -- the power of the language -- significantly. Although the language has existed for a few years, XrML has been slow to be adopted by DRM technology vendors. DRM technologists have criticized it as too complex, making it difficult to implement, especially in post-PC Internet devices with slow processors and small memory footprints. This criticism has had some validity: The language tried to be all-encompassing and to muck around in DRM implementation details, such as levels of security, that DRM technology vendors have found unnecessary... Version 2.0 of the language is well integrated into the web of existing and emerging standards in the XML community, including Schema, namespaces, XPath and digital signature standards; in fact, one must be conversant with many of these to fully understand the language specification and to write good XrML code. ContentGuard is trying to find an existing and respected standards body to take responsibility for the language (IDEAlliance, keeper of both PRISM and ICE, would be a logical candidate). This is an improvement upon its previous intention of forming and managing an authoring group itself. ContentGuard's strategy appears to be to make money by licensing the technology -- whatever some outside body defines it to be. It can do this because its patents cover the idea of a rights language in general, no matter what the specifics of the language are... XrML 1.3 had a few features designed to support some service-oriented business models, such as subscriptions and private currencies (tickets), but the language's conceptions of both rights and consideration required for exercising rights were centered on document-like content. XrML 2.0 fixes this, all the way. The language can support any Internet-based service -- whether it involves 'content' or not. In fact, XrML 2.0 can support fine-grained rights control on individual pieces of data in a database. This feature is bound to generate some controversy among the Electronic Frontier Foundation and other advocates of the balance of interests in copyright law. Currently, individual data items ('facts') are not protected under U.S. copyright law, although there is an effort afoot among online database providers (and others) to make them so. Protecting online database records with a DRM system powered by XrML 2.0 would bypass this issue by doing an end run around the copyright laws..."

  • [December 13, 2001] "XrML 2.0 Review." By [Bill Rosenblatt] GiantSteps/Media Technology Strategies 'DRM Watch'. November 26, 2001. ['ContentGuard releases version 2.0 of the Extensible Rights Markup Language (XrML), announces its intention to hand the language over to an as yet unnamed standards body for further stewardship, and submits it for consideration as a part of the MPEG-21 standard under development. ContentGuard restructured its business in July 2001 so that it now focuses exclusively on developing the XrML language, advancing it as a standard, and creating revenue through licensing fees. XrML 2.0 is the first major deliverable from the new ContentGuard, and the emphasis on the language (rather than on ContentGuard's former DRM products and services) is quite apparent nt'] "... Overall, XrML 2.0 is a positive step for ContentGuard, and by extension, for the DRM industry as a whole. But it's not the only rights description language vying for industry-standard status. For example, the aforementioned ODRL is also being submitted to MPEG-21. ContentGuard needs to continue building its momentum in the areas mentioned above to beat out these competitors and finally bring order to the chaotic world of DRM systems." [substantially re-published in the Seybold article, cited above]

  • [December 03, 2001] "Reciprocal Goes Belly Up. OCLC Looks To Bail Out NetLibrary. Fall of former heavyweights reveal depth of current industry turmoil." By Mike Letts. In Seybold Report: Analyzing Publishing Technology [ISSN: 1533-9211] Volume 1, Number 17 (December s, 2001). "Several high-profile e-book and digital-rights-management vendors, including InterTrust, Adobe and ContentGuard, have announced job cuts and market repositioning. All things considered, however, they seem to be the healthy ones. Within the last few weeks, two former e-publishing heavyweights, Reciprocal and NetLibrary, have come crashing to the ground. For Reciprocal, a digital-rights-management service provider and clearinghouse, there is no tomorrow. The company defaulted on at least one loan and has been swallowed up by its investors... The company ran into trouble not because it failed to elevate its system over its competitors, but simply because publishers are still tiptoeing around the issue of DRM..."

  • [November 28, 2001] "ContentGuard releases XrML 2.0. Company also announces release of SDK, submission to MPEG and TV-Anytime." By [Staff]. From the Seybold E-Book Zone. November 26, 2001. "... ContentGuard CEO Mike Miron also announced the submission of the rights expression language to two standards bodies that are working on digital rights management (DRM) interoperability. The moves are designed to bolster XrML's chances of being named the standard rights expression language, which would pave the way for ContentGuard to make a business out of dishing out royalty licenses... Miron also said that the company has narrowed its search for a third-party guardian of the rights language to several organizations he described as "broad players" in the standards space..."

  • [November 28, 2001] "ContentGuard Advances XrML. Version 2.0 of Rights-Expression Language Proposed to MPEG and TV-Anytime." By Mark Walter. From the Seybold E-Book Zone. November 26, 2001. "Taking steps to execute the new strategy the company outlined in August, ContentGuard this week announced XrML 2.0, as well as accompanying developer tools, and also will submit the rights-expression language to two standards bodies that are working on digital rights management (DRM) interoperability. The moves are designed to bolster XrML's chances of being named the standard rights expression language, which would pave the way for ContentGuard to make a business out of dishing out royalty licenses... Despite the thoroughness of the XrML specification (in some cases because of its thoroughness and complexity), Miron has had trouble drumming up industry support for it as a standard. This week he's traveling to Thailand, where ContentGuard is expected to submit XrML to the MPEG-21 committee as a proposed rights-specification language. The MPEG-21 committee, which sets technical standards for motion pictures, set a November 21 deadline and is expected to convene in early December to consider the submissions... As a potential vendor-neutral rights-expression language, XrML remains one of only a few alternatives to crafting one from scratch. The complaint-that it's too hard-will likely persist with 2.0, but an expression language ought to be rich in order to satisfy different needs across different industries. The debates taking place in various working groups are, as usual, as much about politics as they are technical standards, and forecasting the outcome is akin to predicting an election. XrML may be the front-runner, but write-in candidates are still a distinct possibility..."

  • [November 21, 2001]   ODRL Version 1.0 Submitted to ISO/IEC MPEG for Rights Data Dictionary and Rights Expression Language (RDD-REL).    A communiqué from Renato Iannella (IPR Systems Pty Ltd) reports on the release of the Open Digital Rights Language Version 1.0 and the submission of this XML-based DRM specification to MPEG in response to its Call for Proposals for a Rights Data Dictionary and Rights Expression Language for the MPEG-21 Multimedia Framework. ODRL Version 1.0 has been co-submitted to MPEG as a candidate technology by IPR Systems, Nokia, and Real Networks; the ODRL MPEG submission is also supported by IBM, Adobe, Panasonic, MarkAny, Simpsons Solicitors, OzAuthors, Pipers, ARPA, Vienna University, and Information Management Australia. In ODRL 1.0, Nokia's Mobile Rights Voucher (MRV) and Real Networks' Extensible Media Commerce Language (XMCL) have been merged into the Open Digital Rights Language. The Moving Picture Experts Group (MPEG) is a working group of ISO/IEC (ISO/IEC JTC1/SC29/WG11), charged with the development of standards for coded representation of digital audio and video. The Open Digital Rights Language provides the semantics for DRM expressions in open and trusted environments whilst being agnostic to mechanisms to achieve the secure architectures. Section 4 of the ODRL specification presents the XML syntax, illustrated through a series of scenarios covering different content sectors (ebooks, video, education). The formal notation is provided in normative appendices: Appendix A supplies the XML schema for the ODRL Expression Language elements and markup constructs; Appendix B supplies the XML Schema for the Data Dictionary elements. [Full context]

  • "Major Organizations to Develop Digital Rights Management (DRM) Standard." - "Founding sponsors EDItEUR and the International DOI Foundation (IDF) will be joined by the Motion Picture Association of America (MPA), the Recording Industry Association of America (RIAA), the International Federation of the Phonographic Industry (IFPI), Accenture, ContentGuard, Enpia Systems, and Melodies and Memories Global (a subsidiary of Dentsu) in a Consortium formed to develop a Rights Data Dictionary - a common dictionary or vocabulary for intellectual property rights named < indecs >2RDD. < indecs >2RDD will be developed to enable the exchange of key information between content industries and ecommerce trading of intellectual property rights. Rightscom, the digital rights strategy consultancy, has been appointed project manager of the Rights Data Dictionary Consortium and < indecs >2RDD will be submitted to MPEG for its December Pattaya, Thailand meeting. The scope of < indecs >2RDD embraces the rights description framework, including rightsStatements, rightsAgreements, rightsTransfers, permissions, prohibitions, requirements, legal terminology, creation descriptions and financial terms and conventions. < indecs >2RDD will create a common data layer of rights terminology and semantics so software vendors can then map technology, thus facilitating and widening the choices open to rights holders seeking to develop protected delivery of digital content. Consumer experience will be enhanced by improving access to digital content..." See the announcement: "IDF Funds Study of Multimedia Intellectual Property Rights."

  • [November 13, 2001] "E-Books and Digital Rights Management Struggle Together." By Mike Letts. In Seybold Report: Analyzing Publishing Technology [ISSN: 1533-9211] Volume 1, Number 15 (November 1, 2001), pages 8-12. ['E-book and rights-management vendors have come to understand that they are in the same boat: They both depend on finding a new balance between property rights and fair use. Meanwhile, both are avoiding consumer markets in favor of enterprise publishing and reference works.'] "Recurring themes were prevalent at Seybold San Francisco 2001, with digital rights management and electronic book vendors hedging bets on exactly when electronic content distribution will take hold among consumers. The more important question is where to focus their attention until it does...If nothing else, the DRM developments of the past several months -- though overshadowed by the Dmitry Sklyarov debacle and the ensuing debates about the Digital Millennium Copyright Act -- have made it clear that there are still issues that must be hashed out... A large and increasingly vocal portion of the industry has already written DRM off, offering intriguing arguments for the ubiquitous 'freedom' of content, while others are equally insistent on protecting the financial basis of the industry. The rest of the attendees could only hope that a middle ground may be found through revamped legislation and better-developed rights-management systems. On the [Seybold San Francisco] show floor, it was clear that the e-book and DRM vendors have come to a general understanding: For at least the time being, they're traveling in the same boat. Until a more equitable balance between copyright law and fair use can be reached, both DRM and e-book vendors are tiptoeing away from consumer e-books... Microsoft technology partner and electronic-content service provider OverDrive made several announcements, one of which included DRM vendor and XrML developer ContentGuard. ContentGuard, a Xerox spinoff that has developed the rights-description language XrML, gained a valuable teammate at Seybold San Francisco. OverDrive announced that not only will it work with ContentGuard to promote XrML as an industry standard, but it will begin using XrML across its service offerings. Specifically, [OverDrive CEO] Potash mentioned three of the company's offerings, ReaderWorks, Midas and ContentReserve. Each addresses a different point of exchange... The OverDrive announcement entrenches XrML in the Microsoft camp. Representatives from Microsoft and OverDrive repeatedly affirmed their strong commitment to XrML (which is also the rights-expression language used by Microsoft's DAS solution) throughout the week. The proclamations were most likely designed to assuage potential fears among publishers that ContentGuard's recent struggles might put XrML at risk. ContentGuard was forced to undergo some corporate refocusing over the last several months and has shifted from a services-based approach to focusing solely on licensing its XrML technology and related patents. As a DRM developer, ContentGuard certainly isn't alone in its troubles, but XrML has gained significant mindshare during the past 12 months. OverDrive is one of the leading conversion and service providers for publishers looking to implement Microsoft's .LIT format, and its partnership with ContentGuard is a very positive step forward in its goal of pushing XrML as an industry standard. As the DRM and e-book shakeout continues -- and, as usual, it appears to be a bipolar Microsoft vs. Adobe world on both fronts -- these partnerships will become more and more valuable..." [See Planet eBook index for Dmitry Sklyarov and DMCA.]

  • [November 12, 2001] "Object-Based MPEG Offers Flexibility." By Rob Koenen (Senior Director, Technology Initiatives, InterTrust Technologies Corp., Santa Clara, California). In EE Times (November 12, 2001). "... All this interoperability sounds promising, but whatever is achieved may be almost completely undone by efforts to protect the digital assets. As digital multimedia spreads to many different platforms, transmission speeds increase and storage costs fall, digital rights management (DRM) becomes necessary to protect the value of content. In its current form, DRM could appear to be working against the very goal of interoperability, as it locks up the 'standardized content' using nonstandardized protection mechanisms. This development is actually not even recent: Many proprietary conditional access (CA) systems make standard MPEG-2 TV content inaccessible to people who happen to own the wrong set-top box-even when they can receive the signal and are willing to pay the associated content fees. Very early on, MPEG understood that more interoperability in DRM is crucial to the success of an open multimedia infrastructure. While recently a very popular topic in almost every digital forum, five years ago representatives from rights owners, technology providers and CA/DRM providers had already sat down together to discuss the issue in the context of MPEG-4. This gave us the 'hooks': a set of standard interfaces to proprietary Intellectual Property Management and Protection (IPMP) systems, deeply embedded in MPEG-4 Systems. These were a step in the right direction: If you want to play content you 'only' need to plug in the right IPMP system, and where to obtain it can be signaled in the bit stream... The rights information is coded using the two further MPEG-21 parts, the Rights Expression Language (REL) and the Rights Data Dictionary (RDD). These two parts together allow the expression of rights in an interchangeable form, using a standardized syntax (REL, part 5) and standardized terms (RDD, part 6). The call for proposals for these parts is out. Proposals are due at the end of November; the standards will be ready early in 2003. Probably the Rights Expression Language will be based on XML, but equally likely is that it will also have a compact, binary representation to be used under bandwidth-constrained, real-time conditions. Between parts 3 and 5, the work on more interoperable IPMP in MPEG-4 was recently added to MPEG-21 as its fourth element, because it applies to MPEG-7, -2 and -1 just as well..."

  • [November 12, 2001] "Inside eBook Security." By Daniel V. Bailey (Brown University, Department of Computer Science). In Dr Dobb's Journal [DDJ] (November 2001) #330, pages 42-45. ['Daniel reports on Dmitry Sklyarov's analysis of PC-based digital rights management security techniques.'] "Partly in an attempt to protect the interests of publishers, the U.S. Congress in 1998 enacted national copyright laws called the 'Digital Millennium Copyright Act' (DMCA). Among other things, this legislation (Public Law 105-304) makes it a crime to circumvent security controls in DRM-secured content. In a July 15, 2001 presentation at the Def Con 9 security conference Dmitry Sklyarov presented the results of his Ph.D. research analyzing Adobe's DRM security system for protecting PDF files. But before departing for his native Russia, Sklyarov became the first person to be arrested for criminal violation of the DMCA. Social, economic, and moral analyses of the DMCA and Sklyarov's case are to be found elsewhere (for instance, see This article describes the techniques Sklyarov used to defeat portions of Adobe's DRM security for PDF files... Add-in hardware for PCs exists that protects keys from prying eyes, but it remains expensive, nonstandardized, and still not entirely beyond the reach of determined adversaries. Use of such hardware is thus not an attractive option to mainstream publishers. In each case, Sklyarov's ability to defeat Adobe's eBook plug-in security results from one or both of these failures on the part of the plug-in -- either the cryptography in the plug-in did not embody its security in a key too big for an attacker to guess, or system-level attacks revealed keying material... There are two technical lessons which can be learned from Dmitry Sklyarov's work. First, bad cryptography will be broken. Second, PCs inherently offer no way to protect secrets. Even with the use of good cryptographic algorithms and reasonable system design, this is a fundamental problem. In short, in their current incarnation, PCs aren't well suited for digital rights management systems."

  • [November 09, 2001] "The Need for a Rights Language." ContentGuard Technical White Paper. Version 1.0. 2001-11-09. 12 pages. "... Digital Rights Management (DRM) is the common term collectively associated with such technologies, and the associated workflow is called a 'DRM' or 'Rights Enabled' workflow. A whole new industry is forming around DRM as an emerging technology. The workflows associated with it are finding their way into complementary technologies such as Digital Asset Management, Content Management, and Trust Systems... In an end-to-end system, other considerations such as authentication and security become important. For example, you must specify the devices, issuers or users, and the mechanisms to authenticate those entities. A rights specification may be accessed or manipulated by different participants during different stages of its life cycle, and mechanisms and semantics are needed to validate the authenticity and integrity of the rights expression. Thus, a common Rights Language that can be shared among the participants in this digital workflow is required. Not only from an obvious interoperability point of view, but more so to comprehend that rights will be manipulated and changed during the digital workflow and lifecycle, and to comprehend system issues such as trust and authentication. This paper will focus on some key requirements for a rights language and then describe how XrML meets those requirements and the advantages XrML can provide in building 'rights enabled' systems..." [cache]

  • [October 31, 2001] "DRM Vendors Face Challenge of Stagnancy." By [Seybold Staff]. From the Seybold E-Book Zone. October 31, 2001. "A market that once appeared to be on the verge of a massive boom, now looks more like a ghost town. The digital rights management market, sadly, has shown a lot more bark than bite in the past two years. Intertwined with a struggling e-book market and backed by a piece of weak legislation -- the Digital Millennium Copyright Act (DMCA) -- the DRM market has quickly regressed into uncertainty after a ballyhooed beginning that once gave vendors and the content industry high hopes that it would usher in a new generation of publishing...that there is a deep chasm separating the various elements of the electronic publishing industry -- authors, programmers, publishers and consumers. This gap must be bridged before any real industry uptake will be seen in DRM, and subsequently e-books. Unfortunately, signs that that bridge is under construction are few and far between, and further signs of regression are plentiful. The unfortunate reality appears to be that publishers are not moving any closer right now to a reality that prominently features DRM. Issues such as system cost, convenience and standards incompatibility are quickly killing off what was once considered a plethora of DRM vendors. A large and increasingly vocal segment of the publishing world has written off DRM, offering convenient arguments for the ubiquitous "freedom" of content. Most notable is the argument that fair use simply cannot be replicated adequately in a digital environment. Proponents of DRM argue that without fair use, a robust digital content industry cannot develop. The feeling there is that content must be secure before it's pushed out the door in order to protect the financial interests that make the publishing industry go round... The unwillingness to taste-test the multitude of pricing and distribution models that companies like Reciprocal provide is unfortunate, because the current business of providing electronic content for free -- or not providing it at all -- is a bad business cycle for publishers, and even worse for digital technology vendors..."

  • [October 22, 2001] Digital Rights Management (RIGHTS-L). "Rights-L is an outcome of presentations and discussion on Digital Rights Management (DRM) held at the Managing Digital Video workshop on August 15-16, 2001, co-hosted by CNI, I2, SURA, and ViDe. The ViDe DRM Initiative is being pursued by the ViDe VideoAccess Working Group, chaired by Grace Agnew of Georgia Tech..."

  • [August 24, 2001] "Standards for Digital Rights Languages." By Dr. Renato Iannella. From Planet eBook. August 24, 2001. "DRM is a large problem to solve and there are a number of ongoing efforts to develop open standards to solve some of these issues. The industry and users are demanding that standards be developed for DRM to support interoperability and not to force content owners, managers, and users into proprietary solutions. One of the significant and major DRM activities is stadardisation efforts with Rights Languages. Both the OpenEBook Forum (OEBF) and the Moving Pictures Expert Group (MPEG) are actively developing a new rights language. MPEG's new Multimedia Framework (aka MPEG-21) has greater reaching impact than its traditional areas of audio and video. MPEG-21 defines a 'Digital Item' as any structured digital content, including an e-book. Hence, the importance of MPEG-21 and OEBF working together closely. Appropriately, there is overlap in the members of OEBF and MPEG-21 to ensure that they work towards a single solution. OEBF, via its Rights and Rules Working Group (which recently merged with the Electronic Book Exchange Working Group) is currently gathering requirements for its Rights language. It will then embark on analysing these requirements, and finally develop a specification for interoperable ebook vouchers, including a rights language. MPEG-21, after a period of requirements gathering, has recently announced a Call for Proposals for a Rights Expression Language and Rights Data Dictionary. These proposals will be evaluated in December and a first Working Draft will be released then. One of the leading contenders for MPEG and OEBF is the Open Digital Rights Language (ODRL). ODRL is a vocabulary for the expression of terms and conditions over digital content including permissions, constraints, requirements, and agreements with rights holders. ODRL provides the core semantics and is positioned to be extended by different industry sectors (eg ebooks, music, audio, software) and to be a core interoperability language. The ODRL specification is currently being revised to meet all of the MPEG-21 requirements and to meet requirements from particular industry groups. The objective of ODRL is to encourage the DRM industry to standardise on a Rights Language and to enable flexible and innovative business models to support the digital marketplace..." ['Renato of IPR Systems is an active member of the World-Wide Web Consortium (W3C) and member of the W3C Advisory Board. Renato has recently co-chaired the W3C Workshop on Digital Rights Management (DRM), and is a member of the OpenEbook Forum, MPEG standards group, the IETF DRM Working Group and the IMS Digital Repositories Working Group.']

  • [August 15, 2001] "Rights Metadata: XrML and ODRL for Digital Video." By Mairéad Martin (Director, Advanced Internet Technologies, University of Tennessee) and Doug Pearson (Indiana University). August 15, 2001. 69 slides. Presented at 'Managing Digital Video Content', A Two-Day Workshop on Current and Emerging Standards For Managing Digital Video Content. [cache]

  • [August 02, 2001] "Open Electronic Book DRM Standards." By Renato Iannella (Chief Scientist, IPR Systems). Paper presented at the First Open Publish Conference, July 30, 2001 - August 02, 2001, Sydney, Australia. "Digital Rights Management (DRM) on the Web is now emerging as a formidable new challenge, with Ebooks leading the charge in developing new standards. The pervasive Web is changing the nature of distribution of digital media from a passive one way flow (from Publisher to the End User) to a more interactive cycle where content is re-used, combined and extended ad infinitum. Recently, the Electronic Book Exchange (EBX) Working Group merged with the Open eBook Forum (OeBF) which will allow the work that EBX and OeBF were doing in protecting and transmitting digital content to proceed under a single unified umbrella, that of OeBF. This presentation will focus on the objectives and requirements of DRM to date and the work that will be continuing in the future for protecting and transmitting digital eBook content." [cache]

  • [June 25, 2001] "E-book Project Highlights Role of DOI in Selling Digital Content." By Mark Walter. In Seybold Report: Analyzing Publishing Technology [ISSN: 1533-9211] Volume 1, Number 6 (June 18, 2001), pages 8-12. ['As standards for numbering and metadata come into focus, the "bar code for digital content" will be grease for the e-commerce distribution chain driving sales of digital goods.'] "The work of proving the viability of the DOI in a commercial e-book setting is the task of the DOI-EB initiative, and the first fruits of this pioneering project were unveiled late last month at a panel at the Book Expo America show in Chicago... The importance of the DOI-EB project is that it creates a public demo that helps educate the community about how DOIs can operate in the context of e-books. At the same time, it fleshes out the improvements that must be made to its system for all parties -- publishers, retailers and distributors -- to adopt the DOI. The project also has implications for fledgling efforts to get cross-vendor compatibility in digital rights management (DRM). Of the three areas where DRM vendors agree standardization can occur in the near term -- numbering, metadata and rights language -- the DOI-EB project identifies answers to two of those. Bob Bolick, the director of new business development at McGraw-Hill Professional and a leading participant in several of the DRM working groups, pointed out the importance of the project in that context: 'Because an identifier standard and metadata standard are key to achieving some form of interoperability among digital rights management systems and e-book formats, this DOI-EB work strikes me as one of the most important standards efforts occurring in our industry this year.' The DOI Foundation has also anounced its support for efforts to extend the original Indecs work to rights-related terms... it's important to look at how the DOI dovetails with other standards efforts and technology developments taking place on the Net. Here, too, we see encouraging signs. Norman Paskin, the IDF's director, has been an active ambassador for the DOI, acting as a liaison with rights-management committees in the Internet Engineering Task Force, WorldWide Web Consortium and MPEG. DOIs already can be expressed as Universal Resource Names (URNs), the IETF's syntax for generic resources, and the DOI is compatible with OpenURL, a proposed syntax for embedding parameters -- such as identifiers and metadata -- into hyperlinks. Paskin said he expects the DOI to shortly issue the DOI Namespace, its data dictionary for about 800 metadata elements spanning e-books, journals and audio and video material. The DOI has also started a working group to develop a services definition interface that would make DOI services available to a variety of Web-enabled systems. In short, although DOI was initiated by commercial publishers to help them sell intellectual property, its implementation is being carefully crafted to complement other standards and technology developments being developed for the Web and Internet at large."

  • [June 23, 2001] "Requirements for a Rights Data Dictionary and Rights Expression Language." In response to ISO/IEC JTC1/SC29/WG11 N4044: 'Reissue of the Call for Requirements for a Rights Data Dictionary and a Rights Expression Language -- MPEG-21, March 2001.' By [David Parrott] Reuters. 1 June 2001. Version 1.0. 62 pages. "This document describes Reuters requirements for a Rights Expression Language and Rights Data Dictionary (RDD-REL) in response to the call for requirements made by the MPEG-21 Requirements Committee... Digital Rights Management has for some time been closely linked with the technique of encrypting data files and managing the distribution and application of cryptographic keys in order to limit who can access the content and the manner in which access can take place. That technique is more appropriately labelled 'Digital Rights Enforcement' since it is more about enforcing rights than specifying and managing them. Moreover, even when enforcement is the goal, one might consider a whole array of implementation techniques which may or may not rely on encryption technology. In truth, the management of rights in the digital domain is far wider than the rather restrictive case outlined above. Rights (and obligations) management touches on numerous areas close to the hearts of many companies dealing in intellectual property (IP). Laying enforcement issues to one side, the value cannot be understated of simply being able to describe in a machine readable, standard format, the requirements of an IP owner on all other participants in the value chain. Those requirements can be described, broadly, as Rights and Obligations...A basic requirement for Rights and Obligations management systems to be successful is the ability to communicate Rights and Obligations in a standard form. Machine-readability is key to the dynamic specification of electronic contracts which is, in turn, critical to the dynamic construction of value-chains. A single Rights Expression Language should be common to all aspects of commercial activity. In that way alone, straight through rules processing is made possible. Rights and obligations can be created by different participants in the value-chain and layered upon each other. Data from different sources can be mixed freely without compromising the IP Rights of any of the rights holders. At the same time, the rights of individuals and downstream recipients of content must be protected..." Document source: see the posting from David Parrott (Reuters Limited) of 21-June-2001 to the XACML TC list, and the .ZIP file. Note relevant to the XACML TC discussion: "... I am forwarding FYI Reuters response to MPEG-21's call for requirements for their Rights Data Dictionary and Rights Expression Language. A key point to note is that the response describes a number of features to be included in MPEG's rights expression language that overlap with many of the "differences" I recently heard Simon list between XACML and DRM. These include: (1) fine granularity; (2) the use of rights expressions as policies to drive all manner of enforcement implementations (e.g., file system access, database access, services such as CORBA access, etc); (3) dynamically changing rights (not limited to static objects); (4) predicating rights of access on complex contextual information. There are many others. It would be useful to get people's thoughts on just how close the XACML and MPEG-21 activities are likely to become..." For background, see: (1) "MPEG Rights Expression Language (REL)"; (2) "Extensible Access Control Markup Language (XACML)".

  • [June 23, 2001] "Digital Rights Management (DRM) Architectures." By Renato Iannella (Chief Scientist, IPR Systems). In D-Lib Magazine [ISSN: 1082-9873] Volume 7, Number 6 (June 2001). "Digital Rights Management poses one of the greatest challenges for content communities in this digital age. Traditional rights management of physical materials benefited from the materials' physicality as this provided some barrier to unauthorized exploitation of content. However, today we already see serious breaches of copyright law because of the ease with which digital files can be copied and transmitted. Previously, Digital Rights Management (DRM) focused on security and encryption as a means of solving the issue of unauthorized copying, that is, lock the content and limit its distribution to only those who pay. This was the first-generation of DRM, and it represented a substantial narrowing of the real and broader capabilities of DRM. The second-generation of DRM covers the description, identification, trading, protection, monitoring and tracking of all forms of rights usages over both tangible and intangible assets including management of rights holders relationships. Additionally, it is important to note that DRM is the 'digital management of rights' and not the 'management of digital rights'. That is, DRM manages all rights, not only the rights applicable to permissions over digital content. In designing and implementing DRM systems, there are two critical architectures to consider. The first is the Functional Architecture, which covers the high-level modules or components of the DRM system that together provide an end-to-end management of rights. The second critical architecture is the Information Architecture, which covers the modeling of the entities within a DRM system as well as their relationships. (There are many other architectural layers that also need to be considered, such as the Conceptual, Module, Execution, and Code layers, but these architectures will not be discussed in this article.) This article discusses the Functional and Information Architecture domains and provides a summary of the current state of DRM technologies and information architectures... For an example of a rights language, see the Open Digital Rights Language. ODRL lists the many potential terms for permissions, constraints, and obligations as well as the rights holder agreements. As such terms may vary across sectors, rights languages should be modeled to allow the terms to be managed via a Data Dictionary and expressed via the language... Second generation DRM software is now providing some of the Architectures described in this article in deployed solutions. A typical example from the E-book sector is the OzAuthors online ebook store. OzAuthors is a service provided by the Australian Society of Authors in a joint venture with IPR Systems. Their goal is to provide an easy way for Society members (including Authors and Publishers) to provide their content (ebooks) to the market place at low cost and with maximum royalties to content owners [example]... All of this information is encoded in XML using the ODRL rights language. This encoding will enable the exchange of information with other ebook vendors who support the same language semantics, and will set the stage for complete and automatic interoperability... DRM standardization is now occurring in a number of open organizations. The OpenEBook Forum and the MPEG group are leading the charge for the ebook and multimedia sectors. The Internet Engineering Task Force [IETF] has also commenced work on lower level DRM issues, and the World Wide Web Consortium held a DRM workshop recently. Their work will be important for the entire DRM sector, and it is also important that all communities be heard during these standardization processes in industry and sector-neutral standards organizations."

  • [June 23, 2001] "A Digital Object Approach to Interoperable Rights Management: Finely-grained Policy Enforcement Enabled by a Digital Object Infrastructure." By John S. Erickson (Hewlett-Packard Laboratories). In D-Lib Magazine [ISSN: 1082-9873] Volume 7, Number 6 (June 2001). "This article builds upon previous work in the areas of access control for digital information objects; models for cross-organizational authentication and access control; DOI-based applications and services; and ongoing efforts to establish interoperability mechanisms for digital rights management (DRM) technologies (e.g., eBooks). It also serves as a follow-up to my April 2001 D-Lib Magazine article, where I argued that the introduction of additional levels of abstraction (or logical descriptions) above the current generation of DRM technologies could facilitate various levels of interoperability and new service capabilities. Here I advocate encapsulating data structures of heterogeneous information items as digital objects and providing them with a uniform service interface. I suggest adopting a generic information object services layer on top of existing, interoperable protocol stacks. I also argue that a uniform digital object services layer properly rests above existing layers for remote method invocation, including IIOP, XML-RPC or SOAP. Many of the components suggested within this article are not new. What I believe is new is the call for an identifiable information object services layer, the identification of an application layer above it, and the clear mapping of an acceptable cross-organizational authentication and access control model onto digital object services... One aspect of the previously missing infrastructure was an object serialization, or structured storage, model that could be readily adopted across applications and platforms. We now have that model with the emergence of XML. In general, an advantage that data models with explicit structure have is that they naturally accommodate mechanisms for binding policy expressions to structural sub-trees within the information object hierarchies they represent. My focus here is on fine-grained policy expression and enforcement. Or, perhaps more accurately, policy expression at an appropriate level of granularity, since it is clear that not all object behaviors may require uniquely expressed policies. Generally, policy expression concerns the creation of tuples relating subjects, objects and actions, where in this context a 'subject' can be (loosely) thought of as a requestor for a service, an 'object' as a specific service (or behavior) of an information object, and an 'action' as some permissible action...

  • [June 20, 2001] "Big Guns Take Aim at Digital Copyright Management." By Sumner Lemon and Stephen Lawson. In InfoWorld (June 20, 2001). "Backed by some of the biggest names in the online entertainment industry, RealNetworks on Wednesday announced the formation of the XMCL (Extensible Media Commerce Language) Initiative. The company said the initiative will define an open XML-based framework for managing rights to digital media, including applications such as purchase, rental, video-on-demand, and subscription services. The list of companies that are backing the XMCL Initiative includes media-industry heavyweights such as Bertelsmann, EMI Group, Metro-Goldwyn-Mayer Studios (MGM), and AOL Time Warner. But Microsoft, which has its own digital-rights management framework built around the Windows Media Format 7 file format, is conspicuously absent from the list. Digital rights management technologies allow copyright holders to control how movies and songs are used and distributed online. Also, the technologies can restrict the number of times a user can play a certain file, or prevent a file from being copied and passed on to other users. XMCL will simplify rights management by letting content providers define business rules in a standard way, RealNetworks said in a statement. Specific details of how XMCL would be implemented were not made available... RealNetworks announced the XMCL Initiative at the same time it launched its RealSystem Media Commerce Suite, a suite of multimedia content applications. The software will eventually support XMCL and give users the ability to choose from a variety of back-end platforms, the company said. RealSystem Media Commerce Suite can be integrated with third-party digital rights management applications, such as flexible rights management software from InterTrust Technologies, the statement said. InterTrust, which has filed a patent infringement suit against Microsoft over digital-rights management in Windows Media Player, is a member of the XMCL Initiative..." See the announcement, and XMCL main reference page.

  • [June 20, 2001] "RealNetworks Unveils Digital Rights Standard, Products." By 'Reuters'. In InternetWeek (June 18, 2001). "Media software maker RealNetworks Inc. on Wednesday launched a new product it says will help entertainment conglomerates manage and track the use of their copyrighted material on new online services they plan to soon roll out. RealNetworks also unveiled an initiative to standardize the delivery of content via the Web in a way that is secure and profitable, marking what analysts said was the Seattle-based company's boldest move yet to tackle a main strength of competing technology by cross-town rival Microsoft Corp... Although the more technical of the announcements, Real's standardization initiative could pose a bigger threat to Microsoft, analysts said. Real's proposed standard is called the eXtensible Media Commerce Language, or XMCL, a media-oriented version of the XML (eXtensible Markup Language) standard that companies like Microsoft are betting heavily on to enable a new generation of Web-based services. Just as XML describes different types of data so different computer systems can talk to each other, XMCL would be a common language for describing the rights and rules for a piece of media like a song or a film, Albertson said... The other pillar of Real's strategy is a product called the RealSystem Media Commerce Suite, which will let online music and video stores easily package, sell and deliver their wares to customers, Albertson said..." See: "Extensible Media Commerce Language (XMCL)."

  • [May 21, 2001] "Models and Languages for Digital Rights." By Carl Gunter, Stephen Weeks, and Andrew Wright. InterTrust Star Lab Technical Report. Reference: STAR-TR-01-04. March, 2001. Paper presented at the IEEE 2001 Hawaii International Conference on System Sciences. "Digital Rights Management (DRM) devices provide persistent protection, the means to control the rendering of digital content to users. This enables new kinds of agreements between parties involved in trading intangible goods such as digital music. In this paper we propose a language and model capable of expressing a range of licenses of the kind that DRMs may be expected to support... A Digital Rights Management (DRM) system governs rendering of content. DRMs enable sellers of digital content to move beyond current distribution models. Currently a physical medium like a CD is sold to a consumer who receives the right to render all of the works on the CD for his or her own enjoyment as often as desired. This approach is limited in many ways now that media capable of carrying greater content are becoming available, and the Internet can be used to distribute content in bulk transfers or via streaming applications. The sale of a CD is similar to the sale of a good, whereas an ongoing service model may better fit the new distribution techniques. For instance, it may be better to sell a user the right to hear songs from a digital library at a low fixed price per rendering rather than selling the library as a set of hundreds of CDs at a high fixed price. Payments for the service could occur periodically, like paying for using electricity or a cell phone. However, digital goods have some different characteristics than these other services: some experimentation will be required to derive appropriate service models. The aim of this paper is to make progress on this problem by developing a model and a language for describing licenses to digital works. We focus on licenses likely to be feasible using new DRM technologies such as those developed by InterTrust. While a full-fledged DRM system will allow content providers to make rendering contingent on a variety of events and conditions, such as payment, time and date, identity of the user, membership in a club, identity of the device, return of usage reports, recent contact with a clearinghouse, etc., we begin by studing simple licenses that consist only of payment and rendering events. We develop a mathematical model capable of capturing the meanings of a wide variety of such licenses with precision. We then develop a language of licenses whose semantics is defined by reference to the model. This insures that every license has a completely clear and unambiguous interpretation that is defined without reference to any particular implementation of a DRM system. Semantic model: Our model consists of a domain of sequences of events called realities, and a domain of sets of realities called licenses. Then, in a manner similar to that of denotational semantics for general-purpose programming languages, we can express the semantics of a rights management language as a function that maps terms of the language to elements of our domain of licenses. The character of our semantics is similar to those used for concurrency where language constructs are modeled as traces of allowed events..."

  • [May 04, 2001] "DRM: 'Down-Right Messy' And Getting Worse." By Mark Walter, Patricia Evans and Mike Letts. In Seybold Report: Analyzing Publishing Technology [ISSN: 1533-9211] Volume 1, Number 3 (May 07, 2001). ['Digital rights management (DRM) is fundamentally about controlling access to content. On the surface, that seems like a straightforward definition for what sounds like a simple idea. But delve below the surface, and you will find that DRM is about a lot more than controlling access to content, and it is far from simple. That message came through loud and clear at Seybold Seminars last month, where publishers from all disciplines gathered to try and make sense of the mess that has become the DRM market. Why is it so confusing? There are a number of reasons.'] "At Seybold Seminars Boston 1999, there were two DRM vendors on the floor; at the 2000 event, there were eight; this year, there were 16 -- and that's not counting those in the market that didn't exhibit at this show... Standards may counter the Tower of Babel One route to compatibility is establishing a monopoly; another is to set standards for open competition. Recognizing the value that standards would bring to the adoption of DRM, several organizations have formed committees to write working drafts. It is not an easy task. At this point, the committees have not yet been able to nail down the requirements, let alone build consensus on how different machines will exchange rights information. They have not even agreed on what language they'll use to express the rights, once they figure out what they want to say. Since last fall, some progress has been made. In November, the Association of American Publishers, representing all of the major commercial book publishers, issued a set of proposed requirements. It was an extensive list -- beyond what any vendor is currently offering -- and therefore likely to be a superset of the requirements that all vendors would be willing to endorse. By winnowing down the AAP list to its common factors, the vendor committee may get an initial set of requirements as early as this summer. Meanwhile, over the winter season, two e-book groups with overlapping task forces tackling standards -- Open E-Book Forum (OEBF) and Electronic Book Exchange -- merged under the OEBF umbrella. They have agreed to address numbering and metadata -- two areas in which vendors are not arguing and the AAP's own committees have already made progress. Numbering, at least in e-books, is following the AAP suggestion of adopting the digital object identifier (DOI). To help propel that effort forward, and possibly enlist DOI support from music and film industries as well, the DOI Foundation has sponsored an e-book project that's scheduled to be shown at the Frankfurt Book Fair this October. The situation is encouraging on the metadata front as well. The AAP report last fall recommended building on the recently developed ONIX standard for book bibliographic data. The OEBF has not officially said yet what it's decided, but we expect that it will endorse an alignment with ONIX and that a unified scheme for printed and electronic books will be ratified within the next 12 months. The OEBF and other groups, including MPEG, are also considering the adoption of a universal rights-specification language, though to date no industry group has accepted the leading vendor-submitted candidate, ContentGuard's XrML. How much will numbering, metadata and a rights language help, if encryption remains vendor-specific? At this point, it's hard to tell how far toward interoperability they will take us... In the short term, the confusion over DRM is likely to worsen. In the absence of solidified standards, vendors are teaming with content providers to launch services tied to new rights-enforcement tools." On DRM and XML, see: (1) Extensible Rights Markup Language (XrML); (2) Digital Property Rights Language (DPRL); (3) Open Digital Rights Language (ODRL); (4) Open Ebook Initiative; (5) MPEG Rights Expression Language.

  • [April 20, 2001] "Information Objects and Rights Management. A Mediation-based Approach to DRM Interoperability." By John S. Erickson (Hewlett-Packard Laboratories). In D-Lib Magazine [ISSN: 1082-9873] Volume 7, Number 4 (April, 2001). "This article identifies certain architectural principles for the deployment of networked information that, when applied, should contribute to an environment in which digital objects can be readily discovered, retrieved and consumed in ways that encourage the free flow of information while being consistent with individual and organizational intellectual property rights (IPR) policies and preferences. I attempt to reconcile the disparate forces driving the dissemination of information today, including open and free access to materials; interoperability of networked information systems; collection, deployment and maintenance of metadata services; naming infrastructures for information objects; relationship-based policy management; and practical aspects of today's rapidly evolving applications and services. Although the central focus of this article is to confront current information-opaque approaches to digital rights management (DRM), I hope the principles presented here are broader in scope and will suggest solutions elsewhere... In this article I explore the development of a conceptual "platform" for IPR policy expression, discovery and interpretation; in an earlier paper my co-authors and I referred to this as a Policy and Rights Expression Platform (PREP). PREP is a set of guiding principles; it should not be thought of as a digital rights management (DRM) system, but rather as a basis for interoperability for DRM systems and services. I believe these principles are complementary to advanced metadata expression and transport mechanisms currently in development (RDF), and indeed may suggest ways for DRM technologies to leverage those mechanisms. In the second article in this series, I will examine some of the architectural implications of these principles, and will provide an example of implementation..." On DRM and XML, see: (1) Extensible Rights Markup Language (XrML); (2) Digital Property Rights Language (DPRL); (3) Open Digital Rights Language (ODRL); (4) MPEG Rights Expression Language.

  • [April 19, 2001] "ContentGuard: An early leader in digital rights management. Company to Watch." By Elizabeth Gardner. In InternetWorld (April 15, 2001), page 16. ['With a portfolio of digital rights patents from Xerox PARC, ContentGuard may be the best-positioned player in the emerging DRM field.'] "... There may be no company better situated to take advantage of this [DRM - Digital Rights Management] market than ContentGuard, which spun off from Xerox a year ago and owns a portfolio of DRM patents developed at the renowned Palo Alto Research Center (PARC). The company unveiled its first suite of tools and services, called RightsEdge, earlier this year. A minority investment from Microsoft means ContentGuard products are likely to become front-runners as DRM gets built into various Microsoft products. There's nothing like being affiliated with the software industry's most powerful setter of de facto standards. But ContentGuard would prefer an open standard to a de facto one. To that end it has developed the Extensible Rights Markup Language (XrML), a subset of XML used to protect assets in combination with a compliant vendor's products. ContentGuard CEO Michael Miron says the company has issued 1,800 XrML licenses so far; the company doesn't charge for the license, but requires that licensees adhere to the terms of an agreement on how the specification may be implemented and modified. Backers include Adobe, Hewlett-Packard, AOL Time Warner, and Bertelsmann. The make-or-break year for DRM and XrML may well not come until 2003..." References: (1) "Extensible Rights Markup Language (XrML)"; (2) "Digital Property Rights Language (DPRL)"; (3) W3C Workshop on Digital Rights Management.

  • [April 17, 2001] "IDF Funds Study of Multimedia Intellectual Property Rights." - "The International DOI Foundation (IDF) is funding a feasibility study for the development of a Rights Data Dictionary (RDD), a common dictionary or vocabulary for intellectual property rights. The aim of the development will be to propose standard rights terms to enable the exchange of key information between content industries for ecommerce trading of intellectual property rights. The IDF has taken the lead role in funding the study to be based on the <indecs> Framework which outlined the fundamental principals and key terminology implemented in DOI applications and ONIX (widely used in publishing and increasingly with audiovisual products). The proposed consortium, to be formed of representatives from the publishing, music, film, image, technology and other information industries, will fund and participate in the development of the RDD. The <indecs> analysis identifies the basic semantic structures necessary to support intellectual property rights transactions. The scope of the RDD, to be named <indecs>2, embraces the rights description framework including rightsStatements, rightsAgreements, rightsTransfers, permissions, prohibitions, requirements, legal terminology, creation descriptions and financial terms and conventions. The increasing granularity of intellectual property available to trade (e.g., chapters, songs, images, film clips and online news) presents the need to incorporate a vast number of existing standards for identification and description, and to develop new ones where none exist. DOIs can be used to identify content at any level of granularity, using existing or new identifier schemes: since rights management has been central to the IDF's mission since 1998, the RDD will be key to enabling DOI application for multimedia rights management and effective use of DRM systems..."

  • [April 17, 2001] XML Aids Content Publishing." By Roberta Holland. In eWEEK (April 15, 2001). "As the number of new computing devices and new data formats grows, so, too, is demand for ways to create content once and repurpose it for multiple platforms without duplicating their work for each medium... Adobe CEO Bruce Chizen said: 'A key technology to enable that goal will be XML (Extensible Markup Language). Adobe will tag all its products with XML metadata to help its partners more easily repurpose the content... Officials with Arbortext Inc., of Ann Arbor, Mich., said the company already is providing an XML solution like the one envisioned by Adobe... Efforts are also under way to help publishers search and find content from repositories and ensure that the rights to the content are protected. A group called Publishing Requirements for Industry Standard Metadata (PRISM) released the first version of a metadata specification last week. The specification provides a vocabulary for print and online publishing, including descriptions of the data and rights and permissions associated with the data. Also working in the digital rights management space is ContentGuard Inc., of Bethesda, Md. ContentGuard, a spinoff from Xerox Corp., created Extensible rights Markup Language to express rights, terms and conditions attached to content. The company soon will release the language to an open standards group it is forming." See: "Publishing Requirements for Industry Standard Metadata (PRISM)."

  • [April 13, 2001] "Seybold Conference to Focus On Content, Digital Rights Management." By James Evans. In InfoWorld (April 11, 2001). "Members of the digital printing, publishing, and creative communities will converge on Boston this week [April 8-13, 2001] for Seybold Seminars, a conference that will focus this year on desktop and Web publishing, digital rights and document management, and e-books... A strong emphasis also will be put on XML tools to assist with getting content on the Web. Thirty-eight companies are listed as exhibiting HTML, SGML (Standard Generalized Markup Language), and XML products and tools. E-books are also maturing gradually, and Palm and GoReader will have handheld reader devices on display at the show. Collaboration will also be a focus, with companies assisting in ways to maximize the use of existing content, text, pictures, and other information, Gable said... One of the larger vendors exhibiting this year is Adobe. It will have its new Acrobat 5.0 software on display, which lets users convert files into PDF, and is expected to demonstrate its forthcoming three-dimensional product for the Web, Atmosphere. Several digital rights management companies will be on hand to showcase products that assist with distributing and protecting content, including Entrust Technologies, Authentica, and ContentGuard. . . Reciprocal will launch its Reciprocal Storefront, which supports the distribution of content that has been packaged using DRM (digital rights management) technologies. .. North Atlantic Publishing Systems will show its new NAPS Translation System, which assists with conversion from Quark files and Microsoft Word/RTF to XML and from XML to HTML. With the NAPS Translation System, a publication can reformat print media content so that it can be used on a Web site, the company said..." On DRM, see "Digital Property Rights Language (DPRL)" and "Extensible Rights Markup Language (XrML)." Also: "Open Ebook Initiative."

  • [March 19, 2001] "W3C Workshop on Digital Rights Management for the Web. 22-23 January 2001. Workshop Report." Edited by John Erickson (Hewlett-Packard Laboratories), Renato Iannella (IPR Systems), and Rigo Wenning (W3C). "The W3C Digital Rights Management (DRM) Workshop, held on 22-23 January 2001, brought together 65 leading DRM practitioners to discuss and debate DRM in general and what role W3C should take in this increasingly important area. From the 41 position papers submitted, the program committee chose 25 formal presentations covering areas such as Privacy, Identifiers, Architectures, Social and Legal Requirements, Publishers Requirements, Standards and Interoperability, Security and Trust, and Multimedia and Mobile issues. Each session was followed by open and vigorous discussion. There was some agreement that W3C should initiate a new activity in this area and there were a number of specific topics that were discussed as candidates. A topic of specific interest was the creation of a 'rights language'. The MPEG standards group is also looking into this, and proposed that W3C and MPEG form a joint alliance and to work on this problem together. Additionally, there was some objection against W3C involvement in the area of DRM. Some felt that W3C lacked the necessary types of members, like content owners, and experience in semantic and legal issues. Their view was that W3C should only play a liaison role. W3C will now take these recommendations and discuss it internally before making any formal decisions. The Workshop website contains all the Position Papers from the Attendees and the Program including the Slides from the Presenters and the Minutes. At the closing session, there was a brainstorming going on, which was condensed to a bullet-list. This bullet-list doesn't contain any indication on the amount of support on each point. It is provided as a result of strong feedback from participants."

  • [March 19, 2001] "The eXtensible Rights Markup Language (XrML). By Bradley L. Jones. From EarthWeb, March 16, 2001. ['Is Digital Rights Management important? You know what the music industry will say! We asked Brad Gandee, XrML Standard Evangelist, about a standard that is here to help. XrML is the eXtensible Rights Markup Language that has been developed by Xerox Palo Alto Research Center and licensed to the industry royalty free in order to drive its adoption. Simply put, this is an XML-based language that is used to mark digital content such as electronic books and music. Brad Gandee, XrML Standard Evangelist, took the time to answer a few questions on XrML for'] "Q: Who and how many have licensed XrML to date? A: More than 2000 companies and organizations, from multiple industries including DRM, publishing, e-media (audio & video), intellectual property, enterprise, etc., have licensed XrML since April 2000. The actual number of licensees as of 2/28/01 was 2031. Q: What does the adoption forecast look like for the next six months? A: There are approximately 30 new licensees every week. Over the next six months we forecast, according to the current rate of 30 licensees per week, additional licensees in the neighborhood of 2720. We anticipate that this figure may increase once an XrML SDK is released and as XrML becomes involved with more standards organizations. In addition, the rate of new licensees could rise due to the increased attention to rights languages within MPEG and with the restart of work on the EBX specification within OEBF. Q: Why hasn't XrML been handed over to a standards organization yet? A: We have not handed XrML over to a standards organization yet for a couple reasons. First there are many different standards bodies focused on different content types, each with their own perspective. We see the need for keeping XrML open and applicable to all of the content types. If we put the language under the control of one of these organizations too early, then it may end up perfect for one type content but become inflexible for many others. With the potential that the digital content market holds, we see a world where many different types of content come together dynamically in new recombinant forms, marketed and "published" across new channels and in new ways. The rights language that is used to express all of the new business models needs to remain content neutral. Another reason we have not handed XrML over to a standards body is that there has not yet been one that is prepared to take on the role of overseeing a rights language. For example, the W3C, which might be considered a good candidate for a home for XrML, just held a DRM Workshop in the third week of January in order to determine if they have a role to play in the DRM space. As a result of that workshop they may be considering the formation of a working group to look into rights languages, which will take time. In the meantime there is a DRM market out there that is moving forward..." See: "Extensible Rights Markup Language (XrML)."

  • [January 2001] "Interoperability: Digital Rights Management and the Emerging EBook Environment." By Stephen Mooney [Chair, Digital Object Identifiers for eBooks (DOI-EB); Chair, Identifier Special Interest Group, Open eBook Forum (OeBF); Co-Chair, Software & Information Industry Association, DRM Working Group; Vice Chair, Electronic Book Exchange Working Group (EBX)]. In D-Lib Magazine Volume 7, Number 1 (January 2001). ISSN: 1082-9873. "I address four initiatives that have, or soon must, grapple with such questions and issues: the Electronic Book Exchange Working Group (EBX), the Open eBook Forum (OeBF), Digital Object Identifiers for eBooks (DOI-EB), and the recently published eBook Standards of the Association of American Publishers (AAP)... In attempting to craft some sort of DRM eBook interoperability, the approach of OeBF's Publication Structure might well be a useful guide. Is there a type of interoperability that can facilitate DRM requirements along the eBook value chain while also not threatening, or even appearing to threaten, perfectly legitimate patent rights, other intellectual property rights and corresponding commercial interests? Two immediate possibilities come to mind. The first, noted in the AAP DRM eBook Report, and quite familiar to participants in EBX, is a common rights language for eBooks. There appear to be two candidates at the moment: eXtensible Rights Markup Language (XrML). and Open Digital Rights Language (ODRL). AAP notes that 'a common DRM language will make it easier for content providers to supply content for any DRM system.' My colleague again provides guidance when he suggests that 'even with different DRM implementations, technology providers can also cooperate -- they can agree to rights messaging standards.' The second possibility for a solution to facilitate eBook requirements is interoperability -- not of DRM or of content -- but of metadata..."

  • [January 15, 2001] "First Steps in an Information Commerce Economy Digital Rights Management in the Emerging EBook Environment." By Eamonn Neylon (Manifest Solutions). In D-Lib Magazine [ISSN: 1082-9873] Volume 7, Number 1 (January 2001). "The delivery of digital content to consumers in a trusted manner allows business models to be tried that are different from existing forms of publishing. Thus rights management technologies take a central place in the development of the eBook ecology by providing the ability to enforce and negotiate usage restrictions. This emphasis on the control of usage rather than access is critical in distinguishing eBook publishing from other types of publishing that have gone before it. Press coverage of the eBook marketplace could lead readers to believe that an explosion is imminent in this new method of publishing. However, there are outstanding issues that need to be addressed for the current hype to bear some semblance to reality. All stakeholders will need to become active in informing how the eBook evolves as an economically viable resource type... DRM vendors have been actively participating in two industry groups: the Open eBook Forum (OeBF) and the Electronic Book Exchange (EBX). The DRM vendors see eBooks as a new market ripe for the use of protection technologies. Their interests are primarily in establishing principles from which actual business implementations can be established. Within these groups there is an emphasis on the expression of rights and the enforcement of expressed rights. eBooks present two interesting problems to rights management systems. These can be simply stated as how to: (1) Express the conditions and usages that are permitted by the rights-holder -- while respecting the pre-existing entitlements of the consumer; (2) Enforce those usage conditions in a range of environments that have different levels of trust -- and are not necessarily connected to an online authority. The enforcement of rights requires a consistent expression of rights to allow different systems to consistently interpret what is required. Two candidate languages have been promoted as means to achieve a universal means of expressing what is conferred in a sale or license of content. ContentGuard's eXtensible Rights Markup Language (XrML) is a licensable specification for expressing rights in XML based on work conducted at Xerox PARC. XrML has been criticized for its lack of process for developing the language, and there have been concerns about the terms under which the specification may be licensed. Open Digital Rights Language (ODRL) is an alternative rights expression language, still in its infancy, which is being proposed by IPR Systems to the World Wide Web Consortium as an open standard to be developed within the established process of the W3C..." See Open Ebook Initiative.

  • [November 27, 2000] "Digital Rights Management for Ebooks: Publisher Requirements." Version 1.0. Association of American Publishers, Inc. [Status: This first release was created by the AAP Open Ebook Standards project. This effort was led by AAP, several leading publishers and Andersen Consulting. It is being made available simultaneously to AAP membership and to other interested parties for a review and comment period beginning November 27, 2000, and ending December 31, 2000.] "Digital rights management (DRM), the technologies, tools and processes that protect intellectual property during digital content commerce, is a vital building block of the emerging electronic book (ebook) market. DRM creates an essential foundation of trust between authors and consumers that is a prerequisite for robust market development. In the U.S., there are currently over 100 companies providing a broad range of DRM products and services. A number of these companies claim to offer comprehensive, end-to-end DRM solutions that protect content and enable the specification of various rights. Other DRM companies are offering niche technologies that can be cobbled together to create more comprehensive solutions. DRM vendors are exhorting publishers to provide more content to create a robust market. And publishers are entering the ebook market using the current vendor DRM solutions. However, today's DRM solutions do not offer the levels of interoperability that will be demanded by consumers tomorrow... Industry Participant DRM Expectations: Each type of industry participant and the role(s) it performs must be considered when discussing DRM standards in particular and ebook market needs in general. There are many different types, and a detailed treatment of all of them is beyond the scope of this document. However, the different participants may be grouped into eight broad categories: (1) Originator: any person or entity who originates digital content either through personal creation or by hiring another person to originate such content. For convenience, in this document, originators are also referred to as authors. (2) Rights holder: any person or entity who owns or has been licensed the intellectual property rights for the digital content. (3) Publisher: any person or entity who accepts manuscripts from authors, aids in the editing process, creates and distributes metadata and produces finished ebooks. (4) Service provider: any person or entity who provides a service that enables or provides one or more activities in the ebook market. (5) Technology provider: any person or entity who provides either software or hardware that enables the secure distribution of digital content and protects the intellectual property rights of the rights holder. (6) Seller: any person or entity who attracts consumers, enables them to browse and search metadata and sells ebooks. (7) Distributor: any person or entity who provides ebooks directly to consumers or another distributor. (8) Consumer: any person or entity who purchases and/or accesses ebook content through the ebook market..."

  • [October 27, 2000] Open Digital Rights Language (ODRL). Version 0.7. 2000-10-13. 27 pages. Edited by Renato Iannella. ['ODRL will be standardised via an appropriate, open, and non-competitive organisation with an open process for the future maintenance of the standard.'] "Digital Rights Management (DRM) involves the description, layering, analysis, valuation, trading and monitoring of the rights over an enterprise's assets; both in physical and digital form; and of tangible and intangible value. DRM covers the digital management of rights -- be they rights in a physical manifestation of a work (e.g., a book), or be they rights in a digital manifestation of a work (e.g., an ebook). Current methods of managing, trading and protecting such assets are inefficient, proprietary, or else often require the information to be wrapped or embedded in a physical format. Current Rights management technologies include languages for describing the terms and conditions, tracking asset usages by enforcing controlled environments or encoded asset manifestations, and closed architectures for the overall management of rights. The Open Digital Rights Language (ODRL) provides the semantics for DRM in open and trusted environments whilst being agnostic to mechanisms to achieve the secure architectures... The ODRL model is based on an analysis and survey of sector specific requirements (models and semantics), and as such, aims to be compatible with a broad community base. ODRL aims to meet the common requirements for many sectors and has been influenced by the ongoing work and specifications/models of the following groups: (1) <indecs>, (2) Electronic Book Exchange, (3) IFLA, (4) DOI Foundation, (5) ONIX, (6) MPEG, (7) IMS, (8) Dublin Core Metadata Initiative. ODRL proposes to be compatible with the above groups by defining an independent and extensible set of semantics. . . ODRL is based on a simple, yet extensible, model for rights management which involves the clear separation of Parties, Assets, and Rights descriptions. ODRL can be expressed in XML; see the XML DTD in Appendix A and XML Schema [placeholder] in Appendix B for formal definitions. However, it is also conceivable that ODRL could be expressed in other syntaxes. ODRL is XML Namespace aware as its primary target is use with other content description and management systems. The ODRL XML Namespace URI for this version (0.7) is: The final Version 1.0 ODRL XML Namespace URI will be ODRL uses XML XLink to refer from XML fragments to other fragments. This is used to express the relationship between the core ODRL entities such as Asset, Reward, and Usage. Such elements can be identified with the standard ID attribute then referred to via XLink's href attribute." XML (pseudo-syntax) instances are provided to illustrate several key models in the architecture, including the ODRL Foundation Model, the ODRL Usage Model, the ODRL Constraint Model, the ODRL Narrow Model, the ODRL Rewards Model, the ODRL Administration Model, etc. See the extracted XML DTD. See "Open Digital Rights Language (ODRL)." [cache]

  • [October 27, 2000] "Mad Scramble for Mindshare In Digital Rights Management. [Digital Rights Management: Peacekeepers Needed.]" By Mark Walter and Mike Letts. In The Seybold Report on Internet Publishing Volume 5, Number 2 (October 2000), pages 9-15. Feature article, Special Report: SSF 2000. ['DRM vendors are scrambling for market share even as standards are developed. Why does DRM matter? Hoping that DRM exhibitors at Seybold San Francisco 2000 would offer some answers on how to protect their digital content, it's likely that many publishers walked away more confused than ever. Although DRM was a hot topic at this year's West Coast event, attendees found themselves in the midst of a bazaar of incompatible choices made worse by the confusing number of multi-faceted vendors eager to establish their names. As one vendor put it: "The action on the show floor isn't really between vendor and customer, it's between vendor and vendor." For those seeking answers, we offer our latest status report.]' "These are complicated but exciting times for the book publishing industry. Traditionally the laggards of technology adoption, book publishers find themselves at the nexis of an important development in the evolution of digital media: color the rise of e-books and other offline digital media players. The current generation of DRM tools are being tested for e-books, but many of them can be easily adapted to other digital media, including music and video. Essential ingredients. For those still unsure as to exactly what DRM technologies do, here's a quick summary of the basic components: (1) Encryption: encryption is based on algorithms that are published and not patentable; (2) Authentication: a DRM system will verify that a document is an authentic, unaltered copy of the original work; (3) Enforcement of rights [...] Some progress has been made. The Association of American Publishers has set up three subcommittees that are defining common vocabulary and metadata, as well as painting some typical scenarios. This summer the Open E-Book Forum formed a DRM committee [Digital Rights Management Strategy Working Group], which issued a draft 'Framework for the Epublishing Ecology' to foster discussion. At the same time, the EBX working group, which is writing a protocol for digital exchange of e-books, is considering its options for how rights are expressed. By late September, the OEB Forum and the EBX Working Group were discussing how they might cooperate and minimize duplicating efforts. . . The most promising candidate thus far to define such standards is the Electronic Book Exchange (EBX) Working Group. Founded by Glassbook but now operating under the auspices of the Book Industry Study Group, the EBX committee is developing a protocol for transmitting secure, copy-protected e-books among publishers, distributors, retailers, libraries and consumers. The hope is that a single, open standard that is independent of data format and viewing software will help grow the e-book business by laying the groundwork for communication among disparate software systems. One of the knottier issues still facing the group is how far to extend the scope of licensing rights that are defined within EBX. The current draft covers a variety of usage terms and conditions, but it is by no means exhaustive. As it strives to nail down the language and syntax of its rights-definition component, the EBX group is considering two rights-definition languages that have more depth than the current EBX draft. The first is XrML (Extensible Rights Management Language), owned by ContentGuard, the rights-management software company spun off from Xerox earlier this year. The second is the Open Digital Rights Language (ODRL), developed by IPR Systems of Australia. The third option the group will consider is writing its own rights specification, which would likely be a subset of what XrML and ODRL handle." For DRM references, see (1) Extensible Rights Markup Language (XrML); (2) Digital Property Rights Language (DPRL); (3) "Electronic Book Exchange (EBX) Working Group."; (4) Open Digital Rights Language (ODRL); (5) Open eBook Initiative.

  • [October 27, 2000] "Digital Rights Management: It's Time to Pay Attention." By David R. Guenette. In The Gilbane Report on Open Information & Document Systems Volume 8, Number 5 (July 2000), pages 1-11. "Whether or not a DRM solution exercises control by way of ongoing server-client connection or in a network independent way has significant consequences for the user environment. At one end of this axis is DRM that requires a constant connection between the client (e.g., the PC through which the content is being used) and the server that monitors the use of the content and enforces the rules (e.g., display but do not copy) associated with the content. Authentica's PageVault, for example, requires a specific server to present and control what happens to the documents. . . A variant of the persistent server connection for some DRM solutions is the serving of content from a specific site from 'online library' services, such as netLibrary ( and Ebrary ( These services offer electronic publishers DRM-enabled vending of their content. The sophistication of the DRM itself is low in these services, offering not much more than copy protection at a gross document granularity level for purchase options due to the reliance on PDF as the content format. . . There's a huge difference between a DRM solution that manages PDF Merchant transactions and a DRM solution that can be applied to any kind and any part of digital content. If a publisher only intends to market individually priced PDF documents these differences aren't going to be important, but PDF can easily prove too clumsy if the documents are complex and composed of elements that can carry their own distinct value to different customers...There are other unresolved issues, including the importance of standards. ContentGuard has fired its salvo with XrML, with InterTrust answering back with OpenRights. If ContentGuard's XrML does what it sets out to do, which is to serve as the open basis for DRM interoperability, then InterTrust should easily enough be able to interoperate with it. With the advent of XML as the general tagging scheme for content fed into databases that support content management, the issues of DRM standards may be largely moot. There is relatively little additional work to perform to map XML elements to associated business rules (such as access, price, and usage) to make XML-based DRM solutions work with content management systems. Syndication and DRM seem a natural fit, too, although standards would presumably play a central role. Initiatives like ICE, which serve content 'payloads' in a conforming manner into content management systems don't define the content itself, and DRM-enabled content could be as easily sent as any other. The biggest problem with syndication has always been on the serving end, and the question to pursue is whether applications like Vignette's StoryServer or Kinecta's Interact will avail themselves of DRM components to strengthen their business model offerings. Unfortunately, with DRM solutions based on proprietary and persistent server-client relationships, the challenges of executing syndication for the subscribers get more complicated, not simpler, especially without a DRM interchange standard in place. As for now, only DRM solutions that support the concept of peer-to-peer superdistribution can play a role in syndication, but without ties to syndication-specific applications this capability remains more theoretical than practical. Still, it seems only a matter of time, especially given the raison d'jtre of syndication to maintain control over the distribution and use of digital assets, while simplifying and streamlining the receipt and deployment of those digital assets. DRM helps and expands on syndication, just as it helps and expands access and control and tracking for content management."

  • [October 07, 2000] "A Framework for the Epublishing Ecology." From the Open Ebook Initiative, Digital Rights Management Strategy Working Group. 'A systematic foundation for critical thinking, discussion, standards development and decision making in the world of electronic publishing.' Public Comment Draft Version 0.78. September 25, 2000. 25 pages. "In the spring of 2000, the OEBF formed a working group to begin developing a Digital Rights Management strategy for the OEBF and chartered that group to produce various deliverables (glossary, reference models, stakeholder profiles, etc.) This document embodies those deliverables. The Framework is currently under development by the OEBF's Digital Rights Management Strategy working group. A draft (version 0.78) is being made available simultaneously to the full membership of the Open eBook Forum and to other interested parties for a 30-day review and comment period beginning September 25th, 2000. [...] The Framework is a first step toward the creation of open standards for the epublishing market across all of the relevant stakeholders. We can use it to analyze the requirements of a specific stakeholder and determine how those requirements might be harmonized with those of other stakeholders. We can use it to exert a common vocabulary for epublishing to facilitate discussions among standards-making initiatives, some within the publishing industry (e.g., the DOI system, the ONIX metadata system, and the EBX proposal) and some without (e.g., MPEG21 and W3C). The Open eBook Forum (OEBF) is an international, non-profit trade organization whose mission is to promote the development of a thriving epublishing market. To do this, it creates, maintains and promotes adoption of epublishing standards and brings together stakeholders in the epublishing world by providing an inclusive forum for discussion of epublishing-related social, legal and technical issues." Also available as a Microsoft Word Document. See "Open Ebook Initiative." On DRM and XML, see (1) "Digital Property Rights Language (DPRL)" and (2) "Open Digital Rights Language (ODRL)." [cache]

  • [August 2000] "Requirements for Digital-Right Trading." By Ko Fujimura (NTT Corporation, Kanagawa, JAPAN). IETF Internet Draft. Reference: 'draft-ietf-trade-drt-requirements-00.txt'. IETF Trade Working Group. February 2000. Produced for the IETF Internet Open Trading Protocol Working Group (IOTP). See "Requirements for Generic Rights Trading", by Ko Fujimura. Presented at the 49th IETF Meeting, San Diego, CA, USA. 'draft-ietf-trade-drt-requirements-01.txt' [cache]

  • [August 04, 2000] "Microsoft Cranks Up Its Wide-Ranging E-Book Program. [Microsoft Discloses Ambitious E-Book Program.]" By Mike Letts and Mark Walter. In The Seybold Report on Internet Publishing Volume 4, Number 11 (July 2000), pages 5-11. ["There's been much speculation, and a few broad announcements, about Microsoft's e-book program, but details of the full scope of its efforts have been hard to obtain. However, last month, on the eve of Book Expo America in Chicago, the company hosted an all-day event to brief publishers on the e-book products that will be delivered in the coming months. At Microsoft's invitation, we attended the briefing to bring you this detailed report. The scope of the full effort is impressive, encompassing a PC-based Reader, several shrink-wrapped e-book server products and an end-to-end digital rights management solution. Perhaps most surprising was the showing of a prototype dedicated e-book reader based on a reference design Microsoft is showing to OEMs. Working with the same level of intensity that has come to define the company, Microsoft is charging hard into the e-book arena, raising the stakes and attempting to set the standards. In the process, we think it is also reshaping the electronic publishing landscape of the future.] ". . . The Digital Asset Server. The overall framework in which the DRM (digital rights management) system operates is Microsoft's upcoming Digital Asset Server platform. This server software is currently offered as a complete package that manages a store of books and processes and fulfills requests. It interfaces to the server containing the source content files, which need not reside at the distributor or bookseller's site; the Content Store Server houses the source files and may also store associated metadata, including the license information, in a SQL Server database. Microsoft has left open the option of interfacing its Content Store Server to other content repositories by relying on XML as the primary interface for exchanging metadata on the content. . . Microsoft is building a viewer specifically for extended reading, and isn't trying to bolt reading onto a Web browser. This approach is a distinct plus, as it gives the company the freedom to create a user interface optimized for the intended purpose, without the encumbrance of another application's baggage. The initial effort verifies its decision: the Windows MS Reader looks far better than most other PC-based e-book readers. The Reader also carries the advantage of using the XML-based Open E-Book format -- most notably rendering at the client, so that layout and composition can be optimized to the device, and even the window, on which the book is being read. . . Although Microsoft is utilizing ContentGuard's published XrML language to pass the license to its Reader, its .LIT binary data format is not open to the public, and the Reader itself is not open to third-party extensions." See "Open Ebook Initiative."

  • [April 29, 2000] "Digital Rights Management: Technology Evolves to Aid Content Marketing. [Rights Management: Ready for Prime Time.]" By Mark Walter. In Seybold Report on Internet Publishing Volume 4, Number 8 (April, 2000), pages 9-16. Note: The "Extensible Rights Markup Language (XrML)" from Xerox (ContentGuard) is one of several proposed digital rights management technologies which uses (SGML/XML) "markup" as a key feature. XrML is in draft, as a nominal revision of the Xerox "Digital Property Rights Language (DPRL)." Anyone who attempts to fetch the XrML spec (and extract the XML DTD) will see why this facility -- so (commercially) delicious to content providers -- is certain to prove frustrating to end users [you thought the hardware dongle was a pain in the butt? you ain't seen nuttin' yet!] This SRIP article on DRM was written too early to cover XrML, but we expect Mark Walter to put XrML in the Seybold publication lineup. "Digital Rights Management (DRM) is one of the hottest publishing technologies this year, attracting both large software houses and small upstarts eager to help publishers expand their sales into digital markets. In Part One of our coverage, we explain what it does and review four DRM vendors that have recently made news." [To come in SRIP:] "Digital rights management, once viewed as just a way to protect copyright and enforce old business rules in the digital domain, is rapidly maturing into a critical component of digital content marketing. What is DRM and why is it becoming so important? In this month's feature we answer those questions, explaining what DRM systems provide and how they relate to the digital marketing programs professional publishers are running today. No overview would be complete without reviewing the vendors. This month, [SRIP] begins with a look at four DRM players. Early leader Reciprocal has just launched a professional publishing unit and has teamed with Xerox to streamline its services. Vying for a share of the same market are upstarts PublishOne and DigitalOwl, which are launching this spring. We also update readers on InterTrust, whose DRM DigiBox platform is used by a variety of services, including Reciprocal and PublishOne. It recently acquired Infinite Ink and launched Flying Media, a packaging application aimed at professional publishers. In upcoming issues, we'll continue the survey with a look at Acrobat-related DRM systems from Authentica, FileOpen and SoftLock; permission-clearance services from Copyright Clearance Center, YBP Clearance Direct and; and new DRM service providers entering the market this year..."

  • [June 21, 1999] "Guarding content. Xerox Enters the Rights Management Arena with ContentGuard. ContentGuard offers persistent protection with a small footprint." By Victor Votsch. In Seybold Report on Internet Publishing Volume 3, Number 10 (June, 1999), pages 27-28. [The Latest Word] "Xerox jumps into digital rights management with an end-to-end suite for protecting documents. ContentGuard, which was developed at Xerox's PARC research facility, also differs from most rights-management products in its server-based operation. It does not require the reader to install any client-side software in order to access documents. A small rights file is sent over the Web with the content. ContentGuard generates on-the-fly Self-Protecting Documents (SPD) that contain information on access rights. SPD files are encrypted and contain information specific to the user and the rights associated with a document. The SPD can determine the status of a user's request to upgrade his rights (print in addition to view) by checking with a master record on a secure Web server." See "Digital Property Rights Language (DPRL)."

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: