The Digital Media Project  

Source AHG06 Date: 2004/12/15
Title Interoperable DRM Platform (IDP) Functions and Requirements No. 0277/AHG06
 

Interoperable DRM Platform (IDP) Functions and Requirements

  

1   DMP Specifications

The Digital Media Project (DMP) is a not-for-profit organisation with the mission to “promote continuing successful development, deployment and use of Digital Media that respect the rights of creators and rights holders to exploit their works, the wish of end users to fully enjoy the benefits of Digital Media and the interests of various value-chain players to provide products and services, according to the principles laid down in the Digital Media Manifesto”.

DMP has identified “Interoperable Digital Rights Management (DRM)” as the technology whose deployment can further the goals stated in its Mission and has developed a work plan whose current version foresees, inter alia, the development and publication of:

  1. Technical Specifications for Interoperable DRM Platform

    1. Phase 1 (IDP-1) will be approved in April 2005

    2. Phase 2 (IDP-1) in October 2005

  2. Technical Specifications for DMP Use Cases

    1. Phase 1 will be approved in April 2005

    2. Phase 2 will be approved in October 2005

  3. Recommended Practices for End-to-End Conformance (EEC) in July 2006.

To become aware of the technologies required to implement its Technical Specifications DMP issues Calls for Proposals. In July 2004 the DMP issued a Call for Proposals (CfP) on “Portable Audio and Video (PAV) Devices”, relevant to point 1. a and 2.a above. It is planning to issue another CfP relevant to point 1.b and 2.b above.

2   DMP Requirements

Calls for Proposals make reference to a Requirements document, called “IDP Requirements”. The DMP is currently busy collecting said requirements from a variety of sources. So far requirements from representatives of the following Value-Chain Users (VCU) have been contributed:

  1. Civil Rights Associations
  2. Collective Management Societies
  3. Device Manufacturers
  4. Individuals
  5. Producers
  6. Public Service Broadcasters
  7. Sheet Music Publishers
  8. Telecommunication operators
A list of Value-Chain Users identified so far DMP, and whose requirements the DMP expects to include is given in Annex A. All Value-Chain Users are encouraged to provide additional requirements that satisfy their needs or to comment on the existing ones. They will be incorporated in this document after review by DMP. The IDP Requirements document is posted on the open DMP web page so that contributors have an opportunity to review and possibly make further comments on the document.

This document should be read bearing in mind that words beginning with a capital letter have the meaning specified in the DMP Terminology. Please note that the DMP Terinology document, too, is work in progress.

Those wishing to comment on or contribute requirements to this document should forward their submissions to Marc Gauvin (mgauvin@sdae.net). Submissions will be discussed by the Ad hoc Group on Requirements for Interoperable DRM Platform. To subscribe to the ad hoc group reflector follow the instructions.

3   General IDP Requirements

The table below gives the general IDP requirements. The acronyms in the 3rd column represent the source of the requirements and are defined in Annex 2.

Note that the list is work in progress.

  1.  
IDP shall be a “tool-kit” specification GA04
  1.  
IDP shall evolve in phases, each phase introducing new tools GA04
  1.  
IDP tools shall support all legitimate needs by  
  Value-Chain Users Statutes
  Cultures DC
  1.  
IDP shall support Rights inheritance, i.e.the set of Rights acquired by a given Value-Chain User is subject to the set of Rights that was available to the Value-Chain User granting the Rights. E.g. a Producer Using a Work to produce a piece of Content can only grant a conditional subset of those Rights to that Content that have been granted him by the Author of said Work AHG03
  1.  
IDP shall support the ability of a VCU A providing services to a VCU B to be “seen” by VCU B even though VCU A may rely on the services of VCU C in its relationship with VCU B TO
  1.  
Licensing of technologies required to implement IDP tools shall be RAND and preferably royalty-free DC
  1.  
IDP shall contain tools to minimize impact on end-user (transparency). DC
  1.  

DMP Use Cases shall describe how specific applications can be supported by IDP tools

GA04
DC

  1.  
DMP Use Cases shall provide a small number of Rights Expression templates that are well understood by end users AHG06
  1.  
IDP shall support multiple means to evaluate content use? AHG06

4   Benefits of DMP Specifications

4.1 Toolkit and interoperability

The toolkit nature of IDP allows solving one of the thorniest problems of DRM interoperability. Indeed the general need of different VCUs to interoperate across Value-Chains clashes with the broad range of Value-Chain functionality. The IDP toolkit enables Users:

  1.  To set up Value-Chains supporting specific business models. As tools are independently specified it is possible to create a competitive market of tool suppliers
  2. To make their Value-Chains grow in functionality in a scalable fashion
  3. To retain interoperability with Users of other Value-Chains
DMP will develop a Use Case document. The purpose of that document is to describe how specific Value-Chains can be set up using the IDP tool-kit. Some of those Use Cases may be made normative to enhance interoperability between Users of well-understood Value-Chains.

4.2 The DMP Content Format (DCF)

Imagine a population of DMP Devices that can Use DMP Content and enable End-Users to perform TRUs, e.g. Annotate DMP Content. The annotated Content could be Released by embedding the original Content in a new DCF. This would have a new DCF identifier that could either be obtained from an identifier-issuing agency or automatically from the identifier space of the DMP Device utilised to Annotate that DMP Content.

Note that DMP Content Distribution itself needs not use the same DRM tools as it could be Released as a DMP Content with
  1. DCF identifier, DCF describing Resources and Metadata, Resources and Metadata
  2. ditto + Rights Expression
  3. ditto + Resource Encryption

4.3 Other examples of benefits

TBD

5   Specific Requirements

Category Function
Identify  
  Identify Data
  Identify License
  Identify User
  Identify Device
  Identify Use Context
  Identify Domain
  Identify Content Format
  Identify Device Capability
Assign  
  Assign Identifier
  Assign Descriptor
Revoke  
  Revoke Domain ID
Represent  
  Represent Content
  Represent Rights Expression
  Represent Use Data
Authenticate  
  Authenticate User
  Authenticate Device
  Authenticate Domain
Verify  
  Verify Data Integrity
  Verify Device Integrity
Certify  
  Certify Work
  Certify User
  Certify Author
  Certify Device
Manage  
  Manage Key
  Manage Domain
  Manage Device Capability
  Manage Use Data Confidentiality
Access  
  Content
  License
Process  
  Encrypt
  Store
  Copy/Move
  Backup/Restore
  Export
  Import
  Play
  Render
  Bind
Pay  
Test Conformance  
  Test Conformance of Rights Expressions
  Test Conformance of Enforcing Rights Expressions
  Test Conformance of Tamper resistance
Identify

Identify Data

  Detailed description of Requirements Source
Definition The means to uniquely and unambiguosly

  • identify a piece of
    • Content Data
    • Content Data Element
    • Use Data
  • refer to the identification.
PAV
  The means to uniquely and unambiguously

  • identify
    • Work and its constituent parts
  • refer to the Work identification.
CMS
  The means to uniquely and unambiguously

  • identify
    • Work and its constituent parts
  • refer to the Work identification.
SMP
Objective To support the association of Resources, Metadata, Rights Expressions, Licences and/or Use Data with a piece of Data that may be remote from such Resources, Metadata, Rights Expressions, Licenses and/or Function that generated the Use Data. PAV
  To support the association of Work, Resources, Metadata, Rights Expressions, Licences and/or Use Data with a piece of Data that may be remote from such Work, Resources, Metadata, Rights Expressions, Licenses and/or Function that generated the Use Data. CMS
  To support the Use of a Work and/or its parts SMP
Requirements
  1. Unambiguous identification of a piece of Content Data and Content Data Element
  2. Unambiguous identification of Use Data
  3. Ability to work in conjunction with multiple, existing industry schemes for Content Data identification.
  4. Ability to extend the total number of identifiers that can be assigned in such a manner that previously assigned identifiers do not become obsolete.
PAV
 
  • Unambiguous identification of a Work
  • Unambiguous identification of a Work Use License and Data
CMS
 
  • Identify Work within an organisation (#3 in PAV?)
  • Avoid duplication of Work Identifiers over time (#4 in PAV?)
PBB

(PRD)
 
  • Unambiguous identification of a Work and its parts
SMP
 
  • Answer to Sony queries. In the PAV Requirements we refer to Content Identification required for particular PAV implementations and not all identification schemes. But at the IDP level we include any standard identification scheme provided by VCUs.
DVM
 
  • Content should be identified by different VCUs to enable tracing the origin of content when licensed to other VCUs
BT
     
Benefits
  • Flexible distribution schemes where different Content Data Elements may be supplied from different sources.
  • A given Content Data Element may be referenced by a multiplicity of Composing Content without duplication.
  • Fine granularity of Rights Expressions.
PAV
 
  • Permit tracking of a Work throughout copy generations and variations.
CMS
 Identify License

  Detailed description of Requirements Source
Definition The means to identify the appropriate License of Work contained in Governed Content in a particular instance of Use CMS
Objective
  • To support the association of the use of a Work (e.g. Use Context) within a piece of Governed Content with the appropriate License or License identifier
  • To support Trust Management
CMS
Requirements
  • Compatible with administration of Domains for Work Use, i.e. that a Work can only be Used in a specific Domain (e.g. a Broadcast Footprint, a company)
  • Ability to associate a given set of Rights Expressions with the appropriate License and Use Context
  • Ability to work in conjunction with existing industry schemes to deliver specific Licensed uses.
  • Ability to extend the total number of identifiers that can be assigned in such a manner that previously assigned identifiers do not become obsolete.
CMS
Benefits Guarantee appropriate Licensed Uses of Works CMS
 Identify Domain

  Detailed description of Requirements Source
Definition The means to identify Use domains AHG3
Objective To identify groupings of Users and/or Devices. For the time being only End-Users are considered AHG3
Requirements
  • The following types of Domain shall be supported
    • Device-based
    • User-based
      • By enumeration
      • By reference to a legally established class of special users
    • Location-based
AHG3
DC
 
  • Hierarchy of Domains shall be supported
PM
Benefits Enable more Uses of Content by identifying groupings of Users and/or Devices instead of just Users or Devices AHG3
 Identify User

  Detailed description of Requirements Source
Definition The means to identify the device that represents the (human, corporate etc.) User in a particular instance of Use PAV
Objective

To enable

  • Content Access and Use of Content and Services
  • Payment systems to operate
PAV
Requirements
  • Being usable for the purpose of User authentication
  • Ability to accommodate a variety of models for human interaction with Devices e.g.:
    • Allow a single User to use multiple Devices,
    • Allow multiple Users to share a single Device,
    • Allow the use of a confidential identity,
  • Ability to extend the total number of identifiers that can be assigned in such a manner that previously assigned identifiers do not become obsolete.
PAV
 
  • Supports identification of identity of user to which content was licensed
DC
  To provide the means to identify the authorities responsible for certifying:

  • Works
  • Users
  • Devices
  • Platforms
  • Etc.
 
Benefits Depending on a given device's design, allows one User to employ multiple devices or allows multiple Users to use a single device. Useful in the event of disaster recovery scenarios when a device or storage medium is destroyed PAV
 Identify Device

  Detailed description of Requirements Source
Definition The means to identify the Device employed in a particular instance of Use PAV
Objective
  • To support the association of a piece of Governed Content with a Device
  • To support Trust management
PAV
 
  • To support the association of the Use of a Work with a Device
CMS
Requirements
  • Compatible with administration of Domain models for Use.
  • Ability to work in conjunction with existing industry schemes to administer customer/device-specific uses.
  • Ability to extend the total number of identifiers that can be assigned in such a manner that previously assigned identifiers do not become obsolete.
PAV
 
  • Ability to obtain Device capability information from the Device Identifier
  • Playback of a set of books can be restricted to a specific set of machines (devices). (requires clarification by proponent)
DC
Benefits
  • Allows reliable administration of Device-based Uses.
  • Compatible with succession strategies in cases where a Device is destroyed or otherwise replaced, or else used only for a period of time after which a different Device will be used.
PAV
 Identify Content Format

  Detailed description of Requirements Source
Definition Identification of Content formats PAV
Objective To provide the means to identify Content formats PAV
Requirements
  • How to identify Content formats
PAV
 
  • Relevant parameters in a content format
    • Compression algorithm used
    • Video resolution
    • Bitrate used for encoding
    • Audio sampling frequency
    • Number of channels
    • Key management
    • Encryption methos
    • Watermarking
    • Etc.
AHG3
Bentley
Benefits Content that is suitable for the Device can be acquired PAV
  Work that is suitable for the Device as per Rights Expressions and Licenses issued by Authors and CMSs can be acquired CMS
 Identify Use Context

  Detailed description of Requirements Source
Definition The means to identify that the Context of Use of a Work is in accord with License stipulated by the Author/CMS and according to the Author’s moral rights. These limits would relate to identifiable associations of a Work with the presence of another Work, Logo, Name (i.e. names of commercial entity, political or religious entities), Domains, IP or geographic region etc. Example is content released under a “free use” License that shall not be used for political purposes CMS
Objective
  • To support associating a Work or only associating a Work with an identifiable pre-determined Context or Contexts in accord with the intended limits of associating a Work as stipulated by the Author
  • To support Trust management
CMS
 
  • To support Rights "packaging"
PM
Requirements
  • Compatible with administration of Domain for Work Use.
  • Ability to work in conjunction with existing industry schemes to administer specific Work Uses.
  • Ability to identify other Works and objects associated within an identifiable digital unit such as a Web object or Digital Item
CMS
Benefits Allows reliable administration of intended Work Uses CMS
 Identify Device Capability 

  Detailed description of Requirements Source
Definition Identification of capabilities of a Device to handle Data or perform Functions PAV
Objective To provide the means to identify the functionality of a Device PAV
Requirements
  • To identify Device capabilities, e.g.
    • capability to process (e.g. Render) certain Resource types;
    • capability to process certain Content formats
    • capability to process certain Rights Expressions
    • etc.
AHG3
Benefits The ability to acquire Content that is suitable for the Device PAV
  The ability to acquire a Work that is suitable for the Device as per Rights Expressions and Licenses CMS
 Assign

Assign Identifier

Ed. Note Is the verification itself a requirement or just a record of  the verification? N.E.

  Detailed description of Requirements Source
Definition The function performed by an Authority to assign an Identifier to a Work, a Resource, a piece of Content, Device, or User AHG3
Objective To unambiguously associate descriptive data to a Work, a Resource, a piece Content, Device or User AHG3
Requirements
  • Verify origin of Work for which Identifier is requested
  • Verify that the requester qualifies as Author of Work
CMS
 
  • Verify that the requester represents a qualified Author of Work (agency)
Merrill
Benefits
  • Form trusted relationships and give all Users confidence in the Work, Resource or Device.
  • Verify that any entity that can be identified is justly and correctly identified.
AHG3
 Assign Descriptor

  Detailed description of Requirements Source
Definition The function performed by an Authority to assign a Descriptor to a Work, a Resource, a piece of Content, Device, or User AHG3
Objective To facilitate the search for Works, Content, Content Data, Devices, Users AHG3
Requirements
  • To include the following mandatory fields
    • Author
    • Title
    • Genre of Authorship
    • Date of Creation of Work …
CMS
  Assign Descriptors that facilitate cataloguing Content for B2B distribution SMP
Benefits Easy and accurate retrieval of Works, Resources or pieces of  Content AHG3
 Revoke

 Revoke Domain ID

  Detailed description of Requirements Source
Definition   PM
Objective   PM
Requirements
PM
Benefits   PM
 Represent

Represent Content

  Detailed description of Requirements Source
Definition The means to organize and associate Content Data and Content Data Elements including Resources, Metadata, Rights Expressions and Licenses. PAV
  Metadata can include Work-related information such as Work Identifier, Authors CMS
Objective Provide for the ability to group any of the following components: Resources, Metadata, Rights Expressions and Licenses PAV
Requirements
  • Persistent Association of Identifiers and Metadata to Resources
  • Ability to include encrypted and unencrypted Data
  • Ability to apply Rights Expressions to Composite Content components
  • Ability to Use Content Data Elements from Governed Content
  • Ability to associate Composite Content Elements stored at locations remote from each other
  • Ability to support association of Composite Content Elements
  • Ability to support Element unavailability, both temporary and permanent.
PAV
 
  • Standard format for Work-related information
CMS
 
  • Compatibility of Resource Descriptors with existing standards
  • Organize and associate (i.e. multiplex) Rights Expressions and Content for carriage in broadcast and streaming
  • Efficient communication of Rights Expressions
  • An End-User should not have to wait for a long time before Using Content
  • Organize and associate (i.e. multiplex) Metadata and Content for carriage in broadcast and streaming
  • Efficient communication of Metadata
  • An End-User should not have to wait for a long time before Using Metadata
PBB
 
  • Content shall be represented in a Delivery-System agnostic format
AHG03
Benefits
  • Different Uses of the same Content (e.g. Resource selection)
  • Executing sets of Functions on Content that serve for orientation, navigation and judgement (e.g. searching/filtering content)
PAV
 
  • License Different Uses of the same Work  (e.g. Work based Resource selection)
  • Ability to apply Work based Author and CMS issued Rights Expressions and Licenses to Composite Content components containing various types of Works/Resources (Audio, Video, Graphic etc.).
  • Ability to find out which Works are employed in a piece of Content
CMS
 Represent Use Data

  Detailed description of Requirements Source
Definition A format representing how the Use of a piece of Governed Content has actually taken place in a Device PAV
Objective To enable further digital processing of Use Data PAV
Requirements
  • Ability to identify Use Data
  • Ability to support protection of Use Data
  • Ability to convert Use Data to a human readable form
  • Ability to represent a wide range of Content Uses e.g. time of Use, Composite Content, Domains, Superdistribution Uses
PAV
 
  • Ability to identify Use Data pertaining to a Work
  • Ability to support protection of Work Use Data
  • Ability to represent a wide range of Work Uses e.g. time of Use, Composite Content, Domains, Super-distribution Uses
CMS
Benefits Provide a machine-processable record of Uses PAV
 Represent Rights Expression

  Detailed description of Requirements Source
Definition Format that is capable of expressing Rights PAV
Objective To allow conditional use of Content, based on the conditions being satisfied or fulfilled PAV
  To allow conditional use of a Work used in Content, based on the conditions being satisfied or fulfilled. CMS
Requirements
  • The Solution shall represent different subsets of Rights
  • The Solution shall represent new Rights when the need occurs
  •  The Solution shall unambiguously identify
    • the User granting the Right
    • the User, Device or Domains obtaining the Right
    • the piece(s) of Content to which the Rights Expression refers
    •  the Right that is granted in such a way that there is no ambiguity in the semantics of the Rights Expression
  • The Solution shall support the following Functions:
    • Copy
    • Move
    • Backup/Restore
    • Export
    • Import
    • Transfer to an external rendering device
  •  The Rights Expression shall support at least the following:
    • To assign one Rights Expression to many pieces of Governed Content
    • To assign many Rights Expressions each referring to a different component of a Composite Content
  • In particular a piece of Content can have no Rights Expression (to be checked whether it should be a “do everything” type of Rights Expression)
  • To specify Content Uses e.g.
    • Period of time (e.g. play as long as the play time is less than a specified period) and based on time/date
    • User identity-based
    • Count based (play up to the specified number of time)
  • To specify Resource Uses e.g.
    • Audio
    • Video
    • Executables (e.g. applet)
  •  To allow streaming
  •  To process metadata
  • Presentation of Metadata
  •  To allow trick modes
PAV
 
  • The solution shall represent varying subsets of Author/CMS Rights
  • The Solution shall unambiguously identify
    • the Work(s) to which the Rights Expression refers
    • the Right in the context of a given License or Licenses
  • The Solution shall support the following Functions:
    • Edit
    • Adapt
    • Associate (e.g. we may want to maintain an association between audio and video)
    • Stream
    • Download
  • Digital Rights Expressions shall support at least the following:
    • To assign Rights Expressions to Works
    • To assign one Rights Expression to many Works and/or pieces of Governed Content
    • To assign Rights Expressions with Context Use limitations, e.g. age of End-User
    • To assign many Rights Expressions each referring to a component of a Composite Content containing any combination of Works
    • To resolve conflicts between Rights Expressions for Work Use and Rights Expressions for Governed Content Use in which the Works are contained
    • To specify Work Uses e.g.
      • Period of time (e.g. play as long as the play time is less than a specified period) and based on time/date
      • User identity-based
      • Count based (play up to the specified number of time)
CMS
 
  • The Solution shall support the following Functions:
    • Store
  • Rights Expression should enable
    • Store received Content
    • Move/Copy within Authorised Domain
    • Move/Copy within Footprint (e.g. applications may be required to determine the geographic region in which the device running the application is found, parcticularly when on-line)
    • Export to a movable media
    • Signal no Copy/Move outside Footprint
    • Inhibit Encryption of cleartext Content
  • Rights Expressions should be able to make reference to a Footprint (already supported by “Identify Domain”)
  • Rights Expressions should
    • Not require a return channel
    • Have low payload
    • Be processable by a wide array of Device sophistication
PBB
 
  • Rights Expressions should support
    • Conditional expiry (i.e. SMP loses Rights to sheet music if Stored for longer than determined period without Use)
    • Multiple grantors of the same Work
    • Rights to segments of Work and Content
SMP
 
  • Rights Expressions should support Quote
DC
 
  • Rights Expressions shall support
    • Use of Content Stored in a Device-based Domain by the User of that Domain through a Device that does not belong to that Domain
    • Store
    • Time-shifted Use
AHG3
 
  • Rights Expressions shall support
  • Use of Governed Content within geographical domains
DVM
 
  • Rights Expressions shall support Rights restrictions when Exporting
DC

 

 

 

 

 

 

 

  • Rights Expression shall support Device-based Licenses

  • Rights Expression shall support conversion between different resource encoding (e.g. MP3 to AAC)

  • Rights Expression shall support annotate / modify content for personal use

  • The Rights Expression shall support at least the following types of media: audio, video, images, text and executables, group/bundles thereof and composite content thereof

  • The Rights Expression shall support the addition of new metadata

  • The Rights Expression shall support the expression of time within which content can be Accessed

  • The Rights Expression shall support Access of Content based on User identity and Rating (e.g. suitability for age)

  • The Rights Expression shall support a User acquiring a License for another User

BT

Benefits Potentially allow the full range of human contractual agreements to be embodied in the digital domain, especially including automatic processing of agreements that are stated in sufficiently rigorous forms.  PAV
 Authenticate

Authenticate User

  Detailed description of Requirements Source
Definition The procedure to validate the User identity PAV
Objective To make sure that Governed Content is Used by the intended User PAV
  To make sure that Works are Used by the intended User CMS
Requirements
  • Shall support multiple protocols for the authentication of Users
PAV
DC

 

 

 

  • Certificates must be removable by the user, e.g for the purpose of services the device

  • Supports national and international interlibrary loan (requires clarification by proponent)

  • Playback of a set of books can be restricted to a specific set of users. (is on a book-by-book basis not enough?)

DC

Benefits To enable Content Uses by identified Users PAV
 Authenticate Device

  Detailed description of Requirements Source
Definition The procedure to validate the Device PAV
Objective To make sure that Governed Content is Used by the intended Device PAV
  To make sure that Works are Used by the intended Device CMS
Requirements
  • Protocol for the authentication of the Device
PAV
Benefits To enable Content Uses on identified Devices PAV
  To enable Work Uses on identified Devices CMS
 Authenticate Domain

  Detailed description of Requirements Source
Definition    
Objective    
Requirements
  •  
 
Benefits    
 Verify

 Verify Data Integrity

  Detailed description of Requirements Source
Definition The procedure to detect corruption or loss of part of the Content, Use Data and Executables PAV
  The procedure to detect misrepresentation of a Work CMS
  The procedure to detect corruption or loss of part of the Content, Content Data, or Use Data and their associated Identifiers. ENU
Objective
  • Correct delivery of Content, Use Data and Executables.
PAV
 
  • Correct delivery of a Work
  • Guarantee that correct Work and Author are associated within content.
CMS
  Guarantee that the Content and associated Identifiers are correct. ENU
Requirements
  • Ability to detect that there is corruption or loss of part of the Content, Use Data and Executables
  • Support error recovery in the case where Content, Use Data and Executables are delivered over an imperfect Delivery System.
  • Compatibility with data protection and privacy aspects (e.g. to limit the compilation of user profiles by third parties)
PAV
 
  • Ability to cross-reference Work and Author identification with license data (this is a question of verifying Metadata Intergrity)
CMS
 
  • Detect miss-match of Content or Content Data and their associated Identifiers.
 
Benefits To provide Content, Use Data and Executables integrity PAV
  To provide Work and Author representation integrity CMS
 Verify Device Integrity

  Detailed description of Requirements Source
Definition The procedure to detect corruption of part of the software of a Device PAV
Objective To support Trust management with a Device that may be remote from a User PAV
Requirements
  • Ability to detect that there is corruption of the Device software
PAV
Benefits The ability to support Trust management with a Device that may be remote from a User PAV
 Certify

 Certify Work

  Detailed description of Requirements Source
Definition The issuance of a statement by an authority that the Work identified is truly the said work (i.e. watermark) CMS
Objective To make sure that Works are by the Author CMS
Requirements
  • A protocol to certify Content in reference to a Work
CMS
Benefits To support correct attribution CMS
 Certify User

  Detailed description of Requirements Source
Definition The issuance of a statement by an authority that the claim by a user to be the User is supported (e.g. X.509 certificates are issued by the Spanish Government to its residents for secure on-line tax return filing and other issues). PAV
Objective To make sure that Governed Content is Used by the intended User PAV
  To make sure that Governed Content and Works are Used by the intended User  
  To make sure that the User is who he says he are and has the authority to perform the function claimed. ENU
Requirements
  • A mechanism to certify Users
PAV
Benefits To enable Content Uses by certified Users PAV
  To enable Content and Work Uses by certified Users  
 Certify Author

  Detailed description of Requirements Source
Definition The issuance of a statement by an authority that the Author identified is truly the Registered Author of a Work CMS
Objective To make sure Works are attributed correctly CMS
Requirements
  • A protocol to certify Authors
CMS
Benefits To enable correct attribution CMS
 Certify Device

  Detailed description of Requirements Source
Definition The issuance of a statement by an authority that the claim by a device to be the Device is supported PAV
Objective To make sure that Governed Content is Used by the intended Device PAV
Requirements
  • A mechanism to certify Devices
PAV
Benefits To enable Content Uses by certified Devices PAV
  To enable Content and Work Uses by certified Devices  
 Manage

Manage Key

  Detailed description of Requirements Source
Definition Controlling, generating, protecting, distributing, assigning, installing, tracking, validating and using keys. Also, updating, revoking, destroying, storing, and archiving keys as well as providing some means of Backup/Restore. PAV
Objective to enable the controlled encryption and decryption of Data PAV
Requirements
  • To support multiple key exchange protocols without loss of interoperability
    • One key to one or to many piece(s) of Governed Content
    • One key to one or to many Users
    • One key to one or to many Devices
  • To support identification of authorised key management systems
  • Technology to protect keys
  • For any pieces of Content used within Composite Content, it shall be possible to choose not to encrypt that piece of Content and it shall also be possible to encrypt that piece of Content using individual keys.
  • The ability to support superdistribution of Governed Content when each instance of such Governed Content is encrypted with a different key.
  • The Solution should lend itself easily to key management implementations that do not interfere with an enjoyable User experience.
  • Key management solutions should not be completely destroyed by a single failure and if defeated, should have adequate recovery plans in place to restore key management security.
PAV
  Must apply to any distribution means (CD, download, streaming, etc.) DC
Benefits To enable Users to employ a wide variety of key management systems in an interoperable fashion. PAV
 Manage Domain

  Detailed description of Requirements Source
Definition Procedure to manage a set of Devices such that only those Devices can Use the same Governed Content PAV
Objective To enable groups of Devices and/or Users e.g. belonging to a family to Use the same Governed Content on any of the Devices in the group PAV
Requirements
  • Setting up a Domain, including the ability to distribute Rights Expressions that can only be used by Devices in the Domain
  • Joining a Domain
  • Authorising entry to a Domain
  • Leaving a Domain
  • Directing to leave a Domain, including the ability to exclude a Device so that it cannot process Rights Expressions associated with the Domain after the time of exclusion
  • Users with an authorised entitlement shall be able to fully control Domain membership and Content distribution.
  • Users without an authorised entitlement shall not be able to obtain confidential information related to the Domain
  • A Domain shall be configurable to permit a variety of distribution options between Devices belonging to the Domain, e.g. superdistribution of Content and Composite Content to Devices belonging to a sub-Domain within the Domain (e.g., specialized interest groups).
PAV
Benefits Enables content distribution to be both very wide and very specific, supporting many possible business models. PAV
  Enables Work distribution to be both very wide and very specific, supporting many possible business models. CMS
 Manage Device Capability

  Detailed description of Requirements Source
Definition The procedure by which a Device can acquire information of the capabilities of another Device PAV
Objective To determine the capabilities of a Device so that Content suitable for Use on it, or Rights Expressions, can be provided/acquired PAV
  To determine the capabilities of a Device so that a Work contained in the Content suitable for Use on it, or Rights Expressions, can be provided/acquired or not according to the Authors wishes CMS
Requirements
  • Protocol to ascertain that a device is a Device
  • Protocol to determine the Device’s Rights Expression interpretation capabilities
  • Protocol to determine the Device’s Use capabilities
  • A Device shall be able to identify another Device before distributing (or refusing to distribute) Content or Rights Expressions to that Device, however configurations for anonymity and/or confidentiality should be optional
  • Content shall include relevant Metadata identifying the characteristics of that Content and the Device capabilities required to process that Content
  • A Device shall be able to request and receive information identifying relevant capabilites of another Device before distributing (or refusing to distribute) requested Content or its associated Rights Expression to that Device
  • A Device shall be able to request and receive information identifying characteristics of Content before receiving (or refusing to receive) the Content or its Rights Expression
  • If a Device has received Content, the Device shall be able to determine whether it is able to process the Content before requesting the Rights Expression associated with it; the same shall apply if a Device has received the Rights Expression but has not received the Content
  • The solution shall provide sufficient flexibility to respect Users' wishes for anonymous use and confidentiality of information not necessary for the purpose of discovery of Device capabilities.
PAV
Benefits To enable Users to acquire Governed Content that matches their Devices’ capabilities. PAV
  To enable Users to acquire Governed Content which matches their Devices’ capabilities and allow Authors to control how their works are rendered or performed. CMS
 Manage Use Data Confidentiality

  Detailed description of Requirements Source
Definition Protocols that allow User A to negotiate the way User B will utilise acquired User and Use Data of User A PAV
Objective To let two Users determine how the information acquired during their interaction can be further utilised PAV
Requirements
  • Mechanism for protection of Use Data
  • Ability to decide the utilisation of Use Data
PAV
 
  • Use of broadcast Governed Content in a Footprint must support Use Privacy
PBB
Benefits Allows User confidence that their privacy will be protected, simultaneously allowing Providers to gain knowledge from User and Use Data to the extent this is agreed. PAV
 Access

 Access Content

  Detailed description of Requirements Source
Definition The function of searching and selecting Governed Content of interest to an End-User AHG3
Objective To let the End-User make the the best choice of Content AHG3
Requirements
  • Navigation aids can be downloaded and executed on a Common Open API
PBB
 
  • Access to authenticated Work and Author Descriptors
SMP
 
  • Access Content via multicast
BT
Benefits Easy and accurate retrieval of Works, Resources or pieces of  Content AHG3
Access License

  Detailed description of Requirements Source
Definition    
Objective    
Requirements
  • It shall be possible to make Access License Transparent to User
DC
Benefits    
 Process

 Encrypt

  Detailed description of Requirements Source
Definition Methods used to hide portions or totality of Content Data Elements PAV
Objective To prevent a user from using Content Data PAV
Requirements
  • Suitably flexible for a wide variety of Content Data
  • Efficiently implementable on a wide range of Devices
  • Based on Encryption Algorithms that are:
    • publicly disclosed
    • subject to constant scrutiny and evaluation by the worldwide cryptographic community
    • supporting stream and bulk ciphers
    • considered as secure
    • in broad use
  • The appropriate consideration of export restrictions.
PAV
 

 

 

 

  • Content may be governed but resources may not ne encrypted
  • Scalable encryption methods  (requires clarification by proponent)
  • Support
    • Facilitate efficient prefetch and decryption of child resources.
    • Efficient random access to content blocks for all linear content types.
  • Must not require player to extract content from aggregated files. (requires clarification by proponent)
DC
Benefits To protect Content and Rights Expressions from being read by unintended Users PAV
 Store

  Detailed description of Requirements Source
Definition The Function by which a piece of Governed Content enters a Device from a Delivery System and remains there for later Use AHG3
Objective Allow a User to Use a Piece of Content for a longer period of time AHG3
Requirements There are no identified requirements AHG3
Benefits The User can Use a Piece of Content for a longer period of time according to the Rights Expression AHG3
 Copy/Move

  Detailed description of Requirements Source
Definition The Function by which a piece of Governed Content can be transferred to another Device, leaving the original (Copy) and deleting the original (Move).

Copy and Move are executed according to the Rights Expression.

Grouped together as a higher-level Function, the "Copy/Move" function accomplishes the transfer of a piece of Governed Content between Devices, either leaving the original in place ("Copy") or deleting the original ("Move").
PAV
Objective To enable more use of the same piece of Governed Content PAV
Requirements
  • A protocol to communicate with another Device to accomplish the function required by the definitions of Copy/Move, including the point-to-multipoint case
  • The protocol should lend itself to secure implementations
  • The protocol should lend itself to efficient implementations on a wide variety of devices.
PAV
Benefits Allow controlled Copy and Move of Content PAV
 Backup/Restore

  Detailed description of Requirements Source
Definition The Function by which a Device can store a copy of a piece of Content or Governed Content (in case the Rights Expression is a Stateless Rights Expression) in a device where the (Governed) Content is not for Use, e.g. for the purpose of later restoring the (Governed) Content. Backup requires that the backup target be a non-DMP device and therefore does not result in a second usable copy. PAV
Objective to be able to backup/restore Content to an external device PAV
Requirements There are no identified requirements PAV
Benefits

To be able to make room for Governed Content in a Device without losing permanently the Governed Content that is removed from the Device.

PAV
 Export

  Detailed description of Requirements Source
Definition The Function by which a Device makes available a piece of Governed Content for use by a non-DMP DRM system. PAV
Objective To enable use of a piece of Governed Content outside of an Environment. PAV
Requirements
  • A protocol to communicate with a non-DMP DRM system. This includes, as a minimum, a means to identify non-DMP DRM systems
PAV
Benefits

A Rights Holder has the ability to extend the range of use of their Content to other governed environments.

PAV
 Import

  Detailed description of Requirements Source
Definition The Function by which a Device accesses a piece of content governed by a non-DMP DRM system. PAV
Objective To enable Use of a piece of governed content by a Device. PAV
Requirements
  • A protocol to communicate with a non-DMP DRM system. This includes, as a minimum, a means to identify non-DMP DRM systems  
PAV
Benefits

Enables Environments to be populated with governed content from sources outside of DMP.

PAV
 Play

  Detailed description of Requirements Source
Definition The Function of converting a piece of Content Data to a form that can be Rendered AHG3
Objective Provide the intended Experience to a User AHG3
Requirements
  • Time-shifted Play should be supported
  • Immediacy of Playing Content (without the need of complex username/password)
PBB

 

 

 

 

 

 

 

  • Governed content should be playable without negative effects on player performance. Media quality, etc.

  • Implementable in open-source players. (requires clarification by proponent)

  • Required features must be implementable on all current DTB reading systems. (make explicit which are the features of the current DTB reading systems for support in DMP)

  • Must allow rendering compatible with existing assistive technologies (screen readers, refreshable braille displays). (make explicit which are the existing assistive technologies for support in DMP

  • Can't ""hide"" text from other applications (e.g., screen-readers).

  • Players must inform the user of authorization failures

  • Protected books must fail gracefully when played in a legacy player

DC

Benefits   PAV
 Render

  Detailed description of Requirements Source
Definition The temporary transmission of content during playback/access to an external device for rendering. The rendering device may be a DMP Device PAV
Objective To Render Resources, Metadata and License securely. PAV
Requirements
  • A protocol to communicate with the external rendering device. This includes
    • a means to identify external rendering devices
  • Ability to work with standards already in place or in development for the networked home.
PAV
 
  • License must be disclosed to human user in a usable form (education about rights, restrictions, penalties).
  • Content should be rendered without markup.
DC
Benefits Interferes with capture of the rendered bitstream. PAV
 Bind

  Detailed description of Requirements Source
Definition The function of binding different sets of data CMS
Objective To make available, possibly in a persistent form, specific sets of data, e.g. an identifier and the data identified CMS
Requirements
  • The ability to Associate Persistently Work related information to all copies of Content containing that Work and all child copies and variations thereof that retain the Work and/or variation.
CMS
Benefits

In the case of persistent association the ability to Distribute Data that are tightly bound to other Data

CMS
 Pay

  Detailed description of Requirements Source
Definition Providing Use, User, Device and Governed Content information to a payment system external to an Environment PAV
Objective To enable flexible payment systems such as subscription, pre-payment or transaction-based payment by a single Device, a Domain or a User. PAV
Requirements
  • The ability to support multiple payment methods and mechanisms
PAV
Benefits Automated payment PAV
 Test Conformance

Test Conformance of Rights Expressions

  Detailed description of Requirements Source
Definition  Verifying that a Rights Expression is interpreted and provides the output as intended by the originator of the Rights Expression  
Objective  To verify Conformance of the engine interpreting the Rights Expressions  
Requirements IED Conformance shall be assessed and regulated according to industrial compliance regime PBB
Benefits  It is essential for a Rights Holder that a Device will correctly interpret Rights Expressions.  
 Test Conformance of Enforcing Rights Expressions

  Detailed description of Requirements Source
Definition  Verifying that the Functions corresponding to the output are executed as intended  
Objective  To verify Conformance of the engine executing the Rights Expressions  
Requirements IED Conformance shall be assessed and regulated according to industrial compliance regime PBB
Benefits  It is essential for a Rights Holder that a Device will correctly execute the intepreted Rights Expressions.  
 Test Conformance of Tamper resistance

  Detailed description of Requirements Source
Definition Defining the levels of tamper resistance and the methods to be used when an implementation is put under test for tamper resistance to determine such levels  
Objective  To verify the robustness of a Device to attacks  
Requirements TBD PBB
Benefits  It is essential for a Rights Holder that a Device is implemented in a way that makes it difficult for an attacker to tamper with it.  
 

Annex A

#  

Value-chain User

Acr.

Definition

1.       

Author

AUT

A User who creates Works

2.       

Performer

PRF

A User who Uses Works to make Content

3.       

Collective Management Society

CMS

A User who provides collective representation to its member, e.g. Authors, Performers, Publishers etc.

4.       

Producer

PRD

A User who produces Content

5.       

Publisher

PBL

A User who makes Content available to the public

6.       

Syndicator

SND

A User who manages and provides Content to Retailers using a variety of  purchase options

7.       

Metadata Service provider

MTP

A User who recognises, assigns, delivers and processes structured metadata

8.       

Mediation Service provider

MDP

A User who provides mediator/agent Services to broker “closed” information such as actor identity

9.       

Resolution Service provider

RSP

A User who provides the Service of mapping disparate sets of Metadata

10.   

Repository

RPS

A User who offers Services to name, describe, locate, access, manage, and secure information about Content

11.   

Monitoring Service provider

MNP

A User who provides Use Data information in aggregated form

12.   

Marketer

MKT

A User who provides promotional, sale enhancement, brand enhancement and Merchandising Services

13.   

Aggregator

AGG

A User who provides procuring, packaging, presenting, cataloguing, archiving, indexing and promoting Services typically to Retailers

14.   

Retailer

RTL

A User who sells or Licenses Content to an End-user

15.   

Technology licensing provider

TLP

A User who provides Device Manufacturers and Platform providers with a license to utilise patented technology to make Devices and Platforms

16.   

Device Manufacturer

DVM

A User who manufactures or assembles hardware and/or software components to make Devices

17.   

Connectivity provider

CNP

A User who provides point-to-point or point-to-multipoint connectivity between Users

18.   

Network Service provider

NTP

A User who provides IP (or equivalent) services and typically various other services above it, e.g. guarantee of quality of service

19.   

Platform Service provider

PLP

A User who provides services on (parts of) the technology infrastructure of a Value-chain

20.   

Security provider

SCP

A User who provides technologies and services related to the security technologies and all levels of relevant computer and network security solutions

21.   

Certificate Authority

CRA

A User who issues digital certificates used to create digital signatures and public-private key pair

22.   

Conformance certification provider

CCP

A User who provides conformance, robustness and encoding rules along with certification of satisfying same.

23.   

Clearing House

CLH

A User who collects Value Expressions from other Users to distribute to Right Holders for the purchase of Use Rights over a given instance of Content

24.   

Financial Service provider

FSP

A User who provides the infrastructure for financial transactions, and accept deposits and channel the money into lending activities

25.   

End-user

ENU

The last User in a Value-chain

26.   

Reseller

RSL A User who possesses the Right, acquired by sale, License or other transfer, to control the disposition and transfer of Content from End-users to different End-users

27.   

Public Authority

PBA

A User who provides rules relating to the Use of Content and taxation on transactions related to Content.

 

Annex B

Acronym Name
AHG3 Ad hoc group established by DMP General Assembly
AHG6 Ad hoc group established by DMP General Assembly
CMS Collective Management Societies
DC Daisy Consortium
ENU End-User
GA04 4th DMP General Assembly
PAV Portable Audio and Video Device Requirements
PBB Public Service Broadcasters
PRD Producers
SMP Sheet Music Publishers
Statutes DMP Statutes
TO Telecommunication Operators
 

From Daisy Consortium

Minimize impact of DRM system on DTB specs.

Will consider adaptation of DMP spec to DTB systems

No implementation of DRM shall depend upon a particular interpretation of 2.02 or Zed (eg ncx vs spine).

Please explain

Any valid DAISY 2.02 book can be protected including multivolume books Please explain
Any valid Z39.86 book can be protected including multivolume books. Please explain