The Digital Media Project
Preliminary Review of Requirements for MPEG-21 IPMP
|Affiliation/additional information:||Active contributor, Pasadena, California, US|
The following is a preliminary and very cursory review through the Requirements for MPEG-21 IPMP, responding to the following challenge Leonardo posed to the DMP reflector:
----- Original Message -----
From: "Leonardo Chiariglione"
To: "Digital Media Project (E-mail)"
Sent: Tuesday, March 30, 2004 9:59 AM
Subject: [DMP] More requirements from MPEG-21
At the last (68th) meeting in Munich MPEG has approved a Call for Proposals (CfP) on MPEG-21 Intellectual Property Management and Protection (IPMP). The CfP makes reference to a documents on MPEG-21 IPMP Requirements. You can find both documents at
The requirements document is obviously :-) an excellent piece of work, with one footnote. The requirements appearing there are the result of a long (very long) process where requirements have been proposed by members, discussed, retained or rejected on the basis of them making sense or not to those who have worked on them. The requirements are not the result of a DMP-like process.
I do not expect that the MPEG-21 requirements be contradictory to DMP's.
Still I think it would make sense to try and compare the MPEG-21 requirements with those of
For those requirements that are new it would be intersting to inquire as to which TRU may generate them.
Any taker of this proposal?
So the following is my quick take on each of the RQs regarding how I believe they should be considered from a DMP point of view. It is my expectation that I or someone else will propose new DMP RQs modeled on these, and so I thought to expose my "Quick Sort" thinking on these to general inspection, especially hoping to be corrected, amended or revised by the different perspectives of others. My brief commentary is in bold beneath each RQ; please note most of these also have Notes and Examples provided at the source document.
2 General Requirements
2.1 Interoperating with other parts of MPEG-21
Requirement MPEG-21 IPMP shall be compatible with other MPEG 21 parts.
not applicable (n/a)
2.2 Flexibility and extensibility
Requirement MPEG-21 IPMP shall be flexible and extensible.
We have extensibility for TRU support: "DMP GA01 RQ42 extensibility of rights expressions and conditions for DMP DRM compliant bitstreams/files such that new, trusted and duly authorized semantics and syntax can be introduced periodically over time". But we should add flexibility and possibly expand the scope of what should be flexible and extensible.
2.3 Leverage on Industry Standards
Requirement MPEG-21 IPMP shall use existing MPEG and other widely-adopted industry standards, wherever possible, for any mechanisms and methods required for effective management and protection of IP associated with Digital Items across multiple implementations of MPEG-21 Peers.
Does DMP have a position on this yet? And how good is this without adequate follow-up, as we have discussed for the standards activities regarding liaisons and keeping abreast of related standards.
2.4 Leverage of other MPEG IPMP standards
Requirement MPEG-21 IPMP should leverage the existing IPMP specifications to the extent possible and it is also desirable to harmonize MPEG-21 IPMP with MPEG-2/4 IPMP.
2.5 Interoperability among Peers
Requirement MPEG-21 IPMP shall enable interoperability across Peers.
Do we have enough for this or do we need more?
2.6 Compatibility with non-IPMP Peers
Requirement MPEG-21 IPMP shall support non-IPMP Peers interacting with a Digital Item containing both governed and ungoverned parts and accessing non-governed material.
What about the one that we have? We have mostly addressed our related RQs to the file/bitstream level. Perhaps this gives us a way to address the IED level.
2.7 Ungoverned DIs
Requirement The addition of IPMP information to governed parts shall not affect the ungoverned parts.
2.8 IPMP information
2.8.1 Carriage of IPMP related information in a DID
Requirement It shall be possible to include IPMP related information in Digital Item Declarations
already in DMP RQs?
2.8.2 Recognition of IPMP information
Requirement MPEG-21 IPMP shall specify how to recognize IPMP information in a DID as IPMP information.
YES, create a DMP RQ for this
2.9 Granularity of IPMP indication
Requirement IPMP shall provide flexibility in the granularity at which elements of an IPMP System can be indicated.
YES, create a DMP RQ for this
2.10 Binary representation
Requirement MPEG-21 IPMP shall be compatible with binary representations of MPEG-21 DIs.
already in DMP RQs?
2.11 Profile Support
Requirement MPEG-21 IPMP shall allow profiling its specification to support a particular application space.
Does this apply to DMP?
2.12 Governed use of protected DI (parts)
Requirement: MPEG-21 IPMP shall support mechanisms and tools for governed use by Peer of a DI and its protected parts.
YES, already in RQs but we might need more
3 Management Requirements
Requirement MPEG-21 IPMP shall support renewability of IPMP Capabilities and Tools.
What does "Renewability" mean?
3.2 License Management (SEE comments below 3.2.4)
3.2.1 License association
Requirement MPEG-21 IPMP shall support at least the following 4 cases of associating licenses with the target of their governance:
· License within DI
· License referenced within DI
· License service referenced within DI
· None of the above, but license references DI
3.2.2 License retrieval indication
Requirement MPEG-21 IPMP shall specify the means to indicate in the DI:
· the location from which the applicable license may be retrieved
· a method or process for acquiring the applicable license
3.2.3 Revocation of Licenses
Requirement MPEG-21 IPMP shall support mechanisms for revocation of licenses.
3.2.4 Unambiguous expression of governance
Requirement MPEG-21 IPMP shall support unambiguous association of rights expressions with the appropriate part(s) of the DI.
If we are ready to talk about licenses in the DMP spec, then we need RQs for all of these 3.2 License Management MPEG-21 RQs, possibly more than what is here.
3.3 Capability Management (SEE comments below 3.3.5)
3.3.1 Unique identification of IPMP Tools and Capabilities
Requirement MPEG-21 IPMP shall provide a mechanism by which IPMP Tools and Capabilities can be uniquely identified.
3.3.2 Expression of required IPMP Capabilities
Requirement MPEG-21 IPMP shall support expression of the IPMP Capabilities of a Peer that are required for interaction with a complete Digital Item or part thereof.
3.3.3 Capability Disclosure
Requirement MPEG-21 IPMP shall support describing the IPMP Capabilities of a Peer.
3.3.4 Capability Matching
Requirement MPEG-21 IPMP shall specify mechanisms for determining whether a disclosed IPMP Capability meets a required IPMP Capability.
3.3.5 Capability Queries
Requirement MPEG-21 IPMP shall support querying an MPEG-21 Peer for its IPMP Capabilities and Tools.
I'd say in all of these 3.3 Capability Management RQs, we need to make DMP RQs, to support what Leonardo has called the need to render data in a manner suitable for the device
3.4 Trust Management
3.4.1 Support for Trust Management Requirement MPEG-21 IPMP shall support but not specify the mechanisms by which it can be determined that a Governed Domain or User is Trusted.
3.4.2 Trust Management related information
Requirement MPEG-21 IPMP shall support expression of Trust Management related information.
3.4.3 Carriage of Trust Management related information
Requirement MPEG-21 IPMP shall specify how Trust Management related information is carried in a DID.
Sure we need this, but we already have some and what about Martin's reference to http://www.bsi.de/trustcomp/stellung/StellungnahmeTCG1_2a_e.pdf? "the BSI (Bundesamt fuer Sicherheit in der Informationstechnik) is the central IT security service provider of the German government. If you are interested in the German Government's RQs for IDP/IED, you might want to download the Federal Government's Comments on the TCG and NGSCB in the Field of Trusted Computing..." Also, are Trust and Authentication DEUs? These MPEG-21 IPMP RQs on trust strike me as skimpy.
3.5 Usage State Management
Requirement MPEG-21 IPMP shall support usage state information, and its persistent confidentiality, integrity and availability throughout its entire lifecycle.
YES, but needs more?
3.6 Support for secure event reports
3.6.1 Response to governed Event Report Requests Requirement MPEG-21 IPMP shall support the Governance and Protection of Event Report Requests.
3.6.2 Governance of Event Reports
Requirement MPEG-21 IPMP shall support the Governance and Protection of Event Reports.
maybe, but it strikes me that we are getting into terminology-dependent considerations here
3.7 Dependence on inter-Peer communication
3.7.1 Unconnected/connected operation
Requirement MPEG-21 IPMP shall support operations in connected and unconnected environments.
3.7.2 Removable Media support
Requirement MPEG-21 IPMP shall support the exchange of Governed DIs using removable media.
3.7.3 Read-only Media support
Requirement MPEG-21 IPMP shall support Governed DIs stored on read-only media.
already in RQs?
3.7.4 Service models not requiring disclosure of user information
Requirement: MPEG-21 IPMP shall support service models requiring user information not to be disclosed to third parties.
4 Protection & Governance Requirements
4.1.1 Protection of Digital Item parts
Requirement MPEG-21 IPMP shall support the Protection of different parts within the same DI in different ways.
4.1.2 Protection detection
Requirement MPEG-21 IPMP shall provide means for detecting that a DI or part of a DI is Protected.
4.2.1 Determination of governance
Requirement MPEG-21 IPMP shall provide means for detecting that a DI or part of a DI is Governed.
4.2.2 Governance on DID parts
Requirement It shall be possible to mix governed and ungoverned elements in a single Digital Item.
4.3 Protected and Governed Associations
Requirement MPEG-21 IPMP shall support Protected and Governed associations between DIs and DI parts.
YES but...without DI terminology?
4.4 Support for Persistent Association
Requirement MPEG-21 IPMP shall support Persistent Association Tools.
How does this compare with what we have?
4.5.1 IPMP Tools Authentication
Requirement MPEG-21 IPMP shall support authentication of IPMP Tools.
4.5.2 Authenticate User/Peers/Governed Domains
Requirement MPEG-21 IPMP shall support the authentication of Users, Peers and Governed Domains.
4.6 IPMP Adaptation of Governance and/or protection
Requirement MPEG-21 IPMP shall support mechanisms for governed adaptation of governance and/or protection at any point in the lifecycle of the DI.
YES but...is this enough, is this the right terminology, and how is this "bound" with Trust?
I had initially hoped we could move many of these over to DMP on a piecemeal basis, with a little revision. Certainly protection, trust and authentication relate to TRU technological access restrictions, and then some of these touch on privacy considerations. But I am very concerned about pouring these over now because the conceptual divisions and the MPEG-language terminology have strengths that could distort DMP RQs as strong thread harms soft fabric.
Comparing these with the 7 broad categories I proposed for the GA01 RQs at http://www.chiariglione.org/contrib/040330merrill01.htm, I can imagine a time in the not too distant future in which these MPEG RQs would provide a valuable lens to look over our DMP RQs for completeness, repairing omissions, even including adding overt connections to MPEG work. As it stands now I find aspects of this problematic, although I hope comments on the above will help light the way to solutions. I would love some meaningful objections to the above that can move us forward swiftly, so the MPEG-21 IPMP RQs will help us wth our GA02 RQ output.