The Digital Media Project  
Source L. Chiariglione
Title A walkthrough in the DMP Phase I specification No. 050509chiariglione01

 

A walkthrough in the DMP Phase I specification

 

Executive Summary

This document provides an overview of the Interoperable DRM Platform, Phase I (IDP-1), the first Technical Specification published by the Digital Media Project (DMP).

Table of Contents

Executive Summary

Table of Contents

1      Introduction 

2      DRM technologies as a toolkit

3      Use Cases 

3.1       Open Release

3.2       Open Search 

3.3       Home Distribution #1 

3.4       Home Distribution #2 

3.5       Internet Distribution

3.6       Smart Retailer

3.7       Personal Photography

4      Architecture 

5      Interoperable DRM Platform

5.1       Represent

5.1.1        Represent Content 

5.1.2        Represent Keys 

5.1.3        Represent Rights Expressions 

5.2       Identify

5.2.1        Identify Content 

5.2.2        Identify Licenses

5.2.3        Identify Devices 

5.2.4        Identify Domains

5.3       Package

5.3.1        Package Content 

5.4       Authenticate 

5.4.1        Authenticate Device 

5.5       Manage 

5.5.1        Manage Domains 

5.6       Access

5.6.1        Access Content 

5.6.2        Access License

5.6.3        Update/Upgrade License 

5.7       Process 

5.7.1        Binarise XML

5.7.2        Encrypt/Decrypt

6      Value-Chains 

7      Registration Authorities

8      Terminology 

 

1          Introduction

The Digital Media Project (DMP) is a non-profit Association registered in Geneva, Switzerland. In accordance to its founding principles, DMP promotes the development, deployment, and use of digital media that safeguard the rights of creators to exploit their works, the wish of consumers to fully maximise the benefits of digital media, and the commercial interests of value-chain players to provide products and services.

The principal means to realise the goals of DMP is through the development of Technical Specifications. The first such document has been published on the 5th of May 2005 as Interoperable DRM Platform, Phase I (IDP-1). IDP-1 has been designed to enable the implementation of digital media services based on Portable Audio and Video (PAV) Devices.

IDP-1 is structured in 6 parts:

  1. Use Cases

  2. Architecture

  3. Interoperable DRM Platform

  4. Value-Chains

  5. Registration Authorities

  6. Terminology

 Purpose of this document is to illustrate the main elements of IDP-1.

Note that words in upper case have the meaning defined in chapter 8 (extracted from IDP-1), unless another meaning is explicitly declared.

 

2          DRM technologies as a toolkit

DMP specifications have been designed to provide Interoperability between value-chain players of Governed (i.e. DRM protected) digital media within and between Value-Chains.

Media value-chains are manifold and a greater variety of digital media value-chains can be expected in the future. To support Interoperability in such unpredictable environment, the only practical solution is to provide standardised DRM technologies that Value-Chain Users can configure to suit their needs. The Interoperable DRM Platform (IDP) is the assembly of standardised technologies that DMP calls Tools

The IDP toolkit provides four major advantages:

  1. A great variety of Value-Chains can be implemented using a combination of standard technologies drawn from the IDP toolkit

  2. Unpredictably new Value-Chains can be supported through standardisation of additional Tools

  3. Access to standardised Tools may have reduced cost because Tools may find multiple usages and may be provided by multiple competing suppliers

  4. An enhanced degree of interoperability is achieved between different Value-Chains.

 

3          Use Cases

Use Cases have been selected to show that IDP-1 Tools can be employed to implement a broader variety of application scenarios than suggested by PAV Deices.

Here is a brief introduction to the 7 Use Cases considered.

3.1         Open Release

This Use Case shows how it is possible to Release Content, e.g. on the web, in a Governed fashion, but without applying heavy-weight protection technologies. Open Release can, for example, enables somebody to Release Content now with a very broad License of use without jeopardising future opportunities of other forms of Release.

3.2         Open Search

This Use Case builds on the previous Use Case and envisages a Content search service that utilises the rich Metadata associated with Open Release Content and their terms of License to provide enhanced services.

3.3         Home Distribution #1

This Use Case envisages new forms of Content Use in the home that leverages on the existence of Domains (e.g. corresponding to a family) and sub-Domains (e.g. corresponding to the set of Devices belonging to one member of a family).

3.4         Home Distribution #2

This Use Case shows how it is possible to dissociate distribution of Content using robust DRM technologies from a consumption model that easily maps to existing models.

3.5         Internet Distribution

This Use Case shows how it is possible to lower the entry threshold to Content distribution by applying IDP-1 technologies once DMP PAV Devices have been broadly deployed.

3.6         Smart Retailer

This Use Case shows how different retailing strategies can be implemented by using the flexibility of the Rights Expression Language (REL).

3.7         Personal Photography

This Use Case shows how IDP-1 Tools can be used to enhance privacy in the specific case of distribution of personal photographs.

4          Architecture

The purpose of the Architecture is to provide an overview of a general digital media Value-Chain enabled by IDP-1 technologies.

The process starts at the moment a Work is generated by a Creator in the form of a Manifestation that needs to be Instantiated before it can become an Instance carried in Resources. Creators, Producers and Instantiators will typically have the objects that contain their intellectual property uniquely Identified by appropriate Users Registration Agencies generating Metadata.

Different types of Resources are typically combined with different types of Metadata as a single Entity called Content by DMP. The digital Representation of Content called DMP Content Information (DCI). Content will also be uniquely Identified by Registration Agencies.

For the purpose of delivering Content from a User to another, DCI and its referenced Resources need to be Packaged. IDP-1 specifies Tools to create a File using a file format called DMP Content Format (DCF).

A User delivering Governed Content to another User expresses the conditions to Use that Content by means of a License which Grants Rights to a User to Use a Content Item. A language to Represent Rights Expressions is required so that a Device can interpret Rights.

IDP provides a Tool to Access a Content Item with a License that is Bundled within the Content. As IDP-1 only supports Portable Audio and Video (PAV) Devices, the Tool is employed by an external device (XD), e.g. a PC that Accesses the Content Item and transfers it to the PAV Device.

A Content Item without a Bundled License can reach the Device in some unspecified way. In this case XD uses another IDP Tool to Access a License. XD will then create a DCF of the Content Item with the License Bundled within the Content and transfer it to the PAV Device.

Both Tools when invoked require the establishment of a Trust  relationship between Devices, which in turn requires the ability to Identify and Authenticate Devices. IDP-1 supports Domains defined as groups of Devices to which Content can be Licensed as well.

To Use a Governed Content Item the PAV Device will typically have to Parse the DCF to obtain the License and to Parse the License to obtain the Resource Decryption Keys. These will be employed to Decrypt Resources that will be Used according to the Rights Granted in the License.

5          Interoperable DRM Platform

IDP-1 provides the key technologies that are required to implement the walkthrough above. These are grouped in 7 major categories of Tools: Represent, Identify, Package, Authenticate, Manage, Access and Process.

5.1         Represent

This category comprises 3 Tools: Content, Keys and Rights Expressions.

5.1.1        Represent Content

In DMP Content is a combination of Resources, Metadata, Content and Rights Expressions. Therefore Represent Content is the set of Tools used to provide a digital Representation that can be processed by a Device. DMP calls Such a Content Representation DMP Content Information (DCI).

DCI provides the means to convey Identifiers, associate information and Metadata and associate information with Governed Content.

DCI is an extended profile of MPEG-21 Digital Item Declaration and IPMP Components.

5.1.2        Represent Keys

Keys are used to Encrypt and Decrypt Keys, Metadata and Resources. Represent Key is the Tool to express the Keys and relevant Data.

5.1.3        Represent Rights Expressions

Rights Expressions are used to declare Rights and permissions. A Rights Expression Language (REL) is the Tool that enables the digital Representation of such Rights Expressions that a Device can process and interpret.

The DMP REL is an extended combination of 3 MPEG-21 REL Profiles: Core, Standard Extension and Multimedia Extensions.

5.2         Identify

IDP-1 provides Tools to Identify Content, Licenses, Devices and Domains.

5.2.1        Identify Content

DMP Content can be Identified by means of Identifiers that conform to the Uniform Resource Names (URN) scheme.

This is based on MPEG-21 Digital Item identification.

5.2.2        Identify Licenses

A License is a particular type of Content. Therefore their Identification follows the general rules of Content Identification.

5.2.3        Identify Devices

IDP-1 provides Tools to Identify two types of Device: those provided with a Certificate (Certificate-based Identification) and those without (Device info-based Identification). In the former case an X.509 Certificate is utilised as Device Identifier while in the second a unique Identifier is generated based on the Device information.

For both cases IDP-1 provides:

5.2.4        Identify Domains

Domains are groups of Devices aggregated into a single entity for specific purposes.

IDP-1 provides tools to

5.3         Package

5.3.1        Package Content

To deliver Content between Users it is necessary to Package Content in files or streams.

IDP-1 provides Tools to Package Content in Files. Such files contain the DCI with some or all of its ancillary Resources. Those Resources that are not in the file are referenced.

The File Format is DCI is an extended profile of the MPEG-21 File Format which is based on the ISO Base Media File Format.

5.4         Authenticate

5.4.1        Authenticate Device

Devices must be Trusted before they are allowed to Use Content. Authenticate is a group of Tools to recognise and enable Trust between Devices.

IDP-1 provides three different types of Device Authentication

5.5         Manage

5.5.1        Manage Domains

IDP-1 provides a set of Tools to Manage Domains. The functionality of the Protocols includes:

5.6         Access

5.6.1        Access Content

IDP-1 provides Tools to Access a Content Item with a Bundled License.

5.6.2        Access License

IDP-1 provides Tools to Access a License when a Content Item has no Bundled License.

5.6.3        Update/Upgrade License

IDP-1 provides Tools to update or upgrade a License.

5.7         Process

5.7.1        Binarise XML

This Tool enables the transformation of XML document to a binary format before transmission or storage.

IDP-1 employs BiM, the XML binarisation technology standardised by MPEG-7.

5.7.2        Encrypt/Decrypt

IDP-1 employs 1 symmetric Encryption algorithm (AES) in 2 modes and 1 asymmetric Encryption algorithm (RSA).

6          Value-Chains

IDP-1 provides descriptions of how the Use Cases in chapter 3 can be implemented using the IDP-1 Tools.

By giving a normative value to Value-Chains DMP does not imply that the Use Cases can only be implemented as specified in IDP-1. DMP simply intends to provide example implementations so that those Users who assemble the Tools as specified in IDP-1 will be able to interoperate with other Users who will assemble the Tools in a similar way.

7          Registration Authorities

The task of Identifying Entities such as Content, Devices and Domains is a critical one, e.g. in the case of Devices, where Identification constitutes a key element of Trust establishment. This Identification task is typically carried out by several organisations that are properly accredited by a root authority.

In this regard the role of DMP is to appoint the root authority – called Registration Authority – for any type of Entity for which Identification is required. A Registration Authority is responsible for allocating namespaces. The Registration Authority then appoints Registration Agencies on the basis of agreed rules as specified in IDP-1.

8          Terminology

 

Access

The Function of making available Content, License or Governed Content to a Device so that a Device can execute Functions

Adapt

The Function of modifying the attributes of a Resource, such as converting 5-channel music to 2-channel music, or sub-sampling a high-definition video to a standard-definition video, etc.

Adaptation

Any change in an existing Manifestation of a Work that results in a new Manifestation of that Work

Adaptor

A User who produces an Adaptation

(Registration) Agency

A User appointed by a Registration Authority to Assign Identifiers within the allocated subordinate name space

Bundle

The Function of binding two sets of Data

Authenticate (Data, Device, User)

The Function of proving the identity of Data or Device or User to a Device or User

(Registration) Authority

A User appointed by DMP to obtain and manage a URN namespace as a prefix for URN-formed Identifiers

Content

A structured combination of Resource Type(s) and Metadata

Content Item

Content Data representing a uniquely Identified object, such as but not limited to an Instance

(Domain) Context

A set of Data used in Managing a Domain

Creator

A User who generates a Work and produces its first Manifestation

Data

Information converted to a form that is processable by a Device

DCF (DMP Content Format)

The Packaging of Resources and DCI in a File

DCI (DMP Content Information)

Structured representation of the Information about Resources, Metadata and Governance that are part of a Content Item

Decrypt

The Function of restoring previously unreadable Data to a readable form using a Key

Device

A system conforming to Approved Documents that allows a User to execute Access to and Functions on Content

Domain

A set of Devices sharing some common attributes, such as personal or group ownership that is appropriate for various business models

Encrypt

The Function of making Data unreadable unless a Key is available to restore the Data to a readable form

End-User

A User in a Value-Chain who ultimately consumes Content

Entity

Any type of Data, Device, Domain and User

File

Identifiable Data which is Stored on a Device

Function

An action executed by a Device on Governed Content

Govern

The Function of applying one or more usage rules to a Content Item

Governed Content

A Content Item combined with a License

Grant

The Function of a User asserting to another User the Rights to Use a Content Item

Identify

The Function of Assigning a unique signifier that establishes the identity of Users, Devices, Domains, Works, Manifestations and Data

Identifier

The unique signifier Assigned by Identification

Instance

An object or event which is an example of an Identified Manifestation (e.g. File)

Instantiator

A User who produces an Instance

Interoperability

The capability for Users (including End-Users) to technically execute Functions through Interfaces and Protocols, based on open specifications, with predictable results

Key

Data used by a cryptographic method to make cleartext Data Encrypted or, conversely, Encrypted Data cleartext

License

Data Representing the Rights expressed by Rights Expressions that are Granted by one User to another User

Manifestation

An object or event which is an expression of a Work

Metadata

Data (e.g. Identifiers, Descriptors, etc.) not including Use Data, Rights Expressions and Licenses that is distinct from but directly related to Works and Resources

Package

The Function of processing Content for the purpose of delivering it between Users

Parse

The Function of looking for useful Data in Data

Platform

The technology infrastructure that enables Users to Use Content

Produce

The Function of producing Content based on Published Content or previously unpublished Works

Protocol

A description of Data formats and rules a Device must follow to exchange those Data with other Devices

Release

The Function of a Producer who makes a Content Item available to other Users, e.g. at commercial terms

Represent

The Function of expressing information in a form that is processable by a Device

Resource

Data (e.g. an MP3 file) that can be processed by a Device and Rendered in a form that is meaningful to a User

Right

The ability to execute Functions on a Governed Content Item

Rights Expression

Data that can be processed to obtain the list of Functions that can be performed on a Governed Content Item and the conditions under which they can be performed

Tool

A technology capable of implementing a Function

Trust

A state where Users, Devices, or Content Data enable Users to execute Functions on Governed Content

Use

The execution of a Function on a Content Item by a Device

Use Case

A description of a specific case involving the establishment and operation of a Value-Chain that can be implemented using the means specified in DMP Approved Documents

User

Any person or legal entity who is in a Value-Chain connecting (and including) Creator and End-User. For the purpose of the current phase of DMP Approved Documents a User is represented by a device or by a User Identity on the Device (e.g. username/password).

Value-Chain

A group of interacting Users, connecting (and including) Creators to End-Users

Work

A creation that retains intellectual or artistic attributes independently of its multiple Manifestations