| The Digital Media Project | |||
| Source | L. Chiariglione | ||
| Title | A walkthrough in the DMP Phase I specification | No. | 050509chiariglione01 |
A walkthrough in the DMP Phase I specification
This document provides an overview of the Interoperable DRM Platform, Phase I (IDP-1), the first Technical Specification published by the Digital Media Project (DMP).
|
3.1 Open Release. |
|
3.2 Open Search |
|
3.6 Smart Retailer. |
|
3.7 Personal Photography. |
|
5.1 Represent. |
|
5.1.1 Represent Content |
|
5.1.2 Represent Keys |
|
5.2 Identify. |
|
5.2.1 Identify Content |
|
5.2.2 Identify Licenses. |
|
5.2.3 Identify Devices |
|
5.2.4 Identify Domains. |
|
5.3 Package. |
|
5.3.1 Package Content |
|
5.4 Authenticate |
|
5.4.1 Authenticate Device |
|
5.5 Manage |
|
5.5.1 Manage Domains |
|
5.6 Access. |
|
5.6.1 Access Content |
|
5.6.2 Access License. |
|
5.6.3 Update/Upgrade License |
|
5.7 Process |
|
5.7.1 Binarise XML. |
|
5.7.2 Encrypt/Decrypt. |
The Digital Media Project (DMP) is a non-profit Association registered in Geneva, Switzerland. In accordance to its founding principles, DMP promotes the development, deployment, and use of digital media that safeguard the rights of creators to exploit their works, the wish of consumers to fully maximise the benefits of digital media, and the commercial interests of value-chain players to provide products and services.
The principal means to realise the goals of DMP is through the development of Technical Specifications. The first such document has been published on the 5th of May 2005 as Interoperable DRM Platform, Phase I (IDP-1). IDP-1 has been designed to enable the implementation of digital media services based on Portable Audio and Video (PAV) Devices.
IDP-1 is structured in 6 parts:
Use Cases
Architecture
Interoperable DRM Platform
Value-Chains
Registration Authorities
Terminology
Purpose of this document is to illustrate the main elements of IDP-1.
Note that words in upper case have the meaning defined in chapter 8 (extracted from IDP-1), unless another meaning is explicitly declared.
DMP specifications have been designed to provide Interoperability between value-chain players of Governed (i.e. DRM protected) digital media within and between Value-Chains.
Media value-chains are manifold and a greater variety of digital media value-chains can be expected in the future. To support Interoperability in such unpredictable environment, the only practical solution is to provide standardised DRM technologies that Value-Chain Users can configure to suit their needs. The Interoperable DRM Platform (IDP) is the assembly of standardised technologies that DMP calls Tools
The IDP toolkit provides four major advantages:
A great variety of Value-Chains can be implemented using a combination of standard technologies drawn from the IDP toolkit
Unpredictably new Value-Chains can be supported through standardisation of additional Tools
Access to standardised Tools may have reduced cost because Tools may find multiple usages and may be provided by multiple competing suppliers
An enhanced degree of interoperability is achieved between different Value-Chains.
Use Cases have been selected to show that IDP-1 Tools can be employed to implement a broader variety of application scenarios than suggested by PAV Deices.
Here is a brief introduction to the 7 Use Cases considered.
This Use Case shows how it is possible to Release Content, e.g. on the web, in a Governed fashion, but without applying heavy-weight protection technologies. Open Release can, for example, enables somebody to Release Content now with a very broad License of use without jeopardising future opportunities of other forms of Release.
This Use Case builds on the previous Use Case and envisages a Content search service that utilises the rich Metadata associated with Open Release Content and their terms of License to provide enhanced services.
This Use Case envisages new forms of Content Use in the home that leverages on the existence of Domains (e.g. corresponding to a family) and sub-Domains (e.g. corresponding to the set of Devices belonging to one member of a family).
This Use Case shows how it is possible to dissociate distribution of Content using robust DRM technologies from a consumption model that easily maps to existing models.
This Use Case shows how it is possible to lower the entry threshold to Content distribution by applying IDP-1 technologies once DMP PAV Devices have been broadly deployed.
This Use Case shows how different retailing strategies can be implemented by using the flexibility of the Rights Expression Language (REL).
This Use Case shows how IDP-1 Tools can be used to enhance privacy in the specific case of distribution of personal photographs.
The purpose of the Architecture is to provide an overview of a general digital media Value-Chain enabled by IDP-1 technologies.
The process starts at the moment a Work is generated by a Creator in the form of a Manifestation that needs to be Instantiated before it can become an Instance carried in Resources. Creators, Producers and Instantiators will typically have the objects that contain their intellectual property uniquely Identified by appropriate Users Registration Agencies generating Metadata.
Different types of Resources are typically combined with different types of Metadata as a single Entity called Content by DMP. The digital Representation of Content called DMP Content Information (DCI). Content will also be uniquely Identified by Registration Agencies.
For the purpose of delivering Content from a User to another, DCI and its referenced Resources need to be Packaged. IDP-1 specifies Tools to create a File using a file format called DMP Content Format (DCF).
A User delivering Governed Content to another User expresses the conditions to Use that Content by means of a License which Grants Rights to a User to Use a Content Item. A language to Represent Rights Expressions is required so that a Device can interpret Rights.
IDP provides a Tool to Access a Content Item with a License that is Bundled within the Content. As IDP-1 only supports Portable Audio and Video (PAV) Devices, the Tool is employed by an external device (XD), e.g. a PC that Accesses the Content Item and transfers it to the PAV Device.
A Content Item without a Bundled License can reach the Device in some unspecified way. In this case XD uses another IDP Tool to Access a License. XD will then create a DCF of the Content Item with the License Bundled within the Content and transfer it to the PAV Device.
Both Tools when invoked require the establishment of a Trust relationship between Devices, which in turn requires the ability to Identify and Authenticate Devices. IDP-1 supports Domains defined as groups of Devices to which Content can be Licensed as well.
To Use a Governed Content Item the PAV Device will typically have to Parse the DCF to obtain the License and to Parse the License to obtain the Resource Decryption Keys. These will be employed to Decrypt Resources that will be Used according to the Rights Granted in the License.
IDP-1 provides the key technologies that are required to implement the walkthrough above. These are grouped in 7 major categories of Tools: Represent, Identify, Package, Authenticate, Manage, Access and Process.
This category comprises 3 Tools: Content, Keys and Rights Expressions.
In DMP Content is a combination of Resources, Metadata, Content and Rights Expressions. Therefore Represent Content is the set of Tools used to provide a digital Representation that can be processed by a Device. DMP calls Such a Content Representation DMP Content Information (DCI).
DCI provides the means to convey Identifiers, associate information and Metadata and associate information with Governed Content.
DCI is an extended profile of MPEG-21 Digital Item Declaration and IPMP Components.
Keys are used to Encrypt and Decrypt Keys, Metadata and Resources. Represent Key is the Tool to express the Keys and relevant Data.
Rights Expressions are used to declare Rights and permissions. A Rights Expression Language (REL) is the Tool that enables the digital Representation of such Rights Expressions that a Device can process and interpret.
The DMP REL is an extended combination of 3 MPEG-21 REL Profiles: Core, Standard Extension and Multimedia Extensions.
IDP-1 provides Tools to Identify Content, Licenses, Devices and Domains.
DMP Content can be Identified by means of Identifiers that conform to the Uniform Resource Names (URN) scheme.
This is based on MPEG-21 Digital Item identification.
A License is a particular type of Content. Therefore their Identification follows the general rules of Content Identification.
IDP-1 provides Tools to Identify two types of Device: those provided with a Certificate (Certificate-based Identification) and those without (Device info-based Identification). In the former case an X.509 Certificate is utilised as Device Identifier while in the second a unique Identifier is generated based on the Device information.
For both cases IDP-1 provides:
The Identifier format
The generation scheme
The generation Protocol
The exchange Protocol
Domains are groups of Devices aggregated into a single entity for specific purposes.
IDP-1 provides tools to
Set up a Domain
Allocate Domain Identifiers
To deliver Content between Users it is necessary to Package Content in files or streams.
IDP-1 provides Tools to Package Content in Files. Such files contain the DCI with some or all of its ancillary Resources. Those Resources that are not in the file are referenced.
The File Format is DCI is an extended profile of the MPEG-21 File Format which is based on the ISO Base Media File Format.
Devices must be Trusted before they are allowed to Use Content. Authenticate is a group of Tools to recognise and enable Trust between Devices.
IDP-1 provides three different types of Device Authentication
Devices having unique Certificates
Devices that are uniquely Identified by Data
Devices without a unique Data with certificate proxy
IDP-1 provides a set of Tools to Manage Domains. The functionality of the Protocols includes:
Setting up a Device Domain Context
Controlling the Use of Content within the Domain
Managing Device Domain membership, e.g. joining and leaving a Domain
IDP-1 provides Tools to Access a Content Item with a Bundled License.
IDP-1 provides Tools to Access a License when a Content Item has no Bundled License.
IDP-1 provides Tools to update or upgrade a License.
This Tool enables the transformation of XML document to a binary format before transmission or storage.
IDP-1 employs BiM, the XML binarisation technology standardised by MPEG-7.
IDP-1 employs 1 symmetric Encryption algorithm (AES) in 2 modes and 1 asymmetric Encryption algorithm (RSA).
IDP-1 provides descriptions of how the Use Cases in chapter 3 can be implemented using the IDP-1 Tools.
By giving a normative value to Value-Chains DMP does not imply that the Use Cases can only be implemented as specified in IDP-1. DMP simply intends to provide example implementations so that those Users who assemble the Tools as specified in IDP-1 will be able to interoperate with other Users who will assemble the Tools in a similar way.
The task of Identifying Entities such as Content, Devices and Domains is a critical one, e.g. in the case of Devices, where Identification constitutes a key element of Trust establishment. This Identification task is typically carried out by several organisations that are properly accredited by a root authority.
In this regard the role of DMP is to appoint the root authority – called Registration Authority – for any type of Entity for which Identification is required. A Registration Authority is responsible for allocating namespaces. The Registration Authority then appoints Registration Agencies on the basis of agreed rules as specified in IDP-1.
|
Access |
The Function of making available Content, License or Governed Content to a Device so that a Device can execute Functions |
|
Adapt |
The Function of modifying the attributes of a Resource, such as converting 5-channel music to 2-channel music, or sub-sampling a high-definition video to a standard-definition video, etc. |
|
Adaptation |
Any change in an existing Manifestation of a Work that results in a new Manifestation of that Work |
|
Adaptor |
A User who produces an Adaptation |
|
(Registration) Agency |
A User appointed by a Registration Authority to Assign Identifiers within the allocated subordinate name space |
|
Bundle |
The Function of binding two sets of Data |
|
Authenticate (Data, Device, User) |
The Function of proving the identity of Data or Device or User to a Device or User |
|
(Registration) Authority |
A User appointed by DMP to obtain and manage a URN namespace as a prefix for URN-formed Identifiers |
|
Content |
A structured combination of Resource Type(s) and Metadata |
|
Content Item |
Content Data representing a uniquely Identified object, such as but not limited to an Instance |
|
(Domain) Context |
A set of Data used in Managing a Domain |
|
Creator |
A User who generates a Work and produces its first Manifestation |
|
Data |
Information converted to a form that is processable by a Device |
|
DCF (DMP Content Format) |
The Packaging of Resources and DCI in a File |
|
DCI (DMP Content Information) |
Structured representation of the Information about Resources, Metadata and Governance that are part of a Content Item |
|
Decrypt |
The Function of restoring previously unreadable Data to a readable form using a Key |
|
Device |
A system conforming to Approved Documents that allows a User to execute Access to and Functions on Content |
|
Domain |
A set of Devices sharing some common attributes, such as personal or group ownership that is appropriate for various business models |
|
Encrypt |
The Function of making Data unreadable unless a Key is available to restore the Data to a readable form |
|
End-User |
A User in a Value-Chain who ultimately consumes Content |
|
Entity |
Any type of Data, Device, Domain and User |
|
File |
Identifiable Data which is Stored on a Device |
|
Function |
An action executed by a Device on Governed Content |
|
Govern |
The Function of applying one or more usage rules to a Content Item |
|
Governed Content |
A Content Item combined with a License |
|
Grant |
The Function of a User asserting to another User the Rights to Use a Content Item |
|
Identify |
The Function of Assigning a unique signifier that establishes the identity of Users, Devices, Domains, Works, Manifestations and Data |
|
Identifier |
The unique signifier Assigned by Identification |
|
Instance |
An object or event which is an example of an Identified Manifestation (e.g. File) |
|
Instantiator |
A User who produces an Instance |
|
Interoperability |
The capability for Users (including End-Users) to technically execute Functions through Interfaces and Protocols, based on open specifications, with predictable results |
|
Key |
Data used by a cryptographic method to make cleartext Data Encrypted or, conversely, Encrypted Data cleartext |
|
License |
Data Representing the Rights expressed by Rights Expressions that are Granted by one User to another User |
|
Manifestation |
An object or event which is an expression of a Work |
|
Metadata |
Data (e.g. Identifiers, Descriptors, etc.) not including Use Data, Rights Expressions and Licenses that is distinct from but directly related to Works and Resources |
|
Package |
The Function of processing Content for the purpose of delivering it between Users |
|
Parse |
The Function of looking for useful Data in Data |
|
Platform |
The technology infrastructure that enables Users to Use Content |
|
Produce |
The Function of producing Content based on Published Content or previously unpublished Works |
|
Protocol |
A description of Data formats and rules a Device must follow to exchange those Data with other Devices |
|
Release |
The Function of a Producer who makes a Content Item available to other Users, e.g. at commercial terms |
|
Represent |
The Function of expressing information in a form that is processable by a Device |
|
Resource |
Data (e.g. an MP3 file) that can be processed by a Device and Rendered in a form that is meaningful to a User |
|
Right |
The ability to execute Functions on a Governed Content Item |
|
Rights Expression |
Data that can be processed to obtain the list of Functions that can be performed on a Governed Content Item and the conditions under which they can be performed |
|
Tool |
A technology capable of implementing a Function |
|
Trust |
A state where Users, Devices, or Content Data enable Users to execute Functions on Governed Content |
|
Use |
The execution of a Function on a Content Item by a Device |
|
Use Case |
A description of a specific case involving the establishment and operation of a Value-Chain that can be implemented using the means specified in DMP Approved Documents |
|
User |
Any person or legal entity who is in a Value-Chain connecting (and including) Creator and End-User. For the purpose of the current phase of DMP Approved Documents a User is represented by a device or by a User Identity on the Device (e.g. username/password). |
|
Value-Chain |
A group of interacting Users, connecting (and including) Creators to End-Users |
|
Work |
A creation that retains intellectual or artistic attributes independently of its multiple Manifestations |