[Paper Overview] [DRM-Workshop Homepage]

Publishers' Requirements for Digital Rights Management


Submitted by Robert Bolick, McGraw-Hill Professional


Digital rights management (DRM), the technologies, tools and processes that protect intellectual property during digital content commerce, is a vital building block of the emerging electronic book (ebook) market. DRM creates an essential foundation of trust between authors and consumers that is a prerequisite for robust market development.


Ultimately, DRM standards will be needed to enable interoperability that will drive robust market growth. While there are some nascent efforts at standardization underway, DRM-related technologies are likely to remain nonstandard for some time because vendors are pursuing proprietary solutions during this early market stage.


Much work needs to be done. The building blocks of an agreed-upon unique identifier and an allied metadata standard are needed. A standard vocabulary to describe DRM and related issues is needed. A data dictionary of rights terms and a rights specification language are needed. Publishers' requirements for DRM trust infrastructures must be clearly articulated. An effective way to coordinate standard-setting activities between standards bodies and publishers must be established. This position paper touches on each of these areas, but the reader is referred to the Association of American Publishers' Digital Rights Management for Ebooks: Publishers' Requirements for a more detailed discussion.


Much hyperbole has (and will be) written about the potential and pitfalls of DRM. On the one hand, vendors claim to have end-to-end solutions that make content safe. On the other hand, self-proclaimed industry visionaries predict the demise of content-based business once information is "set free." Publishers are likely to adopt a more balanced view of DRM that recognizes the importance of both enhancing the consumer experience and providing adequate technical and legal protection to the intellectual property rights of authors and publishers. Publishers who understand, even embrace, this critical point will be poised to prosper in the ebook market for years to come.


Epublications and ebooks

As early as 1993, The Chicago Manual of Style acknowledged in its glossary and guidelines the existence of epublications. The Open eBook Forum's A Framework for the Epublishing Ecology borrowed that definition and the Association of American Publishers' definition of the term ebook to propose the following definition of an epublication:

A Literary Work disseminated in the form of a Digital Object and accessed electronically. These works can be multimedia, incorporating text, digitized images, animation, sound tracks, and functioning formulas. They may also use hypertext technology.

When using the term ebook, the AAP and the OeBF mean "A literary work in the form of a digital object, consisting of one or more standard unique identifiers, metadata, and a monographic body of content, intended to be published and accessed electronically." The OeBF's Framework also includes a definition of ejournal, distinguishing it from an ebook on the basis of the content being "an ongoing Serial body of Content."


There are two fundamental assumptions underlying these definitions. First, while these definitions recognize the reality and possibility of multimedia within epublications, the publishing community has built them on the foundation of the shared meaning of literacy.--the ability to read and write for meaning and with understanding - while recognizing the ability to navigate (open, scroll, click, close, etc.), search, and otherwise engage a work electronically represents a digital literacy that can amplify the experience of a literary work. This first assumption draws boundaries, however permeable, between the communities of epublishing, online music, online art and photography, and so on.


The second assumption is detectable in the term digital object: "A sequence of bits that incorporates unique numbering, metadata, and digital content. A Digital Object is the lowest level transactional unit in a digital publishing environment. Each ebook can be described as a collection of one or more digital objects. Digital objects can be arranged in a hierarchy, where some digital objects are the "children" of "parent" objects. Child objects may inherit some of the attributes of their parent object." This definition comes from the previously mentioned AAP Digital Rights Management for Ebooks: Publishers' Requirements, and it reflects their reliance on Kahn and Wilensky's "A Framework for Distributed Digital Object Services" (May 13, 1995). The inherited assumption of a networked-based infrastructure for distributed digital information services, while not excluding the offline experience of, or existence of, epublications, is important to any understanding of publishers' requirements and proposed standards.



The AAP's definition of metadata - "Descriptive data, trade data, and other data about data or processes" - does not fully reflect publishers' reliance on the work underlying the ONIX standard for establishing a standard on metadata for ebooks. The reader should consult the AAP's Metadata Standards for Ebooks: Publishers' Requirements. Insofar as ONIX is a realization of the work of <indecs>, the AAP's approach inherits the <indecs> concerns with metadata interoperability between communities and its "data dictionary" approach to the definition of elements and types and the assignment of values.



For publishers, the term interoperability also extends to more than the satisfactory exchange of metadata between two communities. It also applies to a fundamental requirement for publishers vis a vis digital rights management technology. A content provider wanting to maximize market opportunity will seek to publish ebook content in as many DRM formats as required to cover all reading devices in the market. How many formats are required? Dedicated reading devices, of which there are several currently on the market, may support proprietary DRM formats. However, PCs may support many different software-based readers. This creates a situation where content providers may face requirements to support several DRM formats simultaneously.


Ideally from a publisher's perspective, there would be a universal reader software that can accept any ebook DRM and content file format and prepare the ebook for opening on a specific reading device. This is similar to the way today's PC-based word processors can open many file formats for editing. Reading device manufacturers could, under this scenario, package universal reader software with their reading devices. Consumers would then be free to select ebook content in whatever ebook DRM and content file formats are available. But this is unlikely.


Given the turbulence in the DRM technology market, it doesn't seem prudent to bet that any one DRM technology format will emerge from the pack today and garner a commanding market share in the near term. A more reasonable approach, in the near term, is to diversify - - support all current DRM and content file formats and new ones as they appear. This approach is called "DRM pseudo-interoperability" ("DPI") in the AAP documents. While incremental costs would be incurred, DRM pseudo-interoperability can maximize market opportunity size (because all reading devices become the market) and sidestep DRM interoperability issues.


Rights specification language

To promote even this psuedo-interoperability, there is a need for a common understanding of how rights in the epublication should be expressed. In the AAP documents, publishers have been clear about this within the context of ebooks. Rights specification language (RSL) refers to the mechanisms for describing the author/publisher rights associated with an ebook. This is a complex area, but an essential one for publishers. Publishers want to pursue a variety of business models such as superdistribution, pay-per-view, and free previews, and it is the DRM rights specification language that must be flexible enough to support these (and other) models. To achieve this, a data dictionary of rights is needed, and given the reality and possibility of multimedia elements within ebooks, publishers recognize that this data dictionary will require input from other media communities concerned with digital rights management.




Electronic package controls

Electronic package control refers to the encryption and related packaging technology required to support the DRM system. In the AAP documents, publishers have stated requirements for the following aspects of electronic package control: support for ebooks composed of multiple objects, choice of encryption and key lengths, robust and recoverable transmission, support for choice of numbering systems, support for safe packaging of ebook metadata, and searchability of the EPC itself as well as the ebook content sequentially and at a granular level.


File format requirements

Publishers require the option to use multiple file formats with their DRM system, and multiple DRM systems with any specific file format. Publishers should be able to mix and match file formats and DRM systems without degradation of security or rights specification flexibility. The DRM system should support a variety of content compression formats. The user should be able to select a suitable compression format for each digital object. A variety of data types (of any size and in any combination) should be supported so that any type(s) of content can be included in the ebook, including text, graphics, audio and video.


Trust infrastructure

To support the ebook market, DRM has to do more than provide a secure ebook package containing content and metadata. DRM must also support moving that package from the author through the ebook market to the consumer. The term "trust infrastructure" refers, collectively, to the technologies that support moving, opening, displaying and disposing the ebook package.


Many DRM technology vendors closely guard and actively protect the inner workings of their proprietary trust infrastructures. Moreover, some technology vendors are pursuing business models predicated on ongoing vendor participation in the trust infrastructure in order to charge transaction fees for commerce transacted there. Communication between trust infrastructures is a prerequisite for full DRM interoperability. Through participation in standards governance, publishers will be encouraging technology vendors to move toward a common language for communication between DRM trust infrastructures. In the meantime, publishers will also be participating in standards governance to establish harmonized requirements, create coordinated requirements statements, and agree standards specifications addressing the key elements of the trust infrastructure.

Interoperability: The TI shall support interoperability at the ebook reader; the consumer should be able to access content from different sources and in different formats without needing different hardware or DRM software to do so. The TI shall also provide/support interoperability between reading devices and computer technologies.

Security: The TI shall be demonstrated to be secure. Adherence to accepted security practices should be verified by a reputable, independent third-party.

Key management: The TI must support multiple scenarios for key management , including: publisher vends keys via individual transaction to consumers; publisher vends keys in bulk to a retailer; third-parties issue keys under the authorization and control of publishers.

Off-line usage: The TI should support off-line operations. The consumer should not be required to be connected to a land-based or wireless network to buy, open, read or dispose of her ebooks. (Connection may be required at some point, but the DRM system should support asynchronous operations.)

Rights persistence: Rights must be persistent; once a consumer has acquired the right to content, the consumer should have continued access to that content (under the terms specified in the rights specification). Access will continue, regardless of the financial/business status of the author, publisher, retailer, institution or other provider of the content; after a hardware/software change or upgrade; after a backup/recovery action, hardware/software failure or other abnormal technical condition; and after an archival/ retrieval action.

Logging: All interactions that take place with the ebook shall be capable of being logged by the TI and reported back to participants in the ebook market. The TI should define a set usage metrics that can be tracked, for example, number of times read, time spent on one page, etc. The TI should support tracking content usage (for example, with a crawler to identify illegal usage). It should be possible for any market participant to collect, package and redistribute anonymous usage and market information to others (subject to the original rights specification, of course).

Consumer privacy: Consumers shall be able to control if/how personally identifiable consumer information is obtained and used (if at all). The TI must support protection of consumer information and consumer privacy. Consumer information may be made available to the market, but only under conditions known to and approved by the user. The TI shall support communication to the consumer of basic rights information such as the ebook price, condition of sale, usage rights, etc.

Consumer tools: Consumers shall be able to store securely and retrieve their content. The TI should provide tools (or interfaces for tools) for users to manage, store, catalog and otherwise process their ebook content and metadata.

Multiple business model support: The TI shall support locating content and metadata anywhere in the network. Business models where the consumer's identity is not known should be supported. The TI shall support transmission via current and new communications infrastructures.

Choice of multiple security levels: The TI should support/provide multiple security levels, authentication, digital signatures and watermarking.



Association of American Publishers, Digital Rights Management for Ebooks: Publishers' Requirements, New York, 2001. www.publishers.org


Association of American Publishers, Numbering Standards for Ebooks: Publishers' Requirements, New York, 2001. www.publishers.org


Association of American Publishers, Metadata Standards for Ebooks: Publishers' Requirements, New York, 2001. www.publishers.org


Kahn, Robert and Robert Wilensky, "A Framework for Distributed Digital Object Services," D-Lib, cnri.dlib/tn95-01 (May 13, 1995). www.cnri.org


Open eBook Forum, "A Framework for the Epublishing Ecology," Version 0.7, September 25, 2000. www.openebook.org