[Workshop Home] [Minutes]
Created: 19 March 2001 Updated: 17 May 2001
The W3C Digital Rights Management (DRM) Workshop, held on 22-23 January 2001, brought together 65 leading DRM practitioners to discuss and debate DRM in general and what role W3C should take in this increasingly important area. From the 41 position papers submitted, the program committee chose 25 formal presentations covering areas such as Privacy, Identifiers, Architectures, Social and Legal Requirements, Publishers Requirements, Standards and Interoperability, Security and Trust, and Multimedia and Mobile issues. Each session was followed by open and vigorous discussion.
There was some agreement that W3C should initiate a new activity in this area and there were a number of specific topics that were discussed as candidates. A topic of specific interest was the creation of a 'rights language'. The MPEG standards group is also looking into this, and proposed that W3C and MPEG form a joint alliance and to work on this problem together. Additionally, there was some objection against W3C involvement in the area of DRM. Some felt that W3C lacked the necessary types of members, like content owners, and experience in semantic and legal issues. Their view was that W3C should only play a liaison role.
W3C will now take these recommendations and discuss it internally before making any formal decisions.
The Workshop website contains all the Position Papers from the Attendees and the Program including the Slides from the Presenters and the Minutes. At the closing session, there was a brainstorming going on, which was condensed to a bullet-list. This bullet-list doesn't contain any indication on the amount of support on each point. It is provided as a result of strong feedback from participants.
The key points raised at the Workshop included:
Some participants presented a shared architectural model or abstract framework they claim is required, if only for people to fully understand the depth and breadth of the rights management arena. The position papers concerning this subject explored it in depth; they considered a layered, abstract model that consisting of policy expression, transmission, interpretation/enforcement, and thus introduced "multiple" levels of well-defined interoperability.
These framework papers are of most concern to DRM. When asked, most participants defined "interoperability" as what we have called "format-level interoperability" - the ability of a DRM mechanism to successfully interpret a package from an alien mechanism. Few speakers discussed other levels of interoperability, and when they did they referred to this as "simulated interoperability" (a term borrowed from the AAP/Anderson Consulting report on eBooks and DRM).
In our current thinking, rights Interoperability mirrors the three suggested levels of data interoperability, including: syntax, objects, and semantics. Base-level syntax (eg XML) and vocabulary primitives populate the bottom layer; complex schema definitions for a variety of useful objects for rights messaging occurs in the middle layer; the semantics of using these objects in various rights Applications are defined in the top layer, including tying primitive language elements used for enforcement to specific hardware or software components.
MPEG's presentation of their MPEG-21 "Digital Item Declaration Model" proposal, which goes beyond DRM, suggests another pathway to interoperability, which is consistent with a call for a higher-level framework. It is important for W3C to be engaged in that activity, while working toward a framework context.
It is clear that user domains (eg eBook trading, sub-rights trading, streaming music, etc.) each require sets of Rights Primitives that those domains wish do useful things with. Although people often conceptualize and refer to these primitives as "rights languages", what they are in fact referring to are "rights data dictionaries". This is because the interested parties generally want the declared vocabulary primitives to be bound to some some human-readable definition (or "semantic").
MPEG has recently re-issued a Call for Requirements for a Rights Data Dictionary and a Rights Expression Language. This is consistent with the above view of rights primitives being defined in a dictionary and the Rights Expression Language being a mechanism for the transmission of these semantics. Representatives from MPEG have made an invitation to W3C to form a joint working group to address this issue. This is an very important step for the entire DRM community that W3C must respond to.
To summarize a few concerns about Trust infrastructures from the Workshop:
Most participants believe that not only must there be a trust infrastructure upon which applications (commerce and otherwise) will be built; they imagine that there will actually be several, providing different value-added trust services. The trust concerns expressed tended to be more practical - for example, who will run these authoritative trust services? Private companies? Governments? Industry organizations (.g publishers associations, authors' collectives, etc)?
If there are multiple, parallel trust infrastructures, who will create and manage the "directories" that will enable interoperation? Or will these "trust backbones" take a form where this is unnecessary - where the semantics of the certifications are obvious? Regardless of how it is built, there is concern over liability - who is liable for a failed "chain of trust?"
But the issue of PKI and trust-structures is not a special case of DRM. E-Commerce and all kinds of services in the digital world depend on trust structures. Trust-structures are actually such a big task, that they should be considered outside a DRM-Activity. A Rights Language and an architectural model shall be able to connect to the Trust-Systems developed elsewhere (IETF, ETSI, CEN).
Rights management covers a broad technical space, so obviously there are several consortia hosting activities that will influence the field. The following is a short list:
None of these activities solves the rights management interoperability and standardization problem, but each *suggests* a piece of the solution. For example, MPEG-4 IPMP may come close to standardizing DRM APIs, but doesn't treat many other aspects of the problem (such as rights vocabularies, etc). In particular, none of these deals with what we think of as the essential first step for the Web: the simple expression and communication of IPR information and policies. However, some efforts have commenced to develop rights languages (e.g. ODRL and XrML)
As some of the position papers pointed out, the role of the W3C can be to recommend a framework or generalized architecture model that stitches this world together. It is the responsibility of those who think this way to provide leadership, to recommend more specifically how this can be done.
There were opinions voicing, that the W3C is the best existing forum to define a forward-looking Framework. There was also concern that this may not be as clear to the broader W3C. Rights management presents a broad set of problems. , and a "Web-is-Everything and Everything-is-the-Web" view, if present, would surely generate conflicts in process and politics. Note that the same could be said of MPEG processes and politics (for example); such is the nature of the digital, networked environment. Most comments did not want to see the scope limited to the Web.
The creation of a "Rights Management Framework," would need a setup with work split between a small number of specialized WG's, and a larger number of formal links to related efforts: within W3C, MPEG, IETF, OpenEBook, <indecs> and Industry.
The Framework WG, as a Coordination Group would in part be responsible for mapping the relevance of these related efforts into the Framework and recommending integration best practice. The Rights Management Framework would provide the context for other efforts and help to eliminate disagreement and misunderstanding on the scope of the specialized WGs.
The specialized WG's - possibly just one, but perhaps several - would address individual missing pieces, such as a rights expression language - while some will see this as essentially a set of rights primitives with agreed-upon semantics (eg a rights data dictionary mapped onto an XML Schema), others will see this as including object definitions. Both interpretations are correct, but at different levels.
Overall, the DRM Workshop can only be classified as an overwhelming success. The enthusiastic support from the attendees and the desire to move forward in addressing DRM issues can only be a win-win situation for all concerned.
Last update $Date: 2001/08/30 16:41:16 $ by $Author: rigo $