[Mimas logo]"epub@mimas" Report

NSF Middleware Initiative (NMI) and DRM Workshop

Washington, D.C., September 9, 2002.
Report by: Ross MacIntyre

Cliff Lynch - DRM: Issues for Research and Education

"DRM is a big, messy, contentious issue". The E&R community need to try and reclaim the DRM issue, which is curently too narrowly focused on commercial concerns: rights enforcements and threatened legal action. This not the E&R agenda.

In HE we don't have good tools for exchanging and communicating [rights-related stuff] with user communities, there's too much metadata 'ad-hocery'. Look at the array of material licensed by an HEI, all covered by agreements with subtle differences, but all requiring the T&Cs to be communicated to the end user - not really practical. Want a lightweight mechanism, eg on 1st use the user is often just shown the 'rules of the road' for a particular resource. "Inform not enforce".

Expect Shibboleth to flower in the education community. Authentication and authorisation is a fundamental design precept. Privacy (which has gone from a stumbling block to a positive benefit) is also central to the design of Shibboleth. Keep you eye on the 'Teach Act' (ref http://www.ala.org/washoff/disted.html) which will have a large impact on what can be done in the context of the virtual classroom.

3 things wanted 1) Recording, 2) Enabling & 3) Controlling

  1. We want more than recording, but uncertainty is the worst enemy and the biggest difficulty. Clearing rights requires much more effort than repurposing content and has killed some projects where the rights holder wasn't obvious and they couldn't take the chance. Need tools for authors and institutions to manage. Personal view was that RELs are immature and too contextual. Too bound to trusted environments. They need to be cross-environment and durable - as abstract as possible. Bear in mind we may be talking about durations longer than copyright in case of archive material.
  2. Want to make it easy for people to use material, enable exploitation. Hard problem and we need to be realistic about what can and can't do [with computers]. Not optimistic that can recognise not-for-profit, educational use. Maybe we have to accept a rough draft and try not to worry.
  3. Scenario - an e-book is downloaded to student's reader, but the DRM data causes expiration when due for 'renewal'. Like a 'real' book. The library retains material in an unprotected form, so can archive/preserve and make available in other ways as well, if required. The control is under the stewardship of the institution. This needs to be part and parcel of the discussions - it is not always a bad thing to have control.

Consider the 4 things in the arsenal of complaints

  1. Privacy There are legitimate concerns, but they need to be balanced. Absolute privacy is not always possible nor desirable. There should be trust between parties and transparency.
  2. Fair use This is not algorithmic it is subjective - too complex to enforce. You need to consider the context. It is a communication issue. The `cut & paste' bogeyman is overstated. Fair use is not equivalent to the easiest method of reuse.
  3. 1st Sale This a market place issue. However, a `rental only' model for intellectual objects is undesirable. Need trusted party to ensure equanimity and to manage expectations.
  4. Preservation This is already difficult enough without putting DRM in as well!

Overall it is better to embrace evolving mechanisms - not try mandating one single solution, which could be a frightening tool for censorship if widely implemented and have other unintended consequences.

Identify what can do technically and for what need to set institutional policy and establish `cultural norms'. Solution will involve technical tools, intellectual tools (eg metadata schemas) + institutional policy.

Composite materials:

Ken Klingenstein - The NSF Middleware Initiative: A Framework for DRM Implementations?

A consistent middleware fabric seems to be being implemented within HE across US and Europe. Described Internet 2 NMI. MACE (Middleware Architecture Committee for Education ref: http://middleware.internet2.edu/MACE/) sets the technical direction. Currently have US and European members, seeking Asian currently. "What I1 did for network connectivity I2 will do for human collaboration". "It may be true that you don't know what you've got `til it's gone, but it's also true you don't know what you're missing `til it comes".

Project well advanced, the technical problems are now smaller than the policy ones.

NMI Release 1 (7th May 02) included GRID Globus 2.0 and eduPerson 1.0 objects. NMI Release 2 (25th October 02) includes Globus updates, Shibboleth 1.0, LDAP Analyser, Resource Manager 0.3 and Attribute Release Manager 0.4, eduPerson 1.5 and eduOrg 1.0.

The R1 implementers tend (>half) to have enterprise directory services with feeds from their core legacy systems and driving most enterprise applications. So they have campus-wide namespaces and authentication with appropriate policies for identity, permissions, etc.

At Univ of Colorado, the librarian is about to cancel ~1,000 journal print subscriptions, moving to e-only, but is waiting for Shibboleth before public announcement "can't read it in the library anymore, but you can from your home".

Shib exploits the notion of security domains - typically your institution - and a federation of `like-minded' institutions. Depends upon trust. The holy grail is role-based access control. Key challenges are in permitting exceptions and the delegation of control.

EduPerson 1.5 adds some new attributes key to HE: affiliation, primary affiliation, ePPN (login names), entitlements, etc. The Europeans are internationalising eduPerson.

***With NMI R2 the following will be `Shibbed': 12 US universities, Elsevier, EBSCO, ExLibris (SFX), ProQuest and OCLC.*** NSDL will follow in November.

How long to implement Shib? Somewhere between 3 hours and 3 years. It depends if you have an enterprise directory and the level of control you want to exercise.

Beyond Shib 1.0, maybe there will be a 1.1 and 1.2, probably focusing on ARM & RM development, but should `flatten out' (like HTTP has).

Quoted example of `the penny dropping' when a university president asked if Shib would allow his diary to be made available to all other presidents' secretaries and vice versa - answer was (in theory) "yes".

Online demonstration given showing link from EBSCO page for Shib-enabled institutions. Ken logged in as member of Brown and then Columbia. He then showed a service receiving personal data - Jane Doe as user and email address also passed - as service asked for it and the user has said it was okay.

Grace Agnew - Metadata for DRM

Rights Expression Languages. Express rights and communicate those rights. e-learning objects are a good stress test for REL as they are very dynamic.

Overview of XrML (eXtensible rights Markup Language), patented by ContentGuard. 3 schemas: Core, Standard Extension and Content Extension. Requires you to implement other XML technologies: Xpath, UDDI and Dsig. Based on end-to-end trusted systems. XrML is dense, not always eye-readable and not hand codable. Rich payement options for e-commerce shows a bias to commercial application.

ODRL (Open Digital Rights Language) developed and owned by IPR Systems, Australia. 2 schemas: Expression language and Data Dictionary language. ODRL supports `context' which is different to XrML. ODRL is lightweight and eye-readable.

"At present neither is usable".

Mairead Martin - DRM Requirements for Research and Education

Explained FDRM Project using Shibboleth involving U of Tennessee and Rutgers. Why Shib? Because:

No code has been developed (other than Shib). They want to make a decision about requirements - hence workshop.

Questions/comments from attendees:

Cliff Lynch -Next Steps

Comments to Mairead - please!
Ask yourself what will happen if we [E&R community] don't do anything? How does rights data get created? Who creates it? Is this just more metadata that we try and convince the author is for advertising purposes? How do we go forward? Who are "we"?

Suggest revise the tabled document and ask for indications of support from the institutions represented.

If need to get into standards bodies and working groups, which ones? Can they be influenced without formal participation?

All presentation will go on web site (http://www.ait.utk.edu/drmworkshop/) and a right email list will be created.

Note XrML & ODRL

In John Erikson's paper "OpenDRM: A Standards Framework for Digital Rights Expression, Messaging, and Enforcement." There is a reference to an XrML/ORDL comparison (ref: http://www.giantstepsmts.com/DRM%20Watch/odrl11.htm) This highlights: "Yet ODRL must overcome three serious hurdles in order to maintain its momentum. Perhaps the most serious is ContentGuard's patent portfolio. ContentGuard's patents, which Xerox ceded to it when Xerox spun it off two years ago, cover not just DPRL or XrML but any rights language. There is more than enough similarity between XrML and ODRL to give ContentGuard's legal department ammunition for a patent infringement suit."

DPRL = Digital Property Rights Language which led to XrML

18 December 2003

[Go to Electronic Publishing at Mimas]Electronic Publishing          [Go to Mimas home page]Home Page          [Valid XHTML 1.0!]