Mairéad Martin The University of Tennessee December 16, 2015 Federated Digital Rights Management

Topics Background to VidMid DRM Project DRM Problem Space NMI and DRM Workshop FDRM Architecture Interface/functionalities

VidMid DRM Project Originated in ViDe Video Access Working Group VidMid Video-on-Demand Working Group a subgroup of VidMid DRM principal project Application beyond digital video

DRM Problem Space DRM - the management of intellectual property and distribution of digital content But different interpretations abound ….. Publishers: DRM = protect the copyright owner’s rights, and support licensing model (one-to-one ecommercial model) Research & Education: DRM = enable access while managing Intellectual Property and protecting user’s privacy, (distributed sharing and collaboration model)

DRM Problem Space Where does DRM end and Digital Access Management begin? Are they the same thing? Is DRM a middleware problem? Can commercial DRM systems satisfy R&E requirements? Does an ontological model for DRM exist to reflect R&E requirements? Can fair use be accommodated in DRM systems? Can end-user privacy be protected in DRM systems?

DRM Problem Space Are existing and emerging rights metadata schemes flexible and extensible enough to describe sharing of resources in a distributed environment? (ODRL, XrML, OASIS Rights Language, MPEG-21) Patent encumbrance (ContentGuard/XrML) Who is going to provide DRM “services” on our campuses?

NMI and DRM Workshop Funded by the NSF NMI program to: Explore DRM requirements in Research and Education Look at ways NMI development might be leveraged Create an NMI collaboration of middleware/content management experts Propose rights metadata core CNI, EDUCAUSE, I2, SURA, ViDe

Federated DRM Project Fundamental Goal: Enable intersection of attributes about user, content and usage to manage objects An application of Shib Also federates rights administration Tennessee and Rutgers leading project

Why Shibboleth? Emphasis on federated administration Emphasis on trust User privacy a core principle Club Shib can be leveraged Open source, community development

FDRM Architecture: Components

FDRM Components Resource Attribute Authority (RAA) Function: A database of metadata containing rights records with rights, permissions and constraints associated with a digital resources. Shibboleth Object Attribute Resolver (SHOAR) Function: A component that interacts with the RAA in order to obtain the rights metadata associated with the requested resource.

FDRM Components Resource Manager (RM) Function: The RM resolves the user’s attributes with the resource attributes (rights, permissions and constraints), and forwards the details of the package request to the P/LS. The RM is the equivalent of a DRM Controller in a commercial DRM model. Packaging/License Service (P/LS) Function: A fundamental component of DRM architecture, the P/LS dynamically packages content for delivery. The licensing function of the P/LS entails specification of the rights the user is allowed to exercise on the content (e.g., play, annotate, edit, transfer, etc.).

1 A user in an origin site launches a web browser and selects a URL to access a managed resource from a HTTP server. FDRM Architectural Flows 1

FDRM Architectural Flows 2 2 The Shibboleth Indexical Resource Establisher (SHIRE) receives the user's request and sends the location of the requested resource and the SHIRE's URL to an off-site "Where Are You From?“ (WAYF) server.

FDRM Architectural Flows 3 3 The WAYF server establishes a connection with the requesting user and the Handle Service responsible for the origin site.

FDRM Architectural Flows 4 4 The local Handle Service returns the handle package to the SHIRE. The handle package includes the opaque handle and the address of the user's local AA (UAA) server.

FDRM Architectural Flows 5 5 The SHIRE then passes the received handle package to the Shibboleth Attribute Requester (SHAR).

FDRM Architectural Flows 6 6 The SHAR constructs an Attribute Query Message (AQM) and submits it to the UAA defined in the handle package. The AQM includes the opaque handle, the target URL and the SHAR name.

FDRM Architectural Flows 7 7 The UAA responds to the AQM with an Attribute Response Message (ARM), which includes the SHAR name, target URL and the user attributes as allowed by the user's Attribute Release Policy (ARP).

FDRM Architectural Flows 8 The SHAR passes the results of the ARM to the Shibboleth Object Attribute Resolver (SHOAR). 8

FDRM Architectural Flows 9 9 The SHOAR constructs a Resource Attribute Query (RAQ) and submits it to the Resource Attribute Authority (RAA) associated with the requested resource.

FDRM Architectural Flows 10 The RAA returns a Resource Attribute Response (RAR) to the SHOAR detailing the supporting services and access rights associated with the requested resource. 10

FDRM Architectural Flows Depending on the assertions received from the UAA and the RAA, the SHOAR sends a package request to the Resource Manager (RM).

FDRM Architectural Flows The RM forwards the package request to the Packaging and License Service (P/LS).

FDRM Architectural Flows The P/LS creates the requested package and sends it back to the RM.

FDRM Architectural Flows The RM passes the requested resource to the user.

Scenario Two researchers at different institutions are collaborating on a research paper. They assign differential access to the paper based on roles: as principal authors, only they have read/write permissions, and the academic community has read-only permissions during the development of the work.

FDRM Rights Assignment 1

FDRM Rights Assignment 2

FDRM Rights Assignment 3

FDRM Rights Assignment 4

FDRM Functionalities: Annotate

FDRM Functionalities: Read

FDRM Functionalities: Write

FDRM Access

Resources VidMid Website: video/ “FDRM: A Proposed DRM Solution for Research & Education.” DLib Magazine, July 2002 issue ( (Includes Shib and FDRM Glossary).