DRM and Access Control architectures interoperability

WP3.1 partners have started working on the definition of an architecture for interoperability between Access Control and DRM systems. The solution proposed provides interoperability between Access Control and DRM systems. Central to this solution, is the definition of a Broker to enable users of these two systems to work collaboratively, by providing transparent access and use of content to both types of users. In the interoperability Broker architecture we can distinguish two different parts: a) one that is meant to provide interoperability between DRM and Access Control Frameworks; and b) another one to provide interoperability across heterogeneous DRM systems. The decision to adopt this approach was based on the fact that requirements for interoperability between DRM systems were essentially different from the requirements between DRM and ACFs. Moreover, the diversity of non-interoperable DRM systems currently in use, has also motivated the work in this direction.

Consider two networks Aa and Bb that both implement the ACF, but use different content protection systems. This can cause interoperability problems when users in Aa wish to access content from Bb, and vice versa. Users in Aa will have User Agents and rendering tools designed to deal with content encoded using Aa’s technology, and therefore will not in general be able to handle Bb’s protected content. Similarly, as the details that need to be passed in requests for authorisation to Data Access Servers may differ between content protection systems, users in Aa will not know how to extract data from protected content and format such requests.

WP3.1 partners have designed a brokerage based-architecture that will enable interoperable operations between the different rights management systems. The interoperable Rights Management Broker (iRMBroker) is composed of different modules that provide interoperability at three levels: a) between digital rights; b) between digital objects and digital media; and c) across protection information. Moreover, the Broker manages users’ roles in different rights management systems. The objective of the iRMBroker is to enable the interaction of different rights management systems in a fully interoperable environment. To achieve this, the iRMBroker acts as an intermediate module, passing rights management related messages and operations between different rights management systems. In order for this to be possible, the following approach has been followed:

1. Identify the most relevant architectural components and rights management operations that are common to most of the existing open rights management systems;
2. Create generic mapping functions between the different “common” rights management functions;
3. Implement an “orchestration” of the identified generic rights management functions in a distributed interface;
4. Implement a public and open interface that maps between one specific rights management solution and the generic function on the middleware brokerage component.

With this process, it will be possible to use a specific rights management functionality provided by a “DRM A” on a “DRM B” through the mediation of the iRMBroker (see Figure 16). From an architectural point of view, the iRMBroker implementation will require two basic assertions:

1. The iRMBroker public interface is available to all the rights management solutions seeking interoperability through the iRMBroker;
2. Each of the specific rights management solutions will also implement a public and open interface of the functions they internally provide.

The main role of the iRMBroker will be to redirect the different requests from the different rights management systems to the appropriate one. Internally to the iRMBroker, there will be a mapping between the Generic Common WSDL interface and the specific Rights Management Solution WSDL interface. In this way, the broker will know which service to invoke, when a generic request is received.

The iRMBroker will implement the following middleware services:

1. Digital Media Formats Converter, that will be used to convert between the different types of content
2. Digital Rights Translation, that will be used to convert between the different types of rights expression mechanisms
3. Protection information manager, that will be used to convert between the different protection information mechanisms
4. Roles manager, which will be used to manage the roles on the different systems.

A generic mapping between the different rights management solutions and the broker functionalities must exist, in the way of “connectors” that will make possible the interaction between the different elements.

• DRM Architecture
• Access Control architecture
• Digital Rights Management

[1] Serrão, C., Marques, J., Dias, M., Delgado, J. Open-source software as a driver for digital conent e-commerce and DRM interoperability. In Europe-China Conference on Intellectual Property in Digital Media (IPDM'06).

[2] Serrão, C., Torres, V., Delgado, J., M. Dias. Interoperability Mechanisms for registration and authentication on different Open DRM platforms. International Journal of Computer Science and Network Security (IJCNS).

[3] Serrão, C., Dias, M., Delgado, J. PKI as a way to leverage DRM Interoperability. IADIS International Conference Telecommunications, Networks and Systems 2007.

[4] Rodríguez, E., Delgado, J., Waller, A., Price, D., Waard, P. DRM and Access Control architectures interoperability. ELMAR 2008.