- From: Paskin, Norman (DOI-ELS) <n.paskin@doi.org>
- Date: Wed, 25 Apr 2001 10:14:15 +0100
- To: "'David Parrott'" <David.Parrott@reuters.com>
- Cc: "'www-drm@w3.org'" <www-drm@w3.org>
Dave: I absolutely agree with your stated fears. Too many cooks spoil the broth and there is a whole cuisine school out there at present, with varying degrees of knowledge and ability. As I think you'll agree DRM isn't one thing. It can certainly be broken down into some layers. One such breakdown is into an underlying semantics (a data dictionary of terms); and a use of those terms in an application by means of an expression (a language). That separation has been called "Rights Data Dictionary" and "Rights Expression Language" respectively in e.g. the recent MPEG-21 work., and was obvious in the W3C DRM (indecs as exemplar of semantics, ODRL and XRML as expression) indecs focussed on the semantic analysis and was successful; see practical commercial implementatioins in ONIX, DOI, etc. It's planned to build further semantic analysis in the rights area as a Data Dictionary, under the indecs2 umbrella (IDF has a role in funding the feasibility study to build support to do this - see IDF FUNDS STUDY OF MULTIMEDIA INTELLECTUAL PROPERTY RIGHTS April 17, 2001 http://www.doi.org/news/010418-multimediaIP.html). The detailed document (now in preparation) which describes that study explores this separation further. I see from the XACML press release: "XACML will define the representation for rules that specify the who, what, when and how of information access," explained Simon Y. Blackwell of Psoom, chair of the OASIS XACML Technical Committee. "Access control, which is often called 'rights management' or 'entitlement management,' determines who can look at something, what they can do with it, the type of device they can look at it on, etc." So (as I said in another posting) it seems to me that the effort is not going to be doing the necessary *semantic* work of the Rights Data Dictionary, as discussed at MPEG Singapore in the Rights Requirements sessions, and the W3C DRM. It seems more to be standard XML expressions of this ("the representation for rules" rather than "the rules")? If it is indeed planning to do the semantic work, then for the reasons you note it needs to talk to indecs2. Clearly it has relevance anyway and I have suggested a contact between OASIS and the indecs2 activity , and which is planned to be the basis for the indecs2 development of the Rights Data Dictionary (for feed in to MPEG-21). Can you be the bridging contact here? I'd be interested in seeing how we can indeed whilst still getting both the semantic and the expression work done. Norman -----Original Message----- From: David Parrott [mailto:David.Parrott@reuters.com] Sent: 25 April 2001 09:28 To: www-drm@w3.org Subject: Re: XACML - Extensible Access Control Markup Language You will note from the Press Release from OASIS that Reuters is one of the initial members of the OASIS XACML Technical Committee. I will be taking part in the kick-off teleconference on 12 May and would hope that any work undertaken by OASIS will be aligned as closely as possible to the many other efforts currently in the process of starting up. I am fearful that too many competing standards will have the following effects: 1/ to dilute the effort applied in any one place 2/ to spread too thin the efforts of those who are trying to keep up with (i.e., by active participation) multiple standards 3/ to reduce the likelihood of truly interoperable systems 4/ to impact credibility Looking at the PKI space, one sees many standards in place (PKIX, OCSP, PKCS, S/MIME, etc) but each of those is operating in a slightly different problem domain. My concern about the rights management standards is that there is significant overlap. I would be looking, ideally, for niches to be identified in which the different standards excel and which are complementary. Clearly, lines of responsibility need to be drawn. Regards, /Dave. _ ______________________________________________________________ Dr David J. Parrott (Chartered Engineer) Chief Technology Office Reuters Limited, 85 Fleet Street, London EC4P 4AJ, UK. Direct Line: +44 (0)20 7542 9830, Fax: +44 (0)20 7542 8314 Email: David.Parrott@reuters.com, dparrott@acm.org |--------+-----------------------> | | Rigo Wenning | | | <rigo@w3.org>| | | | | | 24/04/01 | | | 23:36 | | | | |--------+-----------------------> >-------------------------------------------------------------------| | | | To: DRM-Public-List <www-drm@w3.org> | | cc: (bcc: David Parrott/LON/GB/Reuters) | | Subject: XACML - Extensible Access Control Markup | | Language | | Header: Internal Use Only | >-------------------------------------------------------------------| ----- Forwarded message from Larry Gussin <ldgussin@home.com> ----- Date: Tue, 24 Apr 2001 13:14:56 -0400 (EDT) Message-ID: <00b101c0ccd8$8e395c60$16c60b41@pwtkt1.ri.home.com> From: "Larry Gussin" <ldgussin@home.com> To: <www-drm@w3.org> Subject: [Moderator Action] XACML - Extensible Access Control Markup Language Hi, I worked at Intertrust for some years, and so am familiar with DRM concepts. I note XACML, which was begun at IBM and announced today by OASIS as a technical committee, as another form of XML-based rights language, growing out of enterprise access control practices: http://xml.coverpages.org/XACML-PR20010424.html. The XACML web page: http://xml.coverpages.org/xacl.html. >From the press release: "XACML will define the representation for rules that specify the who, what, when and how of information access," explained Simon Y. Blackwell of Psoom, chair of the OASIS XACML Technical Committee. "Access control, which is often called 'rights management' or 'entitlement management,' determines who can look at something, what they can do with it, the type of device they can look at it on, etc." I'd appreciate hearing how this effort might fit in. Larry Gussin ----- End forwarded message ----- ----------------------------------------------------------------- Visit our Internet site at http://www.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.
Received on Wednesday, 25 April 2001 05:14:58 UTC