The top story in DRM-related standards success for 2003 is one of those narrower, more pragmatic standards: the OMA Download and OMA DRM standards for the mobile device industry.  OMA DRM is based on a subset of the ODRL rights expression language (see below).  The technology is all royalty-free. 

OMA DRM has enjoyed rapid support from the major wireless device makers, and a number of European and Japanese vendors of server software announced OMA DRM compliance in 2003, including BeepScience of Norway, End2End of Denmark, Bertelsmann DWS and CoreMedia of Germany, ACCESS of Japan, and DMDSecure of the Netherlands.  The OMA sponsored a "Test Fest" of OMA DRM compatibility in November, and Warner Music contributed content to a demonstration of end-to-end OMA-based music distribution in October.

Rights Expression Language Progress

Another important standards story for 2003 is in rights expression languages related to ContentGuard's XrML. RELs are machine-readable languages for expressing rights to content and conditions (such as payment) for exercising those rights.  ContentGuard owns patented technology related to RELs that it got from Xerox when Xerox spun the company out in 2000. 

The company's business development strategy has been intimately related to its IP. Because it claims IP coverage over DRM implementations that use any REL -- not just ContentGuard's own XrML -- ContentGuard has been working assiduously to promote the development of RELs in various market segments, with the goal of getting officially recognized standards bodies to adopt XrML or some variant thereof. 

ContentGuard's most important achievement has been getting MPEG to use XrML as a starting point for the MPEG REL, which reached Final International Draft status in July 2003.  ContentGuard had been working with other standards bodies, notably OASIS, but determined (correctly) that MPEG was the most likely to finalize a standard in a reasonable timeframe.  The MPEG REL has been chosen as the basis for the Open eBook Forum Rights and Rules Working Group's standards work and has been incorporated into the Content Reference Forum's draft specification (see below).  Meanwhile, Microsoft has been using XrML itself in its own DRM technology, including the Windows Rights Management Services it released in November.

Clearly, ContentGuard's objective is to position MPEG REL as the "master" rights language that is then subsetted or extended for different market segments; the architecture of XrML provides for such compartmentalization and extension. Executing this strategy requires many long slogs through multiple standards initiatives; ContentGuard has done well so far, but it does have competition: ODRL (Open Digital Rights Language) from IPR Systems Ltd. of Australia, which the OMA adapted for OMA DRM. 

The "competition" between ODRL and XrML is a hornet's nest of intellectual property issues.  IPR Systems positions ODRL as a royalty-free alternative to XrML and its derivatives.  But ContentGuard asserts that because its patents cover DRM implementations based on any rights language, even ODRL implementations should be subject to patent licensing from ContentGuard.  The OMA tacitly disagreed with ContentGuard's assessment when it chose ODRL; the issue has yet to be tested, in the courts or otherwise.

Case of Identity

The final important trend in DRM-related standards for 2003 has to do with standards related to identities -- of content, users, and devices.  Two standards were introduced in 2003 that relate to content identification.  The music industry's Global Release ID (GRid), introduced by IFPI in February, is intended to serve as a sort of UPC code for music products that can tie together usage tracking, royalty accounting, and other types of systems involved in commerce for digital music. 

The music industry -- through its largest company, Universal Music Group -- also participated in the Content Reference Forum (CRF), an architecture standard for Superdistribution of content that is based on abstract content references that are resolved to actual products in real time, depending on factors such as the location and type of user, type of device, quality of resolution, rights that the distributor has to the content, and so on.  CRF's primary technology contribution is the Contract Expression Language (CEL), which is a complement to RELs that enables machine-readable representation of typical terms found in content distribution contracts. 

The two content ID related standards introduced in 2003 call for ID registry and tracking systems that are similar to those defined in the Corporation for National Research Initiatives' Handle System, which in turn is the basis for the Digital Object Identifier (DOI) standard that is already well-established in publishing and related industries.  Both GRid and CRF could (and should) take advantage of the already implemented and tested infrastructure for DOI and the Handle System rather than trying to reinvent that particular wheel.

The biggest non-story of 2003 in DRM standards also has to do with identification -- this time of users and devices.  One of the biggest barriers to the spread of legitimate online content commerce is the lack of universal online identifiers for end-users or the devices that they use to consume media.  Privacy advocates are continually on guard (with some justification) against universal online ID efforts that smack of "Big Brother," but universal -- or at least interoperable -- online identification is the only practical way to achieve digital media distribution and playback systems that meet consumers' reasonable content usage expectations.

Microsoft's .NET Passport identification scheme has been the closest thing to a universal online ID scheme, but it has been tarred with the "Big Brother" brush, even though Microsoft has gone to some lengths to position it otherwise.  The Liberty Alliance, led by perennial Microsoft enemy Sun Microsystems, is an effort to produce a "federated" network ID scheme that allows small repositories of IDs to interoperate with each other, without relying on a central repository of IDs. 

Unfortunately, the Liberty Alliance had very little to show for itself in 2003.  It decided to adopt OASIS's Security Assertion Markup Language (SAML) as part of its specification but ran into clashes with other vendors' agendas when it attempted to submit its own network ID technology to SAML for inclusion in future versions.  Sun itself released a product that incorporated version 1.0 of the Liberty spec in January 2003. 

The problem is simply that the Liberty spec is vastly complex and difficult to implement from any pragmatic standpoint.  Among other things, there is no reliable way of comparing the security and trustworthiness of different websites, so it is very hard to know whom to trust with personal identities. 

Perhaps the most important standards initiative to watch in 2004 is the Digital Media Project (DMP).  The DMP is the brainchild of Dr. Leonardo Chiariglione, the founder of MPEG.  It is attempting to derive DRM technology standards through the development of use cases from traditional content rights scenarios.  The objectives of DMP are wildly ambitious: for example, they intend to be able to represent "fair use" or "fair dealing," as well as other insanely complex traditional constructs like legacy content licensing regimes, across multiple national bodies of law, in automated technology.  DMP intends to influence existing standards bodies rather than be another one itself. 

The DMP needs participation from more of the major players among technology vendors and (especially) content providers in order to be more than an unaffiliated think tank.  Yet given Dr. Chiariglione's track record and that of some of the DMP's early participants, the initiative should be, at the very least, a source of fascinating discussions and influential work-product as 2004 rolls on.