ISO/IEC 21000-5:2004/Amd 2:2007

INTERNATIONAL ISO/IEC
STANDARD 21000-5
First edition
2004-04-01
AMENDMENT 2
2007-09-15

Information technology — Multimedia
framework (MPEG-21) —
Part 5:
Rights Expression Language
AMENDMENT 2: DAC (Dissemination And
Capture) profile
Technologies de l'information — Cadre multimédia (MPEG-21) —
Partie 5: Langage d'expression des droits
AMENDEMENT 2: Profil DAC («Dissemination And Capture»)




Reference number
ISO/IEC 21000-5:2004/Amd.2:2007(E)
©
ISO/IEC 2007

---------------------- Page: 1 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2007
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2007 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
Amendment 2 to ISO/IEC 21000-5:2004 was prepared by Joint Technical Committee ISO/IEC JTC 1,
Information technology, Subcommittee SC 29, Coding of audio, picture, multimedia and hypermedia
information.

© ISO/IEC 2007 — All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)
Information technology — Multimedia framework (MPEG-21) —
Part 5:
Rights Expression Language
AMENDMENT 2: DAC (Dissemination And Capture) profile
Insert a new subclause 10.3 as follows:
10.3 Multimedia Extension Two
10.3.1 General
This subclause specifies an extension, called the “multimedia extension two”, of the REL specified in the
previous clauses.
10.3.2 Normative Namespace
The XML namespace for the extension types and new elements and attributes introduced in the m2x
extension shall be urn:mpeg:mpeg21:2006:01-REL-M2X-NS, and this namespace is normative. Here, the
01 represents a serial number that is expected to change as this extension evolves.
10.3.3 Namespace Prefixes
For convenience, this extension uses shorthand namespace prefixes when referring to XML elements and
types. The actual prefix used is not important as long as the namespace URI is correct. The prefixes used in
this extension are given in Table AMD2-1.
Table AMD2-1 — Prefixes of XML Schemas
Prefix Name Namespace
r REL Core urn:mpeg:mpeg21:2003:01-REL-R-NS
sx REL Standard Extension urn:mpeg:mpeg21:2003:01-REL-SX-NS
mx REL Multimedia Extension urn:mpeg:mpeg21:2003:01-REL-MX-NS
dsig XML digital signature core http://www.w3.org/2000/09/xmldsig#
xenc XML encryption core http://www.w3.org/2001/04/xmlenc#
m1x REL Multimedia Extension one urn:mpeg:mpeg21:2005:01-REL-M1X-NS
m2x REL Multimedia Extension two urn:mpeg:mpeg21:2006:01-REL-M2X-NS
© ISO/IEC 2007 — All rights reserved 1

---------------------- Page: 4 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)
10.3.4 Definition of Multimedia Extension Two
This subclause defines the extensions to the REL used in this profile. The syntax and the semantics of these
extensions are presented here. The XML schema for the extension elements and types is listed in L.2.
10.3.4.1 Right Extension Elements
10.3.4.1.1 Export
10.3.4.1.1.1 Informative Description
This element represents the right to export the associated broadcast program to another rendering or storage
device. With a m2x:Export, a broadcast program is allowed to be transferred to another device with clear
resource. If the resource has been encrypted when m2x:export is exercised, the resource should be
decrypted first before exercising the right. When it presents in an r:grant element, this element allows
adding the constraints in the m1x:outputRegulation element to confine the cleared output signal.

Figure AMD2-1 — m2x:Export Right
The example below shows how to grant the 'm2x:export' right to export a broadcast program. The
broadcast program can be exported to other devices in any kind of format and quality since there is no
m1x:OutputRegulation condition.


     urn:mpeg:mpeg21:2006-01-REL-DAC-NS:DM-00001000
     DO1234567



 



10.3.4.1.1.2 Normative Specification
Let r be a m2x:Export. Then r performs the act of releasing a resource in the current repository from explicit
protection and(or) management by current DRM system to another controlled system such as CPS or an
untrusted space. With a m2x:Export, a resource will be transferred to other system in the form of an output
signal without protection.
If r is used as the Right Member of an authorization request, then both the resource Member of that
authorization request shall be present and shall identify the destination and, letting Σ be the Authorization
Context Member of that authorization request, Σ.m2x:destinationPrincipal shall identify the remote
domain or device to which will be transferred the resource.
2 © ISO/IEC 2007 — All rights reserved

---------------------- Page: 5 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)
10.3.4.1.2 ExtendRights
10.3.4.1.2.1 Informative Description
This element represents the right to extend the rights which are originally transmitted.

Figure AMD2-2 — m2x:ExtendRights Right
When present in an r:grant element, this element allows to get additional rights from the specified service
location if current license does not have proper rights for user request.
The child element m1x:ServiceLocation includes identified source for additional rights.
The following example shows that recipient whose device identifier is DE1234567 can extend more rights than
'mx:play' through ‘http://www.foo.org/extendLiceseService’ dynamically.



     urn:mpeg:mpeg21:2006-01-REL-DAC-NS:DM-00001000
     DE1234567

 
 
 
 


 
 
 
  http://www.foo.org/extendLiceseService
 
 
 



10.3.4.1.2.2 Normative Specification
Let r be a m2x:ExtendRights. Then r performs the act of connecting the service location identified by
m1x:ServiceLocation and receiving additional rights to a resource in the current repository when current
license does not have proper rights for user request.
Let d be a m1x:ServiceLocation. The endpoint of the service is given by the value of d/m1x:url.
© ISO/IEC 2007 — All rights reserved 3

---------------------- Page: 6 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)
10.3.4.2 Condition Extension Elements
10.3.4.2.1 DestinationCondition
10.3.4.2.1.1 Informative Description
This condition is used to confine the destination entities on the exercise of transfer-oriented rights, such as
m1x:GovernedMove, m1x:GovernedCopy or m2x:Export.
This condition element is used when the destination entity is required to have specific condition such as
security level, physical proximity or specific territory etc.

Figure AMD2-3 — m2x:DestinationCondition Condition
This condition is satisfied only if all conditions specified by the list of m2x:DestinaionCondition is true.
Following example shows that a resource is allowed to export only if the destination entity has at least security
level 5 in the security system 1 and its location is within Seoul, Korea.


     urn:mpeg:mpeg21:2006-01-REL-DAC-NS:DM-00001000
     DO1234567



 


 

          urn:mpeg:mpeg21:security:system1
 5

 
  
   KR
   SEOUL
  
 
 



10.3.4.2.1.2 Normative Specification
Let c be a m2x:DestinationCondition. Let (p, r, t, v, Σ, L, R) be an authorization request on the
destination entity (or entities). Let (g, h, e) be an authorization story. Then c is satisfied with respect to (p, r, t,
v, Σ, L, R) and (g, h, e) if and only if, for every integer i from 1 to Σ.m2x:cNum(), Σ.c/r:condition(i) is true.
4 © ISO/IEC 2007 — All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)
10.3.4.2.2 DestinationPrincipal
10.3.4.2.2.1 Informative Description
This condition is used to specify principal on the destination entity of transfer-oriented rights, such as
m1x:GovernedMove, m1x:GovernedCopy and m2x:Export.

Figure AMD2-4 — m2x:DestinationPrincipal Condition
This condition is satisfied only if the entity specified by m2x:DestinaionPrincipal is authenticated as the
destination entity.
In the following example, the right to export a resource can be exercised only if the destination device belongs
to the same domain.


     urn:mpeg:mpeg21:2006-01-REL-DAC-NS:DM-00001000
     DO1234567



 






10.3.4.2.2.2 Normative Specification
Let c be a m2x:DestinationPrincipal. Let (p, r, t, v, Σ, L, R) be an authorization request on the
destination entity. Let (g, h, e) be an authorization story. Then c is satisfied with respect to (p, r, t, v, Σ, L, R)
and (g, h, e) if and only if there exists a c/r:principal such that r:principal is Equal
to Σ.r:principal().
10.3.4.2.3 Proximity
10.3.4.2.3.1 Informative Description
This condition is used to confine the destination entities in m2x:DestinationCondition element on the
exercise of transfer-oriented rights, such as m1x:GovernedMove, m1x:GovernedCopy or m2x:Export.
This condition element is used when the destination entity is required to have physical proximity to source
entity.
This condition is satisfied only if the destination entity has physical proximity with the source domain specified
at r:grant/r:recipient element.
© ISO/IEC 2007 — All rights reserved 5

---------------------- Page: 8 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)

Figure AMD2-5 — m2x:Proximity Condition
Following example shows that a resource is allowed to export only if the destination entity has physical
proximity with the domain specified by DO1234567.


     urn:mpeg:mpeg21:2006-01-REL-DAC-NS:DM-00001000
     DO1234567



 


 



NOTE There is no normative standard to determine the Proximity between source entity and destination entity.
However according to MPAA memo[8], at a minimum, local proximity detection requires:(i) setting the Internet Protocol
(IP) packet header parameter Time to Live (TTL) to 3 in all transmitted IP packets of output content from a source device;
(ii) confirmation that any Internet Protocol (IP) packets of the content received by a destination device have an IP Time to
Live (TTL) parameter value of no greater than 3; and (iii) confirmation by the source device for any transmission of content
(including over point-to-point wired connections) that one secure, valid measurement of a Round Trip Time (RTT) of 7
milliseconds or less has been made between itself and the destination device prior to completing the destination device’s
authentication request. Time to Live (TTL) is defined in Internet Standard RFC 791 STD 5. So the standard of
m2x:Proximity follows the MPAA’s recommendation.
10.3.4.2.3.2 Normative Specification
Let c be a m2x:Proximity. Let (p, r, t, v, Σ, L, R) be an authorization request. Let (g, h, e) be an authorization
story. Then c is satisfied with respect to (p, r, t, v, Σ, L, R) and (g, h, e) if and only if Σ. c/m2x:pM(p) is true.
10.3.4.2.4 Scrambling
10.3.4.2.4.1 Informative Description
This condition is used to confine the rights, ‘m1x:GovernedCopy’ and ‘m1x:GovernedMove’ to copy or
move the associated resource to the device or system on which a scrambling algorithm should be applied to
the resource before it is stored.
The optional attribute @cipherType of type QName indicates the name of a scrambling algorithm.
When the attribute is not specified, it means that it does not care about the kind of scrambling algorithm.
This condition is satisfied only if the target entity has a scrambling function with the algorithm specified at
attribute @cipherType.
6 © ISO/IEC 2007 — All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)

Figure AMD2-6 — m2x:Scrambling Condition


     urn:mpeg:mpeg21:2006-01-REL-DAC-NS:DM-00001000
     DE1234567



 




In the above example, the m1x:GovernedCopy is granted the right to copy the resource specified in
r:DigitalResource only if device1234567 has a scrambling function supporting AES algorithm.
10.3.4.2.4.2 Normative Specification
Let c be a m2x:Scrambling. Let (p, r, t, v, Σ, L, R) be an authorization request. Let (g, h, e) be an
authorization story. Then c is satisfied with respect to (p, r, t, v, Σ, L, R) and (g, h, e) if and only if at least one of
the following is true:
- if c/@cipherType is present then, Σ. m2x:sB(c/@cipherType) is true, or
- if c/@cipherType is present then Σ. m2x:sB() is true.
10.3.4.2.5 SecuritySystem
10.3.4.2.5.1 Informative Description
This condition element is used to specify a security system to handle the resource.

Figure AMD2-7 — m2x:SecuritySystem Condition
This condition is satisfied only if the DRM system to handle the resource is the same one which is specified by
m2x:identifier, the child element of m2x:SecuritySystem, and if m2x:level is specified, it is equal to
or less than the security level of target device on the specified DRM system. Target device can be current
device or destination device according to specification position.
In the following example, the right to copy a resource can be exercised only if current device is controlled by
the security system 1 and the security level on the system has at least class 3 or higher.
© ISO/IEC 2007 — All rights reserved 7

---------------------- Page: 10 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)


     urn:mpeg:mpeg21:2006-01-REL-DAC-NS:DM-00001000
     DO1234567



 


      urn:mpeg:mpeg21:security:system1
 3



10.3.4.2.5.2 Normative Specification
Let c be a m2x:SecuritySystem. Let (p, r, t, v, Σ, L, R) be an authorization request. Let (g, h, e) be an
authorization story. Then c is satisfied with respect to (p, r, t, v, Σ, L, R) and (g, h, e) if and only if
c/m2x:identifier is Equal to Σ.m2x:securitySystem() and c/m2x:level is Equal to or less than
Σ.m2x:securitySystemLevel().
10.3.4.2.6 noSkipConstraint
10.3.4.2.6.1 Informative Description
This condition element is used to specify time and object constraints for skipping in a resource.

Figure AMD2-8 — m2x:NoSkipConstraint Condition
When present in an r:grant element, this element allows to skip parts of the resource only if constraint
intervals or objects are processed (played or stored). For instance, let a resource have 5 min ads in front of
the resource and the ads parts are referred in this element, then user can store the resource after the ads
parts are stored.
The m2x:NoSkipConstraint element can have more than one m2x:object and m2x:interval. The
m2x:object represents the object(s) not permitted skipping and m2x:interval represents interval(s),
which means that the object(s) or interval(s) is(are) mandatory. This condition can be with store, copy and
adapt as well as play. The child element, m2x:relTimeDuration is used to specify relative time interval in
8 © ISO/IEC 2007 — All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)
a resource. It is composed of two elements: m2x:relStartTime and m2x:relDuration. The
m2x:relStartTime indicates a start time point in a resource based on the beginning of the resource. The
m2x:relDuration indicates time duration from the m2x:relStartTime.
The following example shows that for the recipient device, 30 to 45 period of the resource is mandatory to
store. In the example, if the first AD part is not stored, storing behind part of the first AD part is not permitted.


 urn:mpeg:mpeg21:2006-01-REL-M2X-NS:DM-01000
 DE1234567



 


 
  PT30M
  PT15M
 


10.3.4.2.6.2 Normative Specification
Let c be a m2x:NoSkipConstraint. Let (p, r, t, v, Σ, L, R) be an authorization request. Let (g, h, e) be an
authorization story. Then c is satisfied with respect to (p, r, t, v, Σ, L, R) and (g, h, e) if and only if the following
are true:
- Let c1 be a c/m2x:interval. Both c1/relStartTime, c1/relDuration are present and the
parts of the resource located between c1/relStartTime and c1/relStartTime +
c1/relDuration have already exercised by right ρ before exercising the current position of the
resource, or
- Let c2 be a c/m2x:object. Both c2/r:digitalResource is present and the parts of the
resource specified by c2/r:digitalResource are exercised by right ρ before exercising the
current position of the resource.
NOTE Fast-forward play is restricted with the condition, but rewind or reverse is not restricted. However, after
rewinding, any forward action such as play and fast-forward should be restricted again.
10.3.4.2.7 simultaneousAccess
10.3.4.2.7.1 Informative Description
This condition element is used to specify a condition for limiting simultaneous access to a resource by
principals within a certain environment (e.g. a home network domain).
© ISO/IEC 2007 — All rights reserved 9

---------------------- Page: 12 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)

Figure AMD2-9 — m2x:SimultaneousAccess Condition
When present in a r:grant, this element limits simultaneous access to the associated resource
r:grant/r:Resource by a number of principals within the environment according to specified conditions.
The m2x:SimultaneousAccess is composed of m2x:count, and optionally m2x:period and
m2x:isPartOf. The m2x:count represents the maximum number of principals within the environment that
can have simultaneous access to the associated resource, the m2x:period represents a time period during
which simultaneous access is allowed, and m2x:isPartOf represents a resource to which the associated
resource belongs and the resource should not be accessed by any other principal in the environment. If there
are more than one m2x:isPartOf specified, then at least one of the resources represented by
m2x:isPartOf is not accessed by any other principal in the environment to access the resource specified in
the r:resource.
NOTE A resource specified in the m2x:isPartOf may indicate a group or collection of the associated resources.
When the associated resource is accessed, any one of groups or collections which the resource belongs to is considered
to be accessed.
The condition represented by this element permits simultaneous access to the associated resource by
principals within the given environment, if (i) the number of principals within the environment that have access
to the resource simultaneously is less than the value specified by the m2x:count element, (ii) when the
m2x:period is specified, the time interval to access the resource should be within the time period specified
by m2x:period, and (iii) when an m2x:isPartOf is specified, no part of the resources specified by the
m2x:isPartOf is accessed by any principal within the environment.
In the following example, the right to play a resource can be exercised only if the number of current principals
within an environment that are accessing the resource simultaneously is not more than 5, and the period is
from midnight on Jul 1, to midnight on Dec 31, 2006.


 urn:mpeg:mpeg21:2006-01-REL-M2X-NS:DM-01000
 DE1234567



 


 5
 
  2006-07-01:T00:00:00
  2006-12-31T00:00:00
 


10 © ISO/IEC 2007 — All rights reserved

---------------------- Page: 13 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)
In the following example, the right to play a resource can be exercised by a maximum of 3 principals at the
same time since the specified resource belongs to 3 different content groups.


 urn:mpeg:mpeg21:2006-01-REL-M2X-NS:DM-01000
 DE1234567



 


     

















10.3.4.2.7.2 Normative Specification
Let c be a m2x:SimultaneousAccess. Let (p, r, t, v, Σ, L, R) be an authorization request. Let (g, h, e) be an
authorization story. Then c is satisfied with respect to (p, r, t, v, Σ, L, R) and (g, h, e) if and only if the following
are true:
- c/m2x:count is greater than Σ.m2x:simultaneousAccess(t) AND
- Let c1 be a c/m2x:period. Both c1/r:notBefore, c1/r:notAfter are present and the interval
ϖ is within the interval specified by the values c1/r:notBefore and c1/r:notAfter AND
- If there are occurrences of c/m2x:isPartOf, then for at least one c/m2x:isPartOf,
Σ.m2x:accessed(c/m2x:isPartOf/r:digitalResource)is false.
10.3.4.2.8 TimedExerciseLimit
10.3.4.2.8.1 Informative Description
This condition element is used to specify the period during which the right can be exercised, and the count
which is allowed after the specified period has been expired.
© ISO/IEC 2007 — All rights reserved 11

---------------------- Page: 14 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)

Figure AMD2-10 — m2x:TimedExerciseLimit Condition
This condition is satisfied only if the value of m2x:duration or m2x:quantum has not been expired, or if
expired, the system counter is equal to or less than the value of m2x:count.
In the following example, the right to play a resource can be exercised without period limitation only for 3 days
after acquiring the grant and another one time more after the 3 days.


     urn:mpeg:mpeg21:2006-01-REL-DAC-NS:DM-00001000
     DE1234567



 


 P3D
 1



10.3.4.2.8.2 Normative Specification
Let c be a m2x:TimedExerciseLimit. Let (p, r, t, v, Σ, L, R) be an authorization request. Let (g, h, e) be an
authorization story. Then c is satisfied with respect to (p, r, t, v, Σ, L, R) and (g, h, e) if and only if at least one
of the following is true:
- if c/m2x:duration is present then, Σ. m2x:vD(c/m2x:duration)is true or
- if c/m2x:quantum is present then, Σ. m2x:vQ(c/m2x:quantum)is true or
- if c/m2x:count is present then, Σ. m2x:vC (c/m2x:count) is true.
10.3.4.2.9 TimeShiftDuration
10.3.4.2.9.1 Informative Description
This condition element is used to specify maximum duration for temporal storing used for time-shifted
operation or delayed watching service.
12 © ISO/IEC 2007 — All rights reserved

---------------------- Page: 15 ----------------------
ISO/IEC 21000-5:2004/Amd.2:2007(E)

Figure AMD2-11 — m2x:TimeShiftDuration Condition
When present in an r:grant element, this element allows keeping data in buffer temporally within specified
duration. If the duration is zero, the resource data is permitted for only immediate rendering or playing, not for
buffering. The following example shows that the recipient device is permitted for maximum 5 minutes buffering
for mx:play.


     urn:mpeg:mpeg21:2006-01-REL-DAC-NS:DM-00001000
     DE1234567


...