Last Thursday, a working group of the World Wide Web Consortium (W3C), the web standards body, published a Recommendation for two documents related to the Open Digital Rights Language (ODRL), making ODRL an official web standard. From the vantage point of those of us who were involved in this space 10-15 years ago, this would have been tantamount to an announcement that hell has officially frozen over.
ODRL is a rights expression language (REL), a sophisticated machine-readable language for expressing rights to content. It was invented back in 2000, primarily by Renato Iannella in Australia. It was originally designed so that DRM systems could generate rights descriptions and act on them automatically.
During the heyday of DRM research and development in the late 1990s through mid 2000s, ODRL was one of a handful of RELs. The first to be published was DPRL (Digital Property Rights Language), a LISP-based language created at Xerox PARC in the mid-1990s by Mark Stefik. Xerox started a business unit to commercialize the technology and spun it out as the company ContentGuard, which recast the language in the then-emerging XML standard and dubbed it XrML (eXtensible Rights Markup Language). XrML obtained the backing of the MPEG standards body, which altered it slightly and dubbed the result MPEG REL, as part of the MPEG-21 standard, in 2004-2005.
Another REL at that time was XMCL (eXtensible Media Commerce Language) from streaming media pioneer RealNetworks, which was also based on XML. RealNetworks submitted XMCL to MPEG for the MPEG-21 standards effort, but lost to ContentGuard. RealNetworks had also submitted XMCL to W3C in 2002. W3C did nothing with it, in part because W3C generally wanted nothing whatsoever to do with DRM.
Yet another REL was EBX (Electronic Book eXchange), a REL specific to e-books created by e-book startup Glassbook, which was aquired by Adobe in 2000 and formed the basis of Adobe’s Content Server e-book DRM technology.
RELs were versatile and powerful tools for DRM systems. Content services could use them to communicate complex rights information to users’ devices, so that — for example — a user could purchase rights to download a video permanently, only watch it for a week, watch it in high or standard def, output it in analog or protected digital format, and so on. For example, ODRL’s model defines policies, which include permissions (which can include constraints) and prohibitions that parties can assign to assets, possibly with duties such as payments.
Iannella and Susanne Guth, then an academic in Austria (not Australia), had organized an “Initiative,” unaffiliated with any company or official standards body, around ODRL. This began to bear fruit in 2004 when the Open Mobile Alliance, a standards body for the mobile phone industry, incorporated a subset of ODRL into its OMA DRM standard for mobile content delivery. OMA DRM became widely adopted in early mobile content services.
XrML also received a boost when Microsoft — which owned a piece of ContentGuard — began using it in various applications such as its Rights Management Services DRM system for corporate documents. And Adobe’s Content Server, which used EBX, became a de facto standard for e-book DRM outside of Amazon’s Kindle system in the late 2000s.
Then the momentum of REL adoption slowed. The OMA had failed to (or chose not to, depending on whom you talk to) address issues of intellectual property licensing sufficiently when finalizing the OMA DRM standard. A few companies came forward with claims that OMA DRM read on their patents; one of these was ContentGuard, which held patents on Stefik’s work at PARC and particularly claimed patent coverage of certain aspects of DRM systems that incorporated RELs. The companies formed a patent pool and tried to negotiate a bundled royalty rate from OMA DRM users.
The OMA and its membership, in a rare show of public acrimony, rebuffed the patent pool, and the pool eventually split up. Although the patents in the pool covered many aspects of DRM, ContentGuard chose to emphasize its REL technology because it distinguished ContentGuard’s technology from other DRMs, and its commercial DRM software had used XrML. So — rightly or wrongly — the industry got the idea that implementing DRMs with RELs particularly incurred risks of patent liability. The industry had also gotten the message that such liability could be enormous: Intertrust, another DRM pioneer, had sued Microsoft for patent infringement and walked away with a settlement of $440 million in 2004.
As a result, support for OMA DRM — by far the most successful manifestation of ODRL — tapered off, while other DRMs from vendors that either had licensed ContentGuard’s IP (such as Microsoft) or didn’t use RELs (such as Intertrust and Widevine) flourished. Few people heard much about RELs after the mid-2000s — except for an interesting attempt in 2008 by the eminent MIT computer scientist Hal Abelson to append a REL onto Creative Commons licenses, which languished in obscurity because of the Creative Commons organization’s deep antipathy toward such things. (Iannella also created a profile of ODRL for Creative Commons in 2013, which had similar impact.) The actual official standard MPEG REL got virtually zero uptake in the market.
Now here we are ten years later; not only is ODRL still very much alive, but it has also finally become an official standard. Two things have happened to make conditions for ODRL’s acceptance by a standards body much more favorable.
First, people have recognized that RELs are useful outside of DRM systems — applications that supposedly fall outside the scope of ContentGuard’s patent claims. ODRL turns out to be very good for conveying information about rights among entities in a B2B situation, where rights are enforced by contract and it’s not necessary to use a DRM-style technical enforcement scheme.
The IPTC standards body for the news industry has adopted ODRL as the basis of its RightsML standard for conveying rights information. I’m aware of at least a couple of large publishing companies that are using ODRL for capturing and conveying rights information in their internal rights management and licensing systems. And there’s some talk in the blockchain community of using ODRL to express rights information for transactions on content stored in blockchains.
The W3C’s adoption of ODRL as a Recommendation is within the context of the Permissions and Obligations Expressions (POE) working group, which takes pains to assure the public that it has nothing to do with “digital rights management,” “access control mechanisms,” or “enforcement mechanisms.” Renato Iannella co-chairs the POE working group along with Ben Whittam Smith of Thomson Reuters.
The other development that has made life hospitable for ODRL within W3C is that W3C’s attitude towards DRM has shifted from hostility to grudging acceptance within the world of open web standards. A few months ago, W3C adopted Encrypted Media Extensions (EME) as a Recommendation. EME is a way of integrating DRM schemes with web browsers so that they can operate securely within inherently insecure environments; it has been adopted by Microsoft, Google, and even the open-source Mozilla Foundation for its Firefox browser. W3C’s adoption of it elicited howls of outrage from anti-DRM entities such as the Electronic Frontier Foundation, which resigned its membership in the W3C.
Adoption as a W3C standard doesn’t guarantee success in the market, but it’s certainly a valuable imprimatur as well as vindication of the persistent work that Renato Iannella and others have put in on ODRL over the past 18 years. Somewhat ironically, ODRL’s independence, openness, and flexibility have made it more approachable to potential adopters over the years, while its “rival” MPEG REL’s relative complexity and “standards body baggage” may have hampered its success. It will be interesting to see if Iannella and his colleagues can maintain that same spirit within the W3C world and keep ODRL’s positive momentum going.