Universal Availability of Publications Core Programme

COPEARMS News
Issue 4, November 1998

Introduction

News in Brief

The SEDODEL (Secure Document Delivery for Blind and Partially Sighted People) project began on 1 April 1998. The project is developing the ERMS designed under the CopySmart project to create a secure environment for the flow of information to and from blind and partially sighted people. Further information can be found at http://www.arttic.com/projects/sedodel/. If anyone would like to be added to the SEDODEL mailing list to receive project updates and invitations to SEDODEL events please contact Judy Watkins, IFLA Office, British Library, Boston Spa, Wetherby, West Yorkshire, LS23 7BQ. email judy.watkins@bl.uk

Report of Special Interest Group Meeting-
Brussels, 9 September

The day began with an introduction to the aims of the SIG by Judy Watkins. The participants then introduced themselves and briefly stated their interest in electronic rights management systems and their reasons for attending the SIG. The delegates were from publishers, publishers' associations and university libraries. Other projects were also represented.

Séverine Dusollier from CRID spoke about the legal issues of ERMS stressing that the law is very important if technology is able to provide a solution for the protection of rights holders. She recommended that, when appropriate protection is in place, tools that facilitate circumvention of these mechanisms should be banned.

One of the delegates commented that the Draft Copyright Directive is for rights owners and the measures could prohibit access as well as copying and reproducing. She felt that the Directive produced a negative picture overall with no real legal protection against circumvention. Séverine replied that she felt it is maybe too early to comment as the protection measures are not yet clear.

When asked how it was possible to ensure that students have access to all the material they need she replied that technology providers, even if they are rights owners, are not usually reluctant about exceptions.

Another problem mentioned was privacy - if personal data needs to be given before access is allowed it is infringing privacy rights, especially if the information is provided to other countries where privacy legislation is not as strict. Séverine agreed that, so far, there was no solution to this problem.

Another delegate considered the legislation and directives to be too strict and felt that, within the European Union, they should be reviewed on a regular basis to change with technology. Séverine disagreed and did not feel that it was a good solution to link legal issues with technology changes.

Further discussion followed about whether the law should keep abreast of rapidly evolving technology and differing views were expressed.

Jean-Christophe Lardinois, also from CRID, began his presentation about identifiers by informing the delegates that a discussion paper had been released by the DOI (Digital Object Identifier) Foundation on 17 August 1998 and full details are on the Web site at http://www.doi.org

When asked why there are so many different identifiers for literary works Jean-Christophe replied that he wasn't sure. One suggestion made was that it could be because collecting societies are different in each country.

Comments were made emphasising the importance of European Publishers' Associations. Many have joined the DOI Foundation and some are already testing DOIs.

What happens with multimedia material - does each format have a separate identifier? Jean-Christophe replied that it was important for each part to be kept separately identified in order that any part of the work cannot be taken and reproduced. The complete work will have one identifier with sub-identifiers for each individual part.

A delegate commented that the ALCS (Authors' Licensing and Collecting Society) is using DOIs to identify authors - they are not just a publishers' initiative. See the Web site at http://www.alcs.co.uk. DOIs are only being tested at this stage but at least publishers and authors are `talking'.

Gérard Eizenberg from ONERA followed with a presentation of the security issues of ERMS. He stressed the importance of evaluation criteria profiles and also felt that it was important in organisations such as libraries to protect the integrity of material no longer within the scope of copyright legislation.

There was some debate about whether ERMS is relevant to electronic commerce, which remained unresolved.

Gérard was asked about over-watermarking attack and gave a detailed explanation using diagrams. He confirmed that it would be difficult for the owner of the rights to the original watermarked document to prove that he was the owner of the over-watermarked document. He informed the delegates that there were a series of security conferences being held in Brussels the following week, including a paper on watermarking.

Edmond Kouka from EURITIS introduced himself as the technology provider for the COPEARMS Project and spoke of the lessons learned from ERMS technical assistance given to vertical projects.

The first presentation after lunch was by Richard Carr from Level 7 on ERMS Contract Service. He talked about CORBA and ERMS interoperability and explained in detail the implementation scenario, a skeleton of which is already working.

The offer set specifying AM (morning) only provoked some debate as to what constituted AM on the Internet. Richard explained that the system's knowledge of the user would define when AM is.

Dominique Spaey from Bureau van Dijk, co-ordinating partner of the Project, followed with presentation of COPEARMS services and outlined the answers to: Who needs COPEARMS? How does COPEARMS intervene? What is COPEARMS added value? Who are the COPEARMS targeted customers? What does COPEARMS offer? He then presented the COPEARMS package on offer. It is intended that the offer will be put on the Web site, together with a questionnaire for interested parties to complete.

Judy Watkins and Edmond Kouka presented SEDODEL (SEcure DOcument DELivery for Blind and Partially Sighted People), a project sponsored by the European Commission under the TIDE Programme. It commenced on 1 April 1998 and will run for 18 months. Judy handed out brochures and gave a brief outline of the main problems which SEDODEL is hoping to address, such as copyright, integrity issues and interoperability issues. Edmond followed and spoke about the technical issues involved, demonstrating the architecture for the system integration using CopySmart technology.

A delegate questioned the need for a new system as it would seem that COPEARMS could be used, each user having their own profile. Judy answered that copyright legislation is prohibitive for visually impaired people. At the moment permission is needed from content providers every time material is converted to an alternate format in order that visually impaired people have the same access as normally sighted people. The main obstacle is how to convince content providers that they will not lose their market if SEDODEL makes material accessible to visually impaired people. (One of the other partners in the SEDODEL Project has given a more detailed description of the need for SEDODEL and this has been reproduced, with his permission, in the proceedings.)

It was agreed that there are many legal issues and COPEARMS services could be offered to SEDODEL. Judy pointed out that the draft directive on copyright issues in the information society does not give much to the whole of the print-disabled population. She produced a slide which outlined the draft proposed alternative.

Andrew Sutton, Project Manager of the RITE (Radical Improvements To Efficiency through access to low cost multimedia systems) Consortium, gave a short presentation of the RITE Project. Various parts of the music industry communicate with each other in many ways and the effectiveness of that communication can significantly affect the efficiency and profitability of the companies concerned. The Project seeks to improve these communications by providing efficient and seamless access to information and easy to use exchange of views and documents.

Judy closed the meeting by thanking the delegates for attending, the speakers for their presentations and Pauline for her part in the organisation.

A copy of the full proceedings are available from the COPEARMS web site or from Pauline Connolly at IFLA, c/o The British Library, Boston Spa, Wetherby, West Yorkshire, LS23 7BQ. Email pauline.connolly@bl.uk

COPEARMS Technology Implementation Plan

PROJECT SUMMARY

From now onwards four partners of COPEARMS - EURITIS, Bureau van Dijk, CRID and ONERA - continue to offer technology and services under commercial conditions.

With ever increasing quantities of copyrighted electronic data being made widely available to consumers, demand for copyright and IPR management systems is growing rapidly. Publishers wish to avoid significant losses in revenue through illegal information use and therefore it is becoming important for them to be aware of the state-of-the-art ERMS. The COPEARMS Consortium has been using know-how developed by a previous esprit project CITED (Copyright in Transmitted Electronic Documents), the knowledge of the Consortium Partners to provide assistance services in the design and implementation of ERMS, and the COPYSMART technology developed by EURITIS.

These services include business analysis of the implementation of ERMS; transfer of technical and security know-how through ERMS training; possibly transfer of technology; advice on the design of EDI messages for ERMS; and advice on legal and contractual matters and on standardisation. During the project assistance has mainly been restricted to other EU co-sponsored projects under the esprit, ACTS and Telematic Programmes. The assistance is now being made available to any organisation.

The Consortium has also been holding a series of Special Interest Group (SIG) meetings throughout Europe to exchange ERMS development information and to help with problem solving through experience.

Business opportunities

• access control,
  
• monitoring of the use of the material,
  
• reporting on the usages,
  
• payment in function of the usages and invoicing.

(Copy)righted information might be music, audio-visual productions, images for industrial uses, educational material, software, etc.

COPEARMS offers an integrated support in order that when designing and implementing an ERMS, the state-of-the-art of technological developments is taken into account as well as all critical dimensions of those systems.

Technical Perspective

COPEARMS is able to provide technical assistance for the design and implementation of ERMS.

How it works

COPEARMS services and technology is offered to:

• RTD projects in preparation (proposals to 5th Framework Programmes calls) in order that the design and implementation of ERMS be integral part of the workplan of those projects,

• any organisation whose business requires an efficient management of rights such as producers or distributors of music, audio-visual productions, educational multimedia.

COPEARMS services are provided separately or as a package.

References

TISSUS (esprit)
Contact: Mrs Charlotte Bayart
email: tissus@selisa.fr
Web page: http://tissus.selisa.fr

CopySmart (esprit)
Contact: Jean-François Boisson
email: euritis@wanadoo.fr
Web page: http://webpro.isegroup.com/euritis

TALISMAN (ACTS)
Contact: Mrs. Catherine Simon
email: Catherine.c.s.simon@thomcom.thomson.fr
Web page:

MULTIMEDIATOR (ACTS)
Contact: Professor Doctor Jaime Delgado
email:delgado@logiccontrol.es
Web page: http://www.uk.infowin.org/ACTS/RUS/PROJECTS/ac096.htm

EUROPE MMM (esprit)
Contact: Rosemary Altoft
email: mmm@wiley.co.uk
Web page: http://www.fernuni-hagen.de/EuropeMMM

VENIVA (esprit)
Contact: Alvise de Michelis
email: demichelis@tol.it
Web page: http://www.tin.it/veniva/veniva.html

ELISE II (Libraries)
Contact: Sophia Goddard
Email: sgoddard@dmu.ac.uk
Web page: http://severn.dmu.ac.uk/elise/

ERMES (esprit 24111)
Contact: Dr. Giovanna Avellis
email: avellis@mail.csata.it

ECADEC(esprit)
Contact: Manuel Martinez Ribas
Email: martinez.ribas@recol.es

Demonstrations

• a joint COPEARMS - IMPRIMATUR demo linking Euritis's CopySmart Trusted Server and an IMPRIMATUR's watermarking viewer tool, developed by EURITIS,

• a dynamic Contract Object Service developed by Level-7.

Terms and conditions for using the result

Publications and other items

1. PROJECT RESULTS

1.1. EURITIS

Introduction

Euritis came in the COPEARMS project with the following background :

1. AIRS, a secure Information Retrieval System.
2. CITED model and demonstrators.
3. CopySmart, a suite of software modules and tamper- proof hardware equipment for designing and deploying cost-effective ERMS solutions.

Euritis has developed the following foreground in the COPEARMS project :

1. CopySmart-Licensee, a software module assisting the content provider in the definition of licensing conditions and use rights to be attached with his/her protected work,
2. CopySmart-Marker, a software module allowing for encrypting and digitally signing electronic content delivered on networks,
3. ERMS Reference Model- Volume 2, a reference model describing the interfaces of ERMS services in order to ensure ERMS interoperability,
4. ERMS RAD Services, a Rapid Application Development methodology and the necessary and sufficient services for fast prototyping ERMS solutions. These services are based on experience learned from technical assistance, technology transfer and also from deliverables produced by the COPEARMS partners.

EURITIS has been in charge of ERMS technology transfer to the assisted vertical projects. EURITIS also contributed to the upgrading of the CITED Model as the COPEARMS ERMS Reference Model that actively contributed and will continue to contribute to the promotion of ERMS interoperability.

Many projects and organisations contacting EURITIS have already heard about CITED (Copyright In Transmitted Electronic Documents). They probably understood the model and agreed with the proposed approach. What they seek now is the means for getting the model at work in their real life business context.

Lessons learned from the assistance led EURITIS to the following approach and exploitation strategy :

1. We have to start small with very convincing and easy to understand ERMS services such as secure delivery of content on the Internet, authentication of users, watermarking protection,
2. We have to properly assess the ability of the customer to commit itself in the design and the deployment of the ERMS to be implemented,
3. We can then deploy the ERMS incrementally and take care of its integration with legacy systems (e.g. the company's accounting system).

The ERMS RAD methodology provides the organisation and the tools that give effective answers to these requirements.

From now, any assistance will be carried out on commercial basis.

Any request a customer or a EC funded project directly submits to EURITIS for ERMS services will be solved under the direction of Euritis.

EURITIS will analyse the customer's needs and will determine the need of subcontracting some parts of the services to COPEARMS partners :

1. BVD if there is a need for an in-depth organisational assistance,
2. CRID for any need related with legal issues,
3. ONERA if there is a need for an in-depth security expertise.

Euritis can itself undertake part or the totality of tasks that might have been subcontracted to other partners if the cost of the subcontracted service significantly impedes the commercial benefit of the total operation.

The customers who directly contacted EURITIS will deal with EURITIS only as the unique supplier monitoring the implementation of the requested service.

Business Description

EURITIS is specialised in integration of trusted IT system and secure information retrieval systems.

EURITIS security is based on advanced smart card technologies.

Domains covered include and are not limited to :

• Corporate Intranet security,
• Secure electronic commerce on the Internet,
• Teletraining and groupwares,
• Computer security,
• Electronic rights management systems,
• Web publishing,
• Information retrieval systems,
• CD-ROM publishing.

Further information about the Euritis commercial offer are available at the following URLs :

• Euritis web site : http://webpro.isegroup.com/euritis
• COPEARMS ERMS Technology and Services : http://webpro.isegroup.com/euritis/main.html

The Existing Tools

EURITIS basic tools include :

1. AIRS, and advanced information retrieval system available on the Internet,
2. CopySmart, a suite of components on-the-shelf for building trusted applications in the domains listed above. It consists in :
   
   • A Marker module which provides the following services : Digital signature, Public key encryption, key management,
   • The CopySmart Trusted Administrator which allows for the definition and the administration of trusted network domains,
   • The CopySmart Trusted Server which allows for secure end-to-end transactions on networks,
   • The CopySmart Secured Device which is the client securing end-point connection with the server and which locally enforces the security policy as defined by the CopySmart Administrator.

Domain of competence

EURITIS domain of competence in system engineering includes :

• Electronic Management of Documents,
• Search engines,
• Development of distributed client/server applications,
• COM/DCOM, CORBA middlewares,
• Computer and network security, Firewalls,
• Smart card technologies,
• Corporate workflows,
• TCP/IP, LDAP protocols,
• Encryption, digital signature, X509 certificates.

Business focus

EURITIS business is therefore focused on :

1. Providing consulting services for analysing and designing the system architecture for integrating trusted middleware applications,
2. Providing technical assistance for fast prototyping secure Intranet/internet solutions and electronic rights management systems,
3. Selling on-the-shelf products: AIRS, CopySmart trust builder components.

This is an expanding business which benefits from the booming of the Business-To-Business market and the Intranet security market. With the expected maturity of the electronic commerce by the year 2010, network security and payment solutions, especially smart card based security solutions are progressively taking off.

With the irremediable trend towards technology integration and market globalisation, there is no doubt about the crucial importance which will be attached to trusted intermediaries facilitating access to a diversity of information source in a secure way.

Users benefit

CopySmart based access control framework makes it suitable for Intranet where highly sensitive applications are accessed over the web, as users are granted access not because of who they are, but because of what they are allowed to do. CopySmart thus enables mission critical applications to be "web-enabled" with comprehensive security. It also allows organisations to define and manage access rights in a way that dramatically reduces the cost of administering this security. Companies integrating EURITIS tools in their business take advantage of new enabling technologies for reducing time to market their solutions and securing their business.

The Competition

Integration of IPR management within the electronic commerce environment is becoming a more and more demanded feature. Competitors therefore are investing in the market. The main competitors include:

• Intertrust Technology with the Digibox™ solution, a secure container for delivering component information according to specified rights,
• IBM InfoMarket™ with the Cryptolope™ solution which is a cryptographic envelope for delivering component information according to specified rights,
• DigiMark corporation, which provides a system which allows image creators to communicate the copyright and ownership of their images thanks to watermarking technology (invisible tattoo embedded into the data).

These solutions focus either on a secure delivery of the content as a black-box unit, or on the tattooing of the data. EURITIS's technology allows for a closer link between the electronic rights management system and the resource to be protected.

Another advantage of the EURITIS's CopySmart solution as compared with the other ones is that it combines network security and local enforcement of rights based on smart card flexibility.

As for network security, two major actors have to be considered:

• Entrust Technologies, the largest provider of Certification Authority (CA) and PKI software solutions,
• Entegrity which offers applications platform for rapid security development and deployment : Entegrity's Security Development Platform (SDP) and companion suite of solutions.

2.2. BUREAU VAN DIJK

The results obtained by BvD are twofold:
• expertise in analysis of business cases of implementation of ERMS:

  BvD has carried out the business case analysis with eight RTD projects concerned with ERMS. These case analyses focused on the following issues:

  • digital information to be processed/protected/ monitored by the ERMS,
  • agents intervening in the production and use of this information,
  • operations involved in the production and dissemination of the information,
  • communication systems for the transfer of information between agents,
  • marketing strategy of the concerned publishers/producers and distributors,
  • usage operations being performed by the agents on the information,
  • rights allocated to the agents to perform the usage operations,
  • IPR contracts to be processed,
  • threats involved by ill-intentioned usages or by misuses,
  • protection levels to be considered.

• update and upgrade of the former CITED model:

  The former CITED model has been upgraded into an ERMS Reference Model.
  This model is made of two parts: the "Business requirements" addressed to business and legal specialists willing to specify the requirements of ERMS for their organisation; the "Service specifications" addressed to ERMS developers aiming at proprietary ERMS being able to interoperate by using the same CORBA compliant protocole.

  BvD has upgraded the 1st part while taking account of the development of the second one. The upgrade has been carried out thanks to the experience gained in the business analysis of the RTD projects assisted, and to the inputs provided by the other COPEARMS partners relating to legal, technical, security and standardisation (EDIFACT and identifiers) issues.

  This expertise gained thanks to the projects can be coupled with other expertise of BvD as a management consulting company, in particular cost-benefit analysis of investment projects, in this case investment in ERMS implementations.

  Bureau van Dijk is part of the COPEARMS business offer lead by EURITIS. This offer focused on the provision of technology and engineering services to which other services can be associated upon client requirements: one of these associated services is the business case analysis including when appropriate the cost-benefit analysis of the ERMS investment.

2.3. CRID

Summary

In the framework of COPEARMS, the CRID (Centre de Recherches Informatique et Droit - University of Namur, Belgium) was in charge of considering the legal issues raised by ERMS-type technology and of providing legal assistance to concerned projects.
Through its involvement in the project, the CRID has gained a legal expertise in this field of ERMS and on-line licensing and distribution of IPR-protected material. Such expertise can help any on-line or off-line multimedia project or more generally any e-commerce project envisaging to protect its application or services by an ERMS.

An overview from a business opportunities perspective

On-line-licensing and distribution of IPR content is an important part in the development of electronic commerce. A prerequisite for such an electronic IPR management system is nevertheless to comply with relevant regulations related to the legal acceptance and value of digital documents and signature, personal data protection, protection of consumers. On the other hand, the regulatory framework in which the ERMS operates, has to be considered in order to encompass the validity of operations enabled by the technology. Such a compliance will be necessary both to enhance the confidence of users and copyright holders in the system (this is particularly true as regards privacy, consumer protection, copyright balance) and to ensure the security and validity of any project based on such technology (for instance, as regards the validity on e-contracting, the protection of the technology against its circumvention, etc.).

Therefore, a legal expertise should accompany the design and implementation of the technology. This expertise can be provided by the CRID.

An overview from a technical perspective

The main concern is that the ERMS, which enshrines various licence contracts, encompasses the provisions of IPR requirements, for instance as regards the balance between copyright protection and fair use or copyright exceptions. The following legal questions have to be answered :

• What can I protect by an ERMS ? Should multimedia objects or content non protected by an IPR be included in the technical protection? What are the relevant IPR (copyright, related rights, database protection, …)?

• To what extent should the technology take into account the copyright and IPR exceptions?

• Is the circumvention of the technology or the manufacturing of circumventing devices prohibited?

• How can I validly bind users on-line ? What are the values of an electronic contract, such as a click-mouse contract, of a digital signature and of electronic documents?

• Is the utilisation of an ERMS privacy-compliant ? What are the rights of concerned people as regards the personal data the technology collects and processes?

• What are my obligations when dealing with consumers?

• How can the technology integrate VAT rules?

• How should I draft my contracts to be compliant with the law?

Scope of the legal expertise

The CRID can provide its legal expertise to any e-commerce project dealing with IPR management and/or development or implementation of ERMS or any other technology aimed at protecting IPR.

The legal assistance could be the following:

• Providing legal assistance concerning the legal issues related to the development and the deployment of an ERMS.

• Providing an overall or customized overview of the relevant legal frameworks.

• Help identify and draft the relevant parts of contracts relating to the ERMS.

The legal issues related to an ERMS which will be covered by the CRID can be summarised as follows:

1. Legal acceptance of digital documents and validity of digital signature.
2. IPR issues:
   
   • Identification of copyright application and of the legislation applicable
   • state of exceptions to copyright and users freedom
   • application of copyright legislation

3. Privacy implications: application of data protection legislation to personal information about users, authors or any other data subjects.
4. Consumer protection, incl. provisions on distance- selling contracts.
5. Electronic payments and taxation issues.
6. Legal Protection of the technology and provisions on anti-circumvention devices.
7. Liability of the various actors.

Current applications of the legal expertise

The COPEARMS legal expertise has been developed in numerous European projects during the course of the COPEARMS project, such as TISSUS (distribution and management of textile designs), VENIVA (electronic distribution of archives), COPYSMART (business information database), OPEN UNIVERSITY (on-line education), TALISMAN (watermarking), ELISE II (on-line distribution of artistic and scientific images towards education institutions and universities).

The legal expertise has also been deployed for the ECADEC project (Esprit project) dealing with on-line distribution of editorial content.

Terms and conditions for using the legal expertise

Scope of the service

Examples of services to be provided :	Basic Price
- Overall overview of the legal issues raised by the project	5 man-days
- Identification of the copyright applications and contracts Providing of general information on legislative framework concerning the development stage of an ECMS	10 man-days
- Drafting relevant contracts necessary for the project	3 man-days per contract
- Tailor-made analysis of the legal issues and possible solutions, incl. drafting of contracts :	20 man-days

Resources

Price for one man-day : 500 ECU + Travel

Information about the CRID

The Centre for Research on Computers and Law has as its principle objective the aim of fostering fundamental and applied research in the field of information and communication technologies from legal, technical and socio-economic perspectives.

Since 1980 CRID has brought together a unique inter-disciplinary team of researchers, who now number about thirty, to carry out academic and applied research in the field of information and communication technologies from legal, technical and socio-economic perspectives.

Its main areas of research can be described as follows:

Electronic Commerce and Network Law	contract law, liability and evidence. commercial, financial and taxation law. commercial practice and consumer protection
Protection of Products, Services Electronic Communications	intellectual property law and computer software, databases and multimedia works, evidence, security, computer crime and cryptography
Privacy, Access and Freedom in the Information Society	protection of personal data, electronic democracy, commercialisation and access to information and public data
Telecommunications	Regulation and the Political-economy aspects Liberalisation, harmonisation and universal service convergence, concentrations and pluralism.
Legal and technical informatics	development of expert systems and databases. Legal issues of expert systems and databases.

As part of its dissemination activities CRID has generated its own publication series with the aim of ensuring the results of research studies undertaken by its researchers and associates are made widely available. Each volume ('Cahier') of the publication series analyses a specific topic in-depth from a multi-disciplinary perspective.

2.4. LEVEL-7

Summary

EDIFACT is used to exchange messages, such as usage rights, usage statistics and billing information between distributed Electronic Rights Management Systems (ERMS).

A two-level training course will provide a solid grounding in the design and implementation of EDIFACT messages and the issues concerned with standardisation and implementation. The training is intended for the technical specialists of projects and consortiums implementing EDI and Electronic Rights Management Systems (ERMS). The first level of training will provide a basic understanding of EDIFACT, the issues concerned with message design, their standards and implementation. The second level of training will build on this to provide practical skills in message design and implementation. The first level training course is called "Designing EDIFACT messages: The Essentials". The second level training course is called "Designing EDIFACT messages: In-Depth". An instructor is recommended for the second level course, whereas the first level course is suitable for self-paced learning.

An extension to the course is currently under development, which will provide a demonstration of ERMEDI (Electronic Data Interchange for Electronic Rights Managment) in action. A web-based demonstrator will access an ERMS contracts database to show, set and dynamically negotiate the usage rights for different types of digital objects

The web site below provides Level-7's public results from the COPEARMS project concerned with ERMEDI. The Essentials Course is in MS PowerPoint format. Other documents at the web site include guidance on the use of EDIFACT messages for Electronic Rights Management and a questionnaire for projects intending to use EDIFACT

http://bscw.gmd.de/pub/english.cgi/0/5008937

Business perspective

EDI is based on technology but is predominantly a business issue for increased efficiency. EDI reduces tasks and errors, and provides quality improvements and improved responsiveness to customers. It can enhanced company image to potentially increase market share and provide new business opportunities. Businesses often find EDI provides improved operations and reduced costs as well as simplification and integration of functions and better management control. EDI is now seen as a "norm" that can't afford to be ignored

Senior management involvement is essential for the success of EDI since it brings strategic thinking and a wider view of the enterprise. New business practices cannot function without EDI. It allows more time to plan and control rather than problem solve. EDI seems like techno-babble and standards-speak but it's all about business processes! Senior managers must recognise the importance of EDI to business and use it as a catalyst for change in their strategic business plans.

In the world of multimedia publishing, EDI can be used in the product lifecycle to create business messages for licences, access control, usage monitoring, billing and payments.

Technical perspective

Currently, Electronic Rights Management Systems (ERMS) normally provide a standalone function for usage protection and monitoring of Web-based content. A recent trend in software for the Web however is towards integrating component-based applications from different suppliers. In this way, services can be implemented once and then re-used. These distributed components need to interoperate using well-defined interfaces so that an application service can be easily used by another application.

In the Web domain, EDI offers an important function in that it provides a well-known standardised approach for specifiying syntax and understanding about commercial information. The types of information exchanged between ERMS components can be specified using the EDIFACT standard. Standardised messages, segments, data elements, code lists and identifiers can be used to help ensure all parties in a trading relationship can understand and correctly process relevant data. It also allows traditional EDI businesses such as banks and publishers to more easily exchange information with a new community of Web applications.

This training course provides a detailed understanding of how EDIFACT can be used to encode common business data in messages exchanged between Electronic Rights Management Systems

Applications

The ERMEDI course would also be useful for companies and projects that wish to:


1. use EDI with html or xml applications
2. create new electronic commerce applications
3. use EDI to exchange data with legacy applications

Terms and conditions for using the result

The "Essentials Course" is available free of charge and can be downloaded from the Web site

2.5. ONERA

Summary

Many features of Information Security Technology (ITS) are required in Electronic Rights Management Systems (ERMS). The potentially needed security objectives are presented.. A strategy is proposed to increase trust of systems that manage IPR-protected documents and to fill the gap between the necessity of precise security specifications on one hand and the general legal requirements on the other hand. A selection of security requirements is proposed as a reference to build or specify ERMS. Being a class of techniques specifically developed to protect IPR, watermarking is particularly analysed. A position about the future importance of watermarking techniques is developed. The present importance of watermarking will decrease in accordance with the increasing security of the equipment used to receive protected electronic documents. This experience is a basis to provide expertise to system designers when these systems involve IPR protection of electronic documents and other security needs. It also addresses the sponsors of such systems.

An overview from a business opportunities perspective

A method to integrate security requirements in systems managing IPR-protected documents as well as other security needs is useful to any entity involved in its definition or in its design. ONERA experience will help in reaching a balanced protection.

Technical offer

• selection and integration of security requirements in the design or the definition of information systems, according to the threats and to the environment,

• interpretation of legal needs and contracts into security requirements,

• audit of system design,

• specific solutions (cryptographic services, confinement, watermarking, …).

2.6. CISAC

The result

Internationally recognized standards have been prepared. These standards will enable the setting-up of identification systems for intellectual creations and agents involved in creations such as authors and rightholders in the context of the Common Information System (CIS) managed by CISAC.

Market

The worldwide market concerned by these identifications systems encompasses all creators, rightholders and operators involved in the distribution of creations.

Achievements

Draft specifications of numbering systems for identification of musical (ISWC), audio-visual works (ISAN) and Interested Parties (IP) have been achieved. Each numbering system includes technical requirements such as:

• Data standards to manage information associated to each identification number.
• International, regional and national databases to merge and register the identification information given by applicants.
• Data Interchange mechanisms.
• Standards to encode and process identification information in the digital environment.