by Paul Rudo on 14/06/12 at 8:06 pm
Privacy and confidentiality are absolutely essential to the healthy operation of any business. Not only does the company require confidentiality in order to execute on strategy, but they also require strong privacy protection in order to retain the trust of stakeholders and protect the rights of their customers.
Of course, digital content – such as spreadsheets, documents and images – present special challenges when it comes to preserving their privacy and confidentiality. Unlike physical paper documents, it’s a fairly simple matter for anyone to copy, modify or redistribute these documents. And once these documents exit the safety of the internal network, the organization loses control over its contents and must deal with the consequences of any leaks or abuse of this information.
This is why XrML was created.
XrML is an XML-based language which serves as a foundation for development of applications which can securely distribute digital content while managing access rights. The language evolved gradually between 1996 and 1999, and has been continuously refined through product implementations, industry feedback and critical review.
The XrML language allows for digital rights management to be applied to electronic content. This allows administrators to control who can access a document… under what conditions… and what kind of access rights they have. XrML is currently the most mature and most widely-used markup language for managing digital rights.
The current embodiment of the XrML language is broken down into a simple, 4-part data model.
The Principal is a unit which identifies an entity or individual which has access rights. In order to identify themselves, a Principal can be authenticated using encryption keys or through multi-factor authentication.
A Resource is an abstract object which a Principal may or may not have access to. Possible resources include things such as videos, documents, services, names, email addresses, etc… Resources are generally classified in one of three categories: Services, Digital Works, or Pieces of Information.
Once a Resource has been assigned to a Principal, we can’t simply allow the Principal to use this information however they’d like. So XrML allows various rights – such as obtain, edit, revoke, issue, etc… – to define the access relationship between the Principal and the Resource.
Now that we’ve established what kinds of access Rights that a Principal should have to a Resource, you now have to define the conditions by which this transaction may take place. For example, we may specify that an individual may have access to a sensitive ebook for 24 hours and only with permission from a manager in a specific department.
XrML allows for a Resource access Right to be controlled by multiple complex conditions in tandem, and it does a very good job of simplifying the administration and management of these controls.
The XrML standard is in use by some of the biggest content providers and intellectual property creators, including IBM, Reuters, Intel, Microsoft, Adobe, HP, Universal Music Group, the MPAA and the RIAA.
If you’d like to learn more about XrML, you can visit their site at xrml.org.