To find a term in the glossary, click the letter of the alphabet that is the first letter in the term you want to look up.

A | B | C | D | E | F | G | H | | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z



Action Token

An XML-encoded document that directs a Marlin Client to perform a sequence of actions, such as obtaining a User Node from a Registration Service or acquiring a License from a License Service. An Action Token specifies the ID, version, and location of a Configuration Token telling the service locations and access information. It also contains information necessary to make Marlin protocol requests for communicating with the specified services. Each action specified in an Action Token includes a Business Token, an XML element providing context information. An Action Token is issued by a Web Store or an e-commerce system, for example after a User utilizing a browser embedded in a Client Application has selected a hyperlink requesting purchase of a particular piece of Content from a Web Store.



The result of establishing a relationship between a User (User Node) and a Domain (Domain Node).



The process of validating the identity of an individual, device, entity or system.




Back Office

A component providing the back-end business logic for a Web Store.



A general-purpose MP4 file format library that is used by:
  • media players, to parse MP4 files and decrypt media samples
  • packaging tools to encrypt/decrypt and manipulate metadata for MP4 files.


Binding a License to a Node

Encrypting the Content Key (for the Content the License applies to) with either the public key or the symmetric secret key associated with the specified Node (such as a User Node). The License for the content is said to be "bound" to that Node. Only Devices that have access to the private key (or secret key, as appropriate) of that Node have the necessary key to decrypt the Content Key, which can then be used to decrypt the Content. Access to the private or secret key is possible when there is a path of Links from a Device Personality Node to the Node that the Content is bound to (possibly via a Domain).


BlueWhale Marlin Broadband Server

A JBoss-hosted Java-based installable server that implements the server-side Marlin Broadband DRM functionality.


Business Token

An XML element containing opaque data whose content is supplied by the Web Store. The Business Token is relayed (via a Marlin Client and a Marlin Server) to the Back Office application to provide context for a given service request. The Web Store includes a Business Token for each request specified in each Action Token it creates.



Client Application

An application that interacts with the User, communicates with the Web Store, and interacts with a Marlin Client.


Configuration Token

An XML document that includes relatively static information for one or more Marlin services. It includes the locations of the services and information required to access them.



A Device state in which a Device is able to exchange information with another Device or service.


(Marlin Content)

Digital media (such as a music or video file) encrypted with a Content Key and packaged into a Marlin Content File Format container.   A content file is usually a collection of several media tracks (for example audio and video)


Content Key

A symmetric cryptographic key used to encrypt and decrypt an instance of Content. The encrypted Content Key is stored in the License corresponding to the Content.


Content Provider

A supplier of Content, such as a Service Provider or broadcaster.


Content Server

A server that may supply Content to a Client Application.




A protocol used to invalidate a Link. For example, Deregistration may undo a membership relationship between a Personality Node (representing a Device) and a Domain by invalidating the Link connecting the two.


Device (Marlin Device)

A self-contained hardware component or software application capable of hosting a Marlin Node with specific Marlin roles.



Not Connected. (See Connected.)


Domain (Marlin Domain)

A collection of Devices (more precisely, a collection of Personality Nodes associated with Marlin DRM Clients). A Device is registered with a Domain (thereby becoming a Domain member) by creating a Link from the Device (Personality Node) to the Domain Node. In some Marlin delivery systems, such as Marlin Broadband, Domains are User-based, and the Devices linked to a User Node are considered a Domain. In other systems, one or more Users (User Nodes) can be associated with a Domain by establishing a Link from the Domain Node to each such User Node. Typically, a User associated with a Domain can play Content on any of the Devices in the Domain, if allowed by the License for the Content.


Domain Device

A Device that is a member of a Domain.


Domain Manager

A Role for managing the Registration and Deregistration of Devices with a Domain, according to a Domain Policy. Similar to the Registration Service defined in the Marlin Broadband specification.


Domain Node

An Octopus Node representing a Domain. Note: For some delivery systems, a Domain does not actually have its own type of Node. For example, in the Marlin Broadband Delivery System, Domains are User-based, and a Domain is represented by a User Node.


Domain Policy

The set of rules and conditions for forming Domains, for registering and deregistering Devices to and from Domains, and for managing relationships between a Domain and its member Devices (Personality Nodes) and associated Users (User Nodes).



Digital Rights Management. A technology used to give Content Providers control over access to and redistribution of digital data.





Using a Marlin license to generate a License (or rights expression) in another (non-Marlin) content protection system.




A protocol used to detect the network proximity of two Devices.





The process whereby non-Marlin Content is packaged into Marlin Content, and a Marlin License for the Content is created based on a rights definition from outside the Marlin environment.




License (License Bundle)

An XML document containing a set of Octopus objects that govern the use of Content and convey the conditions necessary for allowing access to the Content Key used to encrypt the Content.


License Service

A Marlin service handling the creation of Marlin Licenses.


License Suspension

Invalidation of a License, permanently or temporarily disabling its use.  License suspensions are distributed in License Suspension Lists. 


License Suspension List

A list of IDs that may be referenced in Licenses to indicate that Licenses have been suspended. Suspension lists (lists of such IDs) are distributed to clients via the DUS (Data Update Service).  A License Service may specify in a subscription license that a certain ID must not be present in the current License Suspension List, if for example it expects at some point in time to invalidate a License by updating the suspension list with the ID referenced in that License.   This is primarily used in subscriptions where one subscription Link enables access to a large set of content, yet certain elements of that set need to be removed from the set over time.


Link (Link Object)

An Octopus object, encoded in XML, that expresses a relationship between two Octopus Nodes.




Marlin Client (Marlin DRM Client)

A Marlin-compliant Device or application that is able to communicate with Marlin services, e.g., to acquire and evaluate a License which governs access to an instance of Content. A Marlin Client is hosted by a NEMO Node that binds the client to a Marlin-certified identity for authentication purposes, and provides it the keys necessary for message confidentiality and integrity. A Marlin Client is represented by an Octopus Personality Node and can render Content, if allowed by the License.


Marlin Content

See Content.


Marlin Content File Format

The file format that Marlin Content is contained in. Different file formats are defined for different content delivery systems, such as broadband, broadcast, and mobile.


Marlin Delivery System Specifications

Specifications that define how Marlin Content and Licenses are created and delivered via various content distribution systems (such as broadband, broadcast, and mobile), and how content may be imported from a non-Marlin environment into a Marlin environment.


Marlin Device

See Device.


Marlin Domain

See Domain.


Marlin DRM Client

See Marlin Client.


Marlin DRM System

A Digital Rights Management system, defined by Marlin specifications, for delivering Content to Users via various content delivery channels. A Marlin DRM System satisfies the security and distribution requirements of Content and Service Providers while enabling consumer-friendly options for consumption of copy protected content.


Marlin License

See License.


Marlin Server (Marlin DRM Server)

A server that provides the services needed by a Marlin Client. It is responsible for Device Registration and Deregistration, License acquisition, etc.



A relationship between a Device and a Domain. A Device becomes a member of a Domain by registering with it.



The capture and reporting of usage data that records play durations, that is, all the time during which Content is rendered and presented to the User in a normal manner (normal play).



To relocate the binding of a License for Marlin Content from one Device, Domain or User to another.




NEMO (Networked Environment for Media Orchestration)

A framework for trusted connections between the various components of a Marlin DRM System. NEMO combines SOAP web services with SAML authorizations to provide end-to-end message integrity and confidentiality protection, entity authentication, and role-based service authorization.



An object analogous to the trusted “host”of a particular functional component. The NEMO Node acts as a trusted entity with which other components can send and receive authenticated messages. For example, a License Service would use its NEMO Node credentials to send and receive messages between it and another NEMO Node representing a Marlin Client.



Either an Octopus Node or a NEMO Node, depending on context.





A general-purpose DRM architecture. The Marlin specifications are an application of this generic DRM architecture to consumer media distribution. In particular, Marlin uses Octopus for governance and key management.


Octopus Node

An object, encoded in XML, representing a Marlin DRM System entity. For example, a Personality Node represents a Device, a Domain Node represents a Domain, a User Node represents a User, and a Subscription Node represents a Subscription.  An Octopus Node includes a public/private key pair or a symmetric key that can be used to bind Licenses to the Node.




Personality Node

An Octopus Node representing a Device.



A measure of distance between Devices.





A protocol by which a Device establishes a membership relationship with a Domain. Membership in a Domain is represented by a Link from the Personality Node representing the Device to the Domain Node (or, in some systems such as Marlin Broadband, a User Node).


Registration Service

A Marlin Service responsible for issuing Octopus Nodes and Links, and for disassociating the relationship between two Nodes.



The process by which elements of Marlin implementations can be replaced, updated, or kept from expiring. This can include, for example the replacement of compromised security data, such as Node keys and Role assertions.



A combination of client or service functions supported by a Device or service’s implementation.



Security Metadata

Metadata necessary for managing the security and trustworthiness of the Marlin DRM System. An example is a License Suspension List.


Service Provider

Entity that provides services, such as a License Service and a Registration Service. Also a generic term used to describe the entity or organization responsible for selling or distributing digital media Content and associated Licenses.


Service Token

Refers to an Action Token and its corresponding Configuration Token.



The Marlin broadcast encryption scheme based on HBES (Hierarchical Hash-Chain Broadcast Encryption Scheme).


Stationary Device

A Device that does not have portability. A Device that is assumed to be portable cannot be categorized as a Stationary Device, even if its portability feature is not used.



An arrangement represented by a License and a subscription Link granting a User the right to access a large collection of Content for a limited period of time. During the validity period of the Subscription (typically encoded as a validity period on the subscription Link), the User is permitted to play or use any Content that is part of the Subscription as many times as they wish. At the end of the validity period, the Subscription may be renewed (via the renewal of the subscription Link). If it is not, any Licenses referencing that subscription and used to access the Content expire and become invalid.


Subscription Node

An Octopus Node representing a Subscription. A Link from a User Node to a Subscription Node indicates that the User has obtained the Subscription and is therefore permitted to play any Content that is part of the Subscription. Subscription Nodes are referenced in subscription Licenses, via a condition of Subscription Node reachability.


Sushi Marlin Client SDK

A C/C++ software development kit (SDK) that exposes a simple application programming interface providing access to all the Marlin DRM functionality necessary to implement a Marlin Broadband Client.




Targeting a License to one or more Nodes

A process by which a Client Application running on a Device is allowed to access Content only if the associated Marlin Client contains a valid set of Links to form a path from the Personality Node (the Node representing the accessing Device) to the Node(s) to which the License is targeted. A License may be targeted, for example, to a User Node, a Domain Node, a Subscription Node, or a Personality Node.



An XML fragment with a specific purpose. See, for example, Action Token and Configuration Token.




Usage information

Information that indicates usage rules and governance applied for protected Content.


User (Marlin User)

An individual who uses the Marlin DRM System to acquire and play Marlin Content whose usage is governed by a Marlin License.


User Node

An Octopus Node representing a User.




Web Store or e-commerce system

An entity that is the front end for all the operations that interact with the User.  As a result of such an interaction, a Marlin Client can be provisioned with a Configuration Token and an Action Token.
Note that this entity is only used for illustration, as the same tokens could be delivered via another mechanism without affecting the specification.