[IETF-IDRM] Re: [IDRM] IDRM splashes
Mark Baugher
mbaugher@cisco.com
Wed, 15 Aug 2001 08:05:21 -0700
--Boundary_(ID_5pJCGJeBsdjwZMOyKHyJew)
Content-type: text/plain; format=flowed; charset=us-ascii
People have complained that the article from the451 about the idrm meeting
is hard to find. so I asked them if we could post the article and was told
we could - with attribution: "reproduced with permission of the451 -
www.the451.com"
return to article
Sectors:Software:News & Analysis
Who defines digital rights management?
Rachel Chalmers GMT Aug 07, 2001, 02:05 PM | ET Aug 07, 2001, 09:05 AM | PT
Aug 07, 2001, 06:05 AM
URL: http://www.the451.com/index/1,1169,sectors-6-11143-3,00.html
London - At London's meeting of the Internet Engineering Task Force (IETF),
one group of delegates tackled a problem that might at first glance seem
inimical to the freewheeling IETF's philosophy: digital rights management.
There's obviously a demand at least on the part of copyright owners for
technology that controls the way intellectual property is used. That said,
there are plenty of companies willing to try to meet that demand from pure
DRM players like Reciprocal and InterTrust to language vendors like
ContentGuard, IPR Systems and now RealNetworks.
The IETF's angle is not concern for the sanctity of corporate property, but
a characteristic interest in the engineering challenge of making DRM
systems interoperate. Right now the IDRM group is in research mode, mapping
the landscape and trying to define the IETF's role if it has one. Cisco's
Mark Baugher, co-chair of the IDRM group, said he hopes an IETF DRM model
will enable some kind of legal file trading.
One thing the IETF will not do, he said, is endorse tactical prevention
measures like tamper-proof hardware or watermarks. "No one is naive enough
to think tactical prevention measures won't be broken," he told the
standing-room-only audience. "Lawyers say these measures are only there to
keep the honest people honest." A better way to protect content, though, is
to provide some kind of service that reduces the incentive to steal.
"Technical protection measures probably have a role, but that role has been
over hyped," Baugher argued. "You should compete on the basis of service,
and not expect that you're going to be able to prosecute or legislate the
problem out of existence."
Another concern is the way existing DRM systems can be used to violate user
privacy. "The movie studios seem to be enamored of encryption technology.
But to deliver an encrypted file, you also have to deliver a key, and the
recipient of the key has to be authenticated, which means passing personal
information back to the studio," he explained. "There are a lot of privacy
implications in that. We want to address this issue, not only in the case
of Warner Brothers and Disney and so on, but also for individuals. We want
DRM that works on the small scale as well as on the large scale." This
humane approach is characteristic of the IETF, but it's a pleasant surprise
to come across it in a discussion about DRM.
Other speakers told the IETF of projects already under way. Rightscom
consultant Niels Rump covered MPEG-21. The aim of this proposed standard is
to enable the all-electronic creation, distribution and trade of digital
multimedia content. Rump said the team is endeavoring to take a
"user-centric" view. "I think it's a novel approach," he explained. In the
DRM world, it is.
Next up was Norman Paskin, director of the International Digital Object
Identifier Foundation. The idea behind DOI is to make a sort of
International Standard Book Number or bar code for all digital items. The
DOI plan builds on existing standards in this case, interoperability of
data in e-commerce systems (indecs) and Handle, a general-purpose name
service aimed at enabling secure name resolution over the Net. Handle is
the brainchild of the Corporation for National Research Initiatives, the
foundation's technical partner. "Handle is also part of the digital object
architecture, which maps into MPEG-21 as well," Paskin pointed out.
Hence, MPEG-21 and DOI play reasonably nicely together; the rights markup
languages that closed the session do not. Brad Gandee, ContentGuard's
eXtensible Rights Markup Language evangelist, presented the case for this
Xerox PARC spinoff. "XrML is criticized for being complex," he said. "Our
answer is that it's a complex world."
By contrast, RealNetworks' shiny new eXtensible Media Commerce Language is
frequently attacked for being too simple. Real's Rob Lanphier described
XMCL as an open, standard language to communicate digital media business
rules. It builds on XML and Dublin Core. "We tried not to be too clever,"
he explained. "We thought we'd take the pieces everyone can agree on, and
standardize those."
But with the DRM landscape being what it is, even this approach provokes
controversy. "Dublin Core is just a quick and dirty content-description
system," the International DOI Foundation's Paskin pointed out. "It was
never intended for DRM. I think you're in danger of inheriting the over
simplicity of your components."
"We're not saying Dublin Core is sufficient," Lanphier protested.
Cisco's Baugher asked whether XMCL has any model for protecting user
privacy, and when Lanphier said that the W3C's Platform for Privacy
Preferences (P3P) already covered this area, Baugher pointed out that P3P
is tied to browsers. DRM, he said, needs a privacy standard that is
divorced from the browser. ContentGuard's Gandee leaped in to point out
that privacy protection features can be added to XrML. Baugher's concern
suggests that if the IETF does play a role in defining DRM, it will also
serve as a watchdog for individual rights. With so many players already
looking out for corporate interests, that's good news for anyone without a
movie studio of their own.
--Boundary_(ID_5pJCGJeBsdjwZMOyKHyJew)
Content-type: text/html; charset=us-ascii
<html>
People have complained that the article from the451 about the idrm
meeting is hard to find. so I asked them if we could post the article and
was told we could - with attribution: "reproduced with permission of
the451 - www.the451.com"<br>
<br>
<font size=2>return to article <br>
Sectors:Software:<b>News & Analysis</b> <br>
<b>Who defines digital rights management?<br>
<br>
</b>Rachel Chalmers GMT Aug 07, 2001, 02:05 PM | ET Aug 07, 2001, 09:05
AM | PT Aug 07, 2001, 06:05 AM <br>
URL:
<a href="http://www.the451.com/index/1,1169,sectors-6-11143-3,00.html" eudora="autourl">http://www.the451.com/index/1,1169,sectors-6-11143-3,00.html</a><br>
<br>
<b>London -</b> At London's meeting of the Internet Engineering Task
Force (IETF), one group of delegates tackled a problem that might at
first glance seem inimical to the freewheeling IETF's philosophy: digital
rights management. There's obviously a demand at least on the part of
copyright owners for technology that controls the way intellectual
property is used. That said, there are plenty of companies willing to try
to meet that demand from pure DRM players like Reciprocal and InterTrust
to language vendors like ContentGuard, IPR Systems and now RealNetworks.
<br>
<br>
The IETF's angle is not concern for the sanctity of corporate property,
but a characteristic interest in the engineering challenge of making DRM
systems interoperate. Right now the IDRM group is in research mode,
mapping the landscape and trying to define the IETF's role if it has one.
Cisco's Mark Baugher, co-chair of the IDRM group, said he hopes an IETF
DRM model will enable some kind of legal file trading. <br>
<br>
One thing the IETF will not do, he said, is endorse tactical prevention
measures like tamper-proof hardware or watermarks. "No one is naive
enough to think tactical prevention measures won't be broken," he
told the standing-room-only audience. "Lawyers say these measures
are only there to keep the honest people honest." A better way to
protect content, though, is to provide some kind of service that reduces
the incentive to steal. "Technical protection measures probably have
a role, but that role has been over hyped," Baugher argued.
"You should compete on the basis of service, and not expect that
you're going to be able to prosecute or legislate the problem out of
existence." <br>
<br>
Another concern is the way existing DRM systems can be used to violate
user privacy. "The movie studios seem to be enamored of encryption
technology. But to deliver an encrypted file, you also have to deliver a
key, and the recipient of the key has to be authenticated, which means
passing personal information back to the studio," he explained.
"There are a lot of privacy implications in that. We want to address
this issue, not only in the case of Warner Brothers and Disney and so on,
but also for individuals. We want DRM that works on the small scale as
well as on the large scale." This humane approach is characteristic
of the IETF, but it's a pleasant surprise to come across it in a
discussion about DRM. <br>
<br>
Other speakers told the IETF of projects already under way. Rightscom
consultant Niels Rump covered MPEG-21. The aim of this proposed standard
is to enable the all-electronic creation, distribution and trade of
digital multimedia content. Rump said the team is endeavoring to take a
"user-centric" view. "I think it's a novel approach,"
he explained. In the DRM world, it is. <br>
<br>
Next up was Norman Paskin, director of the International Digital Object
Identifier Foundation. The idea behind DOI is to make a sort of
International Standard Book Number or bar code for all digital items. The
DOI plan builds on existing standards in this case, interoperability of
data in e-commerce systems (indecs) and Handle, a general-purpose name
service aimed at enabling secure name resolution over the Net. Handle is
the brainchild of the Corporation for National Research Initiatives, the
foundation's technical partner. "Handle is also part of the digital
object architecture, which maps into MPEG-21 as well," Paskin
pointed out. <br>
<br>
Hence, MPEG-21 and DOI play reasonably nicely together; the rights markup
languages that closed the session do not. Brad Gandee, ContentGuard's
eXtensible Rights Markup Language evangelist, presented the case for this
Xerox PARC spinoff. "XrML is criticized for being complex," he
said. "Our answer is that it's a complex world." <br>
<br>
By contrast, RealNetworks' shiny new eXtensible Media Commerce Language
is frequently attacked for being too simple. Real's Rob Lanphier
described XMCL as an open, standard language to communicate digital media
business rules. It builds on XML and Dublin Core. "We tried not to
be too clever," he explained. "We thought we'd take the pieces
everyone can agree on, and standardize those." <br>
<br>
But with the DRM landscape being what it is, even this approach provokes
controversy. "Dublin Core is just a quick and dirty
content-description system," the International DOI Foundation's
Paskin pointed out. "It was never intended for DRM. I think you're
in danger of inheriting the over simplicity of your components."
<br>
<br>
"We're not saying Dublin Core is sufficient," Lanphier
protested. <br>
<br>
Cisco's Baugher asked whether XMCL has any model for protecting user
privacy, and when Lanphier said that the W3C's Platform for Privacy
Preferences (P3P) already covered this area, Baugher pointed out that P3P
is tied to browsers. DRM, he said, needs a privacy standard that is
divorced from the browser. ContentGuard's Gandee leaped in to point out
that privacy protection features can be added to XrML. Baugher's concern
suggests that if the IETF does play a role in defining DRM, it will also
serve as a watchdog for individual rights. With so many players already
looking out for corporate interests, that's good news for anyone without
a movie studio of their own. <br>
</font></html>
--Boundary_(ID_5pJCGJeBsdjwZMOyKHyJew)--