[IETF-IDRM] Fwd: Re: [IDRM] DRM Taxonomy work -- drm framework...
Thomas Hardjono
thardjono@mediaone.net
Wed, 23 May 2001 14:32:35 -0400
>Date: Wed, 23 May 2001 02:03:48 -0400
>From: "Sam X. Sun (@S2000)" <ssun@cnri.reston.va.us>
>Subject: Re: [IDRM] DRM Taxonomy work -- drm framework...
>To: Mark Baugher <mbaugher@cisco.com>
>Cc: ietf-idrm@lists.elistx.com
>X-Mailer: Microsoft Outlook Express 5.50.4133.2400
>List-Owner: <mailto:ietf-idrm-help@lists.elistx.com>
>List-Post: <mailto:ietf-idrm@lists.elistx.com>
>List-Subscribe: <mailto:ietf-idrm-request@lists.elistx.com?body=subscribe>
>List-Unsubscribe: <mailto:ietf-idrm-request@lists.elistx.com?body=unsubscribe>
>List-Archive: <http://lists.elistx.com/archives/ietf-idrm>
>List-Help: <http://lists.elistx.com/elists/admin_email.shtml>,
> <mailto:ietf-idrm-request@lists.elistx.com?body=help>
>
>Mark,
>
>Regarding the handle system, I think there are two sides of DRM that could
>take advantage of it. First is the metadata and content attribute
>association, as you mentioned in the DOI application. The other is the
>identity reference for "content holder" (e.g. consumer identity). What makes
>handle system unique in this case is that it provides a secured name
>resolution service (for name attribute binding), and allows ownership to be
>defined per name (vs. URL, where the name administration belongs to the site
>manager). This is particularly important for individuals to be able to
>manage their identity attributes, including their public keys.
>
>The point I was trying to make in my earlier message is that we probably
>need to pay equal attention for identity or trust management as we do for
>content management. And I want to understand better the nature of the
>identity used in DRM application before we move further into the framework.
>
>Sam
>
>----- Original Message -----
>From: "Mark Baugher" <mbaugher@cisco.com>
>To: "Sam X. Sun (@S2000)" <ssun@cnri.reston.va.us>
>Cc: <ietf-idrm@lists.elistx.com>
>Sent: Monday, May 21, 2001 1:00 PM
>Subject: Re: [IDRM] DRM Taxonomy work -- drm framework...
>
>
> > Sam
> > I have two thoughts here. First is that the Handle System makes
> > it possible to associate metadata with a handle (a directory entry),
> > and that metadata can include a rights specification like DPRL or
> > ODRL, which captures the rights relationships you mention in the
> > first paragraph of your note. I know you know this; I think DOI does
> > this. I expect that I'm missing something.
> >
> > Second, there should probably be an asymmetry between those
> > who hold rights and those to whom the rights holder grants rights.
> > Leaving aside copyright law, which varies between countries and
> > over time, I might consider personal information that I give to a
> > provider as information that I always have some special rights to
> > though I may hand it over to a site that, for the sake of argument,
> > agrees not to share that information with anyone else. I think that
> > there is often some entity in the chain that has special claims
> > (such as legally owning the content) that is distinct from the
> > current "content holder."
> >
> > Mark
> > At 10:47 AM 5/19/2001 -0400, Sam X. Sun (@S2000) wrote:
> > >Hi,
> > >
> > >I think it's a good application model to classify in end-to-end DRM
> > >relationships in terms of content provider and distributor, and
>distributor
> > >and content consumer. They represent some real world scenarios that DRM
>will
> > >have to address. On the other hand, I wonder if we could further model
>the
> > >underlying DRM framework in terms of transactions of certain entities
>(e.g.
> > >digital content) among other kinds of entities (e.g. content holder), and
> > >the transaction may be reflected in terms of exchange/update of digital
> > >rights bound to each content instance acquired by the content holder.
> > >
> > >In other words, I wonder whether it's reasonable to categorize the
>entities
> > >that DRM framework has to deal with in terms of:
> > >
> > > 1. the digital content (per instance)
> > > 2. the content holder (current or potential)
> > >
> > >
> > >And think of the digital rights as state information of the digital
>content
> > >hold by content holder. From this, one may imagine building mechanisms
> > >within the framework to:
> > >
> > > * Associate rights per digital content acquired by the content
>holder
> > > * Identify content holder, along with its authentication attributes.
> > > * Exchange/update digital rights per digital content among content
> > >holders
> > > * Facilitate/monitor/trace legitimate digital contents for their
>proper
> > >use
> > > * Report illegal content upon showing up within the framework
>(doable?)
> > > etc...
> > >
> > >Assumptions here are that everyone can obtain a copy of digital content
> > >freely, but need to acquire (e.g. via purchase) adequate rights to be
>able
> > >to "use" it. Depending on the rights associated to the digital content
> > >acquired by the content holder, the content holder could act as a
>publisher,
> > >a distributor, a retailer, or end consumer. A transaction of digital
>content
> > >from a retailer to consumer could be modeled as retailer (with the right)
>to
> > >generate a new instance of the digital content, assign it with consumer
> > >rights, and "give" it to the consumer (along with the consumer rights). A
> > >consumer may later become a retailer after obtaining the "retail" rights
>for
> > >its copy of digital content...
> > >
> > >It's a bit off tracking to Mark's message:)... Just want to share some
> > >thoughts. Any comments?
> > >
> > >
> > >Cheers,
> > >Sam
> > >
> > >
> > >
> > >
> > >----- Original Message -----
> > >From: "Mark Baugher" <mbaugher@cisco.com>
> > >To: <ietf-idrm@lists.elistx.com>
> > >Sent: Thursday, May 17, 2001 6:33 PM
> > >Subject: [IDRM] DRM Taxonomy work
> > >
> > >
> > > > Hi
> > > > We wanted to begin work on developing a draft on requirements for
> > > > IDRM. Sam Sun, Thomas Hardjono and I discussed this and we think that
>a
> > > > good first step would be to develop a taxonomy, which is a
>classification
> > > > of the parts of an end-to-end DRM system from which we can develop a
> > >common
> > > > model, or models, and common definitions - so we speak the same
>language
> > >to
> > > > one another.
> > > >
> > > > Our focus in IDRM is with the IP network infrastructure aspects of
> > > > DRM. To me, this means that we are less concerned with the syntax or
> > > > semantics of rights specifications than in the handling and use of
>rights
> > > > metadata in end-to-end systems; we are less concerned with the
>specifics
> > >of
> > > > watermarking technology or with technical protection mechanisms than
>in
> > >key
> > > > and license distribution systems; persistent and globally-unique names
>may
> > > > not be as much of a concern to IDRM as are trusted repositories of
>content
> > > > works and metadata. So there are things in our taxonomy that are part
>of
> > > > end-to-end DRM systems like watermarks, TPM, and rights languages that
>are
> > > > not necessarily things that will be a focus of IDRM.
> > > >
> > > > At our last meeting, Thomas and I proposed that there are two
>distinct
> > > > sets of relationships in end-to-end DRM. First, is between content
> > > > provider and distributor (aka "service provider"). We would use
>"service
> > > > provider" if the content were to be delivered to consumers over a IP
> > > > network but the distributor could be a company that manufactures DVDs
>or a
> > > > TV broadcaster that receives files from a TV or film studio. Trusted
> > > > repositories for the files and rights metadata, authorization, and
> > > > authentication are IP infrastructure components that the content
>provider
> > > > may need to properly manage this process. It is unlikely that
>technical
> > > > protection mechanisms or digital licenses are needed in this
> > > > business-to-business transaction.
> > > >
> > > > The second set of relationships is between the service provider and
>the
> > > > content consumer. On the Internet today, it is hard if not impossible
>to
> > > > unambiguously identify illegal sources and uses of copyright content
>works
> > > > from illegal uses. Trusted repositories and sources with rights
>metadata
> > > > are important to DRM in this relationship. Authorization,
>authentication,
> > > > and technical protection mechanisms may be needed so standard ways to
>do
> > > > key and license management will promote inter-operability. What we
> > >should
> > > > not overlook in digital rights-conferral and mechanisms that support
>it is
> > > > the flow of information assets from the consumer to the provider for
>the
> > > > purposes of authorization. In this regard, "rights management" should
> > > > include the rights that consumers have with respect to information
>that
> > > > they provide and DRM is about information assets and not only
>copyright
> > >works.
> > > >
> > > > We want to begin developing our taxonomy and putting flesh to an IDRM
> > > > model. This note outlines the general approach that we are taking and
> > > > we're soliciting any comments that people might have. Also, if others
>are
> > > > interested in working on a draft document for the taxonomy, please let
>us
> > >know.
> > > >
> > > > Mark
> > > >
> >