[IETF-IDRM] Fwd: Re: [IDRM] DRM Taxonomy work -- drm framework... -- handle system

Thomas Hardjono thardjono@mediaone.net
Wed, 23 May 2001 14:34:23 -0400


>Date: Wed, 23 May 2001 13:10:19 -0400
>From: "Sam X. Sun (@S2000)" <ssun@cnri.reston.va.us>
>Subject: Re: [IDRM] DRM Taxonomy work -- drm framework... -- handle system
>To: Michael Mealling <michael@neonym.net>
>Cc: ietf-idrm@lists.elistx.com, Sam Sun <ssun@cnri.reston.va.us>
>X-Mailer: Microsoft Outlook Express 5.50.4133.2400
>List-Owner: <mailto:ietf-idrm-help@lists.elistx.com>
>List-Post: <mailto:ietf-idrm@lists.elistx.com>
>List-Subscribe: <mailto:ietf-idrm-request@lists.elistx.com?body=subscribe>
>List-Unsubscribe: <mailto:ietf-idrm-request@lists.elistx.com?body=unsubscribe>
>List-Archive: <http://lists.elistx.com/archives/ietf-idrm>
>List-Help: <http://lists.elistx.com/elists/admin_email.shtml>,
>  <mailto:ietf-idrm-request@lists.elistx.com?body=help>
>
>Hi Michael,
>
>I agree with you that DRM doesn't have to stick with any specific technology
>for its process. All we wanted here is to understand the process, and
>identify technologies that can be applied to it...
>
>In terms of Handle System and URN, I would say that they are quite different
>now in terms of how they work and the issues that they want to address.
>Handle system started about the same time PURL and URN started, trying to
>address persistence issue of URL namespace. But later we found that
>persistence is more of a social and/or management issue than a mere
>technical one. While Handle System does provide a technical approach to
>encourage more persistent namespace management, we have put more focus on
>service security, distributed name administration, internationalization
>(i18n), and service scalability. It might be helpful if you can read the
>latest HS drafts to understand the difference... On the other hand, I see no
>reason why Handle System cannot work with URN. One way to do it is to
>register HS namespace as a namespace under URN, as we discussed earlier last
>year. The issues that we need to address are how to make sure that the NAPTR
>approach won't become a bottleneck, and how to achieve service security over
>such approach. Maybe we should discuss these in a separate thread, or bring
>them to the URN working group...
>
>Regarding URI and HS, I'm not sure if they are comparable. I tend to think
>that URI is a collection of name services, and Handle System is just a
>specific one, under a specific protocol. While some members of URI can be as
>secure as you want, others can be totally insecure. I wonder if it's
>appropriate to say a URI in general is secure, or carries any semantic
>meaning (a name, an address, an identifier, etc)? In fact, because DNS is
>not secure as we know of today, that makes any name service based on DNS
>questionable in their security. The Handle System is designed to be
>independent of DNS, and to address the security and i18n issues that DNS is
>struggling to overcome. It has the advantage that it's starting from
>scratch, and doesn't have to deal with the backward compatibility issues
>that DNS has to take care of... On the other hand, we are in the process of
>defining handle system URI syntax for handles to be used in web context. In
>that sense, Handle system defines a namespace under URI, and we are in
>agreement there.
>
>In fact, I'm more inclined to think that Handle System is in par with DNS.
>In fact, if DNS can address security, i18n, access control on name
>attributes, and to allow individuals to manage the names they registered, we
>probably won't need the Handle System. On the other hand, people from DNS
>working group has refused to apply DNS as a general name service other than
>network-address translation, which makes us think that an independent name
>service would be helpful...
>
>
>Cheers,
>Sam
>
>----- Original Message -----
>From: "Michael Mealling" <michael@neonym.net>
>To: "Sam X. Sun (@S2000)" <ssun@cnri.reston.va.us>
>Cc: "Mark Baugher" <mbaugher@cisco.com>; <ietf-idrm@lists.elistx.com>
>Sent: Wednesday, May 23, 2001 10:10 AM
>Subject: Re: [IDRM] DRM Taxonomy work -- drm framework...
>
>
> > Hi Sam!
> >
> > On Wed, May 23, 2001 at 02:03:48AM -0400, Sam X. Sun (@S2000) wrote:
> > > Regarding the handle system, I think there are two sides of DRM that
>could
> > > take advantage of it. First is the metadata and content attribute
> > > association, as you mentioned in the DOI application.
> >
> > >From what I remember this part of the handle service seemed easily
> > seperable from the resolution part of the system. The query methods
> > for the attribute value pairs were straight forward and secure but really
> > weren't tied to how resolution happened, right?
> >
> > > The other is the
> > > identity reference for "content holder" (e.g. consumer identity).
> >
> > I.e. you assign some identifier to the entities involved in the
>transaction?
> >
> > > What makes handle system unique in this case is that it provides a
>secured
> > > name resolution service (for name attribute binding),
> >
> > I wouldn't say that the handle system is unique in that regard. The entire
> > URI Resoluion process was built to be as secured as you wanted it to be.
> > Heck, since Bill built the handle resolution system to mirror the URN
> > resolution mechanism they're pretty much identical.
> >
> > > , and allows ownership to be
> > > defined per name (vs. URL, where the name administration belongs to the
>site
> > > manager). This is particularly important for individuals to be able to
> > > manage their identity attributes, including their public keys.
> >
> > Can you explain that one further? Are you suggesting that URIs that
> > have domain-names somehow confer ownership semantics? We should be
> > very clear here since whether or not a URI is a name has everything to do
> > with how you actually use it and nothing to do with what it actually looks
> > like...
> >
> > > The point I was trying to make in my earlier message is that we probably
> > > need to pay equal attention for identity or trust management as we do
>for
> > > content management. And I want to understand better the nature of the
> > > identity used in DRM application before we move further into the
>framework.
> >
> > Same here. As yet I can't see a reason that URIs are no sufficient. You
> > have a requirement to identifiy all parties in the transaction but
> > that just means you assign a URI to the parties involved as well...
> >
> > -MM
> >
> > --
> > --------------------------------------------------------------------------
>------
> > Michael Mealling |      Vote Libertarian!       | urn:pin:1
> > michael@neonym.net      |                              |
>http://www.neonym.net
> >                         |                              | go:Michael
>Mealling