From thardjono@mediaone.net Sun May 20 04:51:11 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:51:11 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] CfP, Workshop on Security and Privacy in Digital Rights Manageme nt 2001 (fwd) Message-ID: <5.0.0.25.2.20010519235052.024691f0@pop.ne.mediaone.net> >Date: Fri, 23 Mar 2001 11:37:19 -0500 (EST) >From: Judie Mulholland >Subject: [IDRM] CfP, Workshop on Security and Privacy in Digital Rights > Manageme nt 2001 (fwd) >To: ietf-idrm@lists.elistx.com, www-drm@w3.org >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >fyi/j > >ps > >sorry for the cross-posting. > > >--- begin forwarded text > > >From: Tomas Sander >Subject: CfP, Workshop on Security and Privacy in Digital Rights Manageme > nt 2001 >Date: Mon, 19 Mar 2001 17:03:19 -0800 > > > CALL FOR PAPERS > > WORKSHOP ON SECURITY AND PRIVACY IN DIGITAL RIGHTS MANAGEMENT 2001 > > November 5, 2001 > Philadelphia, Pennsylvania, USA > > held as part of the Eighth ACM Conference on Computer and > Communications Security (CCS-8) > > Workshop web site: http://www.star-lab.com/sander/spdrm/ > > >Increasingly the Internet is used for the distribution of digital >goods, including digital versions of books, articles, music and >images. The ease with which digital goods can be copied and >redistributed make the Internet well suited for unauthorized copying, >modification and redistribution. The rapid adoption of new >technologies such as high bandwidth connections and peer-to-peer >networks is accelerating this process. > >This workshop will consider technical problems faced by rights holders >(who seek to protect their intellectual property rights) and end >consumers (who seek to protect their privacy and to preserve access >they now enjoy in traditional media under existing copyright law). > >Digital Rights Management (DRM) systems are supposed to serve mass >markets, in which the participants have conflicting goals and cannot >be fully trusted. This adversarial situation introduces interesting >new twists on classical problems studied in cryptology and security >research, such as key management and access control. Furthermore, >novel business models and applications often require novel security >mechanisms. Recent research has also proposed new primitives for DRM, >such as hash functions that make it possible to identify content in an >adversarial setting. > >The workshop seeks submissions from academia and industry presenting >novel research on all theoretical and practical aspects of DRM, as >well as experimental studies of fielded systems. We encourage >submissions from other communities such as law and business that >present these communities' perspectives on technological issues. It is >planned to publish accepted papers in proceedings in the Springer >Lecture Notes in Computer Science (LNCS) series. > >Topics of interest include, but are not limited to, the following, as >they relate to digital rights management: > > access control mechanisms for digital rights > anonymous publishing > architectures for DRM systems > auditing and piracy > broadcast encryption and traitor tracing > business models and their security requirements > electronic commerce protocols > encryption and authentication for multimedia data > fair use > key management in DRM systems > payment mechanisms > peer-to-peer networks > portability of digital rights > privacy and anonymity > privacy-preserving data mining > risk management > robust identification of digital content > security for auctions and other emerging business models for > digital goods > security models > software tamper resistance > tamper resistant hardware and consumer devices > threat and vulnerability assessment > trust management > usability aspects of client software, consumer devices > watermarking and fingerprinting for media and software > > > IMPORTANT DATES > >Submission deadline August 3, 2001 >Acceptance notification September 7, 2001 > > > > PROGRAM CHAIR > >Tomas Sander, InterTrust STAR Lab >sander@intertrust.com, +1-408-855 0242 > > > > PROGRAM COMMITTEE > >Eberhard Becker, University of Dortmund >Dan Boneh, Stanford University >Karlheinz Brandenburg, Fraunhofer Institute for Integrated Circuits >Leonardo Chiariglione, CSELT >Drew Dean, Xerox PARC >Joan Feigenbaum, Yale University >Edward Felten, Princeton University >Yair Frankel, eCash Technologies >Markus Jakobsson, Bell Labs >Paul Kocher, Cryptography Research >John Manferdelli, Microsoft Research >Kevin McCurley, IBM Research >Moni Naor, Weizmann Institute >Fabien Petitcolas, Microsoft Research >Pamela Samuelson, University of California, Berkeley >Hal Varian, University of California, Berkeley >Moti Yung, CertCo > > > > PAPER SUBMISSIONS > >Submitted papers must not substantially overlap with papers that have >been published or that are simultaneously submitted to a journal or a >conference with proceedings. Papers should be at most 18 pages >excluding the bibliography and well-marked appendices (using 11-point >font and reasonable margins), and at most 22 pages total. Committee >members are not required to read the appendices and the paper should >be intelligible without them. The paper should start with the title, >names of authors and an abstract. The introduction should give some >background and summarize the contributions of the paper at a level >appropriate for a non-specialist reader. It is planned to publish >accepted papers in proceedings in the Springer Lecture Notes in >Computer Science (LNCS) series after the workshop. During the >workshop preproceedings will be made available. Final versions are not >due until after the workshop, giving the authors the opportunity to >revise their papers based on discussions during the meeting. > >Submissions can be made in Postscript, PDF or MS Word format. To >submit a paper, send a plain ASCII text email to the program chair >(email: sander@intertrust.com) containing the title and abstract of >the paper, the authors' names, email and postal addresses, phone and >fax numbers, and identification of the contact author. To the same >message, attach your submission (as a MIME attachment). Papers must be >received by August 3, 2001. Notification of acceptance or rejection >will be sent to authors no later than September 7, 2001. Authors of >accepted papers must guarantee that their paper will be presented at >the workshop. Final versions (due after the workshop) need to comply >with the instructions for authors made available by Springer. > > > > > >--- end forwarded text > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > >For help on using this list (especially unsubscribing), send a message to >"dcsb-request@reservoir.com" with one line of text: "help". From thardjono@mediaone.net Sun May 20 04:53:23 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:53:23 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] Web site up Message-ID: <5.0.0.25.2.20010519235317.01b96730@pop.ne.mediaone.net> >Date: Fri, 23 Mar 2001 13:17:15 -0500 >From: Thomas Hardjono >Subject: [IDRM] Web site up >X-Sender: thardjono@pop.ne.mediaone.net >To: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >Folks, > >The IDRM page is up at www.idrm.org. > >Still basic, but more pages will be added soon. > >cheers, > >thomas >------ From thardjono@mediaone.net Sun May 20 04:53:36 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:53:36 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] Summary report of 1st IDRM Research Group meeting Message-ID: <5.0.0.25.2.20010519235332.01b97200@pop.ne.mediaone.net> >Date: Sat, 24 Mar 2001 11:04:36 -0800 >From: Mark Baugher >Subject: [IDRM] Summary report of 1st IDRM Research Group meeting >X-Sender: mbaugher@mira-sjc5-6.cisco.com >To: ietf-idrm@lists.elistx.com >Cc: Erik Huizer , club-scud@cisco.com >X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >hi > We have a temporary site for posting the minutes, presentations >and results of our first meeting. I'd appreciate it if you would >review the pages and files on the site and report any problems. >http://www.rdrop.com/users/mbaugher/IDRM/ >is the temporary location. Thomas will be moving these >files to the RG web site when he gets it established. > >Cheers, Mark From thardjono@mediaone.net Sun May 20 04:53:47 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:53:47 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] Page updated + add your links Message-ID: <5.0.0.25.2.20010519235342.01b553e0@pop.ne.mediaone.net> >Date: Sun, 25 Mar 2001 10:48:52 -0500 >From: Thomas Hardjono >Subject: [IDRM] Page updated + add your links >X-Sender: thardjono@pop.ne.mediaone.net >To: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >Folks, > >The www.idrm.org site has been updated with the minutes and slides >from the meeting. > >Also added is a page for the collection of links/URLs. >I have just put a few there (the ones I remembered off-hand). > >If you know of others or wish to have your organization/project/website/papers >listed, just email them to me. > >cheers, > >thomas >------ From thardjono@mediaone.net Sun May 20 04:53:56 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:53:56 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] napster goes to washington! Message-ID: <5.0.0.25.2.20010519235353.01b93a80@pop.ne.mediaone.net> >Date: Wed, 28 Mar 2001 09:21:28 -0500 (EST) >From: Judie Mulholland >Subject: [IDRM] napster goes to washington! >To: ietf-idrm@lists.elistx.com >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >fyi/j > >there will be a hearing before the us senate on april 3rd that should >prove interesting, especially in light of orin hatch's comments after the >napster decision re: the prospect of compulsory licensing. > >The Senate Committee on the Judiciary will hold a hearing on >Tuesday, April 3, 2001 at 10:00 a.m. in Dirksen Room 226, on >"Online Entertainment and Copyright Law: Coming Soon to a Digital >Device Near You." > >http://www.senate.gov/~judiciary/ > >plus, some other links that may be of interest: > >http://www.napster.com/speakout/ac/ > >http://www.senate.gov/~judiciary/ogh021401nap.htm > >http://www.futureofmusic.org/ > > >Ph.D. Candidate Voice: (850) 942-1628 >School of Information Studies Fax: (850) 942-0709 >Florida State University Mobile: (850) 322-8546 >Tallahassee, FL 32306 From thardjono@mediaone.net Sun May 20 04:54:06 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:54:06 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] Charter now up on IRTF page Message-ID: <5.0.0.25.2.20010519235404.01b55030@pop.ne.mediaone.net> >Date: Thu, 29 Mar 2001 16:22:51 -0500 >From: Thomas Hardjono >Subject: [IDRM] Charter now up on IRTF page >X-Sender: thardjono@pop.ne.mediaone.net >To: ietf-idrm@lists.elistx.com >Cc: mbaugher@cisco.com >X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >Hi, > >The IDRM charter is finally up on the IRTF page. > >Here is the link: > >http://www.irtf.org/charters/Digital-Rights-Management.html > > >cheers, > >thomas >------ From thardjono@mediaone.net Sun May 20 04:54:18 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:54:18 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] Interesting piece on DRM standardization Message-ID: <5.0.0.25.2.20010519235416.01b973f0@pop.ne.mediaone.net> >Date: Wed, 11 Apr 2001 22:47:39 -0700 >From: Thomas Hardjono >Subject: [IDRM] Interesting piece on DRM standardization >X-Sender: thardjono@pop.ne.mediaone.net >To: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 5.0 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >Folks, > >Here's an interesting piece on the need to standardize DRM. >Its from Seybold-Boston, which is happening this week. > >http://www.key3media.com/seyboldseminars/boston2001/daily/features/drm_publish.html > >cheers, > >thomas >------ From thardjono@mediaone.net Sun May 20 04:54:33 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:54:33 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] Fw: [DOI-EB] Meeting Times Message-ID: <5.0.0.25.2.20010519235431.01b6d1a0@pop.ne.mediaone.net> >Date: Wed, 18 Apr 2001 05:38:24 -0400 >From: "Sam X. Sun (@S2000)" >Subject: [IDRM] Fw: [DOI-EB] Meeting Times >To: ietf-idrm@lists.elistx.com >X-Mailer: Microsoft Outlook Express 5.50.4133.2400 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >FYI. This is the DOI-Ebook working group meeting I mentioned last time. >Steve Mooney, who is chairing the working group, told me that anyone in >our working group are welcomed to join their meeting if you let him know >in advance. You can find more about their work from >http://www.doi.org/ebooks.html. > > >Thanks, >Sam > > >----- Original Message ----- >From: Steve Mooney >To: DOI-EB >Sent: Monday, April 16, 2001 2:00 PM >Subject: [DOI-EB] Meeting Times > >The meeting on the 26th will begin at 10 and conclude at 4. If you have >not confirmed your attendance, please send me an email. > >The meeting will take place at McGraw Hill in New York, and specifics on >the venue will follow in a couple of days. > >Thank you. From thardjono@mediaone.net Sun May 20 04:54:43 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:54:43 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] MPAA is going after gnutella Message-ID: <5.0.0.25.2.20010519235440.01b97830@pop.ne.mediaone.net> >Date: Wed, 18 Apr 2001 13:37:35 -0400 (EDT) >From: Judie Mulholland >Subject: [IDRM] MPAA is going after gnutella >To: ietf-idrm@lists.elistx.com >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >fyi/j > >Action! Piracy clampdown targets movies > >By Lisa M. Bowman >ZDNet News >April 17, 2001 1:31 PM PT > >The movie industry is training its legal guns on the Gnutella file-sharing >system in its latest efforts to combat piracy. > >The Motion Picture Association of America (MPAA) has sent hundreds of >letters to major Internet service providers and universities, warning them >that some people on their networks are violating the Digital Millennium >Copyright Act (DMCA) by trading copyrighted movies through Gnutella. > > >the rest of the article can be found at: > >http://www.zdnet.com/zdnn/stories/news/0,4586,5081293,00.html From thardjono@mediaone.net Sun May 20 04:54:58 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:54:58 -0400 Subject: [IETF-IDRM] Fwd: Re: [IDRM] MPAA is going after gnutella Message-ID: <5.0.0.25.2.20010519235455.01b557e0@pop.ne.mediaone.net> >Date: Wed, 18 Apr 2001 11:18:28 -0700 >From: Mark Baugher >Subject: Re: [IDRM] MPAA is going after gnutella >X-Sender: mbaugher@mira-sjc5-6.cisco.com >To: Judie Mulholland >Cc: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >hi Judie, > >http://www.law.wayne.edu/litman/papers/demon.pdf >discusses this practice of "demonizing" piracy. But how >does the MPAA know that Gnutella or Freenet users are >swapping copyright movies without snooping the contents >of files being exchanged? I think the digital rights and >personal privacy issues are very closely related for >us in IDRM. > >thanks, Mark > >At 01:37 PM 4/18/2001 -0400, Judie Mulholland wrote: >>fyi/j >> >>Action! Piracy clampdown targets movies >> >>By Lisa M. Bowman >>ZDNet News >>April 17, 2001 1:31 PM PT >> >>The movie industry is training its legal guns on the Gnutella file-sharing >>system in its latest efforts to combat piracy. >> >>The Motion Picture Association of America (MPAA) has sent hundreds of >>letters to major Internet service providers and universities, warning them >>that some people on their networks are violating the Digital Millennium >>Copyright Act (DMCA) by trading copyrighted movies through Gnutella. >> >> >>the rest of the article can be found at: >> >>http://www.zdnet.com/zdnn/stories/news/0,4586,5081293,00.html From thardjono@mediaone.net Sun May 20 04:55:10 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:55:10 -0400 Subject: [IETF-IDRM] Fwd: Re: [IDRM] MPAA is going after gnutella Message-ID: <5.0.0.25.2.20010519235508.01b534b0@pop.ne.mediaone.net> >Date: Wed, 18 Apr 2001 14:37:35 -0400 (EDT) >From: Judie Mulholland >Subject: Re: [IDRM] MPAA is going after gnutella >To: Mark Baugher >Cc: ietf-idrm@lists.elistx.com >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >On Wed, 18 Apr 2001, Mark Baugher wrote: > > > hi Judie, > > > > http://www.law.wayne.edu/litman/papers/demon.pdf > > discusses this practice of "demonizing" piracy. But how > > does the MPAA know that Gnutella or Freenet users are > > swapping copyright movies without snooping the contents > > of files being exchanged? I think the digital rights and > > personal privacy issues are very closely related for > > us in IDRM. > > > >i totally agree which reminds me of a comment first made by kelsey and >schneir. in a slightly different context, they write that trying to >prevent copyright infringement of digital assets is beginning the resemble >"the war on drugs." > >Kelsey, J. and B. Schneier "The Street Performer Protocol and Digital >Copyrights," 4 First Monday, (June 7, 1999) > >URL: http://firstmonday.org/issues/issue4_6/kelsey/index.html > >and thanks for the reference to the article on the demonization of >piracy. i look forward to reading it. > >/j From thardjono@mediaone.net Sun May 20 04:55:19 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:55:19 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] erickson article on rights management Message-ID: <5.0.0.25.2.20010519235516.01b95ae0@pop.ne.mediaone.net> >Date: Thu, 19 Apr 2001 13:11:32 -0400 (EDT) >From: Judie Mulholland >Subject: [IDRM] erickson article on rights management >To: ietf-idrm@lists.elistx.com >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >fyi/j > > >D-Lib Magazine >April 2001 >Volume 7 Number 4 > >Information Objects and Rights Management: A Mediation-based Approach to >DRM Interoperability >John S. Erickson > >http://www.dlib.org/dlib/april01/erickson/04erickson.html From thardjono@mediaone.net Sun May 20 04:55:27 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:55:27 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] Fwd: SDMI demands Princeton prof "destroy" paper about vulnerability Message-ID: <5.0.0.25.2.20010519235524.01b6fca0@pop.ne.mediaone.net> >Date: Sat, 21 Apr 2001 09:44:29 -0700 >From: Thomas Hardjono >Subject: [IDRM] Fwd: SDMI demands Princeton prof "destroy" paper about > vulnerability >X-Sender: thardjono@pop.ne.mediaone.net >To: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 5.0 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >From: John Young >Subject: RIAA Warns SDMI Hackers >To: cypherpunks@lne.com >Date: Fri, 20 Apr 2001 22:36:45 -0400 > >RIAA and The SDMI Foundation on April 9 warned Ed Felten >and his researchers not to publish their paper about the >weaknesses of the SDMI content protection system at the >4th International Information Hiding Workshop to be held >April 25-29, 2001. Their paper is public: > > http://cryptome.org/sdmi-attack.htm (41K text with 11 images) > >Zipped text and images: > > http://cryptome.org/sdmi-attack.zip (328K) > >*********** > >http://cryptome.org/sdmi-attack.htm > > April 9, 2001 > > Professor Edward Felton > Department of Computer Science > Princeton University > Princeton, NY 08544 > > Dear Professor Felten, > > We understand that in conjunction with the 4th International > Information Hiding Workshop to be held April 25-29, 2001, you and your > colleagues who participated in last year's Secure Digital Music > Initiative ("SDMI") Public Challenge are planning to publicly release > information concerning the technologies that were included in that > challenge and certain methods you and your colleagues developed as > part of your participation in the challenge. On behalf of the SDMI > Foundation, I urge you to reconsider your intentions and to refrain > from any public disclosure of confidential information derived from > the Challenge and instead engage SDMI in a constructive dialogue on > how the academic aspects of your research can be shared without > jeopardizing the commercial interests of the owners of the various > technologies. > > As you are aware, at least one of the technologies that was the > subject of the Public Challenge, the Verance Watermark, is already in > commercial use and the disclosure of any information that might assist > others to remove this watermark would seriously jeopardize the > technology and the content it protects.1 Other technologies that were > part of the Challenge are either likewise in commercial use or could > be could be utilized in this capacity in the near future. Therefore, > any disclosure of information that would allow the defeat of those > technologies would violate both the spirit and the terms of the > Click-Through Agreement (the "Agreement"). In addition, any disclosure > of information gained from participating in the Public Challenge would > be outside the scope of activities permitted by the Agreement and > could subject you and your research team to actions under the Digital > Millennium Copyright Act ("DCMA"). > > ____________________ > > 1 The Verance Watermark is currently used for DVD-Audio and SDMI > Phase I products and certain portions of that technology are trade > secrets. > > We appreciate your position, as articulated in the Frequently Asked > Questions document, that the purpose of releasing your research is not > designed to "help anyone impose or steal anything." Further more, you > participation in the Challenge and your contemplated disclosure > appears to be motivated by a desire to engage in scientific research > that will ensure that SDMI does not deploy a flawed system. > Unfortunately, the disclosure that you are contemplating could result > in significantly broader consequences and could directly lead to the > illegal distribution of copyrighted material. Such disclosure is not > authorized in the Agreement, would constitute a violation of the > Agreement and would subject your research team to enforcement actions > under the DMCA and possibly other federal laws. > > As you are aware, the Agreement covering the Public challenge narrowly > authorizes participants to attack the limited number of music samples > and files that were provided by SDMI. The specific purpose of > providing these encoded files and for setting up the Challenge was to > assist SDMI in determining which of the proposed technologies are best > suited to protect content in Phase II products. The limited waiver of > rights (including possible DMCA claims) that was contained in the > Agreement specifically prohibits participants from attacking content > protected by SDMI technologies outside the Public Challenge. If your > research is released to the public this is exactly what could occur. > In short, you would be facilitating and encouraging the attack of > copyrighted content outside the limited boundaries of the Public > Challenge and thus places you and your researchers in direct violation > of the Agreement. > > In addition, because public disclosure of your research would be > outside the limited authorization of the Agreement, you could be > subject to enforcement actions under federal law, including the DMCA. > The Agreement specifically reserves any rights that proponents of the > technology being attacked may have "under any applicable law, > including, without limitation, the U.S. Digital Millennium Copyright > Act, for any acts not expressly authorized by their Agreement." The > Agreement simply does not "expressly authorize" participants to > disclose information and research developed through participating in > the Public challenge and such disclosure could be the subject of a > DMCA action. > > We recognize and appreciate your position, made clear throughout this > process, that it is not your intention to engage in any illegal > behavior or to otherwise jeopardize the legitimate commercial > interests of others. We are concerned that your actions are outside > the peer review process established by the Public Challenge and setup > by engineers and other experts to ensure the academic integrity of > this project. With these facts in mind, we invite you to work with the > SDMI Foundation to find a way for you to share the academic components > of your research while remaining true to your intention to not violate > the law or the Agreement. In the meantime, we urge you to withdraw the > paper submitted for the upcoming Information Hiding Workshop, assure > that it is removed from the Workshop distribution materials and > destroyed, and avoid a public discussion of confidential information. > > Sincerely, > > [Signature] > > Matthew Oppenheim, Secretary > The SDMI Foundation > > cc: Mr. Ira S. Moskowitz, Program Chair, Information Hiding Workshop, > Naval Research Laboratory > Cpt. Douglas S. Rau, USN, Commanding Officer, Naval Research > Laboratory > Mr. Howard Ende, General Counsel of Princeton > Mr. Edward Dobkin, Computer Science Department Head of Princeton > _________________________________________________________________ > >*********** From thardjono@mediaone.net Sun May 20 04:55:39 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:55:39 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] Napster Licenses Acoustic Fingerprinting Technology Message-ID: <5.0.0.25.2.20010519235532.01b95760@pop.ne.mediaone.net> >Date: Sat, 21 Apr 2001 09:49:18 -0700 >From: Thomas Hardjono >Subject: [IDRM] Napster Licenses Acoustic Fingerprinting Technology >X-Sender: thardjono@pop.ne.mediaone.net >To: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 5.0 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >http://news.excite.com/news/r/010420/12/net-tech-napster-dc > >REDWOOD CITY, Calif. (Reuters) - Embattled song-swap company Napster on > Friday said it licensed privately held Relatable's acoustic > fingerprinting technology to > help filter songs in compliance with an injunction. > > Alexandria, Va.-based Relatable's technology identifies music based on > the recordings themselves and analyzes the > acoustical properties of a recording's waveform to identify it > precisely, regardless of its audio format, bit rate or > minor signal distortion, the companies said. > > Napster's service has attracted about 60 million users who swap songs > for free by trading MP3 files, a > compression format that turns music on compact discs into small > digital files. > > The recording industry sued the company in December 1999 for copyright > infringement. Napster has recently > come under fire for its inability to block trading of copyrighted > songs completely following the issuance of a March > 5 injunction. > > Music industry officials contend that many of the thousands of titles > record labels have asked Napster to block > remain available on the system and have called for Napster to filter > its service by searching for songs with digital > fingerprint technology to analyze the content of the MP3 files. > > "We are now working closely with Relatable's engineers to coordinate > their technology with our file filtering > systems; we hope they will be a substantial part of our overall > filtering solution," said Hank Barry, chief executive of > Napster, on Friday. > > Napster said it also hopes to incorporate the technology into its > current file screening system and into a new > membership service it hopes to launch this summer. > > The labels that sued Napster include Vivendi Universal's (EAUG.PA) > Universal Music, Sony Music (6758.T), > Warner Music (AOL), EMI Group Plc (EMI.L) and Bertelsmann AG's > (BTGGga.D) BMG. From thardjono@mediaone.net Sun May 20 04:55:52 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:55:52 -0400 Subject: [IETF-IDRM] Fwd: [WM]: Re: [IDRM]/[WM] Fwd: SDMI demands Princeton prof "destroy" paper aboutvulnerability Message-ID: <5.0.0.25.2.20010519235549.01b96af0@pop.ne.mediaone.net> >Delivered-To: zeus-waterma-watermarking-list@phoebe.hosting4u.net >Date: Sat, 21 Apr 2001 16:14:07 -0500 (Eastern Standard Time) >From: "Neil F.Johnson" >To: , watermarking@watermarkingworld.org, > thardjono@mediaone.net, ietf-idrm@lists.elistx.com >Subject: [WM]: Re: [IDRM]/[WM] Fwd: SDMI demands Princeton prof "destroy" > paper aboutvulnerability >Reply-To: nfj@jjtc.com >Organization: Johnson & Johnson Technolofy Consultants, LC >Sender: watermarking-owner@watermarkingworld.org > >I belong to both the IDRM and Watermarkingworld >list groups and saw this message go across both. > >Well, I'm sure this will be a hot topic at IHW2001. >The fact that The Verance Watermark is currently >being used means that someone rushed to production >without doing all of their homework. > >I look forward to discussing the matter further >in Pittsburgh next week. > >BTW... >What if those of us who did not participate wish >to discuss the SDMI challenge? > >-- > >Neil F. Johnson >Associate Director >Center for Secure Information Systems >George Mason University >njohnson@gmu.edu > > > > > >From: John Young > >Subject: RIAA Warns SDMI Hackers > >To: cypherpunks@lne.com > >Date: Fri, 20 Apr 2001 22:36:45 -0400 > > > >RIAA and The SDMI Foundation on April 9 warned Ed Felten > >and his researchers not to publish their paper about the > >weaknesses of the SDMI content protection system at the > >4th International Information Hiding Workshop to be held > >April 25-29, 2001. Their paper is public: > > > > http://cryptome.org/sdmi-attack.htm (41K text with 11 images) > > > >Zipped text and images: > > > > http://cryptome.org/sdmi-attack.zip (328K) > > > >*********** > > > >http://cryptome.org/sdmi-attack.htm > > > > April 9, 2001 > > > > Professor Edward Felton > > Department of Computer Science > > Princeton University > > Princeton, NY 08544 > > > > Dear Professor Felten, > > > > We understand that in conjunction with the 4th International > > Information Hiding Workshop to be held April 25-29, 2001, you and your > > colleagues who participated in last year's Secure Digital Music > > Initiative ("SDMI") Public Challenge are planning to publicly release > > information concerning the technologies that were included in that > > challenge and certain methods you and your colleagues developed as > > part of your participation in the challenge. On behalf of the SDMI > > Foundation, I urge you to reconsider your intentions and to refrain > > from any public disclosure of confidential information derived from > > the Challenge and instead engage SDMI in a constructive dialogue on > > how the academic aspects of your research can be shared without > > jeopardizing the commercial interests of the owners of the various > > technologies. > > > > As you are aware, at least one of the technologies that was the > > subject of the Public Challenge, the Verance Watermark, is already in > > commercial use and the disclosure of any information that might assist > > others to remove this watermark would seriously jeopardize the > > technology and the content it protects.1 Other technologies that were > > part of the Challenge are either likewise in commercial use or could > > be could be utilized in this capacity in the near future. Therefore, > > any disclosure of information that would allow the defeat of those > > technologies would violate both the spirit and the terms of the > > Click-Through Agreement (the "Agreement"). In addition, any disclosure > > of information gained from participating in the Public Challenge would > > be outside the scope of activities permitted by the Agreement and > > could subject you and your research team to actions under the Digital > > Millennium Copyright Act ("DCMA"). > > > > ____________________ > > > > 1 The Verance Watermark is currently used for DVD-Audio and SDMI > > Phase I products and certain portions of that technology are trade > > secrets. > > > > We appreciate your position, as articulated in the Frequently Asked > > Questions document, that the purpose of releasing your research is not > > designed to "help anyone impose or steal anything." Further more, you > > participation in the Challenge and your contemplated disclosure > > appears to be motivated by a desire to engage in scientific research > > that will ensure that SDMI does not deploy a flawed system. > > Unfortunately, the disclosure that you are contemplating could result > > in significantly broader consequences and could directly lead to the > > illegal distribution of copyrighted material. Such disclosure is not > > authorized in the Agreement, would constitute a violation of the > > Agreement and would subject your research team to enforcement actions > > under the DMCA and possibly other federal laws. > > > > As you are aware, the Agreement covering the Public challenge narrowly > > authorizes participants to attack the limited number of music samples > > and files that were provided by SDMI. The specific purpose of > > providing these encoded files and for setting up the Challenge was to > > assist SDMI in determining which of the proposed technologies are best > > suited to protect content in Phase II products. The limited waiver of > > rights (including possible DMCA claims) that was contained in the > > Agreement specifically prohibits participants from attacking content > > protected by SDMI technologies outside the Public Challenge. If your > > research is released to the public this is exactly what could occur. > > In short, you would be facilitating and encouraging the attack of > > copyrighted content outside the limited boundaries of the Public > > Challenge and thus places you and your researchers in direct violation > > of the Agreement. > > > > In addition, because public disclosure of your research would be > > outside the limited authorization of the Agreement, you could be > > subject to enforcement actions under federal law, including the DMCA. > > The Agreement specifically reserves any rights that proponents of the > > technology being attacked may have "under any applicable law, > > including, without limitation, the U.S. Digital Millennium Copyright > > Act, for any acts not expressly authorized by their Agreement." The > > Agreement simply does not "expressly authorize" participants to > > disclose information and research developed through participating in > > the Public challenge and such disclosure could be the subject of a > > DMCA action. > > > > We recognize and appreciate your position, made clear throughout this > > process, that it is not your intention to engage in any illegal > > behavior or to otherwise jeopardize the legitimate commercial > > interests of others. We are concerned that your actions are outside > > the peer review process established by the Public Challenge and setup > > by engineers and other experts to ensure the academic integrity of > > this project. With these facts in mind, we invite you to work with the > > SDMI Foundation to find a way for you to share the academic components > > of your research while remaining true to your intention to not violate > > the law or the Agreement. In the meantime, we urge you to withdraw the > > paper submitted for the upcoming Information Hiding Workshop, assure > > that it is removed from the Workshop distribution materials and > > destroyed, and avoid a public discussion of confidential information. > > > > Sincerely, > > > > [Signature] > > > > Matthew Oppenheim, Secretary > > The SDMI Foundation > > > > cc: Mr. Ira S. Moskowitz, Program Chair, Information Hiding Workshop, > > Naval Research Laboratory > > Cpt. Douglas S. Rau, USN, Commanding Officer, Naval Research > > Laboratory > > Mr. Howard Ende, General Counsel of Princeton > > Mr. Edward Dobkin, Computer Science Department Head of Princeton > > _________________________________________________________________ > > > >*********** > > > > >______________________________________________________________________________ > >Watermarking Mailing List - http://www.watermarkingworld.org/ml.html >To unsubscribe send email to "majordomo@watermarkingworld.org" with >"unsubscribe watermarking YOURMAIL" in the body. >______________________________________________________________________________ > From thardjono@mediaone.net Sun May 20 04:56:14 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:56:14 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] XrML? Message-ID: <5.0.0.25.2.20010519235612.01b6e620@pop.ne.mediaone.net> >Date: Wed, 25 Apr 2001 12:46:26 +0100 (BST) >From: "J. Chong" >Subject: [IDRM] XrML? >To: ietf-idrm@lists.elistx.com >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >Hi, > > I am currently working with DRM. I wish to know whether there is a >standard language (which is recognized by W3C) which is used to describe >and define the rights on a digital content. For example, I came across >XrML (www.xrml.org), and I am wondering what is the status of XrML in >W3C. Please help. Thanks. > > >Best regards, >Jordan CN CHONG From thardjono@mediaone.net Sun May 20 04:56:24 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:56:24 -0400 Subject: [IETF-IDRM] Fwd: Re: [IDRM] XrML? Message-ID: <5.0.0.25.2.20010519235621.01b6e440@pop.ne.mediaone.net> >Date: Wed, 25 Apr 2001 14:52:39 +0100 (BST) >From: "J. Chong" >Subject: Re: [IDRM] XrML? >To: Mark Baugher >Cc: ietf-idrm@lists.elistx.com >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >Dear Mark, > > Thanks for your reply and help. Do you mind telling me what you >think about XrML (www.xrml.org)? Thanks. > >On Wed, 25 Apr 2001, Mark Baugher wrote: > > > Hi > > There is no standard rights management language yet. There is only > > one that I am aware of that is intended to be an "open-standard" language > > and that is ODRL, Open Digital Rights Language. Following the W3C > > meeting at Inria earlier in the year, the Workshop on Digital Rights, > > I am expecting some initiative to start in the W3C. > > > > Mark > > > > At 12:46 PM 4/25/2001 +0100, J. Chong wrote: > > > > >Hi, > > > > > > I am currently working with DRM. I wish to know whether there > is a > > >standard language (which is recognized by W3C) which is used to describe > > >and define the rights on a digital content. For example, I came across > > >XrML (www.xrml.org), and I am wondering what is the status of XrML in > > >W3C. Please help. Thanks. > > > > > > > > >Best regards, > > >Jordan CN CHONG > > > > > >Best regards, >Jordan CN CHONG From thardjono@mediaone.net Sun May 20 04:56:31 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:56:31 -0400 Subject: [IETF-IDRM] Fwd: Re: [IDRM] XrML? Message-ID: <5.0.0.25.2.20010519235628.01c7feb0@pop.ne.mediaone.net> >Date: Wed, 25 Apr 2001 12:43:19 -0400 >From: Thomas Hardjono >Subject: Re: [IDRM] XrML? >X-Sender: thardjono@pop.ne.mediaone.net >To: "J. Chong" , ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 5.0 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >Hi, > >As far as I know there is currently no specific language defined by >the W3C. The first step is for a DRM WG to be created in the W3C >and there are efforts underway to do this. > >cheers, > >thomas >------ > > >At 4/25/2001||12:46 PM, J. Chong wrote: > >>Hi, >> >> I am currently working with DRM. I wish to know whether there is a >>standard language (which is recognized by W3C) which is used to describe >>and define the rights on a digital content. For example, I came across >>XrML (www.xrml.org), and I am wondering what is the status of XrML in >>W3C. Please help. Thanks. >> >> >>Best regards, >>Jordan CN CHONG From thardjono@mediaone.net Sun May 20 04:56:40 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:56:40 -0400 Subject: [IETF-IDRM] Fwd: RE: [IDRM] XrML? Message-ID: <5.0.0.25.2.20010519235638.01c7b0c0@pop.ne.mediaone.net> >Date: Fri, 27 Apr 2001 12:38:49 -0700 >From: Rob Koenen >Subject: RE: [IDRM] XrML? >To: "'Mark Baugher'" , "J. Chong" >Cc: ietf-idrm@lists.elistx.com >X-Mailer: Internet Mail Service (5.5.2653.19) >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > > There is no standard rights management language yet. > > There is only > > one that I am aware of that is intended to be an > > "open-standard" language > > and that is ODRL, Open Digital Rights Language. Following the W3C > > meeting at Inria earlier in the year, the Workshop on Digital Rights, > > I am expecting some initiative to start in the W3C. > >Initiative has already started in MPEG, and representatives of both >ODRL and XrML are participating in a requirements study, along >with quite a few more people. If there is interest I can send >the call for Requirements and draft Requirements Document to this >list. >MPEG anticipates issuing a Call for Proposals in July. >MPEG has invited W3C to jointly take on this enormous undertaking. > >As there were some remarks about licensing: >MPEG does not accept conditional submissions, and will seek the best >standard as a combination from all proposals received. > >MPEG technology is not usually license free, but contributors to the >standard are required to declare that they will license their essential >patents on fair, reasonable and non-discriminatory terms. >I am not a lawyer, and will not try to pass judgement on what >constitutes "fair, reasonable and non-discriminatory". > >Rob Koenen >Chairman MPEG Requirements Group. From thardjono@mediaone.net Sun May 20 04:56:48 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:56:48 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] Microsoft DRM demo at Info-Hiding Workshop Message-ID: <5.0.0.25.2.20010519235645.01c7b540@pop.ne.mediaone.net> >Date: Wed, 02 May 2001 12:11:46 -0400 >From: Thomas Hardjono >Subject: [IDRM] Microsoft DRM demo at Info-Hiding Workshop >X-Sender: thardjono@pop.ne.mediaone.net >To: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 5.0 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > > MS May Have File-Trading Answer > By Declan McCullagh > > 2:00 a.m. May. 1, 2001 PDT > > PITTSBURGH -- Microsoft has developed a prototype system that > limits unauthorized playback of music by > embedding a watermark that remains permanently attached to > audio files. > > During a security workshop on Friday, a Microsoft Research > scientist demonstrated how the hidden copyright > fingerprint is so securely affixed to the audio that it > remains intact even if a jazz song is played aloud on > speakers in a noisy room and then re-recorded. > >http://www.wired.com/news/digiwood/0%2C1412%2C43389%2C00.html From thardjono@mediaone.net Sun May 20 04:57:03 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:57:03 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] NAPSTER LEAVES AN IMPRINT ON MP3 FILES Message-ID: <5.0.0.25.2.20010519235700.01b6f650@pop.ne.mediaone.net> >Date: Mon, 14 May 2001 10:22:49 -0400 >From: Thomas Hardjono >Subject: [IDRM] NAPSTER LEAVES AN IMPRINT ON MP3 FILES >X-Sender: thardjono@pop.ne.mediaone.net >To: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 5.0 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >*NAPSTER LEAVES AN IMPRINT ON MP3 FILES >Napster plans to acoustically fingerprint music files in its system to >prevent copyrighted material from being downloaded for free--and to show a >federal court it is making an earnest effort to block copyrighted >material. > >The TRM technology, licensed from Virginia-based Relatable, identifies a >small amount of data representing a file's unique sound recording, >regardless of the audio format, bit rate or signal distortion. The audio >"fingerprints" are then stored in a database and used to monitor MP3 files >being swapped among Napster subscribers. > >This differs from Napster's initial digital fingerprinting, which blocked >copyrighted files based on their names or song titles. Napster users had >circumvented those content filters by intentionally misspelling file >names. > >The announcement came weeks after Napster officials told an U.S. District >Court that audio fingerprinting to block copyrighted recordings doesn't >work well. The technology has improved rapidly in a short amount of time, >the company now says. Napster was successfully sued for copyright >infringement last year by the recording industry. > >Some industry insiders have questioned the robustness of Relatable's TRM, >but company CEO Pat Breslin says his product can handle the volume. "TRM >will help ensure that the millions of music files transferred through the >new Napster system will be accurately monitored, and it will enable the >appropriate allocation of royalties to artists, music publishers and >record companies," he said in a statement. From thardjono@mediaone.net Sun May 20 04:57:24 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:57:24 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] frequency domain Message-ID: <5.0.0.25.2.20010519235722.01be0150@pop.ne.mediaone.net> >Date: Mon, 14 May 2001 17:54:35 +0000 >From: ASD DSA >Subject: [IDRM] frequency domain >X-Originating-IP: [212.138.47.11] >To: ietf-idrm@lists.elistx.com >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > >X-OriginalArrivalTime: 14 May 2001 17:54:35.0718 (UTC) > FILETIME=[F0144E60:01C0DC9E] > >hi all >i want some detail about insertion the watermark in the frequency domain >and advantage it over the spatial domain >thanks alot >_________________________________________________________________________ >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From thardjono@mediaone.net Sun May 20 04:57:35 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:57:35 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] New IDRM drafts on website + thoughts on PKI/DRM Message-ID: <5.0.0.25.2.20010519235733.01be0cc0@pop.ne.mediaone.net> >Date: Mon, 14 May 2001 16:09:28 -0400 >From: Thomas Hardjono >Subject: [IDRM] New IDRM drafts on website + thoughts on PKI/DRM >X-Sender: thardjono@pop.ne.mediaone.net (Unverified) >To: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 5.0 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >Folks, > >We have received a formal submission to IDRM of three Internet-Drafts >relating to the Handle System. > >These are located on http://www.idrm.org/idrm_drafts.htm > >I think the issues of Naming, Naming-Authorities and Naming-Support-Systems >are an integral part of any DRM systems and thus the DRM infrastructure >as a whole. Thus, it would be good to see discussion on these issues. > >As an example, if a URN is used within a Record, then some form of >digital signature will need to be applied to the Record. >This further implies that there is a Certification Authority (CA) >that is behind the Certificate used for the signature. This, in-turn, >suggests that some resemblance of a PKI is needed before the Naming system >can function. > >Does this mean that the whole DRM industry must wait for a worldwide PKI to >exist, or can we build-up a DRM-specific PKI stage-by-stage (and in fact >be one of the primary movers for the worldwide PKI)? > >Any comments? > >cheers, > >thomas >------ From thardjono@mediaone.net Sun May 20 04:57:42 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:57:42 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] More on InterTrust sues Microsoft Message-ID: <5.0.0.25.2.20010519235740.01be29b0@pop.ne.mediaone.net> >Date: Mon, 14 May 2001 16:19:01 -0400 >From: Thomas Hardjono >Subject: [IDRM] More on InterTrust sues Microsoft >X-Sender: thardjono@pop.ne.mediaone.net >To: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 5.0 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe:= >List-Archive: >List-Help: , > > > >http://www.zdnet.com/intweek/stories/news/0,4164,2716226,00.html > >Digital Patents Go to Court >By Sara Robinson, Interactive Week >May 8, 2001 12:58 PM PT >URL: > >A high-stakes battle over a keyechnology for managing the distribution of= =20 >digital content has been >launched, and the first volley is InterTrust Technologies' lawsuit against= =20 >Microsoft for patent >infringement. > >InterTrust, founded in 1990, holds extensive patents in digital rights=20 >management, a technology that >enables companies to encrypt documents or media files and attach rules for= =20 >their use. DRM is just >beginning to fulfill its promise as an essential building block for=20 >commerce of digital goods. > >Companies developing DRM worry that if InterTrust's patents hold up, they= =20 >will be forced to pay >costly licensing fees or awkwardly engineer their products to work around= =20 >the patents. The outcome >is unclear for corporate customers that are just beginning to use DRM to=20 >manage such assets as >photos, logos, legal documents and corporate training videos. For example,= =20 >using DRM, a training >video could be encrypted so that a company could track how many times it=20 >is watched. > >Even if the patents are eventually struck down, the legal morass could=20 >prove costly for DRM >providers and their customers. And InterTrust's lawsuit is likely to be=20 >one of many technology patent >battles ahead. > >"Now that the dot-com boom is crashing, one of the things that's left to=20 >milk is the patents," said >Greg Aharonian, publisher at the Internet Patent News Service, a=20 >newsletter covering technology >patent issues. "You'll see a lot more of this." > >The lawsuit, which asks for damages and an injunction against the=20 >distribution and sale of Windows >Media Player and other products, focuses only on Microsoft =97 for now. But= =20 >in the April 26 lawsuit >filed in San Jose, InterTrust reserves the right to add other companies.=20 >Some observers think the >small, struggling firm is trying to make a business out of such legal=20 >fights =97 or position itself to be >acquired. > >Suitor Sought? > >Aram Sinnreich, a senior analyst at Jupiter Research, believes in the=20 >latter theory. "DRM is finally >going to become very important in the very near term, and it sounds like=20 >their patents are very >far-reaching," Sinnreich said. "If I had to pick one reason to explain the= =20 >lawsuit, I think InterTrust is >trying to goad Microsoft or someone else into buying them." > >Other leading providers of DRM are ContentGuard and IBM; both declined to= =20 >comment on the >lawsuit. > >DRM technology was first marketed for business-to-consumer applications,=20 >such as sales of digital >music and electronic books. But since the systems can be awkward to use=20 >and often require >downloads of client software, they haven't been popular. > >Recently, however, DRM started steadily gaining traction in the enterprise= =20 >market in the form of >digital asset management. Systems to help corporations efficiently manage= =20 >use of their digital >property are offered by companies such as Artesia Technologies, eMotion=20 >and MediaBin. > >InterTrust's enormous patent portfolio has long frustrated rival companies= =20 >developing DRM >technology, which charge that the patents are overly broad. > >For example, the patent that is at the heart of the Microsoft suit was=20 >filed in 1998 as a continuation >of patents going back to 1994. The patent was issued in February. It=20 >governs basic aspects of >DRM such as content rights management procedures; "superdistribution,"=20 >which is the distribution of >protected content from peer-to-peer; and subscription services for content= =20 >governed by usage rules. > >"If they get an adequate settlement out of Microsoft, that certainly=20 >wouldn't hurt their position with >the other companies doing digital rights management," Aharonian said. "If= =20 >they get a jury verdict, >that really strengthens their hand." > >A researcher at a large company that has developed DRM technology, who=20 >asked not to be >named, complained that InterTrust has 5,000 to 10,000 pages of claims in=20 >its 18 existing patents, >and more than 40 patents pending. > >"Until they are invalidated, people will have to worry about it, because=20 >you have these huge, huge >patents with zillions of different claims," the researcher said. "If you=20 >go to a patent attorney and give >them 10,000 pages to read and the meter clicks at $300 an hour, expenses=20 >start mounting up very >quickly." > >Asked whether he believes the patents to be frivolous, the re searcher=20 >responded: "No one can >really be sure because they are so voluminous. . . . Some people are=20 >willing to give them the benefit >of the doubt because they have very smart people on their payroll and=20 >they've been around for quite >a while, but most of our people are very skeptical of InterTrust patents." > >Ed Fish, president of the MetaTrust Utility division at InterTrust,=20 >acknowledged that the patent that >provoked the lawsuit covers very fundamental aspects of DRM systems. "They= =20 >are fundamental >aspects of technical components that we think are necessary for efficient= =20 >digital rights management," >Fish said. But, he added, "I don't want to make the point that this covers= =20 >every functional means. >The patent claims are technical and specific." > >Jim Cullinan, a Microsoft spokes man, said Microsoft has been developing=20 >DRM technology for >many years, but declined to comment on the specifics of the lawsuit. "We=20 >have just received this >complaint and we continue to evaluate it," Cullinan said, reading from a=20 >prepared statement. > >Fish said the complaint focused solely on Microsoft because the company=20 >spelled out the details of >its system clearly enough in public documents that InterTrust felt sure=20 >Microsoft was infringing. > >"It's possible that there are other infringers, but there's less=20 >information available," Fish said. "We're >continuing to investigate." > >Given the stakes involved, Aharonian said, the courts will probably act=20 >quickly on the injunction. If >InterTrust can get an injunction, he added, Microsoft may well choose to=20 >settle rather than hold up >the distribution of Windows XP, the latest version of its consumer=20 >operating system which is >scheduled for release this fall. Microsoft's Media Player and DRM=20 >technology, the subject of the >lawsuit, are built right into the new OS. > >A settlement in the current case would be a boon to InterTrust, which is=20 >struggling financially. The >company reported a net loss of $21.6 million for the first quarter, and=20 >during its earnings call last >week, it announced it would lay off 15 percent of its staff. > >InterTrust has been peddling its patents to its rivals for the last=20 >several years. So far, none of these >companies license the InterTrust technology =97 primarily because the=20 >licensing fees InterTrust has >asked seemed unreasonably high, several companies said privately. > >Still, this lawsuit is "not going to be a slam dunk" for either Microsoft= =20 >or InterTrust, Aharonian said. >"Inter Trust comes in with a good hand, but Microsoft has a ton of money = =97=20 >and if it fights off the >injunction, maybe it just bleeds InterTrust to death." > > >Who Has the (Digital) Right? > >The InterTrust Technologies patent that is the subject of a lawsuit=20 >against Microsoft deals with many >aspects of digital rights management: > Content rights management and provision of electronic licenses and= permits > Rules managing electronic subscriptions for content > Messaging and other communications according to secure policies and= rules > Trusted electronic negotiation, digital information escrow and=20 > automated, secure fulfillment > Tracking and secure control of electronic documents, records and other= =20 > digital information among >authenticated members of select user groups From thardjono@mediaone.net Sun May 20 04:58:05 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:58:05 -0400 Subject: [IETF-IDRM] Fwd: Re: [IDRM] New IDRM drafts on website + thoughts on PKI/DRM Message-ID: <5.0.0.25.2.20010519235803.01be1130@pop.ne.mediaone.net> >Date: Mon, 14 May 2001 13:30:10 -0700 >From: Mark Baugher >Subject: Re: [IDRM] New IDRM drafts on website + thoughts on PKI/DRM >X-Sender: mbaugher@mira-sjc5-6.cisco.com >To: Thomas Hardjono >Cc: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >hi Thomas > I hope to get to this thread when I return from some business travel > later this week. I just wanted to point out that there are alternatives > to PKI, as I'm sure you know. Obviously, public/private crypto can be > used without a public key infrastructure if there is no compelling reason > to publicly bind the name to the key; SPKI is one such example. There > are also systems based on Kerberos that may be applied in some > environments. Finally, there are issues with using signing keys at all > for publishing: Ross Anderson et. al. have pointed out that the key life > is typically too short for a published work that may last 70 years after > the author's death and too long for a content work that needs to be > authenticated and have its integrity checked within a short period after > the work is made available. So they have a cataloging system that takes > the place of a PKI. > >Cheers, Mark >At 04:09 PM 5/14/2001 -0400, Thomas Hardjono wrote: > >>Folks, >> >>We have received a formal submission to IDRM of three Internet-Drafts >>relating to the Handle System. >> >>These are located on http://www.idrm.org/idrm_drafts.htm >> >>I think the issues of Naming, Naming-Authorities and Naming-Support-Systems >>are an integral part of any DRM systems and thus the DRM infrastructure >>as a whole. Thus, it would be good to see discussion on these issues. >> >>As an example, if a URN is used within a Record, then some form of >>digital signature will need to be applied to the Record. >>This further implies that there is a Certification Authority (CA) >>that is behind the Certificate used for the signature. This, in-turn, >>suggests that some resemblance of a PKI is needed before the Naming system >>can function. >> >>Does this mean that the whole DRM industry must wait for a worldwide PKI to >>exist, or can we build-up a DRM-specific PKI stage-by-stage (and in fact >>be one of the primary movers for the worldwide PKI)? >> >>Any comments? >> >>cheers, >> >>thomas >>------ From thardjono@mediaone.net Sun May 20 04:58:30 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:58:30 -0400 Subject: [IETF-IDRM] Fwd: RE: [IDRM] XrML? Message-ID: <5.0.0.25.2.20010519235822.01be2d80@pop.ne.mediaone.net> >Date: Tue, 15 May 2001 02:17:49 -0700 >From: Fabien Petitcolas >Subject: RE: [IDRM] XrML? >To: Mark Baugher , "J. Chong" >Cc: ietf-idrm@lists.elistx.com >Thread-Topic: [IDRM] XrML? >Thread-Index: AcDNkR0h16P1or5CSli+AfjFX2J5MQO1LTzw >X-MS-Has-Attach: >X-MS-TNEF-Correlator: >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > >X-OriginalArrivalTime: 15 May 2001 09:17:50.0371 (UTC) > FILETIME=[E9DD8F30:01C0DD1F] > >Dear Mark, > >After asking to people who are better informed than me, it looks like >you may have misread the ContentGuard Agreement: > >"While ContentGuard does get rights to derivative improvements in XrML >(as it needs to to carry on the standard), the licensees are free to use >any version of XrML. However, after a period of time, if they do not >support the latest version of XrML, they have to stop CALLING their >implementation XrML or implying that it is XrML compliant." > >Hope this helps, > >Fabien > >-----Original Message----- >From: Mark Baugher [mailto:mbaugher@cisco.com] >Sent: Wednesday 25 April 2001 15:07 >To: J. Chong >Cc: ietf-idrm@lists.elistx.com >Subject: Re: [IDRM] XrML? > >Hi > I can only relate my personal experience here. Content Guard >requires >people to sign a license to look at XrML, or at least they did; I have >not >checked recently to see if this has changed. The license seems to >grant Content Guard a perpetual license to use any and all derivatives >but only grants the person signing the license rights to use the >current version of XrML. At least this was the license that I read >last year and I'm not a lawyer. So I sent a note to them asking about >this and participation in the group that determines the direction of >XrML in the future. I got no reply to that note. I think that its >predecessor, DPRL, is pretty extensive and compares favorable >to ODRL, though I have not done any extensive analysis of these >languages. I'm hoping that this work will be undertaken by W3C. > >Mark > >At 02:52 PM 4/25/2001 +0100, J. Chong wrote: > >Dear Mark, > > > > Thanks for your reply and help. Do you mind telling me what >you > >think about XrML (www.xrml.org)? Thanks. > > > >On Wed, 25 Apr 2001, Mark Baugher wrote: > > > > > Hi > > > There is no standard rights management language yet. There is >only > > > one that I am aware of that is intended to be an "open-standard" >language > > > and that is ODRL, Open Digital Rights Language. Following the W3C > > > meeting at Inria earlier in the year, the Workshop on Digital >Rights, > > > I am expecting some initiative to start in the W3C. > > > > > > Mark > > > > > > At 12:46 PM 4/25/2001 +0100, J. Chong wrote: > > > > > > >Hi, > > > > > > > > I am currently working with DRM. I wish to know whether >there > > is a > > > >standard language (which is recognized by W3C) which is used to >describe > > > >and define the rights on a digital content. For example, I came >across > > > >XrML (www.xrml.org), and I am wondering what is the status of XrML >in > > > >W3C. Please help. Thanks. > > > > > > > > > > > >Best regards, > > > >Jordan CN CHONG > > > > > > > > > >Best regards, > >Jordan CN CHONG From thardjono@mediaone.net Sun May 20 04:58:41 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:58:41 -0400 Subject: [IETF-IDRM] Fwd: [IDRM] DRM Taxonomy work Message-ID: <5.0.0.25.2.20010519235839.01be25f0@pop.ne.mediaone.net> >Date: Thu, 17 May 2001 15:33:34 -0700 >From: Mark Baugher >Subject: [IDRM] DRM Taxonomy work >X-Sender: mbaugher@mira-sjc5-6.cisco.com >To: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >Hi > We wanted to begin work on developing a draft on requirements for > IDRM. Sam Sun, Thomas Hardjono and I discussed this and we think that a > good first step would be to develop a taxonomy, which is a classification > of the parts of an end-to-end DRM system from which we can develop a > common model, or models, and common definitions - so we speak the same > language to one another. > > Our focus in IDRM is with the IP network infrastructure aspects of > DRM. To me, this means that we are less concerned with the syntax or > semantics of rights specifications than in the handling and use of rights > metadata in end-to-end systems; we are less concerned with the specifics > of watermarking technology or with technical protection mechanisms than > in key and license distribution systems; persistent and globally-unique > names may not be as much of a concern to IDRM as are trusted repositories > of content works and metadata. So there are things in our taxonomy that > are part of end-to-end DRM systems like watermarks, TPM, and rights > languages that are not necessarily things that will be a focus of IDRM. > > At our last meeting, Thomas and I proposed that there are two distinct > sets of relationships in end-to-end DRM. First, is between content > provider and distributor (aka "service provider"). We would use "service > provider" if the content were to be delivered to consumers over a IP > network but the distributor could be a company that manufactures DVDs or > a TV broadcaster that receives files from a TV or film studio. Trusted > repositories for the files and rights metadata, authorization, and > authentication are IP infrastructure components that the content provider > may need to properly manage this process. It is unlikely that technical > protection mechanisms or digital licenses are needed in this > business-to-business transaction. > > The second set of relationships is between the service provider and the > content consumer. On the Internet today, it is hard if not impossible to > unambiguously identify illegal sources and uses of copyright content > works from illegal uses. Trusted repositories and sources with rights > metadata are important to DRM in this relationship. Authorization, > authentication, and technical protection mechanisms may be needed so > standard ways to do key and license management will promote > inter-operability. What we should not overlook in digital > rights-conferral and mechanisms that support it is the flow of > information assets from the consumer to the provider for the purposes of > authorization. In this regard, "rights management" should include the > rights that consumers have with respect to information that they provide > and DRM is about information assets and not only copyright works. > >We want to begin developing our taxonomy and putting flesh to an IDRM >model. This note outlines the general approach that we are taking and >we're soliciting any comments that people might have. Also, if others are >interested in working on a draft document for the taxonomy, please let us know. > >Mark From thardjono@mediaone.net Sun May 20 05:01:03 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sun, 20 May 2001 00:01:03 -0400 Subject: [IETF-IDRM] test - ignore Message-ID: <5.0.0.25.2.20010520000046.01be1610@pop.ne.mediaone.net> test - ignore From thardjono@mediaone.net Sun May 20 04:58:58 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:58:58 -0400 Subject: [IETF-IDRM] Fwd: Re: [IDRM] DRM Taxonomy work -- drm framework... Message-ID: <5.0.0.25.2.20010519235855.01be6eb0@vhqpostal.verisign.com> >Date: Sat, 19 May 2001 10:47:39 -0400 >From: "Sam X. Sun (@S2000)" >Subject: Re: [IDRM] DRM Taxonomy work -- drm framework... >To: Mark Baugher , ietf-idrm@lists.elistx.com >X-Mailer: Microsoft Outlook Express 5.50.4133.2400 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >Hi, > >I think it's a good application model to classify in end-to-end DRM >relationships in terms of content provider and distributor, and distributor >and content consumer. They represent some real world scenarios that DRM will >have to address. On the other hand, I wonder if we could further model the >underlying DRM framework in terms of transactions of certain entities (e.g. >digital content) among other kinds of entities (e.g. content holder), and >the transaction may be reflected in terms of exchange/update of digital >rights bound to each content instance acquired by the content holder. > >In other words, I wonder whether it's reasonable to categorize the entities >that DRM framework has to deal with in terms of: > > 1. the digital content (per instance) > 2. the content holder (current or potential) > > >And think of the digital rights as state information of the digital content >hold by content holder. From this, one may imagine building mechanisms >within the framework to: > > * Associate rights per digital content acquired by the content holder > * Identify content holder, along with its authentication attributes. > * Exchange/update digital rights per digital content among content >holders > * Facilitate/monitor/trace legitimate digital contents for their proper >use > * Report illegal content upon showing up within the framework (doable?) > etc... > >Assumptions here are that everyone can obtain a copy of digital content >freely, but need to acquire (e.g. via purchase) adequate rights to be able >to "use" it. Depending on the rights associated to the digital content >acquired by the content holder, the content holder could act as a publisher, >a distributor, a retailer, or end consumer. A transaction of digital content >from a retailer to consumer could be modeled as retailer (with the right) to >generate a new instance of the digital content, assign it with consumer >rights, and "give" it to the consumer (along with the consumer rights). A >consumer may later become a retailer after obtaining the "retail" rights for >its copy of digital content... > >It's a bit off tracking to Mark's message:)... Just want to share some >thoughts. Any comments? > > >Cheers, >Sam > > > > >----- Original Message ----- >From: "Mark Baugher" >To: >Sent: Thursday, May 17, 2001 6:33 PM >Subject: [IDRM] DRM Taxonomy work > > > > Hi > > We wanted to begin work on developing a draft on requirements for > > IDRM. Sam Sun, Thomas Hardjono and I discussed this and we think that a > > good first step would be to develop a taxonomy, which is a classification > > of the parts of an end-to-end DRM system from which we can develop a >common > > model, or models, and common definitions - so we speak the same language >to > > one another. > > > > Our focus in IDRM is with the IP network infrastructure aspects of > > DRM. To me, this means that we are less concerned with the syntax or > > semantics of rights specifications than in the handling and use of rights > > metadata in end-to-end systems; we are less concerned with the specifics >of > > watermarking technology or with technical protection mechanisms than in >key > > and license distribution systems; persistent and globally-unique names may > > not be as much of a concern to IDRM as are trusted repositories of content > > works and metadata. So there are things in our taxonomy that are part of > > end-to-end DRM systems like watermarks, TPM, and rights languages that are > > not necessarily things that will be a focus of IDRM. > > > > At our last meeting, Thomas and I proposed that there are two distinct > > sets of relationships in end-to-end DRM. First, is between content > > provider and distributor (aka "service provider"). We would use "service > > provider" if the content were to be delivered to consumers over a IP > > network but the distributor could be a company that manufactures DVDs or a > > TV broadcaster that receives files from a TV or film studio. Trusted > > repositories for the files and rights metadata, authorization, and > > authentication are IP infrastructure components that the content provider > > may need to properly manage this process. It is unlikely that technical > > protection mechanisms or digital licenses are needed in this > > business-to-business transaction. > > > > The second set of relationships is between the service provider and the > > content consumer. On the Internet today, it is hard if not impossible to > > unambiguously identify illegal sources and uses of copyright content works > > from illegal uses. Trusted repositories and sources with rights metadata > > are important to DRM in this relationship. Authorization, authentication, > > and technical protection mechanisms may be needed so standard ways to do > > key and license management will promote inter-operability. What we >should > > not overlook in digital rights-conferral and mechanisms that support it is > > the flow of information assets from the consumer to the provider for the > > purposes of authorization. In this regard, "rights management" should > > include the rights that consumers have with respect to information that > > they provide and DRM is about information assets and not only copyright >works. > > > > We want to begin developing our taxonomy and putting flesh to an IDRM > > model. This note outlines the general approach that we are taking and > > we're soliciting any comments that people might have. Also, if others are > > interested in working on a draft document for the taxonomy, please let us >know. > > > > Mark > > From thardjono@mediaone.net Sun May 20 04:59:10 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Sat, 19 May 2001 23:59:10 -0400 Subject: [IETF-IDRM] Fwd: Re: [IDRM] DRM Taxonomy work -- drm framework... Message-ID: <5.0.0.25.2.20010519235907.01be6280@vhqpostal.verisign.com> >Date: Sat, 19 May 2001 15:17:51 -0400 >From: Thomas Hardjono >Subject: Re: [IDRM] DRM Taxonomy work -- drm framework... >X-Sender: thardjono@pop.ne.mediaone.net >To: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 5.0 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >Hi Sam, > >I don't think you are off-track. You have brought up some good issues which >I'll comment below (I'll send comments about Mark's posting separately). > > >At 5/19/01||10:47 AM, Sam X. Sun (@S2000) wrote: >>Hi, >> >>I think it's a good application model to classify in end-to-end DRM >>relationships in terms of content provider and distributor, and distributor >>and content consumer. They represent some real world scenarios that DRM will >>have to address. On the other hand, I wonder if we could further model the >>underlying DRM framework in terms of transactions of certain entities (e.g. >>digital content) among other kinds of entities (e.g. content holder), and >>the transaction may be reflected in terms of exchange/update of digital >>rights bound to each content instance acquired by the content holder. >> >>In other words, I wonder whether it's reasonable to categorize the entities >>that DRM framework has to deal with in terms of: >> >> 1. the digital content (per instance) >> 2. the content holder (current or potential) >> >> >>And think of the digital rights as state information of the digital content >>hold by content holder. From this, one may imagine building mechanisms >>within the framework to: >> >> * Associate rights per digital content acquired by the content holder >> * Identify content holder, along with its authentication attributes. >> * Exchange/update digital rights per digital content among content >>holders >> * Facilitate/monitor/trace legitimate digital contents for their proper >>use >> * Report illegal content upon showing up within the framework (doable?) >> etc... > >I'm unclear about the term "content holder" above. I assume you mean >the Consumer that actually uses (reads/views/plays) the Content, >since Content not in the Consumer's hands will not generate money. > >As I understand it, the Digital-Rights (or Rights-Metadata) can be >Content-specific only or can be tied to both the Content and the Consumer. > >The distinction becomes relevant when we talk about the Business Models. >Thus, say in one business model, the Content-Creator/Owner may >specify usage rights in the Rights-Metadata (without mentioning specific >Customers). Assuming the Content-Creator/Owner has a business relationship >with a Distributor, then perhaps it is up to the Distributor(s) to >create further Rights-Metadata that is Customer-specific (eg. for Customer >who are members of the video-club, say). > >WRT your second bullet above, when the Distributor starts dealing >with Consumers (i.e content holder) does the Consumer's authentication >attributes becomes extremely relevant. It here that I think individual >certificates will become a key issue. A Customer's certificate will become >more important and persistent comapred to his/her credit card number. >And accounting and tracking may also perhaps be based on certificates. > >In terms of the transferability of Contents, most systems I have seen >or read about deploy some kind of verification/checking each time >the Content's ownership is transffered. Thus, in basic terms, if I sell >my (encrypted) MP3 file on eBay, then the purchaser will have to register >with the Distributor (or the entity claiming to be the contact-point for that >Content) and obtain a copy of the key (or a derived version). > >This model does not really fit into the "pure" P2P distribution scheme, >but it ensures continuous revenue for the distributor (who gets >additional new customer info). This model also allos tracking of >moved/sold Contents on the net. > > > >>Assumptions here are that everyone can obtain a copy of digital content >>freely, but need to acquire (e.g. via purchase) adequate rights to be able >>to "use" it. Depending on the rights associated to the digital content >>acquired by the content holder, the content holder could act as a publisher, >>a distributor, a retailer, or end consumer. > >This idea is cool and reflects more of the pure P2P approach. I don't >know if the big players will like the notion of a Consumer (content holder) >taking the role of publisher/distributor/retailer. > >I think the term P2P itself has been overused and means different things >to different people. I used it to mean the non-hierarchical/flat >distributed system that runs democratically from one user's machine >to another. > >Other people seem to mean P2P as "group-sharing of files" regardless >of how the files are managed (ie. the files could be sitting on >a single machine/server with everyone connecting to that server). >This later view is similar to the mainframe usage model of the 70s. > > > >>A transaction of digital content >>from a retailer to consumer could be modeled as retailer (with the right) to >>generate a new instance of the digital content, assign it with consumer >>rights, and "give" it to the consumer (along with the consumer rights). > >OK, so here is an interesting question: can BlockBuster Video make >copies of videos (ie. a new instant of content) in their backroom >and lease them? (and I don't mean replacements for broken/stolen >videocassettes). > > > >>A consumer may later become a retailer after obtaining the "retail" >>rights for its copy of digital content... > >Hmmm... > >cheers, > >thomas >------ From ssun@cnri.reston.va.us Wed May 23 18:10:19 2001 From: ssun@cnri.reston.va.us (Sam X. Sun (@S2000)) Date: Wed, 23 May 2001 13:10:19 -0400 Subject: [IETF-IDRM] Re: [IDRM] DRM Taxonomy work -- drm framework... -- handle system References: <5.0.0.25.2.20010514155912.0185c780@pop.ne.mediaone.net> <4.3.2.7.2.20010517141924.068f98c8@mira-sjc5-6.cisco.com> <4.3.2.7.2.20010521095254.04469ee8@mira-sjc5-6.cisco.com> <006001c0e34e$2cc005b0$0a00a8c0@S2000> <20010523101044.D7549@bailey.dscga.com> Message-ID: <00bd01c0e3ab$3e970010$5b041b0a@S2000> Hi Michael, I agree with you that DRM doesn't have to stick with any specific technology for its process. All we wanted here is to understand the process, and identify technologies that can be applied to it... In terms of Handle System and URN, I would say that they are quite different now in terms of how they work and the issues that they want to address. Handle system started about the same time PURL and URN started, trying to address persistence issue of URL namespace. But later we found that persistence is more of a social and/or management issue than a mere technical one. While Handle System does provide a technical approach to encourage more persistent namespace management, we have put more focus on service security, distributed name administration, internationalization (i18n), and service scalability. It might be helpful if you can read the latest HS drafts to understand the difference... On the other hand, I see no reason why Handle System cannot work with URN. One way to do it is to register HS namespace as a namespace under URN, as we discussed earlier last year. The issues that we need to address are how to make sure that the NAPTR approach won't become a bottleneck, and how to achieve service security over such approach. Maybe we should discuss these in a separate thread, or bring them to the URN working group... Regarding URI and HS, I'm not sure if they are comparable. I tend to think that URI is a collection of name services, and Handle System is just a specific one, under a specific protocol. While some members of URI can be as secure as you want, others can be totally insecure. I wonder if it's appropriate to say a URI in general is secure, or carries any semantic meaning (a name, an address, an identifier, etc)? In fact, because DNS is not secure as we know of today, that makes any name service based on DNS questionable in their security. The Handle System is designed to be independent of DNS, and to address the security and i18n issues that DNS is struggling to overcome. It has the advantage that it's starting from scratch, and doesn't have to deal with the backward compatibility issues that DNS has to take care of... On the other hand, we are in the process of defining handle system URI syntax for handles to be used in web context. In that sense, Handle system defines a namespace under URI, and we are in agreement there. In fact, I'm more inclined to think that Handle System is in par with DNS. In fact, if DNS can address security, i18n, access control on name attributes, and to allow individuals to manage the names they registered, we probably won't need the Handle System. On the other hand, people from DNS working group has refused to apply DNS as a general name service other than network-address translation, which makes us think that an independent name service would be helpful... Cheers, Sam ----- Original Message ----- From: "Michael Mealling" To: "Sam X. Sun (@S2000)" Cc: "Mark Baugher" ; Sent: Wednesday, May 23, 2001 10:10 AM Subject: Re: [IDRM] DRM Taxonomy work -- drm framework... > Hi Sam! > > On Wed, May 23, 2001 at 02:03:48AM -0400, Sam X. Sun (@S2000) wrote: > > Regarding the handle system, I think there are two sides of DRM that could > > take advantage of it. First is the metadata and content attribute > > association, as you mentioned in the DOI application. > > >From what I remember this part of the handle service seemed easily > seperable from the resolution part of the system. The query methods > for the attribute value pairs were straight forward and secure but really > weren't tied to how resolution happened, right? > > > The other is the > > identity reference for "content holder" (e.g. consumer identity). > > I.e. you assign some identifier to the entities involved in the transaction? > > > What makes handle system unique in this case is that it provides a secured > > name resolution service (for name attribute binding), > > I wouldn't say that the handle system is unique in that regard. The entire > URI Resoluion process was built to be as secured as you wanted it to be. > Heck, since Bill built the handle resolution system to mirror the URN > resolution mechanism they're pretty much identical. > > > , and allows ownership to be > > defined per name (vs. URL, where the name administration belongs to the site > > manager). This is particularly important for individuals to be able to > > manage their identity attributes, including their public keys. > > Can you explain that one further? Are you suggesting that URIs that > have domain-names somehow confer ownership semantics? We should be > very clear here since whether or not a URI is a name has everything to do > with how you actually use it and nothing to do with what it actually looks > like... > > > The point I was trying to make in my earlier message is that we probably > > need to pay equal attention for identity or trust management as we do for > > content management. And I want to understand better the nature of the > > identity used in DRM application before we move further into the framework. > > Same here. As yet I can't see a reason that URIs are no sufficient. You > have a requirement to identifiy all parties in the transaction but > that just means you assign a URI to the parties involved as well... > > -MM > > -- > -------------------------------------------------------------------------- ------ > Michael Mealling | Vote Libertarian! | urn:pin:1 > michael@neonym.net | | http://www.neonym.net > | | go:Michael Mealling From Michael Mealling Wed May 23 18:50:34 2001 From: Michael Mealling (Michael Mealling) Date: Wed, 23 May 2001 13:50:34 -0400 Subject: [IETF-IDRM] Re: [IDRM] DRM Taxonomy work -- drm framework... -- handle system In-Reply-To: <"from ssun"@cnri.reston.va.us> References: <5.0.0.25.2.20010514155912.0185c780@pop.ne.mediaone.net> <4.3.2.7.2.20010517141924.068f98c8@mira-sjc5-6.cisco.com> <4.3.2.7.2.20010521095254.04469ee8@mira-sjc5-6.cisco.com> <006001c0e34e$2cc005b0$0a00a8c0@S2000> <20010523101044.D7549@bailey.dscga.com> <00bd01c0e3ab$3e970010$5b041b0a@S2000> Message-ID: <20010523135034.K7549@bailey.dscga.com> On Wed, May 23, 2001 at 01:10:19PM -0400, Sam X. Sun (@S2000) wrote: > I agree with you that DRM doesn't have to stick with any specific technology > for its process. All we wanted here is to understand the process, and > identify technologies that can be applied to it... Great! There's alot of stuff like this being handled in the RDF/Semantic Web areas in the W3C so that's one place we really should be watching since it'd be a shame for the IETF and the W3C to diverge here.... > In terms of Handle System and URN, I would say that they are quite different > now in terms of how they work and the issues that they want to address. Sure. From what Larry was talking about, the system is much more concerned about the rights metadata than the identifier resolution process... > Handle system started about the same time PURL and URN started, trying to > address persistence issue of URL namespace. But later we found that > persistence is more of a social and/or management issue than a mere > technical one. Agreed. But that doesn't negate the fact that if you know the identifier is supposed to be persistent you can make a lot of safe assumptions... > While Handle System does provide a technical approach to > encourage more persistent namespace management, we have put more focus on > service security, Which is one thing this group will really need... > distributed name administration, What's being adminstered? Is that for provisioning of the identifier or managing the metadata associated with the object being identified? The first is interesting (and actually what the PROVREG group is doing.) The second is a metadata service feature.... > internationalization > (i18n), and service scalability. It might be helpful if you can read the > latest HS drafts to understand the difference... I'll go check 'em out. Has it changed that radically? > On the other hand, I see no > reason why Handle System cannot work with URN. One way to do it is to > register HS namespace as a namespace under URN, as we discussed earlier last > year. That should be fairly painless. I'll send you the template.... > The issues that we need to address are how to make sure that the NAPTR > approach won't become a bottleneck, It really can't. You only do one lookp and the record has a time to live of several _years_. From my analysis you end up doing the _exact_ same number of lookups for NAPTR records in the degenerative case (which handles would be) as you do for A records.... > and how to achieve service security over such approach. The same way you are now. URI resolution just gets you to the authoritative server for that identifier. How secure it is after that point is up to you and the types of protocols/services you require to do the task. > Maybe we should discuss these in a separate thread, or bring > them to the URN working group... I think that would be best. We don't want to bug these guys with identifier stuff to much. ;-) > Regarding URI and HS, I'm not sure if they are comparable. I tend to think > that URI is a collection of name services, and Handle System is just a > specific one, under a specific protocol. Semi-right. A URI is an identifier, nothing else. Some identifiers have _default_ methods for resolving into a representation of the abstract object they identifier but there is no requirement that it be the only method. > While some members of URI can be as > secure as you want, others can be totally insecure. I wonder if it's > appropriate to say a URI in general is secure, or carries any semantic > meaning (a name, an address, an identifier, etc)? Correct. URIs themselves say nothing about security since they're just identifiers. Its how you use them that ends up being secure or not secure. I.e. if I use an http URI in some service where every single entity is signed and encrypted then I'm using that URI securely. The URI itself doesn't create or require security.... > In fact, because DNS is > not secure as we know of today, that makes any name service based on DNS > questionable in their security. Not true. While some aspects of DNSSEC are still being worked on. It is very possible to have trusted DNS in normal operation. > The Handle System is designed to be > independent of DNS, and to address the security and i18n issues that DNS is > struggling to overcome. And the URI resolution mechanism I mentioned solve those problems as well. (Besides, i18n issues aren't really identifier related issues anyway.) > It has the advantage that it's starting from > scratch, and doesn't have to deal with the backward compatibility issues > that DNS has to take care of... On the other hand, we are in the process of > defining handle system URI syntax for handles to be used in web context. In > that sense, Handle system defines a namespace under URI, and we are in > agreement there. Not really. My suggestion is that any DRM shouldn't need to make requirements about the identifier itself. Any URI should be able to be used to find out about and get rights enabled access to any object. Digital Rights Management has about zero to do with the identifier used to talk about the object.... > In fact, I'm more inclined to think that Handle System is in par with DNS. I'm more inclined to think of the RESCAP Working Group actually. > In fact, if DNS can address security, i18n, access control on name > attributes, and to allow individuals to manage the names they registered, we > probably won't need the Handle System. With the exception of that last item, this is _exactly_ what RESCAP was chartered to do. That last item, in my opinion, is not a requirement of digital rights management. Why do I have to use an identifier that is registered with some third party? Most folks would like to be able to manage the digital rights of http://www.joe-blow.com/music/my-music.midi without having to create yet another identifier for it.... > On the other hand, people from DNS > working group has refused to apply DNS as a general name service other than > network-address translation, which makes us think that an independent name > service would be helpful... Sure. Everyone should consider the DNS to be at the end of its usefullness. It was never intended to be any of the things you listed there. Where did the DNS come into this anyway? I don't think anyone has made the suggestion that currently deployed DNS infrastructure can handle any of this. This is why the URN working group did what it did. This is why the IESG is creating uri.arpa as an infrastructure level Internet technology for reliable, secure URI services such as caching/replication, metadata, access control, policy, etc... There has been _considerable_ work done in the IETF in this particular area. I'm just suggesting that this group use that work and not chuck all of it in favor of one very verticle solution. Make the system modular and make it use the identifier infrastructure that the IETF and the W3C are standardizing on... -MM -- -------------------------------------------------------------------------------- Michael Mealling | Vote Libertarian! | urn:pin:1 michael@neonym.net | | http://www.neonym.net | | go:Michael Mealling From thardjono@mediaone.net Wed May 23 19:31:38 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Wed, 23 May 2001 14:31:38 -0400 Subject: [IETF-IDRM] Fwd: Re: [IDRM] DRM Taxonomy work -- drm framework... Message-ID: <5.0.0.25.2.20010523143135.01b59570@pop.ne.mediaone.net> >Date: Wed, 23 May 2001 15:01:49 +1000 >From: Renato Iannella >Subject: Re: [IDRM] DRM Taxonomy work -- drm framework... >To: ietf-idrm@lists.elistx.com >X-Mailer: Mulberry/2.0.7 (MacOS) >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > > >--On 21/5/01 10:25 AM -0400 Jason Petrone wrote: > >>Imagine a system where the author of a book would receive notification >>from Barnes & Noble whenever a copy of her book was sold. This would >>give her much more bargaining power with her publisher, should it claim >>sales were lower than they were. I am told this is a real problem for >>authors of books and music which sell slowly. > >Such systems are becoming a reality. For example, the Ozauthors >ebook site [1] pays direct to all rightsholders for each >sale and all rightsholders (including authors) can see transaction >histories. (This is clearly in favour of the content creators >and "solves" the current "random-sampling" methods used by >collection agencies.) > >>The prerequisites for end-to-end DRM need to be defined. MPEG-21 outlines >>four broad requirements for DRM: >> >>Identification >>Description >>Management >>Protection > >Just to update the seven MEPG-21 activities: > >1. Digital Item Declaration (a uniform and flexible abstraction and >interoperable schema for declaring Digital Items); > >2. Digital Item Identification and Description (a framework for >identification and description of any entity regardless of its nature, >type or granularity); > >3. Content Handling and Usage (provide interfaces and protocols that >enable creation, manipulation, search, access, storage, delivery, and >(re)use of content across the content distribution and consumption value >chain); > >4. Intellectual Property Management and Protection (the means to enable >content to be persistently and reliably managed and protected across a >wide range of networks and devices); > >5. Terminals and Networks (the ability to provide interoperable and >transparent access to content across networks and terminals); > >6. Content Representation (how the media resources are represented); >Event Reporting (the metrics and interfaces that enable Users to >understand precisely the performance of all reportable events within the >framework); > > >>These sound right to me, though it still leaves the difficult task of >>defining each in a general sense, and not just for motion pictures. > >MPEG-21 is more broader than just audio/video. It purposely uses >the term "Digital Item" to mean any "structured digital object with a >standard representation, identification and meta-data". > > > >Cheers...Renato >Chief Scientist, IPR Systems Pty Ltd \ > > >[1] http://www.ozauthors.com.au/ From ssun@cnri.reston.va.us Wed May 23 20:50:43 2001 From: ssun@cnri.reston.va.us (Sam X. Sun (@S2000)) Date: Wed, 23 May 2001 15:50:43 -0400 Subject: [IETF-IDRM] Re: [IDRM] DRM Taxonomy work -- "content holder" vs. "content owner" References: <5.0.0.25.2.20010514155912.0185c780@pop.ne.mediaone.net> <4.3.2.7.2.20010517141924.068f98c8@mira-sjc5-6.cisco.com> <5.0.0.25.2.20010519144826.01b563f0@pop.ne.mediaone.net> <5.0.0.25.2.20010523110531.01bab200@pop.ne.mediaone.net> Message-ID: <012c01c0e3c1$a744a160$5b041b0a@S2000> Ok, Thomas, I think we are getting closer here in understanding each other :)... Like you said, I was trying to see if it's appropriate to say that "Content-Holder means a holder of an instance of a digital Content, where that holder is *not* the legal owner of the copyright of the Content". The emphasis is on the INSTANCE of a digital content, while the copyright might be the metadata associated to EVERY instance of the digital content, or the content class if such thing exists. In other words, is it appropriate to say that copyright defines "ownership" of the digital content, while digital rights defines "operational rights" of the digital content? Clearly, they are also closely related, but the former is independent of each instance, and doesn't depend on who the instance "holder" is... In the example you gave, could we say that you and your neighbor acquires certain digital rights to operate on the acquired instance of the digital content, but not the "ownership" (e.g. copyright, or some other legal rights) of the WORK inscribed by that instance? Sam ----- Original Message ----- From: "Thomas Hardjono" To: "Sam X. Sun (@S2000)" ; Sent: Wednesday, May 23, 2001 11:16 AM Subject: Re: [IDRM] DRM Taxonomy work -- "content holder" vs. "content owner" > > OK, I'm still rather confused about the Content-Holder, but let me try a > very simple example: > > - Madonna issues a new song downloadable as MP3 through some > Content-Distributor. > > Here Madonna (or he record company/publisher) is the Content-Owner. > > - I download the song and pay $2 (reasonable I think :) > > Here I am the Content-Holder (where the Content is that MP3 file). > I only own my copy (1 copy) of that Content. I do not have further > rights. > > In this scenario, if I gave a copy of Madonna's MP3 song to my neighbor, > then clearly my neighbour has to (again) pay the Content-Owner (ie. Madonna > or her record company/publisher). > > Neither I nor my neighbour own the *rights* to that Content/MP3. > > Thus, I think the term Content-Holder means a holder of an instance > of a digital Content, where that holder is *not* the legal > owner of the copyright of the Content. > > Hmmmm, am I on track here? Isn't the Content-Holder = Consumer ? > > cheers, > > thomas > ------ > > At 5/23/01||01:40 AM, Sam X. Sun (@S2000) wrote: > >My second question is regarding the content holder vs. content owner. > > > >When I say "content holder", I'm using it as a general term of "owner of an > >instance of digital content", or "a kind of digital content sharing some > >common attribute". The "content holder" can be "consumer", "distributor", > >"retailer", "publisher", and "content creator", depending on the "digital > >rights" he has and/or acquired for his copy of digital content. I tends of > >think of "consumer" as a relative term, depending on the view point. For > >example, "retailer" and "distributor" may all be treated as "consumer" (with > >special "distribution" rights) from a "publisher", and the "publisher" can > >generate money, directly or indirectly, from any kind of "consumer" of its > >content. > > > >I was trying to avoid using "content owner" but "content holder", fearing > >that the "content holder" is not necessarily the "owner of the content". > >Should we first try to clarify these terminologies? I guess this is one of > >the reasons Mark started this thread. > > > > > >Sam > > > >----- Original Message ----- > >From: "Thomas Hardjono" > >To: > >Sent: Saturday, May 19, 2001 3:17 PM > >Subject: Re: [IDRM] DRM Taxonomy work -- drm framework... > > > > > > > > > > Hi Sam, > > > > > > I don't think you are off-track. You have brought up some good issues > >which > > > I'll comment below (I'll send comments about Mark's posting separately). > > > > > > > > > At 5/19/01||10:47 AM, Sam X. Sun (@S2000) wrote: > > > >Hi, > > > > > > > >I think it's a good application model to classify in end-to-end DRM > > > >relationships in terms of content provider and distributor, and > >distributor > > > >and content consumer. They represent some real world scenarios that DRM > >will > > > >have to address. On the other hand, I wonder if we could further model > >the > > > >underlying DRM framework in terms of transactions of certain entities > >(e.g. > > > >digital content) among other kinds of entities (e.g. content holder), and > > > >the transaction may be reflected in terms of exchange/update of digital > > > >rights bound to each content instance acquired by the content holder. > > > > > > > >In other words, I wonder whether it's reasonable to categorize the > >entities > > > >that DRM framework has to deal with in terms of: > > > > > > > > 1. the digital content (per instance) > > > > 2. the content holder (current or potential) > > > > > > > > > > > >And think of the digital rights as state information of the digital > >content > > > >hold by content holder. From this, one may imagine building mechanisms > > > >within the framework to: > > > > > > > > * Associate rights per digital content acquired by the content > >holder > > > > * Identify content holder, along with its authentication attributes. > > > > * Exchange/update digital rights per digital content among content > > > >holders > > > > * Facilitate/monitor/trace legitimate digital contents for their > >proper > > > >use > > > > * Report illegal content upon showing up within the framework > >(doable?) > > > > etc... > > > > > > I'm unclear about the term "content holder" above. I assume you mean > > > the Consumer that actually uses (reads/views/plays) the Content, > > > since Content not in the Consumer's hands will not generate money. > > > > > > As I understand it, the Digital-Rights (or Rights-Metadata) can be > > > Content-specific only or can be tied to both the Content and the Consumer. > > > > > > The distinction becomes relevant when we talk about the Business Models. > > > Thus, say in one business model, the Content-Creator/Owner may > > > specify usage rights in the Rights-Metadata (without mentioning specific > > > Customers). Assuming the Content-Creator/Owner has a business > >relationship > > > with a Distributor, then perhaps it is up to the Distributor(s) to > > > create further Rights-Metadata that is Customer-specific (eg. for Customer > > > who are members of the video-club, say). > > > > > > WRT your second bullet above, when the Distributor starts dealing > > > with Consumers (i.e content holder) does the Consumer's authentication > > > attributes becomes extremely relevant. It here that I think individual > > > certificates will become a key issue. A Customer's certificate will > >become > > > more important and persistent comapred to his/her credit card number. > > > And accounting and tracking may also perhaps be based on certificates. > > > > > > In terms of the transferability of Contents, most systems I have seen > > > or read about deploy some kind of verification/checking each time > > > the Content's ownership is transffered. Thus, in basic terms, if I sell > > > my (encrypted) MP3 file on eBay, then the purchaser will have to register > > > with the Distributor (or the entity claiming to be the contact-point for > >that > > > Content) and obtain a copy of the key (or a derived version). > > > > > > This model does not really fit into the "pure" P2P distribution scheme, > > > but it ensures continuous revenue for the distributor (who gets > > > additional new customer info). This model also allos tracking of > > > moved/sold Contents on the net. > > > > > > > > > > > > >Assumptions here are that everyone can obtain a copy of digital content > > > >freely, but need to acquire (e.g. via purchase) adequate rights to be > >able > > > >to "use" it. Depending on the rights associated to the digital content > > > >acquired by the content holder, the content holder could act as a > >publisher, > > > >a distributor, a retailer, or end consumer. > > > > > > This idea is cool and reflects more of the pure P2P approach. I don't > > > know if the big players will like the notion of a Consumer (content > >holder) > > > taking the role of publisher/distributor/retailer. > > > > > > I think the term P2P itself has been overused and means different things > > > to different people. I used it to mean the non-hierarchical/flat > > > distributed system that runs democratically from one user's machine > > > to another. > > > > > > Other people seem to mean P2P as "group-sharing of files" regardless > > > of how the files are managed (ie. the files could be sitting on > > > a single machine/server with everyone connecting to that server). > > > This later view is similar to the mainframe usage model of the 70s. > > > > > > > > > > > > >A transaction of digital content > > > >from a retailer to consumer could be modeled as retailer (with the right) > >to > > > >generate a new instance of the digital content, assign it with consumer > > > >rights, and "give" it to the consumer (along with the consumer rights). > > > > > > OK, so here is an interesting question: can BlockBuster Video make > > > copies of videos (ie. a new instant of content) in their backroom > > > and lease them? (and I don't mean replacements for broken/stolen > > > videocassettes). > > > > > > > > > > > > >A consumer may later become a retailer after obtaining the "retail" > >rights > > > >for its copy of digital content... > > > > > > Hmmm... > > > > > > cheers, > > > > > > thomas > > > ------ > > > > From thardjono@mediaone.net Wed May 23 19:28:14 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Wed, 23 May 2001 14:28:14 -0400 Subject: [IETF-IDRM] Fwd: Re: [IDRM] DRM Taxonomy work -- drm framework... Message-ID: <5.0.0.25.2.20010523142810.01bb5e20@pop.ne.mediaone.net> >Date: Mon, 21 May 2001 17:17:22 -0400 >From: Thomas Hardjono >Subject: Re: [IDRM] DRM Taxonomy work -- drm framework... >X-Sender: thardjono@pop.ne.mediaone.net (Unverified) >To: Jason Petrone , ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 5.0 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >Hi, > >Can you elaborate more on these 4 broad requirements from MPEG21? > >It would be useful, as there seems to be several DRM-related >groups in different sectors of the Internet industry. > >The last two (management and protection) sounds interesting and >relevant to IDRM. > > >cheers, > >thomas >------ > > >At 5/21/01||10:25 AM, Jason Petrone wrote: > > >>The prerequisites for end-to-end DRM need to be defined. MPEG-21 outlines >>four broad requirements for DRM: >> >>Identification >>Description >>Management >>Protection >> >>These sound right to me, though it still leaves the difficult task of >>defining >>each in a general sense, and not just for motion pictures. >> >>Jason From thardjono@mediaone.net Wed May 23 19:27:37 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Wed, 23 May 2001 14:27:37 -0400 Subject: [IETF-IDRM] Fwd: Re: [IDRM] DRM Taxonomy work -- drm framework... Message-ID: <5.0.0.25.2.20010523142659.01bc04c0@pop.ne.mediaone.net> >Date: Mon, 21 May 2001 10:25:59 -0400 >From: Jason Petrone >Subject: Re: [IDRM] DRM Taxonomy work -- drm framework... >To: ietf-idrm@lists.elistx.com >Mail-followup-to: Jason Petrone , > ietf-idrm@lists.elistx.com >User-Agent: Mutt/1.3.17i >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >On Sat, May 19, 2001 at 10:47:39AM -0400, Sam X. Sun (@S2000) wrote: > > I think it's a good application model to classify in end-to-end DRM > > relationships in terms of content provider and distributor, and distributor > > and content consumer. > >It might be advantageous to also express the relationship between content >creator and content provider. Under the current content delivery system >content providers(publishers, record labels) pay authors, songwriters, etc. >based on sales. Creators rely on the providers to monitor sales, and >sometimes >do not receive the full compensation they are due, simply because they do not >have direct access to sales figures. > >Imagine a system where the author of a book would receive notification from >Barnes & Noble whenever a copy of her book was sold. This would give her much >more bargaining power with her publisher, should it claim sales were lower >than >they were. I am told this is a real problem for authors of books and music >which sell slowly. > >The prerequisites for end-to-end DRM need to be defined. MPEG-21 outlines >four broad requirements for DRM: > >Identification >Description >Management >Protection > >These sound right to me, though it still leaves the difficult task of defining >each in a general sense, and not just for motion pictures. > >Jason From thardjono@mediaone.net Wed May 23 19:28:37 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Wed, 23 May 2001 14:28:37 -0400 Subject: [IETF-IDRM] Fwd: Re: [IDRM] DRM Taxonomy work -- drm framework... Message-ID: <5.0.0.25.2.20010523142834.01b81eb0@pop.ne.mediaone.net> >Date: Mon, 21 May 2001 16:21:24 -0700 >From: Mark Baugher >Subject: Re: [IDRM] DRM Taxonomy work -- drm framework... >X-Sender: mbaugher@mira-sjc5-6.cisco.com >To: Jason Petrone >Cc: ietf-idrm@lists.elistx.com >X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > >At 10:25 AM 5/21/2001 -0400, Jason Petrone wrote: >>On Sat, May 19, 2001 at 10:47:39AM -0400, Sam X. Sun (@S2000) wrote: >> > I think it's a good application model to classify in end-to-end DRM >> > relationships in terms of content provider and distributor, and >> distributor >> > and content consumer. >> >>It might be advantageous to also express the relationship between content >>creator and content provider. Under the current content delivery system >>content providers(publishers, record labels) pay authors, songwriters, etc. >>based on sales. Creators rely on the providers to monitor sales, and >>sometimes >>do not receive the full compensation they are due, simply because they do not >>have direct access to sales figures. > >That's a good point. We have been treating the content provider as the >representative of all rights holders in the value chain under the supposition >that the content-provider's enterprise has established mechanisms for >clearing the transactions among all that have claims to a work. > >My understanding is that the rights-holder relationships are much >simpler for movies than for music, where movie studios generally hold all >rights to their works but record labels don't (see >http://dailynews.yahoo.com/h/nf/20010518/tc/9847_1.html >for example). > > >>Imagine a system where the author of a book would receive notification from >>Barnes & Noble whenever a copy of her book was sold. This would give her >>much >>more bargaining power with her publisher, should it claim sales were >>lower than >>they were. I am told this is a real problem for authors of books and music >>which sell slowly. >> >>The prerequisites for end-to-end DRM need to be defined. MPEG-21 outlines >>four broad requirements for DRM: >> >>Identification >>Description >>Management >>Protection > >Another good point. I think we consider the MPEG-21 taxonomy in light of >Internet requirements. > >Mark > > >>These sound right to me, though it still leaves the difficult task of >>defining >>each in a general sense, and not just for motion pictures. >> >>Jason From thardjono@mediaone.net Wed May 23 19:28:49 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Wed, 23 May 2001 14:28:49 -0400 Subject: [IETF-IDRM] Fwd: MPEG-21 (was Re: [IDRM] DRM Taxonomy work -- drm framework...) Message-ID: <5.0.0.25.2.20010523142846.01b9f170@pop.ne.mediaone.net> >Date: Tue, 22 May 2001 10:21:17 -0400 >From: Jason Petrone >Subject: MPEG-21 (was Re: [IDRM] DRM Taxonomy work -- drm framework...) >To: ietf-idrm@lists.elistx.com >Mail-followup-to: Jason Petrone , > ietf-idrm@lists.elistx.com >User-Agent: Mutt/1.3.17i >List-Owner: >List-Post: >List-Subscribe: >List-Unsubscribe: >List-Archive: >List-Help: , > > > >On Mon, May 21, 2001 at 05:17:22PM -0400, Thomas Hardjono wrote: > > Can you elaborate more on these 4 broad requirements from MPEG21? > >I must admit, I haven't been following MPEG-21 too closely, but I will do >my best to explain. > >Keep in mind that it is still a work in progress, and is more reflective of >requirements than actual solutions. > >Identification: Content items are each assigned unique identifiers. This > serves the same purpose as ISBNs for books and ISSNs for > periodicals. Identification is a vital first step for the > management of any kind of content. > >Description : The MPEG-21 working group is putting together a schema which > can be used to express intellectual property metadata. I > think this is something like http://www.indecs.org/. The > working group intends to also define standard access methods > for retrieving identifiers and descriptions(i.e. some kind > of registry I suppose). > >Management : This deals with content delivery, physical format > interoperability, payment/subscription models, etc. > >Protection : My understanding is that this area addresses consumer privacy, > and technologies like watermarking and encryption. > > >Jason From thardjono@mediaone.net Wed May 23 19:29:09 2001 From: thardjono@mediaone.net (Thomas Hardjono) Date: Wed, 23 May 2001 14:29:09 -0400 Subject: [IETF-IDRM] Fwd: RE: [IDRM] DRM Taxonomy work -- drm framework... Message-ID: <5.0.0.25.2.20010523142905.01b82c90@pop.ne.mediaone.net> >From: Rob Koenen >To: Thomas Hardjono , > Jason Petrone > , ietf-idrm@lists.elistx.com >Subject: RE: [IDRM] DRM Taxonomy work -- drm framework... >Date: Tue, 22 May 2001 16:26:20 -0700 >X-Mailer: Internet Mail Service (5.5.2653.19) > >I think the best way to do this is to study the >MPEG-21 technical report. > >Please go to www.cs