rights message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: RE: [rights] Clarification...
- From: Hal Lockhart <hal.lockhart@entegrity.com>
- To: "'JMaclean@affinitex.com'" <JMaclean@affinitex.com>, thardjono@verisign.com
- Date: Thu, 13 Jun 2002 09:29:16 -0400
I would agree that digital rights
management is completely different than access control. DRM is about enforcing
copyright and licensing agreements. Access control is about implementing an
organization's security and privacy policy.
James MacLean
I do not agree.
I have been struggling for weeks now it find some
distinction. First of all, consider that unless some work is explicitly in
the public domain, the act of publication creates an implied copyright.
Therefore, with rare exceptions all content on the WWW, for example, is
legally a "digital work." Now if I charge a subscription to access some data,
limit access to people who have joined my club, limit access to
customers who have bought a widget from me, employees who work for me or
restrict access for any other motive, I do not see the
distinction. Essentially it boils down to money.
Maybe somebody else can help me here, but the
similarity of concepts, the form of the language, the stated requiremets leave
me at a loss as how to draw a line. Are we going to say that
the distinction arises from the mental state of the person creating the
policy (license)? This seems unworkable to me.
Another point made much of in the ContentGuard patents
is the notion that the usage rights are "attached" to the digital work. I
understand what it means to attach a handle to a door, but what the word
"attached" means in this context escapes me. Does it mean they are on the same
system? in the same file? that the right "names" the work? that they
cryptographically bound together? that the rights move around the network with
the work?
The last seems like a possible distinction, but merely
an implementation optimization. It seems hard to credit that if I were to send
the rights (policies) in a different message from the work (content) that I
would be doing access control, whereas if I sent them in the same message I am
doing DRM. Makes me think of the Kosher practice of never letting the
milk touch the meat.
It appears to me that access control and DRM are simply
two historically distinct (and actually very similar) ways of looking at
the same problem.
Can anyone draw a sharp distinction between these
two?
I am going to submit the XACML usecases and
requirements to the Requirements SC. Perhaps someone will be able to tell me
which requirements do not apply and why.
Hal
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC