OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

rights message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: DRM and Access Control (was: [rights] Clarification...)

James MacLean writes:
> I would agree that digital rights management is completely
> different than access control. DRM is about enforcing
> copyright and licensing agreements. Access control is about
> implementing an organization's security and privacy
> policy....

JSE: I disagree, in the sense that ultimately both are about policy expression
and enforcement; if there are differences, they lie within the semantics of
expression.

At its core, DRM provides a particular kind of fined-grained usage control
(UCON) which is indeed a type of access control --- in fact, access control
controlled by the originator (ORCON) over arbitrary behaviors acting on the
component objects of a work. And DRM certainly doesn't need to be about payment,
although this has been the fixation --- fee-based authorization is but one
application of DRM's end-user enforcement facilities. Authorization policies can
just as well be based upon the principal's affinity with e.g. an organization,
etc.

DRM for deployed content, and privacy --- defined as the management of private
data --- can be seen as symmetrical opposites. Their similarity lies with they
fact they they are both about the policy-based management of the use of
information. The different is in the direction of dissemination --- image a
world where users were empowered with DRM-like originator control, where their
disseminating (personal) repository could establish a trusted relationship with
the requesting service repository, where they could control the use of their
personal information by that target and distribute revocation lists --- in other
words, affect controls on their personal data at the same level and using the
same underlying technologies that content providers utilize now or will shortly.

| John S. Erickson, Ph.D.
| Hewlett-Packard Laboratories
| PO Box 1158, Norwich, Vermont USA 05055
| 802-649-1683 (vox) 802-371-9796 (cell) 802-649-1695 (fax)
| john_erickson@hpl.hp.com         AIM/YIM/MSN: olyerickson

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC