[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: DRM and Access Control (was: [rights] Clarification...)
|
John,
I think you are spot on.
To be concrete, in the end, policy enforcement in both DRM and Access Control scenarios (and indeed many others) come down to the question “Can A do B to C”, the answer to which can be “yes”, “no”, or “yes, so long these conditions are satisfied.” A technical framework cast in these terms seems to serve both situations very well.
Bob
-----Original Message-----
James MacLean writes: > I would agree that digital rights management is completely > different than access control. DRM is about enforcing > copyright and licensing agreements. Access control is about > implementing an organization's security and privacy > policy....
JSE: I disagree, in the sense that ultimately both are about policy expression and enforcement; if there are differences, they lie within the semantics of expression.
At its core, DRM provides a particular kind of fined-grained usage control (UCON) which is indeed a type of access control --- in fact, access control controlled by the originator (ORCON) over arbitrary behaviors acting on the component objects of a work. And DRM certainly doesn't need to be about payment, although this has been the fixation --- fee-based authorization is but one application of DRM's end-user enforcement facilities. Authorization policies can just as well be based upon the principal's affinity with e.g. an organization, etc.
DRM for deployed content, and privacy --- defined as the management of private data --- can be seen as symmetrical opposites. Their similarity lies with they fact they are both about the policy-based management of the use of information. The different is in the direction of dissemination --- image a world where users were empowered with DRM-like originator control, where their disseminating (personal) repository could establish a trusted relationship with the requesting service repository, where they could control the use of their personal information by that target and distribute revocation lists --- in other words, affect controls on their personal data at the same level and using the same underlying technologies that content providers utilize now or will shortly.
| John S. Erickson, Ph.D. | Hewlett-Packard Laboratories | PO Box 1158, Norwich, Vermont USA 05055 | 802-649-1683 (vox) 802-371-9796 (cell) 802-649-1695 (fax) | john_erickson@hpl.hp.com AIM/YIM/MSN: olyerickson
---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl> |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC