While the great DRM debates continue to rage, Sun Labs has made its open DRM specifications and code publicly available. Take a moment to consider the possibilities of Sun's strategy.

September 1, 2006 - DRM has a name and face that only a mother—and a studio executive—could love, since the poular view is that Digital Rights Management is all about control, restrictions, and authorizations, seemingly at odds with the spirit of sharing, community, and openness that Sun has built its business around.

So why has Sun Labs invested so much time and talent on Project DReaM, a standards-based, royalty-free architecture for building interoperable DRM implementations? Why have Sun Labs researchers continued to smile as industry pundits have dismissed the notion of "open DRM" as an oxymoron? Why is Project DReaM releasing technical specifications while open source and free software organizations continue to disparage DRM as the technological embodiment of evil?

"Because our DRM architecture can help solve problems that proprietary DRM technology created," said Tom Jacobs, director of engineering for Project DReaM. "And because it can open up new opportunities for companies that want to expand their digital content offerings without compromising control and protection of their content."

Problems? Is Mr. Jacobs implying that there are issues with today's Microsoft- and Apple-dominated DRM technologies?

"You don't have to look very hard to see the limitations," he said. "From the consumer's perspective, proprietary DRM creates nothing but headaches. What do you do when the battery fails on your first-generation iPod? You spend a hundred bucks to have Apple replace it, or you buy a new-generation iPod, or you buy somebody else's player and start over rebuilding your digital music collection. You won't legally be able to transfer the music you bought on iTunes to a different brand player.

"And what do you do when you want to play your iTunes on a new device like a non-iTunes music-capable phone? You throw out your iTunes collection and start over using yet another proprietary DRM technology—or you go around the law and find some way to circumvent your current DRM software. Either way you're frustrated with Apple, so it's clearly bad for brand loyalty.

"And what do you do when you want to watch a movie you've downloaded legally, but at a friend's house instead of your house? Your friend has a different movie player than you do. The DRM probably isn't smart enough to recognize that this would be legitimate access."

The current state of DRM chaos, according to Jacobs, is not unlike the original AOL/Compuserve model of the mid 1990s. AOL and Compuserv provided access and content to their own "communities" and nobody else. As long as you bought into these closed worlds of content and stayed in that world, you were fine. But you were hooked.

Additionally, the early Internet had its format/protocol wars over which page markup languages and tools would be used to deliver content. You were either "Mosaic/Netscape compatible" or "Microsoft compatible." In the end, standards (WWW, HTML and HTTP/HTTPS) won out over proprietary alternatives and all vendors moved to support the standards. Today, you can browse the Internet from browsers supplied from any number of sources. You can receive content from Web servers from any number of vendors. And that content is created by any number of Web content authoring tools.

Sun strongly believes that for DRM to realize its potential it must become mostly transparent and vendor neutral. "DReaM seeks to provide as the same kind of universal interoperability for DRM as HTTP and HTML provide for the Web," said Jacobs. "The Sun DRM solution supersedes the multiple non-interoperable communities of closed DRM."

DReaM Solution: Identity-Focused, Standards-Based, Royalty-Free

Sun's approach to DRM, like Sun's approach to so many other technologies, has been to create an open, standards-based architecture and to share it—royalty free—with the development community so that they can innovate and add value without technological encumbrances or prohibitive licensing costs.

"In a world where DRM has become ubiquitous, we need to ensure that the ecology for creativity is bolstered, not stifled, by technology," said Lawrence Lessig, Stanford Professor and author of The Future of Ideas.1 "We applaud Sun's efforts to rally the community around the development of open-source, royalty-free DRM standards that support 'fair use' and that don't block the development of Creative Commons ideals."

Sun Labs opened up Project DReaM as part of its Open Media Commons initiative in August 2005, and has released updated versions of the specifications for DReaM MMI (Mother May I) and DReaM CAS (Conditional Access System), along with an architectural overview of DReaM. The code is available under the Common Development and Distribution License (CDDL).

Central to the DReaM solution are four key concepts:

• Approaching DRM and CAS from a network identity perspective rather than the traditional device-centric approach. The DReaM architecture supports the separation of rights management system components, which is the systematic de-coupling of authentication, licensing, rights management and protection technologies. This makes it possible to select and choose among these technologies—independently of each other—without compromising the integrity of the solution. For example, usage rights are defined in a separate license management system that is facilitated by DReaM, allowing consumers to use players and DRM clients already installed on their devices without inheriting their limitations. Equally important, identity and authentication services are separated from individual hardware devices. Rather than merely authenticating the device on which content can be viewed, identity can be bound to a smart card (a Java Card or a SIM card, for example) for personalization in DRM systems. So the content rights are bound to individuals (or roles) rather than devices.

• Providing an open, standards-based framework for building interoperable, vendor-neutral DRM/CAS implementations. The DReaM solution can work with virtually any type of content needed, including documents, images, audio, and video, spanning a wide range of device types and operating systems. It also works with multiple file formats and codecs. It can control access to content independent of the delivery medium—whether it is a physical or a digital connection, the Internet, CD-ROM, TV broadcast, DVD, Flash memory, etc. And it supports a range of business models, including subscription-based or fee-based service models, providing flexibility for service providers.

• Providing security without obscurity. Historically, proprietary end-to-end architectures have relied upon obscurity to avoid being cracked. These systems are based upon a false foundation of security promises; they have been cracked and will continue to be breached. DReaM promotes the view that open system architectures will present greater opportunities for review and discussion of technology choices so that shortcomings can be better evaluated and corrected ("review & repair" versus "hope & pray") to provide the greatest protection possible.

• Avoiding onerous licensing fees. Project DReaM is designed to be royalty free in order to encourage development and ongoing innovation. In addition to employing CDDL licensing terms Project DReaM will rely on other models for assuring royalty-free usage such as employing a Patent Commons approach.

Since early 2006, Sun has taken steps to contribute DReaM technology to new/expanding standardization efforts around DRM and CAS, including new standardized APIs (JSR 300) for Java Mobile to enable a pluggable DRM standard through the Java Community Process (JCP). DReaM will be one of the first DRM solutions to implement JSR 300. Sun has also been an active participant and contributor of DReaM technology in the Telco IPTV standardization process (ATIS) which is defining an open, downloadable conditional access system (Open DCAS) for IPTV interoperability.

Unlocking the Full Potential of the DRM Market

The media has largely focused on DRM technology as a type of security mechanism—a way of preventing people from swapping music files and copying movies illegally. What's lost in this view is that DRM technology also provides the means to introduce new security/privacy enhancing, money-making, and life-enhancing services—not just for Hollywood but also for businesses of all types and sizes, and even for individuals. For example:

• Enterprises can use DReaM to control access to sensitive documents, to authorize or deny privileges such as entry to buildings or facilities, or to introduce new revenue-generating services to customers such as training-on-demand. Enterprises are today defining and deploying Information Lifecycle Management (ILM) systems to help them with new compliance, records retentions and security regulations. Identity management systems can also be employed in ILM systems in order to better manage access and tracking requirements. The addition of DRM completes the equation by providing fine grained rights management techniques to enforce the access rights which change over time and will likely require regular re-confirmation of identity and rights whenever data is accessed outside of the core enterprise (such as on a notebook computer).

• Healthcare companies can use DReaM to build trusted information networks that make it faster and easier for authorized people, such as emergency room workers, doctors and nurses to see all necessary patient information (MRI scan videos, x-ray images, patient interviews, test results, treatment history) without compromising privacy. Open DRM can also make it easier to track access and maintain compliance with regulations.

• Network Service Providers can leverage DReaM to offer better packages of services at ever-better rates to the same customer base, or to new customers. By cooperating with each other on federating DRM rights, NSPs can get in the business of selling rights to subscribers. Consumers would gain trust in buying from these NSPs since their rights would transcend the specific purchase and could be re-issued by others in the federation as necessary.

• Consumer electronics companies can harness DReaM to enable the DRM systems of cool new entertainment devices to interoperate, thereby eliminating consumer frustration with rights management issues and enhancing—rather than detracting from—brand loyalty.

• Educational institutions could use DReaM to help ensure that content owned or licensed by their libraries is quickly and easily available to authorized students, professors or other library users. They could also track the usage of content in compliance with license agreements. The net result: libraries could become profit centers by selling access rights to their content while maintaining their ongoing role of serving the university and academia overall.

• Consumers could use DRM to monetize or control access to content, or even to control the behavior of objects. For example, a photography hobbyist could use DRM to sell the rights to individual photos on a per-use basis, or to share photos of his or her young daughter's slumber party among family and friends while protecting privacy.

DReaM Come True

The raucous debates continue among computer industry executives, Hollywood moguls, intellectual property lawyers, members of standards organizations, and content owners of all types: Should DRM be scrapped in favor of open access? Can a DRM solution truly be open? Does the "R" in DRM stand for rights or restrictions?

"All of those issues are ultimately for the marketplace to decide," said Sun Labs' Tom Jacobs. "But as long as DRM remains part of the equation, as long as DRM technology is instrumental in the management of content distribution, we want to deliver the best DRM solution out there. That's an open DRM solution, not a proprietary product. And that's what Project DReaM is all about. We're moving forward with our vision and delivering substantive technology today."

1.From an interview in Linux Electronics: http://www.linuxelectrons.com/article.php/20060322062359676