Sun: Chasing after (and may catch) the open source DReaM
Play audio version
In March 2006, in a podcast interview with ZDNet, Sun president and COO Jonathan Schwartz dropped a hint that his company had something in the works that was very much like the Liberty Alliance (in the way that it undermined the usage of proprietary identity management systems like Microsoft's Passport), but for purposes of undermining proprietary digital rights management systems (DRM) like Apple's FairPlay instead. Then, in August 2006, Schwartz went more public with the plan, citing Open Media Commons (OMC) as the name of the Liberty Alliance-like organization that would chaperone an open source and perhaps one day open standard digital rights management scheme known as Project DReaM (note the capitalized DRM).
In response to the announcement, Jacobs reminded me that it's the movie studios, record labels, and other content publishers that hold all the cards... I wrote about how Schwartz may have the right idea, but not the power to do to Apple's Fairplay, Microsoft's PlaysForSure, and other proprietary DRM (aka C.R.A.P., also see CRAP, the movie) ) what Liberty did to Passport. Now, after interviewing Sun Labs director of engineering Tom Jacobs, I'm wondering whether I might want to set aside a pile of crow in case I need to eat it. The interview is available as an MP3 that can be downloaded, or, if you’re already subscribed to ZDNet’s IT Matters series of audio podcasts, it will show up on your system or MP3 player automatically (See ZDNet’s podcasts: How to tune in).
With two small (but significant) hitches, DReaM would be open and freely deployable in any type of software (including open source software). The first of these hitches is that the final software has to be digitally signed by an indepedent third party -- perhaps one or more centralized authorities -- who can verify that the executable software correctly preserves rightsholders rights. To get such a digital signature, code would have to undergo testing by the centralized authority. In the DReaM architecture, only properly signed code that hasn't been tampered with (code-tampering voids the signature) can access the key infrastructure that's necessary to remove the locks from the content and question.
The second of these hitches is that the code must run in a secure execution environment where malware can't hijack signed, running code in realtime in a way that gives it unauthorized access to the keys and the content. According to Jacobs, the system, which has been hatching in Sun's labs for more than five years, is pretty much baked and ready to go but what isn't yet figured out is who those central authorities might be (seems like a perfect job for Verisign) and how much it will cost, particularly for open source developers, to get code tested and signed. In the interview, Jacobs and I cover that territory but largely from a device manufacturer's point of view. Questions linger about the hurdles that open source developers working out of their garages might have to leap over in order to create innovative software (for example, a mashup known as PodBop developed by Taylor McKnight and Daniel Westermann-Clark). Perhaps there will be a scholarship program similar to that which Sun put in place in order for open source implementations (eg: JOnAS) of certain Java specifications (eg: J2EE 1.4) to get certified for specification compliance.
Returning to the point of whether Sun, Schwartz, and the OMC have the clout to knockout the stovepipes of DRM technology that are currently working their way into the marketplace at a breakneck pace, Jacobs reminded me that it's the movie studios, record labels, and other content publishers (eg: consumers publishing photos, hospitals storing medical records, etc.) that hold all the cards and that, in private discussions with Sun, most of those parties have indicated that if DReaM works, they'll hold their content hostage from companies like Apple and Microsoft if the end game is indeed what DReaM promises: more device interoperability and a market that's significantly easier to tap because there's one standard. Said Jacobs (I've reordered the quotes so they make sense):
- Neither company (Apple or Microsoft) has shown any interest in any of the interoperability activities that are going on.
- We wanted to open up this work and let people know that there's a tremendous amount of prior art and expired technology in this space where there's no need for the technology to be encumbered and only have proprietary solutions that are ruling the day.
- We talked to everyone in the recording industry as well as the major motion picture studios and [their problem] is described as "the larger opportunity is missed."
- Now the issue when you have multivendor, independenet, and non interoperable that's out there, you end up having consumers that are starting to wring their hands about "gee I just bought $800 worth of music in iTunes for my iPod but I would really dearly love to buy this new Samsung Mumbo player and move it to there but I don't have a legal way of doing that.
- 98 percent of the world and all of the important financial banking activities take place using Liberty and Liberty credentials. Not [Microsoft's] Passport. This (OMC and Project DReaM) is the same formula [as the Liberty Alliance].