If you've been following our series on Digital Restrictions Management (DRM) [sic], then you know that DRM is wall-building material when it comes to turning the Internet into a bunch of segregated nets or "walled-gardens." Apple has its walled garden consisting of the iTunes Music Store (as a source of content) and compatible end-user devices (iTunes software, iPods, etc.). Microsoft has its walled-garden with it's own sources and compatible devices. Sony. Now Google. And so on. Is DRM simply a blade on the identity management system razor? In a 'bout of may-the-best-stovepipe win, the DRM-politico structure of the industry is returning the industry to the stovepipe structure that the Internet's core protocol (TCP/IP) once promised to eliminate. The situation has folks like Doc Searls -- one of the more sane voices that I've heard in this digital age -- thoroughly depressed. Simply put, DRM is a vendor lock-in control point. With patents to back the various flavors up, DRM is potentially the key to the next monoculture (should one win) -- a monoculture that is far more dangerous and that stretches its tentacles into far more of society than just the computing parts. Telecommunications for example. Your cell phones. Your stereos and televisions. Your car.
This is nothing new for the computer industry. For ever and ever, vendors have worked their way up from the bottom of the most popular software stacks looking for a control point that makes them the toll-taker. TCP/IP withstood the assault to be extended in a proprietary fashion. Going up a layer in the stack, so too has the Web (HTTP). Although a layer higher where the applications (the browsers) sit, havoc has been wrought (yielding what is essentially incompatible Webs). DRM is just another one of those control points in another layer of the "stack." Own the control point, and the rest of the stack follows. At CES last week, Google co-founder Larry Page summed it up rather nicely. "It" being the key to winning the masses over to one form of DRM or the other -- perhaps giving one DRM provider the keys to the stack. In response to a question about the Google-specific DRM that will no doubt be a part of Google distribution pacts like the one the search giant inked with CBS, Page said:
There are a bunch of details about that; I remember some of them, but they're not important. What we've seen with iTunes is that having a pretty good user experience is important.
Page is 100 percent correct. What Apple has proven with the way it has integrated its iTunes Music Store with the Internet, iTunes software (for Windows or OS X) and its iPods (and to some extent the iTunes phones from Motorola) is that if you can build an absolutely pristine user experience, people will take whatever drug goes with it no questions asked. Today, Fairplay -- Apple's form of DRM -- is that drug. And it's very addicting. Most people who are addicted to Fairplay-protected content (purchased through the iTunes Music Store) have no idea how difficult it will be to exit Apple's walled garden should they choose to do so down the road (for example, if the latest greatest coolest hippest device that everyone must have isn't sprinkled with Apple's holy water).
DRM is rough stuff. But what most people don't realize is that even rougher than DRM (if you ask me), is the layer in the stack that lies just below it. The foundation on which the DRM walled gardens sit. The identity layer. Today, DRM is invariably based on your identity: some key token or combination of tokens like your e-mail address and a credit card that affirms your uniqueness from everyone else out there in userland. And if you think all the different DRM schemes are incompatible with other, try imagining the identity management systems that lie underneath them. In referring to the un-interwinable nature of Windows, Sun CEO Scott McNealy used to refer to Microsoft's platforms as a hairball. One that couldn't be disentangled. The various DRM schemes and the identity systems to which they're bound are the new hairballs; in some ways, an identity crisis in the making.
But lest you think that this is the only pending crisis that's routed in our identity, there are others. They've always been there, but the light bulb really went off when I started getting suggestions for discussion topics for the upcoming Mashup Camp that Doug Gold and I are organizing (by the way, although it's still very much under construction, Mashup Camp's Web site is up and running). Mashups are a new breed of software that play the starring role in what I'm calling the uncomputer. Or for some, maybe it's Computer 2.0. Many refer to it as Web 2.0, but I don't buy that because HTTP -- the protocol that makes the Web tick -- hasn't changed in years.
When the proposed discussion topics started rolling in (there are already 14), one of them was yelling "hello" at me. Not "hello" like "Hi there big fella." It was more like "Hellooooooo... did you not see me crossing the friggin' street!" Identity? What does identity have to do with mashups? As it turns out, a lot. Sure, most of the current breed of mashups have no concept of identity. But, the mashup ecosystem is just getting started. Judging by some of the Mashup Camp attendees that I've been in touch with, there's real interest in mashing up mission critical enterprise applications -- the kind where identity management is a pre-requisite. That got me to thinkin'. What happens if the two systems a developer is trying to mash together into an identity-aware mashup use two completely different identity management schemes? Back in the 1999/2000 timeframe, when one of my responsibilities was to oversee the integration of Web sites like job matchmaker Dice.com into ZDNet (two sites that are identity-aware), reconciling their incompatible namespaces was an impossible task that require a significant amount of custom development. Now, I'm just trying to imagine this sort of integration -- mashup style -- for the masses (of mashup developers) and I don't see identity aware systems getting bolted together as easily as the first wave of mashups were hooked up.
Let me rephrase: Is DRM simply a blade on the identity management system razor and are there a whole bunch of other blades that we're not paying attention to?