W3C home > Mailing lists > Public > public-webfonts-wg@w3.org > April 2010

What constitutes protection [was: About using CORS]

From: John Hudson <tiro@tiro.com>
Date: Wed, 28 Apr 2010 11:02:52 -0700
Message-ID: <4BD8784C.1020805@tiro.com>
To: Anne van Kesteren <annevk@opera.com>
CC: public-webfonts-wg@w3.org
I get the impression that some browser makers still consider a separate 
web font format to be a waste of time -- or at best an exercise in 
making font makers feel better while not actually offering them anything 
substantial -- since it offers no 'real' protection of font IP. It might 
be helpful to spell out the benefits of a distinct web font format to 
font makers and their customers (particularly non-retail customers, 
whose concerns about font IP are roughly the same as those of font 
makers). This has been discussed at some length on the <www-font@w3.org> 
over the past year, but a summary might be useful, and will explain how 
those of us who are font makers view WOFF.

A lot of font makers would, of course, have liked some kind of strong 
technical DRM-like protection for web fonts, but we're realistic that 
this isn't going to happen. Web served typography is inevitably going to 
expose fonts to unlicensed use, so what we're interested in is a) 
minimising casual or unconscious misuse of fonts and b) making it easier 
for us to police our licenses. Neither of these goals is possible with 
naked TTF/OTF font linking, because all existing fonts would be 
immediately exposed to casual or unconscious misuse -- unlicensed use as 
web fonts, downloading and locally installing --, and the vast majority 
of these fonts contain no information that enables a font maker to 
ascertain the source of the font, to whom it was originally licensed, 
etc.. A distinct web font format such as WOFF, draws a line between 
existing TTF/OTF fonts that are not licensed for web served typography 
and new fonts that are. This enables us to cleanly distinguish fonts 
that are licensed for such use, and to develop delivery systems and 
services that allow us to serialise fonts, include appropriate license 
permissions within either private or to-be-standardised tables, etc. and 
then to digitally sign these fonts prior to WOFF wrapping.

It isn't a strong protection, and it isn't a technical protection that 
requires any enforcement by user agents. But there's a huge difference 
to font makers between the essentially unpoliceable exposure of existing 
desktop TTF/OTF fonts and the exposure of new fonts with better metadata 
both in the font and in the wrapper.

A single-origin requirement is an added measure protecting against 
casual misuse, since it forces someone who wants to serve the font 
without a license to take a deliberate and clearly illegal step. I think 
SOR will be important in encouraging some font makers to license for 
WOFF. Many web font licenses are likely to require users to take 
reasonable steps to protect the font, and SOR provides clear compliance 
with such a requirement, making it easy for the licensee to conform to 
the license.

JH
Received on Wednesday, 28 April 2010 18:03:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 28 April 2010 18:03:32 GMT