Re: PaySwarm and illegal sales? With ODRL? Compared to CCN from Manu Sporny on 2011-08-27 (public-webpayments@w3.org from August 2011)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sat, 27 Aug 2011 17:13:16 -0400
To: public-webpayments@w3.org
Message-ID: <4E595DEC.4010508@digitalbazaar.com>
On 08/22/2011 03:56 PM, Steven Rowat wrote:
>> Are you suggesting that we create a centralized
>> registry of intellectual works?
>
> I'm not sure, but I still think this needs to be seriously considered at
> this point, although who 'we' will be is certainly moot. If only one
> centralized database is maintained I don't envision it being a
> commercial enterprise, that's certain. Perhaps W3C; but unlikely that
> they would actually run it. Perhaps in theory the United Nations would
> be most appropriate, although again unlikely. It might have to be a
> freshly developed body for this one purpose, which uses the W3C as well
> as international law in developing its protocol, and then submits that
> protocol to some established international standards body in order to
> freeze the standard before implementation.

I really hope that we don't create a standard that needs buy-in from the 
United Nations before people can start using it. That sort of work can 
take up to a decade... and that's with the correct contacts in place. :)

>> However, I have never seen any material that asserts that [CCN] is a
>> solution to piracy. Are you saying that one of CCNs end-goals is the
>> reduction of pirated content on the Web?
>
> It was clear to me that one of CCN's end-goals was improved *security*
> on the web, via the registering of every packet. In fact, what I took
> from the videos about CCN and the articles I read about it, was that
> security was the first and most important of the three main things CCN
> would address -- the other two being: scalability; and complexity of
> interoperability. I do not think it is a big jump from there to saying
> pirated content would be reduced.

It seems like a very big jump to me. Keep in mind that we're fairly well 
versed in how security is implemented on the Internet and the Web. We've 
lived and breathed this stuff for a number of years. It was not apparent 
to us how CCN could be used to reduce piracy. So, what I need from you 
at this point is a link to a paper or article describing exactly how it 
would reduce piracy.

>>> http://lists.w3.org/Archives/Public/www-tag/2009Sep/0055.html
>>
>> It was a very good list of use cases back in 2009, and it continues to
>> be a very good list of use cases today. Would you mind it if we merged
>> your use cases into the PaySwarm use cases document:
>> http://payswarm.com/specs/payswarm-use-cases
>> ... [snip]... I'm fairly
>> certain that PaySwarm could support all of those use cases as long as
>> there was some extension work done on how the PaySwarm Authorities
>> handle certain business rules in the licenses associated with content
>> that is sold.
>
> This is very promising, and I have no problem with you providing
> PaySwarm code solutions for the use-cases and incorporating that in the
> PaySwarm document, with attribution of the original link.

Sure thing, we'd probably add the use cases to this document:

http://payswarm.com/specs/payswarm-use-cases

> However,
> before you have worked out code examples for them I'd prefer if you
> merely linked to them, or quoted them in the standard text manner,
> rather than merging them into the document.

I don't understand this request. Are you asking us to not lift the text, 
not re-write the text, or something else? What do you mean by "standard 
text manner"?

>> Do you have a link that talks to the CCN packet security? How is it
>> different than PKI? That is, why are CCN packets more secure than
>> something that has end-to-end encryption, like HTTPS or TLS or a
>> receiver-encrypted message using PKI?
>
> I'm out of my league here. I believe these questions need to be answered
> but I am not the person to attempt them. I believe we need somebody from
> inside the CCN or NDN (named data networking, which is another name the
> concept is going by now: see http://www.named-data.net/) effort at this
> point, to carry on this conversation with someone like yourself who
> understands (as I do not) the joint intricacies of the signing of the
> packets and the transfer of the packets.

Would you be able to get in touch with one of these people? I think that 
you're correct in that we really need to have a chat with the CCN folks. 
Could you take an action to get them in touch with this group?

> Therefore, I believe you need to know these things about CCN before
> knowing whether it is superior in some way to what you can manage with
> PaySwarm on top of current TCP/IP.

I agree.

> In contrast, if that 'digital work' was trusted
> just as well as the 49-inch Samsung is as having come direct from the
> factory without anybody else tampering with it (i.e, direct from the
> person who made it, guaranteed by them), then I think the majority of
> people would be happy to engage directly with the creator by paying for
> the work; that buying it would become a far more attractive option than
> it is at present. There would still be piracy but I think it would be
> greatly reduced.

I agree - which is why I think the "Certificate of Authenticity" route 
is favorable to the DRM route. I'm starting to get the impression that 
we want to see the same thing happen. :)

> I don't know if PaySwarm can provide this sort of assurance without the
> architecture changes that CCN/NDN will allow.

I think it can, do the e-mails that I wrote previously describe how that 
might happen?

> If, on the other hand, PaySwarm can do this on top of existing TCP/IP,
> then it should.

I think I agree. Have you had a chance to look at the Digital Contracts 
that are created as a result of a PaySwarm transaction yet?

http://purl.org/payswarm#Contract

Most of it may be fairly foreign, but that digital contract contains a 
number of digital signatures that can be used to verify the entity that 
provided the Asset (Sony Music), the entity that provided the Listing 
(Best Buy) and the entity that processed the contract (My PaySwarm 
Authority). The digital contracts are effectively a certificate of 
authenticity that is verifiable by anybody with access to the public 
keys of each organization listed previously (which are listed in the 
contract as well). They are also enforceable in many of the countries 
that recognize electronic signatures, such as the USA per the ESIGN Act[1].

-- manu

[1] 
http://en.wikipedia.org/wiki/Electronic_Signatures_in_Global_and_National_Commerce_Act

-- 
Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Uber Comparison of RDFa, Microformats and Microdata
http://manu.sporny.org/2011/uber-comparison-rdfa-md-uf/
Received on Saturday, 27 August 2011 21:13:47 UTC