A: The Open Media Commons is an open source community project to develop royalty-free codecs and digital rights management (DRM) solutions.

A: There are three main goals of the Open Media Commons:

1. Develop an open-source, royalty-free solution for the distribution of digital content, focused on authenticating people and roles, not just devices.
2. Address the application of DRM technology to a wide range of content and situations, including personal rights management, the privacy of health records and compliance management for businesses dealing with Sarbanes-Oxley.
3. Create an open environment where creators, content owners, consumers, network operators, technology providers and consumer electronics device manufacturers can work together to address the technical problems associated with DRM.

A: The existence of multiple proprietary DRM solutions stifles innovation, encumbers the consumer and increases the cost and effort involved in distributing content. With more and more people and devices participating on the network, this is the ideal time for the community to develop and implement an open, safe and business-friendly DRM solution that compensates rights holders, enables innovation and embraces diversity (of content, devices and business models).

A: In March 2006, Sun released two draft specifications for content protection technologies -- DReaM-CAS (Conditional Access System) and DReaM-MMI (Mother May I) - as well as the open source code for a prototype implementation of the DReaM-CAS conditional access system. Members of the open source community are currently reviewing and contributing to those specifications, with the goal of reaching 1.0 status by autumn of 2006. Once the specifications are finalized, Sun expects to create an independent legal entity that will serve as a certification board for DReaM-based implementations.

A: The Open Media Commons is open to anyone who is interested in developing an open, royalty-free DRM solution. Anyone who wishes to get involved can review the specs/code and make contributions either through the open source project on java.net or through the community forums on the OMC website. Since the initial technical specifications were made available earlier this year, more than 250 companies have requested and received them.

In March 2006, Sun hosted a two-day workshop in Santa Clara, Calif. focused on the technical, legal and intellectual property-related aspects of the Open Media Commons. Approximately 90 people from 30+ companies participated in the workshop, representing a broad cross-section of industries. More information on the workshop, including presentations, is available here.

A. A lot of great work is taking place in silos across the industry, whether it's in the policy area or within industry consortiums. However, until now, there wasn't a place where the whole community - all of the digital content stakeholders - could come to discuss, define, and develop the future of digital content and DRM.

Specifically with regard to the Coral Consortium: they are trying to develop a solution that will allow a number of existing, proprietary DRM systems to interoperate. Sun is a member of the Coral consortium, and has contributed to this effort. The Open Media Commons is focused on the development of an open-source, royalty-free solution for the distribution of digital content, focused on authenticating people and roles, not just devices.

We are aware of the DMP and agree with many of the goals of that organization. We expect that OMC will expand the DRM debate to areas beyond entertainment and also include content creators as well technology providers. Additionally, OMC has taken a primary focus on realizing royalty-free solutions.

A: With its successful history of building open communities, and with its proven commitment to open source, Sun is the ideal company to lead this cross-industry effort. In 2001, Sun started the Liberty Alliance with the goal of developing open standards-based specifications for federated identity and identity-based Web services. There were plenty of people who said it couldn't be done, yet today the Liberty Alliance has been a success for both businesses and consumers. Further, Sun has always been an advocate and contributor to the open source community.

Sun now brings its expertise in building open communities, as well as its experience participating in many industry organizations, to the Open Media Commons initiative.

A: Sun's vision is to create content rights management mechanisms that protect intellectual property, respect customer privacy, honor honest use of content, and encourage participation and innovation by all kinds of content providers and consumers. Such mechanisms will enable an open-network-based economic growth engine for both infrastructure and content providers.

Sun also believes that beyond the initial applications in the music/movie domain, DRM has important applications in business, healthcare and government domains. Consider the need for privacy of medical records in the healthcare industry, or the need for businesses to securely manage confidential data.

In addition, with more and more people and devices participating on the network, DRM technologies are increasingly necessary for the individual content creator who wants to securely share personal photographs, home videos or recordings. Sun believes that everyone should have access to the necessary tools to protect and manage their content, whether compensation is a factor or not.

A: Historically, proprietary end-to-end architectures have relied upon obscurity to avoid being cracked by hackers. These systems exist based upon a false foundation of security promises that have been cracked and will continue to be breached. Additionally, lack of interoperability between these proprietary DRM solutions stifles innovation, encumbers the consumer and increases the cost and effort involved in distributing content.

Techniques including code signing, digital signatures and trusted execution architectures such as defined by the Trusted Computing Group (TCG) represent a more robust approach to security and trust. Nearly every major CPU, DSP and SOC (system on a chip) supplier is incorporating dedicated security and trust functions into their current and next generation products. With these new functions becoming pervasive, the ability to deploy secure and trusted content protection systems becomes much more straightforward.

Sun believes that open system architectures are fundamentally more secure and robust than closed, proprietary systems. Open architectures allow for more diverse discussions of technology choices, and for more opportunities to review and improve code. Thus, shortcomings can be better evaluated and corrected to provide the greatest protection possible.

A: No. A DRM system has multiple levels of security, based on multiple layers of trust. The key to maintaining security within a DRM system is the ability to certify conformant components in the trust chain and be able to quarantine broken elements when detected, as well as refresh the various security components over time. No DRM system is perfect; however, with open systems, the opportunity to evaluate and improve protection mechanisms is much greater.

Consider the security that the open source SSL implementations allow. Knowing how a system functions does not help hack the individual ciphers. The root of this question is about the conformance provisions required to ensure that trusted players don't leak content. In order to avoid that problem, the players will need to undergo certification and compliance testing to meet the security requirements that have been specified.

A: Millions of devices today are based on the concept that a user licenses content to the device, not to the individual, making it difficult for a user to easily access content across multiple devices. Sun believes that content should be licensed to the individual, regardless of what device that person is using - a concept we call "personal rights management."

A. Sun chose the Open Source Initiative (OSI) approved CDDL license because it allows greater freedom to the community using the code, fostering more innovation and community involvement. The CDDL provides developers and other licensees with the comfort of an express patent license in addition to a copyright license. Under the CDDL, developers have the freedom to distribute binaries under a different license. Those who add code to the open source project are required to share their modifications with the community so everyone can benefit as code is enhanced and the project evolves. Unlike under the GPL, there is no risk of a viral effect. You can combine code licensed under the CDDL with code licensed under other licensing models (provided the other licenses do not prevent this).

A: DReaM stands for "Digital Rights Management - everywhere available," and originated in Sun Labs as an open standards-based DRM solution. The objective of DReaM is to make protected content available to consumers everywhere they want to consume it, and the architecture has been designed to address the content protection needs of many different markets.

DReaM is designed as a collection of components; those components can be used together to form a complete system, or they can be integrated with others system components to achieve an interoperable end-to-end system.

A: DReaM is an open framework for rights management where individual component services can be mixed and matched. The fundamental concept is that DRM systems need not be monolithic, end-to-end systems that can only be delivered by a single supplier employing only a limited set of pre-defined components. DReaM-based systems can be optimized end-to-end solutions or hybrid systems with components sourced from multiple suppliers (partners and competitors). The key point is that individual rights to content can be managed independently of the devices where rights can be asserted.

A: There are several key characteristics of DReaM that make it unique:

1. DReaM approaches DRM (and CAS) from a network identity-focused perspective, rather than an device-centric approach.
2. DReaM uses an open approach and fully specifies everything necessary to build heterogenous, interoperable, vendor neutral implementations.
3. DReaM's architecture does not follow the traditional model of "security through obscurity."
4. DReaM is designed to be royalty free, allowing developers to avoid encumbered technology that carries onerous licensing costs.

A: Open source code is not free of restrictions. Those restrictions typically include: technology offered "as is" with a disclaimer of all express and implied warranties (including merchantability, fitness for purpose, and non-infringement), and requirements to include copyright notices and other license terms with any distribution. Depending on the open source license type, there may be additional restrictions and requirements.

A: Open source code is not free of restrictions. Those restrictions typically include: technology offered "as is" with a disclaimer of all express and implied warranties (including merchantability, fitness for purpose, and non-infringement), and requirements to include copyright notices and other license terms with any distribution. Depending on the open source license type, there may be additional restrictions and requirements.

A: In designing DReaM, Sun followed the best proven security models that are used today: PKI, SSL, HTTP and AES. We believe that much of the key technology necessary for CAS can be pulled from expired IP developed in the 1970s.

Sun has been conducting detailed patent and claims analysis for more than a year, and is in the process of filing for new patents that cover key concepts in development. We believe that a "Patent Commons" will be necessary in order to create a "safe, non-assert patent pool" around DReaM.

A: From the outset, DReaM has been designed to provide content protection for multiple market requirements:

1. We see "infotainment" as an immediate market opportunity. This market will be driven by major media owners and distributors, including network service providers.
2. We believe that rights management for "business" data objects will be very important for enterprise, healthcare, education, financial and government markets. The need to protect documents, spreadsheets and presentations will be critical. Cradle-to-grave protection of data will replace "access control"-only methods to enable better security and data protection.
3. We also see a massive "life" market opportunity. In the Participation Age, everyone is a producer of content, in addition to being a consumer of content. Anyone with a camera (video or still) or microphone is potentially a producer of content that they would like to share with others... either with compensation (real money or barter value credits) or simply restricted to certain access groups that could be specified by the content producer.