In metaverse, there are a lot of beliefs about
the intellectual property of a content
creator (IP). Most users of the commercial systems do not
read the terms of service (ToS) of their provider and are in the
misleading opinion that their creations are owned by them. Because
of that, we must first cover the content security at a general
level. We get deeper in the solutions later, I promise.
Many countries have copyright laws.
There is no general international law in Metaverse.
Many western countries allow copies on copyright protected
materials for private use (limited count, no trade). Often this is
limited to materials that have no copyright protection (keep that
in mind and re-think if I say cheers). Usually the items that can
be copyrighted are limited to things that need high skill, talent
or plenty of work - similar to patents.
After all, we talk about regular copyright laws and contracts
based on terms of services. If it comes to a serious problem, you
need to go to a real life court. If someone intends to avoid that,
never mind about asset rights.
Having said all this, we have the copyright system by law - and
maybe even more detailed extensions by contract. Even as we have
laws against murder, we still have bulletproof vests and
bodyguards. What is missing in the 3D
web?
- Bodyguards are people we trust and whom
we may pay for trustworthy service
- Bulletproof vests are tools to passively enforce the
rules.
So we need domains of trusts, something quite usual in the daily
life. You may give your house key to your neighbor, but not to a
stranger. You trust godaddy.com (did you know?) if you go to a SSL
encrypted website (https) with a certificate issued by godaddy.
Ok, if godaddy has fulfilled some rules and is trustworthy.
Is your brother trustworthy?If a webpage is encrypted at the web
server and decrypted at your computer, how the heck do I know
whether the certificate issuer is trustworthy. Whether the browser
is, the operating system is and there is no keylogger?
Would you do your home banking in a internet café in
Nairobi? Why not? But you would rezz your content on foreign land?
why?
We need three simple things:
- A network of trust - gets very important
in exchange of a virtual currency etc.
- A trust worth stack - from client over
region to storage
- A standard for rights and claims (see
later)
If had both, the next step would be to implement a rights
management system. You probably know that from music file trading
systems. The basic idea is to give the data(item) owner the control
- not the server operator.
That way an item knows about its rights - and even if you would
copy the whole inventory database, you would not be able to access
items that you do not have rights for.
Claims are more advanced. Why only limit
the user (identity) access to item? Why not also limit system
access to user's items? If I enter an adult only portal - why
the heck should someone know about my street address? just
let him read my birthday from my identity and make sure it is
approvable.
A big problem with rights management was that there was no open
system that was powered by well capitalized company AND was able to
use open standards like SAML and openID.
Microsoft now came up with an open source SDK for .Net - maybe a
thing to look into?
They use it e.g. for collaborative engineering at Daimler
automotive. A Typical Usecase is that you have to give your design
details to a third party - and in always changing file
formats. A compliance nightmare. J
And even if not that - the technology/technique outlined not the
product is the key.
There IS hope for almost secure content -
though there will never be 100% security. But at least you can make
content theft more complicated and you can make clear that you do
not like copying. (think about the first part..).
Hopefully on discussions about hypergrid functionality, content
rights and identity management will be considerer by all parties
(Opensim team, realXtend team, Linden Labs, openID-providers,
third party trust centers) in an early stage.
Cheers,
Ralf
PS: I am happy to provide further information for
developers, just email me.
read on:
http://blogs.msdn.com/card/archive/2008/11/04/microsoft-geneva-framework.aspx
http://xml.coverpages.org/ni2008-10-29-a.html
http://msdn.microsoft.com/en-us/security/aa570351.aspx
http://www.kuppingercole.com/articles/fg_micro_gen_271008
Article represents personal opinion - trademarks apply - www.ralf-haifisch.biz
We recommend that you discuss this article on Think, but if you really want to you can leave a comment right here as well: