Open Source DRM Solutions? 369
Feint writes "I'm working on an business platform for inter-company collaboration based on an open source software stack. As part of that platform I would like to integrate some sort of digital rights management for the documents in the system. The vast majority of articles about DRM are focused how good or evil it is to apply DRM to digital music or video. I haven't seen many articles address open source solutions for protecting business data like CAD / MS Office / PDF / etc. documents, which is a real need in business today. Can the Slashdot readership suggest some open source DRM offerings other than the Sun DReaM initiative, which hasn't had a release since Jan. 2007?"
We call it... (Score:5, Informative)
RE (Score:5, Informative)
The only open source system I am aware is OpenKM[http://www.openkm.com/].
You're probably in for a disappointing search (Score:5, Informative)
Most people smart enough to program such a thing are also smart enough to know it can never work. People who do create/sell/push drm solutions are selling snake oil.
Your best bet is to use PGP and simply encrypt your data, and trade public keys with your intended recipients. And plan ahead - once someone can see it, assume they can always see it. The whole "revoking a key" bit is the snake oil part of DRM.
There is a precedent for open source DRM.. (Score:5, Informative)
This coward is correct! (Score:3, Informative)
Yes, this exists (Score:5, Informative)
DRM makes it hard for people to leak a file. It does not spend very much effort, if any, on authenticating the initial owner of the file (for example, anyone who picks up a DVD can play it, although they can't copy it to a new DVD). In a business environment, you're usually far more worried about authenticating the file's recipient and making sure the original does not accidentally reach anyone else's computer, than about preventing a cooperative person from intentionally leaking the file. (In most cases, you do want to permit them to print, copy-and-paste, etc. the document. These would all be prevented by DRM because they all make it easy to leak the file.)
The other failing of DRM, as I'm sure you've seen discussed, is that it's crackable by mere cleverness. If you're going to permit someone to view a file on screen (or hear an audio clip over headphones), you can always take a screenshot (or recording) and leak that. HDCP and so forth make the screenshot harder, but nothing prevents you from pointing a camera at the TV. It will be low quality but it will be a leak. PKI, on the other hand, is only crackable by brute-force searches of the key space, or (unlikely though possible) sufficiently smart mathematicians.
Re:There is a precedent for open source DRM.. (Score:3, Informative)
It is still an oxymoron.
If you see my comment [slashdot.org] posted shortly after yours, I mention OGG-S/Media-S. They are, at least, honest about their "open source" DRM system. In their FAQ they explain while it is GPL'd, you can buy a (closed-source) license so that it's anything other than a public-key encryption system. ergo: Open source DRM is an oxymoron.
Minimal DRM (Score:3, Informative)
There's basically two kinds of DRM in the world: DRM that's been broken and DRM that no one has cared to break.
So, that said, here's some python DRM you can use which I am releasing into the public domain:
(replace _ with spaces)
Re:Have we not discussed this before? (Score:3, Informative)
Oh brother, not this again (Score:2, Informative)
Cory Doctorow was been over this a couple of years ago when Sun came up with the (I'm guessing abandoned) idea of an Open Source DRM. Here, go read why it's oxymoronic: DRM != SSL [boingboing.net]
Any protection scheme where your customer and your attacker are the same party, doomed to failure, IMO.
Do not buy any DRM-encumbered products. Make a statement about this by not participating.
Open Source ECM (Score:5, Informative)
And if you WANT more... (Score:5, Informative)
Instead you should save your money and hire a lawyer instead who will draft up NDAs for you to have people sign in order to protect those documents/secrets you want tightly controlled.
Technical solutions will not cut it. They never will. You are throwing your money away.
Hire a lawyer, and only give the documents to people who ABSOLUTELY need it and is worth the time to get contracts involved with.
Re:It's an oxymoron (Score:4, Informative)
Crypto works because you give the decryption-key to the intended recipient, but others don't know it, and can't easily guess it since it's a large random string.
But with DRM, you give the recipient the file *AND* the decryption-key, and then say: You may use this key to decrypt the file and display it on your screen; but not to decrypt it and print it on your printer ! (for example)
That is fundamentally impossible to enforce. The decryption-algorithm does not care what happens to the file AFTERWARDS.
IBM TCPA (Score:3, Informative)
Re:Talk about a contradiction in terms. (Score:3, Informative)