Main

OpenID and the User-Centric Time Machine

There have been a few very insightful discussions from Chris Messina and other regarding the PIP as a secure file, so I thought I would share some of our longer-term product goals.

Today, the PIP file vault is a personal digital locker for our users to manually upload their most personal files. That by itself is not an innovation. In fact, the Web is full of personal storage services like Gmail. Online storage provides immediate and useful value, yet its usefulness is limited by the amount of work an end-user is willing to commit (uploading takes work!).

Now it is interesting to consider how this simple Web 1.0 model of personal digital storage evolves when combined with an OpenID provider. Together, can these technologies allow us to transfer and store in one single place under our control the personal files, private data and rich media content that is today spread throughout the Internet? In short, can a simple file vault become the in-cloud "time machine" of our distributed digital lifestyle?

A SAAS and device-centric view of cloud storage:

A lot has happened with network storage in the last few years. One of the most notorious disruptions is Amazon S3. I would characterize Amazon S3 as a SAAS-centric view of storage. Web applications can outsource the storage function to a highly cost-effective network that already has reached economy of scale. Obviously, it fits the Amazon economic model perfectly. Closer to the end user, we find Microsoft and Apple storage services. Their approach is similar in concept. To them, cloud storage is merely a device enhancement and synchronization is their lingua Franca (iSynch for Apple, Live Mesh for Microsoft). The concept certainly has merit for users with data spread across multiple devices. However, this is a very device-centric view of the world. It fails to realize that increasingly, our critical data resides across many Internet Web Sites with no ability to synch.

A user-centric viewpoint: centralized storage for distributed private data

So, what happens now when one looks at storage with a Web 2.0 user-centric view instead of the cloud-centric view of Amazon, and the device-centric view of Microsoft and Apple? One sees independent, distributed and sometime competing Web services. Through these services, users store personal information, create new data, and acquire digital content. Some of that content is low value and can be left behind. Some of his data is social in nature and is probably best shared with our Facebook friends. However, some of this data is also highly confidential and personal in nature. In that case, we, the end user, should be able to request its safe transfer, and backup to a digital locker that we fully control (the OP).

Towards a "Locker Connect" mechanism

Using the OpenID and OAuth models, such private data transfer can be authenticated and authorized by the end-user (although the data flows from the RP to the OP). The locker network end point address can be discovered as any identity attribute would. Finally, a user interface ala Facebook Connect can provide a friendly user experience while ensuring a user-centric control point (the user controls what, where, when and if the data is being sent).

The "wow" effect

The use cases certainly sound unlimited. Think digital health care and the $20B stimulus package: whether I am accessing my doctor, hospital, lab or pharmacy Web sites, I can now authenticate across all health service providers and authorize the audited transfer of personal health records back to my locker. Think rich media content: I can now purchase digital music, movies, or books across multiple e-tailers and have the bits (or maybe just the digital rights) sent back to my locker. Think payment and billing: please, send all my purchase and online statements back to my digital locker.

Yes, we can! With data portability and OpenID, a simple file vault can grow into a much more compelling personal identity service. And who knows. With security and private storage, we may even have a real business model!

02/22/09 | permalink | comments [0]

DECE or the Digital Content Cloud: Last Chance for DRM.

For almost 18 months, we have been working with the Movie studios on creating a blueprint architecture for rich digital media (a fancy name for digital movies). The concept falls in what I like to call the "big idea" category. The goal is to create an Internet eco-system that re-creates the user experience and commercial success of the DVD: an industry standard shared across all content providers, all retailers, and all device manufacturers.

Like the brick and mortar DVD, this new Internet DVD will share a common brand recognized by consumers worldwide; it will provide a common format with interoperable digital rights protection technology; The Internet DVD will be backed by a common usage policy that is consistent across movie studios and will provide a simple user experience for consumers. Believe it or not, we all believe that these lofty goals are achievable and we even have a proof of concept to support our irrational exuberance. You will just have to wait for this effort to become consumer facing to see it.

If successful, this "Internet DVD" standard, will allow any consumer to purchase and download movies from any online store (pick your favorite ecommerce store), and view it on any device (a PC, an IP TV, a mobile device). From the studios standpoint, the concept of the Internet DVD arises from witnessing the Internet speed transformation of the music industry: loss of sales driven by pirated content, emergence of music distribution silos where the lack of interoperability eventually leads to the elimination of rights protection altogether, a risk that the movie industry is not willing to accept without a good fight.

A key requirement of the "Internet DVD" is to enable DRM interoperability, which is timely considering the focus of regulatory instances, such as the European government. Of course, many will argue that the easiest way to achieve DRM interoperability is to get rid of DRM altogether. My theory (a lonely one in the blogosphere) is that a cloud-based approach is not only technically viable to create DRM interoperability. It is also the only possible approach to creating a user experience that resonates with consumers.

Indeed, the key to making the Internet DVD an insanely great consumer product is both open standards and a cloud approach. The cloud services (including OpenID-based identity services, of course,) are essential to mask the complexity of dealing with multiple DRM systems, multiple content formats and multiple retailers. The other trick is to leverage the cloud to provide additional functionality that the silos dismiss today: rights locker, perpetual ownership and the separation of the purchase from download experience. That last one is likely to resonate with marketers as the Internet DVD will encourage impulse by without forcing consumers to be tethered to a 10GB pipe.

Of course, the proof is in the pudding. We still have a few challenges ahead. We need to prove that the industry can come together and create a compelling joint offering for digital entertainment. We also need to prove that the hereditary vices of DRM can be hidden from consumers by using a cloud-based approach. The immensity of such challenge aside, the immediate lesson to me is that the cloud can be a disruptive force when it comes to new product design. The cloud creates new dimension that can challenge common thinking and alter the status quo, like the well-established thinking that DRM is a dead end. One thing is sure. The movie industry is a fascinating world and it will be fun to see how the cloud allows it to reinvent its biggest commercial success. So, say hi to the Internet DVD, it may be coming to a computer near you very soon now.

09/12/08 | permalink | comments [0]