Eric Norlin reports from Microsoft’s briefing yesterday.
At base, Palladium recognizes three areas of “integrity”: machine integrity, data integrity and user integrity.
Machine integrity deals with certifying that the hardware involved has attained a level of certification authenticity that allows it to run to Palladium standards.
Data Integrity is the module that contains the elements of a Digital Rights Management system. It’s core premise is that data is used “as intended by the author and recipient as they mutually agree.”
The Palladium project leaders are quick to point out that the key component of the data integrity element is the “as they mutually agree” — i.e., there is some sort of negotiated relationship that is being implied in all DRM interactions, and, in fact, their main intention of use is for user-centric applications such as email.
The third integrity component is user integrity. This involves the biometrics, smart cards and/or login mechanisms that will overlay the Palladium system (via operating systems and their accompanying applications).
The Palladium folk make it very clear that their work stops before the user integrity process kicks in. This means that just as the “soft world” of digital identity services kick in, they consider their job completed.