HITS

MovieLabs and Microsoft Azure are collaborating to define a single global identity for any user for any project – a goal that stands to significantly reduce logins and passwords, and put an end to a problem that has dogged just about everyone since the dawn of the digital age.

It’s a topic that “the entire industry will need to talk about quite a bit more in 2021,” according to Kip Welch, executive director of the Entertainment Identifier Registry (EIDR) and VP of business development at MovieLabs, the non-profit lab jointly run by the five major U.S. Hollywood studios.

Having a global identifier stands to be welcome news to people “who are tired of having multiple logons and multiple passwords and multiple identities when they’re working on different projects for different studios and different production companies and accessing different systems,” Joel Sloss, senior program manager for Microsoft Azure, said during the Dec. 8 virtual Content Protection Summit.

“There’s so many different places that you have to log in” today when working on a production, “so we’re hoping to help the industry address that with this idea of a global ID,” Sloss pointed out during the Identifiers, Policy & Zero Trust breakout session “Global ID for the Global Media Industry.”

Creating a global ID is one key way to “make productions more efficient as we move forward into the era of cloud production and take advantage of all the things that we can do there,” Welch noted.

MovieLabs published a white paper last year envisioning production in 2030. In it, MovieLabs “set out a number of principles that would guide the industry to where we wanted to be 10 years out into the future,” he pointed out. One of those principles was “all about giving every person connected to a production an identity that is verified in a way that makes their access permissions managed consistently and efficiently,” he said, noting “what that basically means is transforming the way we keep track of individuals [as] they interact with content.”

Shifting Models

Under the current model driving enterprise identity and access management, there are “almost fiefdoms” in which “you’ve got a studio producing content and managing that” and then “you’ve got post houses working with the content and VFX companies working with the content,” Welch said, explaining: “They all have cloud connections [and] cloud partners. They all maintain a secure perimeter around their own physical environment and their own cloud environment.”

However, “as we look out into the future, we kind of expect that to change,” he predicted. For the future model of identity and access management, “there will be in the cloud a place where all of the content assets for a production sit, and post houses, studios, VFX companies and other vendors will come to that place,” he said, adding: “They won’t take the content back into their shop and work on it. They’ll come to a production hub in the cloud … and they’ll work on it there. It’ll get managed there. It will provide a lot of efficiencies that we can’t really imagine today.”

However, he told viewers: “One of the things needed to make that happen is a very clear way of understanding who is interacting with all of that content, what they’re doing, what permissions they have, and we need to think of a whole new framework for how to do that because this is going to be a different identity management challenge than what we have today when people are managing what’s happening inside their four walls and their own cloud environments.”

If the industry is to have a Production User ID (PUID), “it’s going to serve different functions” and “one core function” will be an information repository function, he noted. Another function will be the single sign-on capability – “a way of managing and simplifying the way people interact with content instead of having all the Post-its all over their displays,” he pointed out.

Important Considerations

There are several PUID information repository considerations that must be taken into account, he said. Topping the list is the fact that trusted data must be verified and a record kept on how and when it was verified, he noted. Next, who is curating the information – be it the user, a studio, the production or guilds – must also be considered. And also significant is whether the data includes personal identifiable information, which raises potential privacy and regulatory issues.

“We’ve got lots of privacy and regulatory issues, creating a legal framework that is complex to say the least,” Welch said, adding: “How do we manage through that with an information repository for the whole industry?… There’s a set of issues around that that we’re going to have to work through.”

He went on to explain: “You’re going to need a system that is, one, universal for the industry but also flexible enough to allow production companies to manage and keep close to things that are most important to them that they have the most security concerns and the most intellectual property concerns around.”

Therefore, a model for all this is “something we are going to need to think ourselves through and develop an architecture for in 2021 if we want to move forward with something like this as an industry,” he added.

Sloss asked another question of significance: “Is say a larger studio going to trust a smaller production company with ID information that will then have access to their system?”

Welch replied: “There obviously needs to be a lot of discussions around the industry to build trust amongst the [players] who have to participate…. in a shared repository system like this.”

To that end, the MovieLabs member studios have had many discussions about this for the past year – and “there definitely is a model where major studios and small productions could work together and alleviate all of their IT staffs for the large studio [and] relatively small IT groups for small productions,” Welch said.

It would help to “provide a way for a small production to get up and running with what is needed to manage identity in a way that is consistent with the requirements of large studios and standard expectations that small productions bring to the table [and] that individuals – creatives – bring to the table,” Welch said, adding: “There is a way to navigate that … provided you’re able to give every production, every studio enough fundamental control over their own security and their own authorization.”

The authentication, however, is “something that it will be much easier to delegate out to an industry system than it will be to delegate authorization and security,” according to Welch. “But authentication is a big hassle for everybody,” he said, adding: “Everybody has to do it. We could do that together and give everyone a production user ID in an authentication system that makes everyone’s lives easier” – at the production companies, the studios and all the individuals and creatives who work on productions.

Sloss asked whether it will be challenging for smaller production companies that don’t have the IT expertise and a large enough staff and budget, especially when  security often winds up being “at the bottom of that list of budget items” they have. “Are we going to create a situation where the studios are mandating a global ID and remote authentication but then, without everybody provisioning user accounts for everybody else, can a small guy participate?”

Welch countered that the global ID strategy being proposed may actually make it easier for small companies. It’s complicated for small productions to set up security on their own. With a global ID being implemented, however, “there could be a system that they could simply plug into and hopefully simplify their lives” so it “can be an improvement” over the situation today where they have to figure out security solutions on their own, he explained.

“Our goal in 2021 is very much to do more industry outreach to build a consensus about how this should be done and whether people would be able to use it and the benefits that will accrue to different entities around  the industry,” Welch told viewers.

And “if you could achieve single sign-on to make the lives of production users and creatives much easier, I think that would be a benefit for everybody and they would have all of the collateral benefits of allowing easier access management,” he added.

When it comes to the technology that will be used for a global ID, the first part of the process is reaching out to cloud platforms including Azure, which MovieLabs has done, and figure out what technologies they can bring to implement this, Welch said. Different technologies could be implemented in different parts of the system, he noted, adding MovieLabs has also talked with identity management companies and non-member studios.

“There are plenty of strong technologies that could be brought to bear to make this work,” Welch said. However, “it’s more of a matter of getting the right people together to think it through and put a framework in place for implementing it, and building the things that don’t exist today,” he noted.

In 2021, he expects to “have a lot of conversations about how to do that the right way,” he said, noting there also plans to have more conversations with  stakeholders around the industry, including guilds and unions, get feedback about how to go forward with this plan, and find out what is required by other members of the industry.

“We believe there are some consensus paths for creating benefits for the entire industry that could really move the ball and move us closer toward the 2030 vision,” he added.

A Call to Action

Welch went on to deliver a message to members of the industry: “Let’s put our heads together. We’re going to be reaching out to you. Let’s get the meetings going in Q1. Let’s start writing down requirements of all the different key stakeholders in the industry and let’s see if we can come together with the right way to build this thing [so] that it delivers the benefits and protects the interests of everyone around the industry.”

This is “not just a MovieLabs thing [and] it’s not just a big studio thing,” Welch stressed. “It needs to work for everybody. So certainly in the first half of 2021, we expect to be talking to all of the key stakeholders and the people that reach out to us to gather requirements on a broad scale.”

The Right Time

“There has been an incredible shift in the industry” in favor of cloud service, as well as remote and virtual production since the COVID-19 pandemic started, Sloss said.

“Everything is now going to be remote, and whether or not that goes back to the way it was before” after the pandemic ends is “kind of anybody’s guess,” Sloss said. “But there’s so many forcing functions right now that I don’t think that we have a choice but to figure out how this is going to work in the near future.”

Welch agreed. “The times are coming to tap us on the shoulder and require us to do some things that we didn’t expect to have to do maybe now but we need to. And I think this is one of those,” he said.

Welch concluded: “Something like this doesn’t happen overnight. So we will need to spend some real time putting it together. So now is as good a time as any to get going on it. Otherwise, it will not be ready to help us in the 10-year time frame for the 2030 vision – especially with the accelerated time frame that the world and the conditions of the world are really pushing upon us.”

Presented by Microsoft Azure, the Content Protection Summit was sponsored by SHIFT, Genpact, Akamai, Convergent Risks, Friend MTS, GeoGuard, PacketFabric, Palo Alto Networks, Richey May Technology Solutions, Splunk, Zixi, EIDR, Cyberhaven and Xcapism Learning.

The event was produced by MESA, CDSA, the Hollywood IT Society (HITS) and Women in Technology Hollywood (WiTH), under the direction of the CDSA Board of Directors and content advisors representing Amazon Studios, Adobe, Paramount, BBC Studios, NBCUniversal, Lionsgate, WarnerMedia, Amblin Entertainment, Legendary Pictures, and Lego Group.