Slashdot Mirror

← Back to Stories (view on slashdot.org)

Penn State Launches Napster Music Service

Posted by timothy on from the so-that's-what-college-was-for dept.

Owner of Azkaban writes "CNN has a story about PSU launching Napster for its own students." Also at live.psu.edu." This is the service we posted about last fall; in three days, the Penn State system has served more than 100,000 songs.

5 of 249 comments (clear)

  1. This just in by Anonymous Coward · · Score: 5, Funny

    The SCO group and the RIAA have joined forces, and cross licensed each other's IP. the RIAA is now going to start randomly suing linux users, and SCO will be going after several thousand penn state students.

    In other words, nothing has changed. move along now

  2. Re:Not more piracy by Richard+M.+Nixon · · Score: 5, Insightful

    Despite all the arguments to the contrary music 'sharing' is piracy

    I guess some people will not truely understand the different between copyright infringment and piracy until they are killed on the high seas by people with eye patches who go "Arrrrg!"

    and in the long term it can only hurt the consumer as musicians will not make music if there is no profit on it.

    Not as long as the majority of music downloaders use p2p primarily to search for new music and purchase the stuff they like.

    I expressly banned my son from pirating music but the other day I saw him playing an MP3.

    The horror! An mp3!
    Where did it come from?
    Did he download it from a bands official website where they promote their music by providing free samples?
    Did he rip it himself from one of his legally purchased CDs?
    Well, obviously copying of any sort is the equivilant of looting and murder on the high seas.

    The office of homeland security will be by soon to escort your son to his new cave in Siberia where he will be spending the rest of his life. In fact, it is obvious that you haven't done enough to instill in your son the belief that he doesn't have the right to do whatever he wants with his own property. I guess you will have to be deported too you terrorist! You're no better than the parents of John Walker!

    --
    Nobody died when Nixon lied.
    I'm meeting you half way you stupid hippies!
  3. No free lunch, Linux, or Napser by AngstAndGuitar · · Score: 5, Insightful

    which comes free with their tuition.

    The article says that the service is "free", but in actuality, students are paying for it in their tuition, when they could be having more useful services provided by the school, like a site license for more online research databases, or simple more trees and benches on campus.

    What a waste.

    And then students are told that it's "free", I bet half of them even beleave it, but as the old saying goes, "There's no free lunch", McBride seams to think there is no free SCO/linux(tm)*, and there is also no free napster.

    *Largly due to the fact that he's visualy inspecting the interior of his own colon.

    --
    Less look fast, more go fast.
  4. Re:Not more piracy by Anonymous Coward · · Score: 4, Insightful

    "as musicians will not make music if there is no profit on it."

    It is really very sad to view art in this fashion, as if art was only made for profit. I have been an artist most of my life(musician, painter, writer) and I have never made a bit of art becuase I thought it would make money(I'm not saying I wouldnt be pleased if it did). NO ONE thinks, "Hey I'll become a painter and gets lots of money." It would be much more realistic to think, "I'll try to be a painter and be very poor". Real artists make art because they are compelled to do so, and simply love creating. Real artists do NOT include entertainers such as Britney Spears or the like.

    Again its very sad to see people viewing art through a very narrow capitolistic frame.

  5. Some Cool Technical Stuff by finkployd · · Score: 4, Informative

    One piece of this that is not getting much attention right now (that would probably be of interest to /. readers) is the registration system. I'm not getting into the politics of this, the DRM or the "right or wrong" arguments.

    In this initial rollout PSU and Napster decided to limit the service to students living in the residence halls. It does not matter which of the 21 campuses you are on, just that you live in a res hall.

    We also needed to ACTIVELY protect the privacy of the students, not just to comply with FERPA but because we are not in the business of providing marketing data to private institutions.

    The way we went about this was to use the Internet2 Middleware Initiative's Shibboleth software. Similar to Liberty in that it is a federated single sign on system that uses SAML, it is one of the unsung heros in this.

    Without getting into TOO much low level detail of how Shib works (which is available at the above link for those interested), here is a quick overview of what we are doing:

    Basically PSU students are redirected to Napster's shibboleth protected registration webpage (this shib component is an Apache auth module) which sends them back to a PSU server to do the actual authentication. The student authenticates to the web server (kerberos backended userid and password). This server is also a component of Shib and it redirects the user (actually an http post) back to the Napster reg system along with a SAML authentication assertion.

    The SAML authentication assertion is a blob of XML data that contains an opaque handle for the user (used in the next step) and a URI back to the last piece of Shibboleth at PSU called the Attribute Authority. This assertion is also digitally signed with an x.509 cert (w3c's XML-Signature spec) so that Napster knows it can trust this (not tampered with, generated from a rogue "man in the middle" server, etc).

    The last step is when Napster makes an SSL wrapped call to the Attribute Authority requesting attributes about the student who is trying to get in. Remember up to this point all they know is his opaque handle (long string of numbers which uniquely identifies the user, but provides no information). The Attribute Authority looks as the cert of the requesting server, sees that it is Napster and queries LDAP for the data about the user that it is allowed to release. This is configurable to be anything we have, name, email, address, department, semester standing, etc. HOWEVER we only pass TWO things to Napster. (1) an entitlement string that identifies whether or not that user is allowed to get this service, and (2) a persistent opaque handle, which is basically the userID encrypted with the name of the target site and a secret seed value.

    The entitlement string is generated at PSU and is populated in the user's LDAP entry based on the criteria that was set (res hall students only for now) and the persistent opaque handle gives Napster something to look at to make sure each students only registers once, but they still have no idea who that user is or anything about them other than that they are a student at PSU in a res hall.

    Now if the student chooses to use their PSU email address when creating their Napster account, or gives them their CC number because they want to purchase songs that is their decision. The doubleplus good factor here is that PSU does not give that data up. We merely assert on the user's behalf that they are allowed to sign up under this agreement.

    This Shibboleth stuff is running on Linux at both places and with the exception of requiring Java at the Origin end (PSU), is entirely comprised of open source software. The Napster guys we worked with were also very clueful and were definitely down with Linux, using it except where Windows was necessary (WMA streaming)

    So I are very pleased at what