Rights Management Services



RMS Components
There are three essential components that comprise RMS: the RMS server, the RMS client, and RMS-enabled applications and SDKs. The RMS server is responsible for the proper certification of trusted entities, provides licensing of content that is rights-protected, and enrolls any users and servers. It also serves as the administrative point for RMS

How RMS Works

RMS is involved in three areas to ensure proper utilization: the actual creation of rights-protected resources, licensing and distributing these rights-protected resources, and decryption and usage of rights-protected resources. A trusted entity (one that has been granted access to make use of RMS) can create resources that are protected. When a resource has been protected, an XrML certificate identifies who is allowed access and what usage requirements are imposed on the resource.

The RMS server will issue a publishing license that delineates who is allowed to access the resource. Once this is done, the protected resource can be sent. When a trusted entity, say a user, wants to access a resource, the user will be validated by the RMS server which holds the public key for the encrypted resource and will issue a use license to the user. This use license specifies how the resource can be used and actions that can be taken with it. So these licenses are employed as the actual control mechanisms. The publishing license is created when a document is RMS-enabled and has been encrypted. The use license is required when a document is consumed.


Encrypting and Securing Content

Exactly how does RMS direct the process whereby control is maintained over documents, e-mail messages, and applications? RMS employs Public Key Infrastructure (PKI) as the basis for controlling access to documents. PKI uses asymmetric encryption in which two keys are used for the encryption/decryption process: one public key and one private key. In a typical PKI environment, a user will encrypt a document that can only be unencrypted by the recipient. In an RMS environment, the document is encrypted by the user and is maintained by the server. Any requests to access the document are made to the server, which will validate the request and its purpose, to include printing, forwarding, and even the saving a document.

The keystone of RMS is in using a standardized rights expression language (REL) to provide a common framework for interoperability. The language that is used to provide this commonality is XrML version 1.2.1. The XrML language can be used to apply rights and security to digital information in the form of a license. This XrML license is attached to the resource and is used to specify the permissions and usage applied to it.

XrML provides a universal method for securely specifying and managing rights and conditions associated with all kinds of resources including digital content and services. It is fully compliant with XML namespaces using XML schema technology.

Now let's see how the process of using RMS on a document works. The IT hero in this scenario has been tasked with coming up with the raises and salary information for the next fiscal year. Let's assume that he has the appropriate RMS client software installed on his machine. He creates a spreadsheet containing the new financial figures (something any company would want to keep under tight control!) and wants to apply RMS security to this confidential document.

Our hero uses an RMS-enabled application—in this case Microsoft Office 2003—to contact the RMS server through the application to apply for a publishing license for this document. The RMS server issues the publishing license which is applied to the document. The document has been encrypted, has a publishing license attached, and has suitable usage restrictions applied due to this process. The document has now been made more secure than simply using NTFS permissions and ACLs.

The IT guy sends the document to his manager for final review and comments. Before the manager can access the document, she will need to contact an RMS server to receive a use license for the document. The request for a use license is performed through the RMS-enabled application and, once complete, allows the manager to access the document according to the usage restrictions that were applied by the author of the document

 

The deployment of an AD RMS system provides the following benefits to an organization:

• Safeguard sensitive information . Applications such as word processors, e-mail clients, and line-of-business applications can be AD RMS-enabled to help safeguard sensitive information Users can define who can open, modify, print, forward, or take other actions with the information. Organizations can create custom usage policy templates such as "confidential - read only" that can be applied directly to the information.
 
• Persistent protection . AD RMS augments existing perimeter-based security solutions, such as firewalls and access control lists (ACLs), for better information protection by locking the usage rights within the document itself, controlling how information is used even after it has been opened by intended recipients.
 
• Flexible and customizable technology . Independent software vendors (ISVs) and developers can AD RMS-enable any application or enable other servers, such as content management systems or portal servers running on Windows or other operating systems, to work with AD RMS to help safeguard sensitive information. ISVs are enabled to integrate information protection into server-based solutions such as document and records management, e-mail gateways and archival systems, automated workflows, and content inspection.

0 التعليقات:

إرسال تعليق