470 likes | 578 Views
Trust² for ISVs. Kris De Sloovere Project Manager - RMS consultant Info2clear – SecureAttachment N.V. About Trust2. Joint initiative of Microsoft, Certipost, Info2clear
E N D
Trust² for ISVs Kris De Sloovere Project Manager - RMS consultant Info2clear – SecureAttachment N.V.
About Trust2 • Joint initiative of Microsoft, Certipost, Info2clear • Trustworthy Information Exchange for any users of any Windows based applications seeking to protect the privacy of information
Agenda • Information rights management • Trust² for Office demo • Trust² architecture • Software integration tools • Code example • How to start • Summary
Yes People No Today’s Information Protection File Access Control List File
Yes Yes People People No The solution: Information Rights Management File Information Rights Management Do not forward Do not Copy …. Access Control User Management
Information Rights Management + eID authentication =
Trust2 for MS Office at Work.. Trustworthy information exchange for Office documents, web content and Outlook emails
Trust2 for MS Office at Work.. Trustworthy information exchange for Office documents, web content and Outlook emails
Windows RMS Workflow • Author receives a client licensor certificate the “first time” they rights-protect information. Active Directory SQL Server • Author defines a set of usage rights and rules for thier file; Application creates a “publishing license” and encrypts the file. RMS Server • Author distributes file. 4 1 • Recipient clicks file to open, the application calls to the RMS server which validates the user and issues a “use license.” 2 5 3 • Application renders file and enforces rights. Information Author The Recipient
RMS rights extensions • Protect your application’s content • Basic rights • Can read • Can modify • Is owner • Can print, can copy paste,… • Custom rights • E.g. can rotate drawing, can play audio,… • Based on XRML
Trust² architecture • Trust² server • Windows RMS server • Trust² eID authentication layer - OCSP • Trust² online user registration • Trust² user registration XML WS • Client • Windows RMS client • Trust² enabled software: • MS Office 2003 Professional • MS IE Rights Management Add-on
Trust² architecture ServerTrust² RMS XML Web service Trust² user registration Trust² user registration XML Web service Server Your application Client RMS Client MS Office IE Add-on Your application
Software integration tools • Information rights management: • RMS Client SDK • Windows 2000 Service Pack 3, Windows 98 Second Edition, Windows ME, Windows Server 2003, Windows XP • RMS Server SDK • Windows Server 2003 • RMS Security Guidelines.doc • Trust² user registration • Trust² registration WS
Demo RMS client SDK ServerTrust² RMS XML Web service Trust² user registration Trust² user registration XML Web service Server Your application Client RMS Client MS Office IE Add-on Your application
Demo RMS client SDK • User is Trust² registered • RMS User activation: • Obtain ‘user account certificate’ • Basic RMS user certificate • Necessary to obtain • Publishing license • Use license
Demo RMS client SDK // Create a client session for the user (group identity) // to be activated hr = DRMCreateClientSession ( &OnStatus, 0, DRM_DEFAULTGROUPIDTYPE_WINDOWSAUTH, wszUserId, // User Id &hClient ); …….. // if bMachine is true do Machine Activation else do Group Identity Activation hr = DRMActivate( hClient, (bMachine ? DRM_ACTIVATE_MACHINE : DRM_ACTIVATE_GROUPIDENTITY)|DRM_ACTIVATE_SILENT, 0, E_FAIL == hr ? NULL : pSvr, &hEvent, NULL ); Email address Trust² server Automatic eID pop up
Trust² user authentication • eID as primary token • Other X509 tokens supported • Custom synchronisation of identity management systems through the Trust² user registration WS
How to start • Request your test development account to Trust2 • Two free test accounts with Send/Recipient rights with 6 months validity • Developers support line • Ticketing based • Seminars and Training courses SIMPLY MAIL ISV@TRUST2.COM OR visit www.trust2.com
Conclusion: key message • eID is powerfull e-authentication and e-Signing infrastructure • Trust2 enables applications and web-sites to rely upon this infrastructure and Information Rights Management • Trust2 is an unique aggregation of all security and trust components to build digital workflows • Trust2 Development Kit available • Office2003 today, your application tomorrow?
Trust² www.trust2.com RMS client and SDK’s: www.microsoft.com/rms Meer informatie:
Information Rights Management • Hosted Rights Management service based on Windows Rights Management (RMS) • Provides persistent protection by creating a ‘cocoon’ around the file, limiting what authorized users can do with the content, based on permissions granted by the author • Prevents unauthorized transactions such as forwarding, printing, saving, editing, .. or limit access over time based on time-expiration • Keeps private information private • Protected information can only be viewed by authorized users • Protects your sensitive information, no matter where it goes • Establishes an audit trail to track usage of protected files • Augments existing perimeter-based security technologies • Seamlessly integrated with Office 2003 Pro Edition for content authors and Office 2003 or Internet Explorer for content recipients • Enforces organizational policy digitally via RMS templates • Users can easily define how the recipient can use their information
Define the policy Connect with RMS server Render proteced Office Files in line with granted permissions Information Rights Management Applications • Connect with RMS server • Render protected HTML content or HTML version of Office Files in line with granted permissions ISVs • Define Policy • Connect with RMS server • Render protected data or files in line with granted permissions
Windows Rights Management Services (RMS) Windows platform information protection technology • Better safeguard sensitive information • Keeps Internal Information Internal • Protected information can only be viewed by authorized users • Establishes an audit trail to track usage of protected files • Augments existing perimeter-based security technologies • Persistent protection • Protects your sensitive information, no matter where it goes • Protected information is encrypted with AES 128 bit encryption • Enforces organizational policy digitally via RMS templates • Users can easily define how the recipient can use their information • Sample rights include view, read-only, copy, print, save, forward, edit, and time-based • Flexible and customizable technology • Integrates with familiar applications and is easy to use • Utilizes familiar e-mail names & groups (distribution lists in AD) • Provides the flexibility to designate full control to a named group of users • Enables custom solutions through SDKs
Windows RMS Solution Components • Server • Windows Rights Management Services (RMS) • A Windows Server 2003 information protection service • Desktop • Updates to Windows client • Rights Management APIs for Windows 98SE+ • “Rights Management Add-on for Internet Explorer” • RMS-enabled applications • Any application which has utilized the RMS SDK • Office 2003 is the first Enterprise app to implement RM • Software Development Kit • For both client-based and server-based development