1 / 47

Trust² for ISVs

Trust² for ISVs. Kris De Sloovere Project Manager - RMS consultant Info2clear – SecureAttachment N.V. About Trust2. Joint initiative of Microsoft, Certipost, Info2clear

tirzah
Download Presentation

Trust² for ISVs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trust² for ISVs Kris De Sloovere Project Manager - RMS consultant Info2clear – SecureAttachment N.V.

  2. About Trust2 • Joint initiative of Microsoft, Certipost, Info2clear • Trustworthy Information Exchange for any users of any Windows based applications seeking to protect the privacy of information

  3. Agenda • Information rights management • Trust² for Office demo • Trust² architecture • Software integration tools • Code example • How to start • Summary

  4. Yes People No Today’s Information Protection File Access Control List File

  5. Yes Yes People People No The solution: Information Rights Management File Information Rights Management Do not forward Do not Copy …. Access Control User Management

  6. Information Rights Management + eID authentication =

  7. Trust2 for MS Office at Work.. Trustworthy information exchange for Office documents, web content and Outlook emails

  8. Content Distributor

  9. Content Recipient

  10. Trust2 for MS Office at Work.. Trustworthy information exchange for Office documents, web content and Outlook emails

  11. Windows RMS Workflow • Author receives a client licensor certificate the “first time” they rights-protect information. Active Directory SQL Server • Author defines a set of usage rights and rules for thier file; Application creates a “publishing license” and encrypts the file. RMS Server • Author distributes file. 4 1 • Recipient clicks file to open, the application calls to the RMS server which validates the user and issues a “use license.” 2 5 3 • Application renders file and enforces rights. Information Author The Recipient

  12. RMS rights extensions • Protect your application’s content • Basic rights • Can read • Can modify • Is owner • Can print, can copy paste,… • Custom rights • E.g. can rotate drawing, can play audio,… • Based on XRML

  13. Trust² architecture • Trust² server • Windows RMS server • Trust² eID authentication layer - OCSP • Trust² online user registration • Trust² user registration XML WS • Client • Windows RMS client • Trust² enabled software: • MS Office 2003 Professional • MS IE Rights Management Add-on

  14. Trust² architecture ServerTrust² RMS XML Web service Trust² user registration Trust² user registration XML Web service Server Your application Client RMS Client MS Office IE Add-on Your application

  15. Software integration tools • Information rights management: • RMS Client SDK • Windows 2000 Service Pack 3, Windows 98 Second Edition, Windows ME, Windows Server 2003, Windows XP • RMS Server SDK • Windows Server 2003 • RMS Security Guidelines.doc • Trust² user registration • Trust² registration WS

  16. RMS client SDK

  17. Demo RMS client SDK ServerTrust² RMS XML Web service Trust² user registration Trust² user registration XML Web service Server Your application Client RMS Client MS Office IE Add-on Your application

  18. Demo RMS client SDK • User is Trust² registered • RMS User activation: • Obtain ‘user account certificate’ • Basic RMS user certificate • Necessary to obtain • Publishing license • Use license

  19. Demo RMS client SDK // Create a client session for the user (group identity) // to be activated hr = DRMCreateClientSession ( &OnStatus, 0, DRM_DEFAULTGROUPIDTYPE_WINDOWSAUTH, wszUserId, // User Id &hClient ); …….. // if bMachine is true do Machine Activation else do Group Identity Activation hr = DRMActivate( hClient, (bMachine ? DRM_ACTIVATE_MACHINE : DRM_ACTIVATE_GROUPIDENTITY)|DRM_ACTIVATE_SILENT, 0, E_FAIL == hr ? NULL : pSvr, &hEvent, NULL ); Email address Trust² server Automatic eID pop up

  20. Trust² user authentication • eID as primary token • Other X509 tokens supported • Custom synchronisation of identity management systems through the Trust² user registration WS

  21. How to start • Request your test development account to Trust2 • Two free test accounts with Send/Recipient rights with 6 months validity • Developers support line • Ticketing based • Seminars and Training courses SIMPLY MAIL ISV@TRUST2.COM OR visit www.trust2.com

  22. Conclusion: key message • eID is powerfull e-authentication and e-Signing infrastructure • Trust2 enables applications and web-sites to rely upon this infrastructure and Information Rights Management • Trust2 is an unique aggregation of all security and trust components to build digital workflows • Trust2 Development Kit available • Office2003 today, your application tomorrow?

  23. Trust² www.trust2.com RMS client and SDK’s: www.microsoft.com/rms Meer informatie:

  24. Q&A

  25. Appendix

  26. Information Rights Management • Hosted Rights Management service based on Windows Rights Management (RMS) • Provides persistent protection by creating a ‘cocoon’ around the file, limiting what authorized users can do with the content, based on permissions granted by the author • Prevents unauthorized transactions such as forwarding, printing, saving, editing, .. or limit access over time based on time-expiration • Keeps private information private • Protected information can only be viewed by authorized users • Protects your sensitive information, no matter where it goes • Establishes an audit trail to track usage of protected files • Augments existing perimeter-based security technologies • Seamlessly integrated with Office 2003 Pro Edition for content authors and Office 2003 or Internet Explorer for content recipients • Enforces organizational policy digitally via RMS templates • Users can easily define how the recipient can use their information

  27. Define the policy Connect with RMS server Render proteced Office Files in line with granted permissions Information Rights Management Applications • Connect with RMS server • Render protected HTML content or HTML version of Office Files in line with granted permissions ISVs • Define Policy • Connect with RMS server • Render protected data or files in line with granted permissions

  28. Windows Rights Management Services (RMS) Windows platform information protection technology • Better safeguard sensitive information • Keeps Internal Information Internal • Protected information can only be viewed by authorized users • Establishes an audit trail to track usage of protected files • Augments existing perimeter-based security technologies • Persistent protection • Protects your sensitive information, no matter where it goes • Protected information is encrypted with AES 128 bit encryption • Enforces organizational policy digitally via RMS templates • Users can easily define how the recipient can use their information • Sample rights include view, read-only, copy, print, save, forward, edit, and time-based • Flexible and customizable technology • Integrates with familiar applications and is easy to use • Utilizes familiar e-mail names & groups (distribution lists in AD) • Provides the flexibility to designate full control to a named group of users • Enables custom solutions through SDKs

  29. Windows RMS Solution Components • Server • Windows Rights Management Services (RMS) • A Windows Server 2003 information protection service • Desktop • Updates to Windows client • Rights Management APIs for Windows 98SE+ • “Rights Management Add-on for Internet Explorer” • RMS-enabled applications • Any application which has utilized the RMS SDK • Office 2003 is the first Enterprise app to implement RM • Software Development Kit • For both client-based and server-based development

More Related