Trust Information rights management with eID

1
Trust² - Information rights management with eID

• Kris De Sloovere
• Project Manager Trust² - RMS consultant
• Certipost www.certipost.be

2
About Trust2

• Joint initiative of
• Microsoft and Certipost
• Trustworthy Information Exchange for any users
  of any Windows based applications seeking to
  protect the privacy of information

3
Agenda

• Information rights management
• Trust² for Office demo
• Trust² architecture
• Software integration tools
• Code example
• How to start
• Summary

4
Todays Information Protection
File
Access Control List
File
5
The solution Information Rights Management
File
Information Rights Management Do not forward Do
not Copy .
Access Control User Management
6

• Information Rights Management
• eID authentication

7
Trust2 for MS Office at Work..
Trustworthy information exchange for Office
documents, web content and Outlook emails
8
(No Transcript)
9

• Content Distributor

10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
(No Transcript)
19

• Content Recipient

20
(No Transcript)
21
(No Transcript)
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
(No Transcript)
28
Trust2 for MS Office at Work..
Trustworthy information exchange for Office
documents, web content and Outlook emails
29
Windows RMS Workflow

• Author receives a client licensor certificate the
  first time they rights-protect information.

SQL Server
Active Directory

• Author defines a set of usage rights and rules
  for thier file Application creates a publishing
  license and encrypts the file.

RMS Server

• Author distributes file.

4
1

• Recipient clicks file to open, the application
  calls to the RMS server which validates the user
  and issues a use license.

2
5
3

• Application renders file and enforces rights.

Information Author
The Recipient
30
RMS certificates

• Account certificate
• Contains identity
• Client licensor certificate
• Enables offline protected document creation
• Publishing license
• Expresses the rights
• Use license
• Permit to open documents

31
RMS certificates
Account certificate
Account certificate
Information Author
Publishing license
Client licensor certificate
The Recipient
Use license
32
Windows RMS Usage Scenarios
Keep Internal Information Internal
33
RMS rights extensions

• Protect your applications content
• Basic rights
• Can read
• Can modify
• Is owner
• Can print, can copy paste,
• Custom rights
• E.g. can rotate drawing, can play audio,
• Based on XRML

34
Trust² architecture

• Trust² server
• Windows RMS server
• Trust² eID authentication layer - OCSP
• Trust² online user registration
• Trust² user registration XML WS
• Client
• Windows RMS client
• Trust² enabled software
• MS Office 2003 Professional
• MS IE Rights Management Add-on

35
Trust² architecture
Server Trust²
RMS XML Web service
Trust² user registration XML Web service
Trust² user registration
Server
Your application
Client
RMS Client
MS Office
IE Add-on
Your application
36
Software integration tools

• Information rights management
• RMS Client SDK
• Windows 2000 Service Pack 3, Windows 98 Second
  Edition, Windows ME, Windows Server 2003, Windows
  XP
• RMS Server SDK
• Windows Server 2003
• RMS Security Guidelines.doc
• Trust² user registration
• Trust² registration WS

37
RMS client SDK
38
Demo RMS client SDK
Server Trust²
RMS XML Web service
Trust² user registration XML Web service
Trust² user registration
Server
Your application
Client
RMS Client
MS Office
IE Add-on
Your application
39
RMS certificates
Account certificate
Account certificate
Information Author
Publishing license
Client licensor certificate
The Recipient
Use license
40
Demo RMS client SDK

• User is Trust² registered
• RMS User activation
• Obtain user account certificate
• Basic RMS user certificate
• Necessary to obtain
• Publishing license
• Use license

41
Demo RMS client SDK
// Create a client session for the user (group
identity) // to be activated hr
DRMCreateClientSession (
OnStatus,
0,
DRM_DEFAULTGROUPIDTYPE_WINDOWSAUTH,
wszUserId, // User
Id hClient
) .. // if
bMachine is true do Machine Activation else do
Group Identity Activation hr DRMActivate(
hClient,
(bMachine ? DRM_ACTIVATE_MACHINE
DRM_ACTIVATE_GROUPIDENTITY)DRM_ACTIVATE_SILENT,
0,
E_FAIL hr ? NULL pSvr,
hEvent, NULL )
Email address
Trust² server
Automatic eID pop up
42
Trust² user authentication

• eID as primary token
• Other X509 tokens supported
• Custom synchronisation of identity management
  systems through the Trust² user registration WS

43
How to start

• Request your test development account to Trust2
• Two free test accounts with Send/Recipient rights
  with 6 months validity
• Developers support line
• Ticketing based
• Seminars and Training courses
• SIMPLY MAIL ISV_at_TRUST2.COM
• OR visit www.trust2.com

44
Conclusion key message

• eID is powerfull e-authentication and e-Signing
  infrastructure
• Trust2 enables applications and web-sites to rely
  upon this infrastructure and Information Rights
  Management
• Trust2 is an unique aggregation of all security
  and trust components to build digital workflows
• Trust2 Development Kit available
• Office2003 today, your application tomorrow?

45
Meer informatie

• Trust²
• www.trust2.com
• RMS client and SDKs
• www.microsoft.com/rms

46
QA