Microsoft is developing add-on security technology for
its forthcoming Windows Server 2003 operating system software that
will allow organisations to implement rights-management protections
on corporate documents such as e-mail messages and data
files.
The Windows Rights Management Services (RMS) will be able to
enforce protection policies by controlling which users can access
specific content and what access rights they are granted. Companies
will, for example, be able to restrict content copying, forwarding
and printing in applications such as portal, e-mail and
word-processing software.
"What this really is about is having customers trust their
platform more when they're using it to manage sensitive internal
business information such as financial reports and business plans
inside the organization," said Mike Nash, vice president of
Microsoft's Security Business Unit.
The rights management features will be built in to the Office
2003 versions of the Microsoft Word, Excel, Powerpoint and Outlook
applications, according to Amy Carroll, group manager of
Microsoft's Windows Trusted Platform Technologies group.
However, only users of Microsoft's most recent products will be
able to fully take advantage of the technology. RMS relies on the
proposed XrML (Extensible Rights Markup Language) standard, an
XML-based (Extensible Markup Language) language that is heavily
backed by Microsoft but has yet to attract broad industry support.
While Office 2003, Microsoft's Office update scheduled for
mid-2003, supports XrML and will work with RMS, older versions of
Microsoft Office won't work with the technology, including Office
XP.
Microsoft will be developing application programming interfaces
that will allow RMS-enabled documents to be viewed using the
Microsoft Internet Explorer as well as any of Microsoft's supported
operating systems, starting with Windows 98 Second Edition,
however.
Beyond that, Microsoft defended its choice of the new XrML
standard.
"Despite being new, XrML is the richest and best developed of
the rights management languages," said John Manferdelli, general
manager of the Windows Trusted Platform Technologies group.
The XrML standard will allow Microsoft to extend its rights
management technology to desktop applications and documents, as
well as to the Web, according to Nash.
"At the end of the day, you need to make sure your platform can
be more trustworthy. It's about enabling security ... and making
people willing to be comfortable and to share broadly," Nash
said.
RMS won't be available at Windows Server 2003's launch, which is
slated for April. Instead, RMS will be entering beta in the second
quarter, with no final release date announced, according to
Microsoft. Pricing details are also still being determined, but the
software will be sold as an add-on module.
Also in the second quarter, Microsoft will release two software
kits to aid developers in building rights management functionality
into their applications.
"Software development kits will make it easy to develop
applications that use rights management consistently. We need to
make sure that rights management can be used in a consistent way
and can be applied across a broad set of applications," Nash
said.
Microsoft is currently working on RMS with several hardware
partners, ISVs (independent software vendors) and likely
early-adopter customers, according to Stuart Okin, Microsoft U.K.'s
chief security officer.
Microsoft is seeing particular interest in RMS from government
customers and those in the pharmaceutical industry, Okin said.
Organizations in those industries often already have in place
detailed security and access policies, and are eager to explore
technical solutions for enforcing those procedures, he said.