Microsoft is developing add-on security technology for its forthcoming Windows Server 2003 operating system software that will allow organisations to implement rights-management protections on corporate documents such as e-mail messages and data files.
The Windows Rights Management Services (RMS) will be able to enforce protection policies by controlling which users can access specific content and what access rights they are granted. Companies will, for example, be able to restrict content copying, forwarding and printing in applications such as portal, e-mail and word-processing software.
"What this really is about is having customers trust their platform more when they're using it to manage sensitive internal business information such as financial reports and business plans inside the organization," said Mike Nash, vice president of Microsoft's Security Business Unit.
The rights management features will be built in to the Office 2003 versions of the Microsoft Word, Excel, Powerpoint and Outlook applications, according to Amy Carroll, group manager of Microsoft's Windows Trusted Platform Technologies group.
However, only users of Microsoft's most recent products will be able to fully take advantage of the technology. RMS relies on the proposed XrML (Extensible Rights Markup Language) standard, an XML-based (Extensible Markup Language) language that is heavily backed by Microsoft but has yet to attract broad industry support. While Office 2003, Microsoft's Office update scheduled for mid-2003, supports XrML and will work with RMS, older versions of Microsoft Office won't work with the technology, including Office XP.
Microsoft will be developing application programming interfaces that will allow RMS-enabled documents to be viewed using the Microsoft Internet Explorer as well as any of Microsoft's supported operating systems, starting with Windows 98 Second Edition, however.
Beyond that, Microsoft defended its choice of the new XrML standard.
"Despite being new, XrML is the richest and best developed of the rights management languages," said John Manferdelli, general manager of the Windows Trusted Platform Technologies group.
The XrML standard will allow Microsoft to extend its rights management technology to desktop applications and documents, as well as to the Web, according to Nash.
"At the end of the day, you need to make sure your platform can be more trustworthy. It's about enabling security ... and making people willing to be comfortable and to share broadly," Nash said.
RMS won't be available at Windows Server 2003's launch, which is slated for April. Instead, RMS will be entering beta in the second quarter, with no final release date announced, according to Microsoft. Pricing details are also still being determined, but the software will be sold as an add-on module.
Also in the second quarter, Microsoft will release two software kits to aid developers in building rights management functionality into their applications.
"Software development kits will make it easy to develop applications that use rights management consistently. We need to make sure that rights management can be used in a consistent way and can be applied across a broad set of applications," Nash said.
Microsoft is currently working on RMS with several hardware partners, ISVs (independent software vendors) and likely early-adopter customers, according to Stuart Okin, Microsoft U.K.'s chief security officer.
Microsoft is seeing particular interest in RMS from government customers and those in the pharmaceutical industry, Okin said. Organizations in those industries often already have in place detailed security and access policies, and are eager to explore technical solutions for enforcing those procedures, he said.