Microsoft Adds Rights Management to Email

With Windows Server 2003 and Microsoft Office 2003 (the new official name of the next Office version), Microsoft will deliver a mechanism to control what happens to email messages after you send them. Until now, organizations and users who wanted to prevent messages from being forwarded, keep recipients from printing messages, or make messages unavailable after a certain period of time have needed to rely on third-party tools and services such as Authentica's MailRecall ( http://www.authentica.com ), Omniva Policy Systems' Policy Manager ( http://www.omniva.com ), ReadNotify ( http://www.readnotify.com ), and Sigaba ( http://www.sigaba.com ). Citing its Trustworthy Computing initiative and the need to protect the privacy of digital information, Microsoft has stepped into this product area, announcing that a new technology, Windows Rights Management Services (RMS), will be available in broad beta in second quarter 2003.

Microsoft is using Extensible Rights Markup Language (XrML) to build RMS as an ASP.NET Web service add-on for Windows 2003. According to the XrML.org Web site ( http://www.xrml.org ), Sony, Zinio Systems, OverDrive, Integrated Management Concepts (IMC), DMDsecure, and Contents Works are other early adopters planning to incorporate XrML into their products.

RMS will apply not just to email messages but also to Web portal content and company spreadsheets and other documents. An RMS-enabled application, such as Office 2003, will provide users a mechanism to set rights on a document or email message and encrypt the content. The application will obtain a signed license from the RMS server that will contain information about how the originator wants the information used. The application will then distribute the license with the file or message. When the recipient opens the file in an RMS-enabled application, that program will send the license and the recipient's credentials to the RMS server and will request a user license. After the RMS server validates the credentials and returns a user license, the application will display the document or message, enforcing whatever rights policies the originator set.

Most of the technical details, such as keys and licenses, will be transparent to the end user. RMS will support the definition of standard intra-enterprise policy templates, such as "company confidential" or "attorney-client privilege" templates. Logging will be able to track when the RMS server grants or denies license requests.

RMS-enabled document-authoring programs will also create an HTML rendition (using the .rmh file extension) of rights-managed documents and will distribute the .rmh version with the original file and rights license. Microsoft will also offer a rights-management update for Microsoft Internet Explorer (IE) running on Windows 98 Second Edition (Win98SE) or later, to let users work with rights-limited documents in the browser.

Although Microsoft intends RMS to operate primarily inside an enterprise, it will work outside the enterprise in at least some cases. Rights policies will travel with documents, so they'll remain secure even when transported outside the organization.

Developers should watch for the second-quarter release of two software development kits (SDKs), client and server, that will let developers build rights management into their solutions. On the server side, content management servers, portals, and other servers will be able to use Simple Object Access Protocol (SOAP) to communicate with the Web services on the RMS server, so those servers won't necessarily need to be Windows servers.

"Windows Adds Rights Management Protection for Enterprise Information" http://www.microsoft.com/windowsserver2003/rm