The Gilbane Report: Volume 9, Number 3

Privilege Management & Rights Management for Corporate Portals

Download a PDF version of this article

Read the news for this issue.

It may not seem so when you are busy implementing, testing, and collecting the initial reactions from your users, but there is no doubt that it is significantly easier to build applications to deliver customized content from multiple content repositories and data sources than ever before. Whether you buy a 60% solution from an EIP (Enterprise Information Portal) vendor, extend an existing content management or database application, or build your own solution from the ground up, the application and information integration technologies now available allow you to deliver a wide variety of information to a broad audience. Unfortunately, this also makes the challenge of information security more acute than ever before.

Whether the information distributed is owned by you or syndicated, you need to make sure that employees, partners, customers, and the curious have access to what they should, and can reuse content in appropriate ways. Traditional tools and strategies need to be extended and enhanced. This month Bill and David are joined by consultant Larry Gussin to provide an extremely useful overview of the issues and approaches that will help get you jump-started on a strategy.

Privilege Management & Rights Management for Corporate Portals

With the quickly growing demand for intranet-based enterprise information systems, as well as for extranet extensions, the enterprise information portal (EIP) is becoming the primary emerging solution to the problem of intelligent user access.

Enterprise information portals extend Web content management (CM) solutions by delivering both enterprise and commercial content and core enterprise and industry information through a single, unified, and usually browser-based interface. An EIP may present Web sites, documents, databases, email, and other information types from multiple servers, and allow users to access this information through its portal server. The key EIP goal is to provide more efficient access to business-critical information for employees, customers, suppliers, and business partners.

With content management and portal technologies emerging as a new, robust framework for enterprise and extranet information, the traditional enterprise security solutions, which are predicated on online network sessions and on providing document level access, may no longer be adequate or efficiently manageable. IT managers should wonder, for example, how these firewall-based solutions will be able support the potentially huge emerging requirements for extranet, offline, and more granular access to information.

Equally important is the question of how information access security can be managed. If the rise of EIPs reflects the need to address the growing number of information resources found within enterprises, these information resources still require security decisions from their business line managers. With the numbers and types of users of these information resources also growing in number, as well as being potentially tied to multiple locations and access relationships, the information access management challenges become even more daunting.

With all this complexity, enterprises must address important infrastructure requirements before they can enjoy the benefits of extending enterprise information internally among their business units and departments, and externally among their business participants. Two of these requirements address questions of how enterprise managers can ensure that:

• Users effectively access the information they need.
• Business rules govern how and by whom information is used.

Two distinct solution categories exist that can address some part of the extended enterprise's need for information and content security control: privilege management and digital rights management. The solutions available today are still caught up in their cultures or origin, but the real-world needs of enterprises may be answered by the right combination of these solutions. Such a combination of approaches would effectively manage both online and offline access to content, and provide a persistent protection and control of information throughout its lifecycle.

Enterprise Information: Content & Data

Viewed comprehensively, enterprise information includes "content," which draws upon a publishing model and includes such things as documentation, marketing and sales collateral, and research reports, and "data" from applications involving e-commerce and business processes. The types of information an enterprise must manage usually include unstructured documents such as Word and PDF files, email, and syndicated content feeds, as well as a complex array of media types, such as animation, audio, and video. Structured content-in the forms, typically, of SGML or XML documents and relational databases-also can form a large part of an enterprise's information pool, whether as parts catalogs, indexes, or database reports.

An enterprise's portal-accessed information also includes application data. APIs and middleware let enterprises manage a wide range of information sources such as enterprise and third-party data sources and applications, including legacy applications and ERP systems. Meta-data, or data about information, also plays growing and crucial roles in enterprise portals, and increasingly, XML is forming the basis for meta-data applications.

Many EIP solutions build on CM tools, or integrate with them, because much of the information users require is at the document or web content level, and because enterprises increasingly must manage more electronic content, from an expanding variety of sources and for different types of users. What constitutes "content" in content management systems is changing, largely driven by the benefits of e-commerce that draw enterprises to work beyond their own intranets to exchange content and data with customers, partners, and suppliers. Because of e-commerce requirements, content is increasingly being tied into other applications.

Enterprise Information Portals at the Application Level

But content is only one part of many EIP solutions. The concept of the integrated portal to crucial company information can include access to core enterprise applications themselves. An integrated portal interface can provide applications access, largely through Application Server development environments that support such tools as Enterprise Java Beans, Java 2 Enterprise Edition (J2EE), CORBA, and COM. At the application level, EIPs are being designed to solve information problems in areas as diverse as commerce, support, partner relations, workflow, collaboration, human resources, supply chains, business intelligence, data mining, ERP, and application or system integration.

The Web has ushered in a model of multi-tier applications, for supporting many of the applications listed above, and for managing such things as product data, inventory control, and customer relationships. Yet these new applications are hard to architect, as they often involve legacy systems, varying data sources, and complex communication needs. Environments such as J2EE mitigate these challenges by providing comprehensive services for deploying different applications as component or modular developments.

But as much as modularizing applications can help in integrating those applications within a portal, application server technology is not the clear answer for every enterprise. Some enterprises are more "content-centric" and so are better served with the focus on content management technologies within their EIP. Other enterprises may not be prepared for the complexity and investment required to re-engineer a broad scope of business process-related applications at the component development level.

Enterprise Information Portals at the Access Level

For all the wide-ranging attributes that can describe an EIP-from the simple single access point for a company's content, to application-integrating database platforms-and despite the diverse nature of the target users, there are three basic information access business requirements that are widely met by all the solutions:

• Access requires personalization. Personalization, when coupled with effective search and retrieval technologies and other information categorization techniques, helps to ensure that the right information is presented to the people who need it.
• Access requires security. Making information accessible is a double-edged sword, in that information accessible to the wrong users can do an enterprise great harm. This issue of information security can also involve compliance, data integrity, and authorization for actions taken on information-whether in terms of financial transactions, strategic planning, or other forms of commercial collaboration between enterprises.
• Access requires network architecture flexibility. The EIP presents many types of information to many types of users in many types of use conditions. Such complexities raise issues in terms of integrating disparate information into one user interface, but they also raise issues in terms of the network environment through which information is presented. Information should be accessible across client-server and peer-to-peer architectures, so that both online and offline access to and use of valuable enterprise content is available as users' needs require.

Privilege Management & Rights Management: Two Models of Information Access Security

Two distinct but possibly compatible solutions are emerging to manage information access security in the extended enterprise. Each builds on a set of core security technologies, including but not limited to key management, encryption, meta-data, and hardware enforcement. One approach builds on client-server architecture and the other on peer-to-peer, as follows:

Privileges management, which enforces centralized information security by maintaining valuable information-meta-data, transactional or application data, or other content-on secure central servers. Users, based on their hierarchically defined roles, gain privileges to view such information, but not to download from the server except with central authorization. Trust is enforced through control of access to this central information service, as well as through client-side user authentication. E-mail communications and attachments, as well as user-created information, are not typically protected within this kind of trust environment.

Rights management, which distributes valuable information and provides tools for locally enforcing the secure, role-based management of the information. Based on their hierarchically defined roles, users gain privileges to store, view, edit, and share the information. Internal and external owners of information possess and can enforce ownership rights governing the information. Users may become authors by locally creating, enforcing security for, and sharing new valuable information. Each network peer is empowered, depending on roles and circumstances, to act as a server, a client, or both. Trust is enforced at each peer, which works either online or offline in conjunction with centralized authorization management services. E-mail communications and attachments, as well as other types of user-created information, are protected within the trust environment.

Both of these solutions raise questions of security, scalability, efficiency, and adequacy in addressing the information access needs of the extended enterprise. To some degree, however, these solutions grow from different traditions and solve different problems. Privileges management grows from an IT tradition of tightly governing information access and collaboration within client-server environments. Rights management grows from Internet and electronic publishing traditions that view information as interactive and disseminated, information users as potential creators, and communications as open beyond the client-server environment.

To a large degree, rights management (RM) systems functionally overlap with privilege management (PM) systems. Rights management systems could integrate with PM systems components to maintain the primary PM user advantages of easy sign on and personalized views of information. The ways RM systems extend or exceed PM systems in terms of user advantages is defined by the differences between privileges and rights.

In privilege management, once information is defined as valuable, all rights relating to it are executed through secure central servers. Users gain access and viewing privileges, but cannot store information locally or directly share it with other authorized users. In this client-server model, information usage and sharing are restricted in the service of greater control.

In rights management, central control is still maintained through authentication and authorization, but the execution of access and use is extended to a user's local device by means of container-level and peer-level security. The distribution of management services to peers means that rights can reside on user devices and that a user can be hierarchically authorized to create, edit, distribute, and share in the managing of information. Conversely, a party with rights bound to information-an employee, a partner, a customer, a publisher-can, with hierarchical authorization, possess business controls and opportunities in relation to that information that the rights holder can extend directly to the individual user. The central control of authentication and authorization found in both PM and RM systems means that RM systems also can provide the network access and viewing privileges granted by PM systems.

Privileges Management Information Access Security Model

Privileges management systems grow out of an IT tradition of centralized network security, yet they have evolved as Internet communications are making application-specific enterprise information and security models inadequate. Privilege management systems, which build upon a number of core security tools culminating in policy servers, support authentication and authorization access models across the extended enterprise. This centralization of privilege policy management creates efficiency and scalability through several means, including, most prominently, the decoupling of information applications from security management. With little or no presence on the local client, however, PM systems typically cannot extend centralized management to data and communications on a loosely coupled client device.

Privileges management systems began emerging in 1998, and Bear Sterns projects this to be a $1.4 billion market in 2002, growing to $2.4 billion in 2004. While competitors include Baltimore Technologies (www.baltimore.com), Entrust (www.entrust.com), OpenNetwork Technologies (www.opennetwork.com), and Oblix (www.oblix.com), the Meta Group calls Netegrity (www.netgrity.com) the first mover company in PM systems and says that it currently holds a 75% market share.

The PM Security Solution: Trust Bound to the Server

Privilege management systems create a trusted environment by binding valuable information to IT-managed servers, and by giving enterprise or extranet users role-based access to the information, but no ability to store the information locally or send it to others.

In essence, PM vendors claim that their systems provide an evolutionary step in the development of IT authorization mechanisms, improving upon the decentralization of many applications imposing their own security by providing centralized access management. By replacing operating system-based authentication and authorization services, which are built on decentralized access control lists (ACLs) that govern single applications and manage resources on a single platform, PM systems can reduce significant administrative resources.

The more efficient authorization system, PM vendors claim, is based on providing centralized governance over who gets access to what resources across multiple platforms. Using directories and policy servers, the centralized authorization system lets administrators set authorization policies based on user roles. There policies can govern access privileges to multiple applications across multiple application servers. Authorization governance can also be extended to servers that reside across the Internet.

Privilege management systems use a number of security and information management technologies, most of which are themselves in a state of evolution. These technologies include encryption, keys, key management, certificates, and hardware security. Sitting above these technologies, the basic components of a PM system include:

Directory servers. Enterprises use collections of directories to hold data descriptive of users, services, devices, applications, and relationships. These directories may be embedded in email servers, firewalls, PBXs, applications servers, and file servers. Directory services provide a mechanism for naming, describing, and finding enterprise or external resources in these directories. Lightweight Directory Access Protocol (LDAP) is a protocol that is emerging as the standard way a directory service accesses a directory listing. It is the mechanism that policy servers use to identify authorization and privileges policies and the users and applications to which these policies apply.

Policy servers. Policy servers store role-based authorization data that provide access to network resources. Policy servers can be used to serve authorizations stating who, based on assigned user class in relation to a specific request, can access what information, and in what way. Role-based policy management systems can support personalized user interface, organizational hierarchies, multiple roles for individual users, and organizational ownership or roles.

Meta-data. Meta-data is used to enable machine-readable processing across heterogeneous systems. XML-based markup languages are becoming the accepted mechanism for creating meta-data standards. To scale their systems, PM systems will need XML-based meta-data standards in a number of domains, and most PM vendors are very involved in standards work. The meta-data standards efforts most directly important to the success of privileges management include OSSML (securing authentication and authorization data transmission), XACML (an access rules language), XKMS (for key management), and XML Encryption.

Virtual Private Networks. A virtual private network (VPN) is an encryption configuration that enables the secure exchange of information across the Internet in the apparent form of a WAN. It allows remote users to connect to enterprise servers, and also supports exchanges of information between an enterprise and its customers and partners. PM systems can use VPNs to provide access privileges across the firewall.

While ensuring information security, PM systems also provide administrative efficiencies and scalability, by removing security management from applications and embedding it in a centralized, shared services infrastructure. PM systems build on existing and emerging IT infrastructures, allow for the delegation of management tasks across administrative networks, and support auditing and accounting.

The User Experience: Role-Based Server Access Privileges

The user environment within a privileges management system is one of easy authentication and easy, personalized access privileges, but no real support for offline security, authoring, or collaboration. Characteristics of the user experience within PM systems include:

Single Sign On authentication. PM systems allow user authentication techniques that go beyond password protection for single applications and other weak and inefficient enforcement methods. Using their centralized infrastructure, PM systems enable Single Sign On, in which users log on once to obtain authentication and authorization to their role-based privileges across application servers and VPNs. Single Sign On improves user capabilities, reduces administrative load, and supports the use of scaleable, weak-to-strong underlying authentication security mechanisms, which are tied to the value of the information that must be secured.

Personalized views. PM systems support personalized portals. A user may have a single view that opens onto all of the valuable information that the user is authorized to see, possibly distributed across multiple enterprise applications servers and VPNs.

No store or forward privileges. With valuable information centrally protected on servers and no way to protect information stored on the local device-client-side trust only governs authentication-users are provided minimal interactive access to valuable information. They may not store it locally or forward it to other users. This may be a significant liability to productivity in the increasingly collaborative environments of the cross-departmental enterprise and the extended enterprise.

Distributed Rights Management Information Security Model

Rights management (RM) systems grow from two impulses: one is to support the Internet and electronic publishing tradition of interactive, open access to information; the other is to protect digital forms of information that can allow easy editing, copying, and disseminating. Rights management research began in the 1980s and the first systems appeared in 1997. The 1999 advent of Napster introduced publishers, creators and users to consumer-markets RM issues, but RM has also become an enterprise topic, especially following on peer-to-peer networking.

The earliest RM systems, and still the apparent market leaders, are Intertrust (www.intertrust.com), ContentGuard (www.contentguard.com), and Microsoft (www.microsoft.com) which through an investment has access to ContentGuard's patents, though many new competitors have appeared. Authentica (www.authentica.com) and RightsMarket (www.rightsmarket.com), for example, offer enterprise solutions that provide limited client-side extensions to PM systems, while TrustData (www.aspsecure.com), an Intertrust-based solution, builds ASP-like RM solutions. While RM market sizing is quite preliminary and largely based on consumer sectors, IDC projects an overall $2.02 billion business in 2004.

The Security Solution: Trust Distributed to the Peer

Rights management systems largely build on the same security tools and meta-data tools as do privileges management systems, and in enterprise deployments they may also use some of the same policy server and directory-based authentication and authorization techniques as do PM systems. Yet RM offers a very different control environment from PM: it lets authorized users view, edit, create, and share content, and achieves this capability by persistently protecting any content (or content meta-data) that resides on peer devices or moves over a network. Rights management vendors say that their distributed protection systems provide the security, efficiency, and scalability support that extended enterprises require, including peer-to-peer and online or offline environments, as follows:

Information delivery is by secure communications. Different from PM systems, which provide secure server access within the firewall and use VPNs to extend server access beyond the firewall, RM systems use cryptographically secured containers to protect information as it travels over a network. A container can hold, in any combination, single or multiple content elements, as well as meta-data, such as audit data, or role-based rules, possibly derived from policy servers, that govern how the content can be used. Users can share information via the same protocols.

Information can be persistently protected locally. RM systems persistently protect information on the local device, extending management control to that device, by providing a secure local environment in which encrypted containers are processed and information is used. The secure environment contains or interoperates with tools for unpacking or packing containers, evaluating usage rules, and viewing or editing content. It supports local and even offline management by means of a database that contains information such as role-based viewing and authoring privileges, audit data, and budget allowances. The database is modified through the transmission of update information in a new secure container.

A distributed services architecture extends to the peer. A network in which every peer device-from PCs to phones to media production hardware-and every user application is secure creates an architecture that supports a distributed services environment. Rights management vendors claim that enterprises or contracted providers can use this network to provide scalable, efficient online or offline services for clearing and reporting financial, usage, rights, licensing, and compliance information, as well as for other operations. Vendors also claim that, where authorized by an enterprise, publishers and other commercial agents can use the scalable and efficient distributed trust architecture to market and provide products and services directly to individual users or collaborative groups.

Recent Developments with PM & RM Vendors Suggest Some Initial Steps Toward Integration

As enterprises move beyond the islands of information that have separated discrete data and content applications and move to make business critical information available to the wide range of users both in and outside the enterprise, the benefits of integration produce significant challenges for the management and security of the information. Fortunately, vendors will increasingly be working towards integrated solutions.

For example, Adobe (www.adobe.com) has embedded InterTrust's DRM technology into just-released Acrobat 5.0, and InterTrust and Artesia (www.artesia.com) have announced a deal to integrate InterTrust's technology into Artesia's Digital Asset Management product for media, publishing, entertainment as well as for corporate enterprise applications.

In truth, information access and security vendors are just starting to think through many of the enterprise-oriented issues, as the complexity of the information sets presented through EIPs create the market. Recently, for example, Netegrity (www.netegrity.com) announced a bold though sketchy partnership program comprised, somewhat hopefully, of over forty vendors who work collectively in the portal solution, application, CRM, personalization, user provisioning, web services infrastructure, content management, authentication, and core security spaces. Among these partners is Authentica (www.authentica.com), one of the few digital rights management-based enterprise content security companies with product shipping.

There are a few other signs of the convergence of PM and RM. Earlier this year, RightsMarket joined the Entrust Alliance Developer Program, with the aim of making the company's RightsVault work with the security infrastructure provided by Entrust's trust solutions. The goal is to extend their security to file-level use, including text, audio, email and HTML formats.

Closely watched P2P software provider Groove Networks Inc. (www.groovenetworks.com), has just announced the availability of Groove 1.0, which includes support for a wide range of firewalls, reduced resource requirements, support for secure roles and permissions, Microsoft Office and NetMeeting integration, and Enterprise Network Services. Groove has partnered with Digital Goods (www.digitalgoods.com), an early DRM vendor (as SoftLock) that now focuses on using DRM as part of its digital content marketing services. The initial focus of the Digital Goods-Groove application is subscription-based sales of digital content for the business marketplace, such as financial and investment research, corporate intelligence, and other time-sensitive products, as well as business training and education materials. But Digital Goods sees other enterprise-oriented applications becoming enabled through the Groove partnership, including protected one-to-one or group sharing of sensitive content with real-time collaboration capabilities. With the relatively easy integration of currently separate applications' information access through LDAP management, this early-stage market and concept confusion may soon begin to yield to reliable and useful control over the increasingly complex information enterprises must share with wider and wider audiences. The advent of enterprise-oriented peer-to-peer network services suggests the mixing of client-server and peer-to-peer content access and use strategies. Once the tools are really available business managers will learn if their increasingly complex efforts to control access to and share content get a little simpler-and more appropriate for different network situations.

David R. Guenette, Larry Gussin1, and Bill Trippe

1 Larry Gussin (ldgussin@home.com) is a consultant specializing in rights management B2B and B2C infrastructures.