Credentials Control Access
Someday, they say, well all have the ability to decide who can view our documents, who can print them, edit them, e-mail them, etc. And this applies to all document types, including Web pages, spreadsheets, and other Microsoft Office documents. Microsoft RMS was announced in February 2003 and has been shipping for about a year. The server allows users of Office 2003 or Internet Explorer (via a plug-in) to access encrypted documents managed by RMS. Today, this requires the installation of server software atop Windows Server 2003. That should change if Microsoft makes good on plans to include RMS as a standard component of Windows Server 2003 R2, anticipated to ship during the second half of 2005. RMS could also find its way onto Small Business Server and thus into the hands of companies with fewer than 50 employees.However, a document may require the immediate validation of a credential, requiring the user to be on the network anytime the document is opened. This is Microsoft RMS at its most restrictive, at least in terms of credentials. Even with the proper (and current) credential, users can be selectively limited in what they can do with a document. Viewing may be acceptable, but printing, copying, editing, and e-mailing could all be made impossible. Mix and match these as you find necessary. My suspicion is big enterprises and fairly small companies will find the technology most immediately useful. The enterprises will use it in business units where data security is of utmost concern while small business will use it widely, presuming the Small Business Server integration goes well. Next Page: Administrative Challenge
At its heart, RMS is a server that provides credentials to clients. Opening an encrypted document, or doing anything else with it, requires the user to possess the appropriate credential. These are stored on the users machine, protected by password or other authentication, and can be persistent. This allows the user to travel with a portable and have access to documents when not connected to a network.