At the Burton Conference last week in San Francisco, I watched several presentations predicting what the future of identity would look like. Dick Hardt, of Sxip, gave a good presentation where he outlined how a person in 2017 would be able to have multiple digital personas, work and live electronically in a seamless world. While all this made sense at the general level, I felt that something was missing in the pieces of the identity puzzle in order to make this happen. That's what this blog will cover.
In order for a person to work seamlessly electronically, there needs to be open protocol standards for documents that also seamlessly ties to open protocols for access control. The world of work involves accessing, viewing, editing and moving around all sorts of different types of documents/digital files. Today, there is no way to do this across different vendors and enterprises who are currently using silo'd document management systems.
There are emerging standards for document management vendors to deal with Microsoft's Sharepoint. This requires however that Sharepoint be involved in the document interchange which won't always be the case.
There are also emerging document management protocols for dealing on the Java side of the world. However, this doesn't cover the .Net side of the equation.
Both of the above efforts also don't integrate with an open access control standard.
So...this is the major gap in getting from where we are today to the future that Dick outlined in his presentation. What is the solution? I believe that the way forward is for development of a new, open, document management protocol that in turn integrates with XACML.
For example, let's say that Jane Doe in the future wants to access her health records. Jane by the way is old. Thus many of her health records are scanned images of previous documents. As Jane uses an online interface, the document management system used first of all checks the required privileges for the documents. It determines that the identity Jane Doe can access the records. Further, it determines that no one can edit or change the documents and then determines that the documents require a digital signature plus a password from Jane in order to access the documents.
Jane has an InfoCard that contains her digital signature and password. Using XACML, Jane provides her InfoCard to the document management system and then is able to view her scanned health documents.
This system also works between enterprises. Let's say that John Smith is working on a project where his enterprise Acme is in partnership with another enterprise named Zeon. Acme and Zeon use different document management vendors.
John wants to send Zeon some documents. These include a Word contract, an Excel spreadhseet as well as some engineering CAD files. John clicks on the document management system in Acme. He then indicates he wants to send these files to Zeon. The document management system first determines the document management properties for each of the documents. It sees that the contract and CAD have high security around them. Further, it also sees that the CAD file must expire in 30 days when outside the enterprise. Finally, it also sees that a full audit trail is required for the CAD and Word documents.
The document management system then using XACML, checks to see if the person John is wanting to send in Zeon has the required privileges. Seeing it does, it then encrypts the sensitive documents and sends them to Zeon.
Zeon, takes the documents in and automatically enforces the security policies that Acme had set up for the documents. After 30 days, the CAD file is disabled on Zeon's system. Only those Zeon personal with the required privileges are able to open, view and edit the documents. Whenever the CAD and Word files are accessed, Zeon's document management system maintains a complete audit trail. This may or may not be sent on an updated basis to Acme depending on the agreement the two enterprises have re audit logs.
The future requires open document management protocols that takes into account many different digital file types. Not everything can or will be converted to XML. Further, the protocol must interface with XACML to ensure that there is seamless enforcement and use of access control policies tied to the identities.
I believe that this is the future of digital rights management. By being able to specify the privileges and security policies for any digital file and then tying this to XACML, it opens up the digital world.
Comments? I am beginning to assemble a group of like minded individuals and enterprises who want to see this happen. If you're reading this blog and are interested, please contact me.