|Ravi Pandya software | nanotechnology | economics||
Tue 27 Jul 2004
I didn't actually get to see his DRM talk because of other meetings, but I did get a chance to have lunch with him beforehand. Interestingly, neither he nor Whit Diffie (with whom I exchanged email after RSA) have much of an issue with enterprise rights management - all the heat is around rights management for commercial content. When you're dealing with information within an enterprise, RM is just another technology for managing information security, another point on the spectrum between access control lists and multi-level security.
I think one of the reasons enterprise RM is growing so rapidly (50% CAGR acording to a recent Jupiter report) is that the classic model of managing access through ACLs just doesn't work that well in today's world. It was never great to begin with - most non-programmers would think of the access control on a file as being a property of the content, even though in reality it's a property of the path through which you get to the content. But now, when your documents live on the web, in email, in IM sessions, in databases, etc. there's just no easy way to manage access consistently other than by attaching persistent access control policy to the content itself.
Mon 19 Jul 2004
I'm back to blogging after very long hiatus - as you can see by the archive calendar! I joined Microsoft last March as the architect for Trust Management in Windows Security, which includes Rights Management Services, X.509 PKI, and Software Licensing. It's been extremely interesting, but has kept me pretty busy. It hasn't been so much the time to write posts, but the activation energy involved in moving my blog from Radio to Blosxom. Now that's done (though I still have a few things to fix up), I hope to get back to semi-regular postings.
© 2002-2004 Ravi Pandya | All Rights Reserved