To ensure the confidentiality of documents that are protected
by policies, Rights Management implements three layers of security:
Authentication
Authorization
Document confidentiality
AuthenticationAll
users are required to log in to interact with Rights Management.
Users can log in through Acrobat or through the Rights Management
web application.
Rights Management supports four methods
of authentication:
Username/Password. Users are prompted
for their user name and password.
Kerberos (from Acrobat on Windows only). Users of Acrobat
or Adobe Reader for Windows can be transparently authenticated.
Client certificate based. Users can use their certificates
installed in client machines to authenticate themselves.
Extended authentication. If available, users can be authenticated
using any extended authentication providers.
After
users are initially authenticated and Rights Management receives
subsequent messages from clients, it uses Security Assertion Markup
Language (SAML) authentication assertions to verify the identity
of the message sender.
AuthorizationRights
Management uses a role-based model to control access to the web
application features. Roles also determine whether users can protect
documents with policies through Acrobat. Rights Management implements
these roles:
- Administrators:
- Have complete access to the server configuration and can manage
all aspects of policies, policy-protected documents, external users, administrator
accounts, and event audits.
- Users:
- Can create and manage their own policies, policy-protected
documents that they distributed, and events that are associated
with those documents.
- External users:
- Can create a Rights Management user account when an administrator
explicitly invites them or when they are added to a policy.
Document confidentialityRights Management uses several technologies
to protect documents and to provide access to them.
In general,
Rights Management uses a symmetric cryptographic key system for encryption.
Client applications such as Acrobat perform document encryption. Documents
are never sent to Rights Management; Rights Management encrypts policies
and licenses that are associated with documents.
The method
used to protect documents depends on whether the policy requires users
to access documents while online or whether the policy enables offline
use.
|
|
|