Oracle Information Rights Management (IRM) 11g released!

Oracle Information Rights Management 11g
Wow! The year 2010 has to date been amazingly busy, many things going on here in Oracle and the strategic vision of security technologies just got stronger with the release of Oracle IRM 11g. IRM was acquired into Oracle a few years ago and the first major task was to port the entire platform over to Fusion Middleware.

This involved a total rewrite of the server from a Windows based C++ process to a JEE application running in the Oracle WebLogic application server. This major engineering task comes with many great benefits, mainly the fact the technology is now hosted inside WebLogic Server, Oracle's enterprise class application server. As such we can leverage the authentication models which are provided with WebLogic and at last gain real time support for LDAP authentication. Windows based authentication is still available and the new IRM 11g web based management pages can leverage common SSO authentication techniques.

In moving to this new platform we were able to certify against a much wider variety of platforms, you can now run your IRM server on RedHat, SUSE and Oracle Enterprise Linux, Windows, AIX, Solaris and HP-UX against either Oracle or a Microsoft database. The full range of certified platforms is available here.


Another aspect of 11g is that in accordance with Oracle product standards we localized the client software in 27 languages! This was very welcome for our customers in Japan, Singapore, China and other countries that use double byte character based languages.

Broader Enterprise Reach
  • Built on Fusion Middleware and Java EE
  • Broad platform certifications
  • Standard 27 Oracle languages
  • SSO authentication: OAM, Windows auth, Basic auth to LDAP
Extensible, First-Class Security
  • Extensible classification model for application integrations
  • FIPS 140-2 certification
  • Hardware Security Module for key storage
With the chance of moving the entire server solution to a new platform we were able to radically change some aspects of the technology. One area customers had often asked for was the ability to externalize the rights model. For example one of our high tech customers fell under strict regulation by the US government, such as ITAR and export control law required the customer to enforce controls to who could access certain information.
Oracle IRM is an excellent solution to enforcing controls over what information an employee can access, however, some customers, like this one, had already built an application which stored and managed the policies and rights around their employee's and what they can access. With 10g IRM all this information would need to be imported/sync'd into the server. With 11g we saw the chance to introduce a powerful new feature and let the IRM server leverage a rights model from an external system. In building this new functionality, we immediately found integration examples within Oracle. Our own collaboration platform, Oracle Beehive, uses the Oracle IRM 11g server to provide security to documents stored within Beehive. However, the rights model is in Beehive itself, the Oracle IRM server simply passes on rights requests to Beehive and it dictates what IRM allows the user to do with content. This powerful feature is also allowing us to integrate with all of the Oracle applications (PeopleSoft, JD Edwards, Siebel, E-business suite etc) and in the future Oracle IRM will be the built in document security provider to all of these applications.

Now we didn't forget our own built in classification system, the context model. This is the out of the box classification system that has been improved on from the 10g release and reflects best practice for an enterprise document classification system based on feedback from our customers over 10 years.

New features in the context model

Over the coming weeks I will be going into more detail on the features of Oracle IRM 11g. I'll also be putting up a brand new guide to walk you through the installation and initial configuration of Oracle IRM. However its worth going over some of the new features in the context model.


Roles are now defined at the server level and you choose which ones to make available to each context. This means you can now have a role defined as "external contractor" and say allow them the ability to print content. This role may exist in 20 different classifications your business is securing content against. Then a law may change which requires you prevent contractors to your business from printing content. A simple change to the role at the server level is then reflected to every context that role is used in AND then reflects EVERY single IRM secured document accessed by an external contractor. No other IRM or document security solution brings you such powerful features that can scale into the billions of documents.

Another common request was to add relative time based rights expiry to the context model. Whilst this functionality had always been available in Oracle IRM, it wasn't easily accessed from the context model. In Oracle IRM 11g, you can now set the following time restrictions.

  • Accessible at all times: A user can access content at any time, access is revoked by taking the role away from the user.
  • Within a period after role assignment: A user can access content for a period after the role was initially assigned, so you can give a user access to all information in a context for say 3 weeks, after those 3 weeks pass, this user can no longer access content.
  • Within a period after document sealed: Similar to the above, except now a user can only access content for 3 weeks after the document creation date. This is a great way to allow users to only access information for say 3 days after it has been published. This is often used by customers using IRM to protect sensitive content they are selling to users and that content is often valuable based on the time period for which you access it and is therefore different for each published document.
  • Role active during time period: For example a user can only access content between 1st March 2010 and 1st September 2010.


Overall, Oracle IRM 11g is by far the leading document security solution on the market and Oracle's serious investment in this security technology is evident from our continued advancement in features and functionality. Over the coming 12 months we have even more cool technology to release, but for now 11g will be enabling our customers to deploy even more secure, scalable and usable security to their businesses most sensitive information.


Post a Comment:
  • HTML Syntax: NOT allowed

Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide


« July 2016