Secure files in the Beehive with Oracle IRM's sealing wax
By Simon Thorpe on Sep 25, 2008
|Once again Beehive has been demonstrated to be an excellent example of how Oracle IRM can be integrated to extend security well beyond the confines of the application. We love Beehive, and it seems that Beehive loves us. We are the sealing wax of Beehive! Ok, I promise not to make any cheap references in the following with regards to the name of the Beehive product...
On Wednesday, Jamie Rancourt and Indira Vidyaprakash, principal product managers for Beehive, hosted a session in the Marriot Hotel called "Collaboration Beyond Standalone Clients". Many existing collaboration environments are spread across many systems. Your email may reside in both an Exchange server and in PST files on your local machine. You have documents stored in both content repositories and on external USB drives, instant messaging clients store message histories both on the server and on your local systems... information, as we know is all over the place and out of control.
With Beehive you are able to unify all this information using Workspaces. Continuing Oracle's Open Standards and Enterprise 2.0 messages, all of the Beehive components can be resurfaced in other environments, such as portals, websites and you can use any clients to access mail, messaging and other Beehive services.
In this session, they went a bit deeper when showing Oracle IRM inside Beehive than the high level overview given by Chuck and Charles during the Monday keynote. The Beehive team showed the integration with IRM in a live demonstration and started by moving a document into a Beehive Workspace. It was given the category "Seal" and behind the scenes this assigned a flag to the file which kicked off a BPEL process to seal the document with IRM. In real time the file was then sealed and this was evident when the icon changed within the Beehive UI.
The file was then emailed to another user, however that user did not have any rights to open the file and the Oracle IRM Desktop client denied access. Because the error message functionality in IRM uses a web page, it allowed the access denied message to also contain information about the owner of the document which was dynamically obtained from the IRM server. So the user then contacted this owner and requested access. The document owner agreed and then moved the document within Beehive from his personal Workspace into a group Workspace, checking that the new user had read-only rights in that Workspace. The remote user then attempted to reopen the file and this time, hey presto, it opened!
The document owner then updated the user's rights in Beehive to allow editing and when the user reopened the file he found he had edit rights. Finally they then took this to the next step by revoking the user's rights completely and again this was locally propagated, once again disallowing the user to open the content.
This live demonstration showed the fantastic opportunities for the integration of IRM using the coming release of the Oracle IRM 11g Server, where rights do not need to be managed directly on the IRM Server but can be fully delegated to an external system, such as Beehive. We hope to see these prototyped demonstrations become reality over the coming months as the Beehive colony swarms to create the propolis which will ensure users of sensitive information inside the hive do not get stung when content leaves the nest!
I'm sorry, I just could not resist...