In tandem with Adobe’s release this week of Acrobat 7.0 product family and the LiveCycle Policy Server, Planet PDF spoke with John Landwehr, Director, Security Solutions and Strategy in the Intelligent Documents Business Unit at Adobe Systems about the capabilities and implications of the enhanced PDF security.
KURT FOSS, Planet PDF Editor: Adobe has announced this week that its LiveCycle Policy Server is now shipping. What new capabilities does this technology offer to and/or what needs will it meet for the global PDF user community?
JOHN LANDWEHR, Director of Security Solutions and Strategy, Intelligent Documents Business Unit, Adobe Systems Inc.: The Adobe LiveCycle Policy Server is designed to make it easy to supply security in the form of document control and rights management to PDF documents. Applying security really needs to be easy because when security isn’t easy, people have a tendency not to use it. In the process of applying security to PDF documents, it’s also important that it can be done for documents spanning both inside and outside the firewall. Sensitive documents are being exchanged with business partners, or electronic statements and transactions are being exchanged with customers — we wanted to provide a solution that would essentially handle security needs inside and outside the department.’
FOSS: Please describe how the Policy Server workflow will work to accomplish these tasks.
LANDWEHR: I’ll start with some of the top features and then describe how that can be applied in various workflows. Policy Server provides basic access controls to a document tied to an organization’s authentication directory, either LDAP or active-directory-based systems. This way users do not have to have another password to protect their documents — they can leverage the existing corporate network password or the existing extranet portal passwords for home-banking portals or business-partner portals. That provides the basic access controls for opening the document.
Then of course there are permissions for ‘Can you print, modify, copy and paste; and there are further controls on setting an expiration date on a document so that I can have a document either expire on either an absolute date — after which it never opens — or a relative date, for example in a records-retention environment: five years after every document is created, it automatically self-destructs. We can also do immediate expiration, such that a document that’s already been sent out and distributed to a very large audience can be immediately revoked, no matter how many copies have been generated — even if those copies have been written to read-only media such as a CD-ROM.
One of the nice capabilities that the real-time dynamic nature of the security is that when doing revocation, that provides version control. So if a new version of a document is published, you can revoke the old version and when a user opens up that document, they’ll be told there’s a new version of the document available, and advised to ‘click here to automatically go get it.’ So when the author revokes a document, he can not only turn it off, but tell the user where to go to get the new version.
The last major capability is providing auditing: you can see who opened, who printed, who modified, who extracted content — or who tried to do any of those things but did not have access.
All of those capabilities are rolled up in what we call a policy, where the author sets all these capabilities. The most common policy that a customer might deploy is something like ‘Company Confidential,’ which would be to make sure that only employees of the organizations could open that document. It would be literally two clicks within Acrobat to set that — hit the ‘Secure’ button, then choose the ‘Company Confidential’ policy, and be done.
You can create these policies in Acrobat 7 on the desktop as well as through the Policy Server with a Web-based interface. The administrator can create group policies that everybody can see, and that’s a good idea with something like a ‘Company Confidential’ where you want everyone in the company to be able to use the policy and not have to create it on their own. Or you can create end-user policies for particular workgroups.
FOSS: Does this work online and offline?
LANDWEHR: Yes, this works both online and offline. In fact, the creator of a policy can specify if it is a very secure workflow that all recipients be online, or they can create a lease period for the policy — documents created with that policy can be viewed offline for that amount of time, for example, for a day, a week or a month, or essentially you can dial it in for however long you want and the user can continue to view that document offline until the lease expires. After that, they will not be able to view that document until they go online to renew the lease.
FOSS: How does this work outside the firewall?
LANDWEHR: The Policy Server communicates with Acrobat 7.0 and with the free Adobe Reader 7.0 using standard Web services calls that can be fully proxiable through firewalls. You can set up the Policy Server in a DMZ environment, and you can also connect to multiple authentication databases so that it can interact with the corporate directory as well as the extranet directory. That way you can have your bank employees as well as your home-banking customers — using different authentication domains — all share off the same Policy Server to protect documents both inside and outside the firewall.
FOSS: Which platforms does it run on?
LANDWEHR: With Acrobat 7, we are on Macintosh and Windows, and with Reader 7 we support Policy Server-protected documents with Windows, Mac and we’re also adding security to our Linux Reader on the desktop as well.
FOSS: Which platforms does the server run on?
LANDWEHR: The server is a J2EE-based application that runs on application servers like WebSphere and JBoss, and it runs on Windows server, Solaris as well as Linux. We will be porting it to other operating systems in the future.
FOSS: There are a number of rights-management products out there on the market. What makes Policy Server different?
Policy Server is built into the latest versions of Acrobat and Reader such that no additional plug-ins are required, which makes it great for sharing documents outside the firewall where you do not have control of the recipient’s desktop but where there’s a good chance they’ll be running Acrobat or at least Reader. We’re also cross-platform for sharing documents on the desktop, cross-platform for authoring and viewing on the desktop, as well as cross-platform with our Policy Server. One of the very significant differentiators for us — all of the policies are fully dynamic, so that after a policy is published, you can change the policy on a document, such as ‘add users, remove users, change permissions, change the expiration, or immediately revoke the document’ — without having to republish it. That’s because there is this dynamic connection between the viewer and the Policy Server, instead of just statically burning the rights into a document and which then couldn’t be changed.
FOSS: How would it work if someone was using another PDF-viewing application, such as the Preview built in to Apple’s Mac OS X, to view policy-protected PDFs?
LANDWEHR: The Macintosh Preview application does not incorporate these security capabilities, so for those customers, we would encourage them to use the free Adobe Reader. Otherwise, they would not be able to open the documents. The security capabilities that we provide are essentially a ‘fail secure’ — if a previous version of the Reader that does not support security, the document will remain secure and will not open.