• Replies 6 replies
  • Subscribers 61 subscribers
  • Views 4014 views
  • Users 0 members are here

Secure Document Proposal

Scott Soper
Offline

Recently a group asked me to create a folder within their datasource to use for a high-security sub-project.  I worked with them to set up a top level folder that only their group can view and access, but there is still some concern about file security and secrecy.  The issue is that even though we can give users read-only access, the file is still kept locally on their PC.  Yes, I know I can have the local file purged but that doesn't prevent someone from copying the local file while it's opened.

I was thinking that for security it would be helpful to have the ability to lock-down files so they can only be viewed directly from the ProjectWise server - no file transfer takes place.  Thoughts?

Parents
  • Offline

    The only way to truly offer this is for Bentley to create viewers for the various file types that are part of the project that enforces the restrictions and then all users would have to use PW Explorer to access the project (web browsers would need a local copy of the file, as Mike mentions.)

    Just opening the file from the server (say via some protected windows files) wouldn't solve the problem -- all applications that open files locally, or from the network, have a Save As... function that would all users to make their own local copies.  You have to have completely trusted applications as well, so the viewer would have to be made with this purpose in mind.

    Some of Bentley's new DRM stuff coming from the publishing group can help with this.  For example you can produce documents that are locked for a particular duration and unopenable after that. The documents can be revoked even after issued so if you suspect a document has leaked you can kill it. But you'll have a limited number of viewers that work with this level of DRM.

    John Simmons did a session on this at the last Mid-America CADD community conference.  They might be doing another at a user conf in Seattle.

     

Reply
  • Offline

    The only way to truly offer this is for Bentley to create viewers for the various file types that are part of the project that enforces the restrictions and then all users would have to use PW Explorer to access the project (web browsers would need a local copy of the file, as Mike mentions.)

    Just opening the file from the server (say via some protected windows files) wouldn't solve the problem -- all applications that open files locally, or from the network, have a Save As... function that would all users to make their own local copies.  You have to have completely trusted applications as well, so the viewer would have to be made with this purpose in mind.

    Some of Bentley's new DRM stuff coming from the publishing group can help with this.  For example you can produce documents that are locked for a particular duration and unopenable after that. The documents can be revoked even after issued so if you suspect a document has leaked you can kill it. But you'll have a limited number of viewers that work with this level of DRM.

    John Simmons did a session on this at the last Mid-America CADD community conference.  They might be doing another at a user conf in Seattle.

     

Children
  • in reply to Kevin van Haaren

    Yes, Kevin is correct in that we are working on a DRM solution for us with both ProjectWise and eB. We use the acronym DRM to refer to Dynamic Rights Management. It’s also referred to in other forums as Digital Rights Management, Information Rights Management, and Content Rights Management. We prefer the usage of “Dynamic” since it reflects the real-time nature of the control that you have over documents that have DRM applied to them.

    In a nutshell, DRM Protects digital content from unauthorized access through a content-centric security model using encryption and embedded policies. This model allows you to have real-time control over your deliverables to control access, audit usage, revoke out-dated information like construction drawings. Initially, DRM will support PDF and Office formats, but the intent is to extend it to other Bentley deliverables, like i-models.

    The target for this functionality is not information stored in PW or eB – that’s already secure. It’s also not targeted for files that you copy/check in-out of those repositories either for WIP since encrypting/descrypting in and out of the managed environment isn’t a good thing to do either. Rather, the focus will be on deliverables – documents that are finalized and being distributed to others. DRM gives you the ability to control access and usage (view, print, comment, modify) of those documents anywhere, anytime.

    One good use case is that I’ve issued drawings for construction, and there’s been an engineering change that requires new drawings be issues. With DRM, you can revoke the previous drawings that have been issued ,and as users access those drawings they will be informed of the revocation and offered to access the updated drawings – all from the same interface. There are other use cases as well, but I think you get the idea.

    We think that it will be pretty handy, but what really matters is what you think.

    So what do you guys think?

    Thanks - John

  • in reply to John Simmons

    Hello John,

    My first thought when reading this thread was " How can this be used with Bentley Transmittals " I know there will be times when a transmittal is sent to a user and then we need to revoke if for some reason or another.  Would the DRM functionality be able to do that?

    Thank you

    Stephen

  • Offline in reply to Stephen Herrick

    Hi Stephen,

    Bull's eye!:)

    We are indeed looking to integrate Bentley Transmittal Services with the DRM.

    Regards,

    Rimantas

Communities
Support and Services
Training and Learning
Social Media