Valden, I personally wouldn't implement access control. Everybody can modify OOo and get rid of all security checks.
So the only thing I would do is encrypting the session key with users public keys, so only certain people can open the document. That is all you can guarantee! Once somebody has access to the session key, you can't hinder him doing with the document what he wants. If you want rights management in an open source application, you need a trusted platform, signed applications, and probably some "rights management server". This is also true for closed source software, with the difference that modifying close source software is much more difficult. Malte. PS: Some of my thoughts on this topic can be found here: http://openmediacommons.org/workshop/presentations/Day1/3.Malte-OpenOffice.pdf Valden Longhurst wrote: > <Second attempt because it seems the PDF didn't come through> > > After talking with Malte Timmermann from Sun, he mentioned I might want > to bring my ideas to this group. Is this the correct group for this idea? > > Attached are two OOo files on how we can use both symmetric and > asymmetric encryption--WITHOUT using a Rights Management or Licensing > server to enforce business-justified document restrictions. My possible > solution involves what is called the "digital envelope" or "cryptolope." > > > ------------------------------------------------------------------------ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
