As you know, we have made developing RMS-enabled applications much easier with the release of the AD RMS SDK 2.0. What used to take months and thousands of lines of code, now takes days and just a few dozen API calls.
That means that if you develop an application that creates documents that need to be protected, you can now do so with minimal investment and in a very consistent and robust way.
But what if your application has to deal with files in a format that is not its own? What if your application has to protect or consume files that can be in ANY of a myriad of file formats, many of which you don’t even understand? For example, your application is a document management system to which documents in different formats can be uploaded, or it might be a Data Leakage Prevention solution that has to scan and protect files in different formats as they are found on disk. In those cases, handling protected files involved a significant effort as you had to make decisions on the fly based on the format the files were in, and perform lots of low-level functions to get files protected and unprotected as needed.
We are pleased to announce the new File API for Rights Management Services. The File API is a new API that allows applications to easily protect and unprotect files in a single operation. With the file API, you pass the file to an API like EncryptFile along with the policy you want applied and the API does the rest. It will identify the file’s format, and then protect the file appropriately. If it can’t find a suitable protector it will use the brand new Protected File format to encrypt the file and embed access controls so the file is protected in a generic format. All in a single operation.
// Unprotected file so protect it with full rights to the provided email name
hr = IpcfEncryptFile(wszFilePath, UsageRights, Owner);
And if your application has to consume protected files, it is equally simple. You call the API, pass a pointer to the file and, assuming your software runs under an account with the required rights, you get an unprotected file as a result.
This can be extremely useful in integrating solutions with AD RMS, for example:
And there are many, many other scenarios where the File API can be used to integrate your software with AD RMS.
So how does the File API relate to the AD RMS SDK 2.0 (a.k.a. MSIPC)? The File API is built on top of the SDK, so in essence there’s no overlap in functionality. If your application creates files in its own file format and you are responsible for controlling that file format, then the SDK 2.0 will enable you to create files in the right file format. If, on the other hand, you have to deal with files created by other applications in format you don’t control and you want to be able to protect or decrypt such files from your own software in order to provide protection while you are able to do things with the files content, then the File API is for you.
So I can imagine you are anxious to begin working with the File API. File API Beta is now available at Microsoft Connect (https://connect.microsoft.com/site1170/program6586). You need to sign-up to Microsoft Connect with your Microsoft Account (a.k.a. Live ID), join the Rights Management Services TAP (you can use the Search function to find this in the Directory) and then download the API package by going to http://connect.microsoft.com/site1170/downloads. Once you begin testing it, you can post your feedback at http://connect.microsoft.com/site1170/feedback.
We will be looking forward to see the new solutions you build by using the File API!