ABSTRACT
In the era of WikiLeaks and the sensitivity of documents in an enterprise system at all classication levels, there is a need for assured content delivery. e promise of digital rights management (DRM) has yet to be realized, and knowledgeable analysts opine that it may never be achievable. It will certainly need copious amounts of specialized software-and maybe even specialized hardware before information assurance can be satised. We do not rely on DRM technologies at this point, but reserve the right to review future developments in this area. Nonetheless, there is a need for an assured content delivery process for enterprise authoritative documentation. is chapter presents a process of culling the authoritative information and placing it in an authoritative content repository. Content in this repository is available only through a service request, and “browsing” of the content is not permitted. e existence of the document and related documents may be obtained from search engines or other references. e content store has a librarian, which is a collection of software and manual processes, and a retrieval service. ese two aspects provide for the authenticity and authority of the content. In an environment of trusted individuals, control is provided in the notication of restrictions and the diligence of the users. However, methods of tracing activities in the use and distribution of the most critical documents are provided as a possible mitigation of insider threats. is enterprise solution is part of a larger enterprise architecture that is web-service-based and driven by commercial standards and includes naming, certicates issuance for identity and PKI, mutual authentication and condentiality through transport layer security, and digital signatures for integrity. e work on content management has been ongoing since 2004, and it was nally integrated into the SAML approaches in 2011 and published in 2012 [63].
