Developing Compliance Solutions on Office 2007
I know that I mentioned that I'll start stepping you through customizing the ribbon today but I am just too excited! I released my whitepaper on Compliance Features for the 2007 Microsoft Office System today and I can't seem to talk about anything else. This is a great paper and I'm just so excited to get this out the door to you guys.
Why should you, as a developer, care about compliance?
Because there are a multitude of opportunities out there for you. Take a minute to read through a few of the compliance-related blogs out there and you'll see that there's a HUGE customer demand. Basically, you'll have companies banging down your door for your code. :) Here are some good blogs to read to get acquainted with the compliance area: Office 2007 Records Management blog, Russ Stalters, and Marc Dencker.
In addition to those blogs, at the end of my whitepaper I've listed a lot of resources to get you jumpstarted on building your own solutions. Office 2007 sets you up to take advantage of that huge customer demand. As I mentioned in my previous posts, Office 2007 does all the plumbing and dirty work so that you don't have to. It's not that it takes you away from writing code, it just gives you more time to write more of the useful code.
Let me give you a few examples of ways you can extend Office 2007 to build compliance solutions (this is right out of my paper folks ;-)).
Adding Instant Messaging History to the Records Center
A major issue on the technical side of compliance is handling unstructured data such as e-mail and instant messaging. E-mail records management is built into the 2007 Office system, but there is no out-of-the-box ability to store instant messaging conversations as records. Office Communicator has always been an enterprise-class, security-enhanced instant messaging application, but in the 2007 release, it also stores all session history on the Exchange Server 2007 system and makes it viewable to the user through a specially-created folder in the user’s Office Outlook 2007 inbox. This storage results in an audit log for each conversation and file transfer (for example, who participated, what was written, and at which date and time). With the Records Center feature in Office SharePoint Server 2007, you can now write custom code to quickly connect the two and send all instant messaging session history to the Records Center.
The custom code would first query the Exchange Server 2007 system to retrieve the session history files. It would then use SharePoint Products and Technologies to send the files to the Records Center site.
Server-Side Signing of Documents
In the 2007 Office release, you can digitally sign all Office Word 2007, Office Excel 2007, Office PowerPoint 2007, and Office InfoPath 2007 files to help ensure authenticity and then upload them to the server. The same is not true for all third-party files or all other non-core Microsoft Office file types. Authenticity is a major issue in compliance, and there are opportunities for you to extend the 2007 Office system platform to meet this need. With some custom code, no matter which file (such as a CAD file or a Windows media file) a user uploads to a SharePoint site, the user can digitally sign that file during the upload process to ensure that all necessary files are authenticated.
After the 2007 Office application initially verifies the signature, custom code can verify the third-party certificate and then modify the XML-DSIG. On the server side, you would parse the XML-DSIG to extract the public key, algorithm details, and the signed data. You could then verify the key and store it in an IRM-protected document library.
Attached is the technical architecture I've drawn of the 2007 Microsoft Office System client, server, and tools (also available in the whitepaper). In this diagram, you can see how common technologies such as XML and ASP.NET connect all the different components of the 2007 Microsoft Office System to make it interoperable so that you can easily make those enterprise solutions.
Read it and let me know what you think.