Did Rossman explicitly decide to avoid using the term DRM in describing his company's technology, or is he simply naive about DRM? Although the company uses the term "document policy compliance solution" to describe its product, PSS1 is a DRM system.

PSS1 uses public-key (RSA) and symmetric-key (AES, Triple DES) cryptography. The system applies a "policy stamp" to each document, which specifies who can do what to or with the document, equivalent to a license in a traditional DRM architecture. It requires that each user have "PSS Agent" software on his or her machine in order to access information, just as traditional DRM products require you to have special client software. Except for the use of XACML for specifying access policies - a general-purpose security specification language, as opposed to a more DRM-specific rights specification language like MPEG REL or ODRL - this is a DRM architecture for enterprise applications.

Ever since the combination of the tragic events of September 11, 2001 and the various corporate scandals, many industries have drastically increased the amount of attention they are paying to control over information access. Implementation of U.S. government legislation, such as the Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act (GLBA; security and privacy of personal financial information) and Sarbanes-Oxley Act (internal controls over information in financial reporting) in financial services, has engendered the need for access control of documents within corporations as well as control over how documents are distributed, both internally and externally.

DRM vendors per se have seen these groundswells of interest - especially in the regulatory areas - as opportunities, and they have made some noises about their solutions' applicability to those areas. The fact is that although PSS has given their technology a different name, corporate DRM solutions from vendors like Authentica, SealedMedia, and RightsMarket are similar to PSS1, the only substantive difference being that PSS places more emphasis on the centralized policy management component than the others do.

The chief drawback to implementing technology that supports a detailed, fine-grained corporate access policy - as opposed to just writing policy manuals and expecting them to be followed - is the inordinate amount of effort it takes to develop, deploy, and maintain such technology across the enterprise. Now that there is so much heightened concern over document security, corporations and government organizations may actually be willing to go to all that effort, giving products like PSS1 a market. If companies do start to invest the necessary resources, then existing corporate DRM vendors will need to add more policy management functionality, which will take time but does not seem unreasonable.

PSS is making news as much because of its storied CEO and backers - including Adobe Ventures and several high-profile Silicon Valley VCs, who together have pumped $30 Million into the company - as because of its technology. PSS has a head start, but expect to hear about a lot more HIPAA/GLBA plays in the DRM world in the months and years to come.