SHIELD DRM FAQ & Specifications Summary

This document is related to SHIELD DRM.Received Q&AWowTechnical Background/Response GuideThis is a document that is listed together.

Q1. When uploading DS documents from a local PC to the cloud, the phenomenon where the AIP document owner changes to the Security365 app.

**Q)**Can the AIP document owner be set to the user themselves instead of the Security365 app when uploading to the cloud?

A)Not possible. When converting in the cloudAzure Application PermissionsConversion is performed, and conversion through user delegation permissions is not supported.

Technical Background

SHIELD DRM is based on Microsoft Entra ID (formerly Azure AD).MSAL Authentication Flowsupports,DaemonAdopt a type.

Daemon MethodWhat is it?
- It is a method by which services/applications operating in the background perform authentication/authorization without user intervention.
- It is mainly used for communication between servers or automation tasks.
Client Credential Flow
- of the appClient ID / Client SecretObtain tokens using __PH_0__.
- User login information is not required.
- As a resultIt is not possible to convert the document as the owner or delegate ownership.

Countermeasures

Label PolicyIt can be configured to allow changing labels regardless of the owner.
- Enabling this policy allows for the proper change of labels in app ownership documents.

Reference Document

Summary of MSAL Authentication Flow
[SHIELD DRM Specification]https://devdocsy.softcamp.co.kr/SHIELD DRM/summary/specification/#%EC%A3%BC%EC%9D%98-%EC%82%AC%ED%95%AD)

MSAL 인증 흐름 다이어그램

Q1. When uploading DS documents from a local PC to the cloud, the phenomenon where the AIP document owner changes to the Security365 app.​

Technical Background​

Countermeasures​

Q1. When uploading DS documents from a local PC to the cloud, the phenomenon where the AIP document owner changes to the Security365 app.

Technical Background

Countermeasures