MicroStation loads only digital, rights-compliant applications in a file that has limited rights. This section explains how the author certifies an application as rights-compliant and how applications are screened at runtime.

File Protection allows for the use of rights-compliant applications developed outside of Bentley, while preventing non-compliant MDL applications from circumventing rights enforcement. A compliant MDL application checks for digital rights and does not perform any unauthorized functions, such as printing, exporting, or modifying. Many MDL applications, including pre-existing applications, are compliant because they do not perform restricted functions. Other applications have to be changed to become compliant. Rather than trying to prevent illegal operations, MicroStation refuses to load a non-compliant MDL application when less than unlimited rights are granted. Thus, the user can safely use compliant applications and has no access to non-compliant ones.

Bentley has certified the applications that ship with MicroStation. Bentley cannot certify applications developed by others. It is up to the author to certify non-Bentley applications as rights-compliant. Once an application is certified, it is designated as being digital rights-compliant. An application is digital rights-compliant if it is:

• digitally signed
• its signature is verified
• the signing key is either Bentley’s signing key or is a key identified by the author

MicroStation recognizes digital rights-compliant applications by the public keys used in their signatures. Keep in mind that the author identifies the signing keys rather than applications. MicroStation treats any application that was signed using a specified signing key as rights-compliant. Therefore, the author must be careful to guard the signing certificate and only use it to sign rights-compliant applications.

The digital signature prevents anyone from modifying an application after it has been certified and signed by the author. File Protection allows multiple authors to sign the same application without invalidating each other’s signatures. A signed application can also be modified and then re-signed. If an application has multiple signatures, MicroStation recognizes the application as digital rights-compliant if it can verify and recognize any one of them.

If an author adds a signature to an application, he must distribute the affected .MA files to users. In most cases, an author will rely on the original software publisher to sign the application files and simply cite the publisher’s key.