Share via

2.3.2.6 RMS Certificates and Licenses

RMS defines specific XrML certificates to identify and trust different entities in the system. Licenses are also XrML certificates but are used to specify rights and conditions that govern content use. The following sections describe the certificates and licenses that are used by RMS.

Server licensor certificate: The server licensor certificate (SLC) represents a root of trust in the system and the enterprise. It is the identity of an RMS server and enables a server to issue certificates and licenses for working with protected content. The SLC grants the right to issue:

security processor certificate: The security processor certificate (SPC) is generated during activation and contains the public key corresponding to the security processor certificate (SPC) private key. The SPC represents the identity of a computer that can be used for working with protected content. For more information about activation, see [MS-RMPR] section 3.8.4.1.

RMS account certificate: The RMS account certificate represents the identity of a user who can access protected content.

client licensor certificate: The client licensor certificate (CLC) enables a user to publish protected content offline.

Publishing license: The publishing license (PL) defines the usage policy for protected content and contains the content key with which that content is encrypted. The usage policy identifies all authorized users and the actions that they are authorized to take with the content, along with any conditions on that usage. The PL communicates to the server what usage policies apply to a given piece of content and grants the server the right to issue use licenses (ULs) that are based on that policy. The PL is created when content is protected.

Use license: The UL authorizes access to a given piece of protected content and describes the usage policies that apply. The UL contains the symmetric content key for decrypting the content.