2.2.9.7 Publishing License

  • Article

This section defines the format of the PL. PLs generated from offline publishing are built by the client and signed using the CLC. PLs generated from online publishing are built by the client and signed by the server.

The PL SHOULD use the following template.

 <XrML version="1.2" xmlns="">
    <BODY type="Microsoft Rights Label" version="3.0">
       [[- issuedtime -]]
       [[- descriptor -]]
       [[- issuer -]]
       [[- distributionpoint-int -]]
       [[- distributionpoint-ext -]]
       [[- issuedprincipals -]]
       [[- distributionpoint-ref -]]
       <WORK>
          [[- workobject -]]
          <METADATA>
             [[- owner -]]
          </METADATA>
          [[- revocationpoint -]]
       </WORK>
       [[- authenticateddata -]]
       [[- exclusionpolicy -]]
       [[- inclusionpolicy -]]
  
    </BODY>
    [[- signature -]]
 </XrML>

[[- issuedtime -]]: MUST be an ISSUEDTIME (section 2.2.9.1.1) element containing the time the PL was generated, in UTC.

[[- descriptor -]]: An optional element describing the policy in the PL. If present, the descriptor MUST be a DESCRIPTOR (section 2.2.9.7.1) element.

[[- issuer -]]: MUST be an ISSUER (section 2.2.9.7.2) element describing the issuer of the PL.

[[- distributionpoint-int -]]: MUST be a DISTRIBUTIONPOINT (section 2.2.9.7.3) element containing the intranet URL address of the server that will issue ULs from this PL.

[[- distributionpoint-ext -]]: SHOULD be a DISTRIBUTIONPOINT (section 2.2.9.7.3) element containing the external URL address of the server that will issue ULs from this PL.

[[- issuedprincipals -]]: MUST be an ISSUEDPRINCIPALS (section 2.2.9.7.4) element describing the principal and the server public key.

[[- distributionpoint-ref -]]: An optional element containing the author's referral information. If present, MUST be a DISTRIBUTIONPOINT (section 2.2.9.7.3) element of type "Referral-Info".

[[- workobject -]]: MUST be an object element that identifies the content that the PL applies to. This object SHOULD be created by the application used to create the PL and, therefore, SHOULD contain application-specific information.

[[- owner -]]: MUST be an OWNER (section 2.2.9.7.5) element that describes the author of the document.

[[- revocationpoint -]]: An optional field that specifies the location of a revocation list for the PL. If present, MUST be a CONDITIONLIST (section 2.2.9.7.9) element.

[[- authenticateddata -]]: MUST be an AUTHENTICATEDDATA (section 2.2.9.7.6) element that describes the usage policy issued by the author.

[[- exclusionpolicy -]]: MAY be a POLICYLIST element in an unsigned PL with type "exclusion" that identifies an exclusion policy list that applies to the PL and the information the PL protects. When the PL is signed, this is in the AUTHENTICATEDDATA element.

[[- inclusionpolicy -]]: MAY be a POLICYLIST element in an unsigned PL with type "inclusion" that identifies an inclusion policy list that applies to the PL and the information the PL protects. When the PL is signed, this is in the AUTHENTICATEDDATA element.

[[- signature -]]: MUST be a SIGNATURE (section 2.2.9.1.12) element containing the cryptographic signature of the body of the certificate, generated by the issuer of the certificate. The hash MUST be the hash of the body. The signature MUST be the hash encrypted with the issuer's private key. The key length MUST be the length of the issuer's private key, which MUST match the length of the issuer's public key.