4.1 Publishing Usage Policy Example

Publishing usage policy is part of the process of protecting information. Publishing usage policy is the act of expressing who can use an author's protected information, in what way, and with what conditions and durations. Published usage policy is signed by an issuer - either the server (online publishing) or the author (offline publishing). In the case of offline publishing, the server delegates the author to sign the usage policy on its behalf. The server honors this signature as a trusted delegate by issuing the author a CLC chain. The CLC represents an asymmetric key pair that is used to sign usage policy, thereby publishing it.

RMS is responsible only for issuing policy and certificates. The application (for example, the Microsoft Office System with Information Rights Management) is responsible for persisting the policy with the protected information.

The following section describes a typical scenario involving an RM-aware application and an author who is publishing usage policy for protected information:

1. Deploy client package.

   Deployment of the client package installs binaries on the client machine.<56>

2. Activate machine locally.

   

Figure 18: Local machine activation

Activation is the process by which an SPC is generated on the client machine. The SPC represents a pair of keys for the machine that is used to protect the user's keys in a subsequent step.

In the RMS 1.0 client, the activation stage involved contacting a web service run by Microsoft to acquire a binary and some metadata. RMS version 1.0 SP1, 1.0 SP2, and 2.0 clients eliminate the need for this step by providing a form of self-activation that does not contact the server.

1. Call the Certify method.

   

Figure 19: Certify method call

Certification is the process by which the server issues a RAC. The RAC represents a pair of keys for the user that is used to protect authorization policy and content keys in subsequent steps. The RAC keys are themselves protected by the keys represented by the SPC from step 2.

The call to the Certify method provides the SPC a form of authentication and a flag that indicates whether to issue a temporary, short-lived RAC or a normal, long-lived RAC. The result of a successful Certify call is a RAC.

1. Call the GetClientLicensorCert method.

   

Figure 20: GetClientLicensorCert method call

To publish offline, a client possesses a CLC chain. A CLC is a form of delegation issued by the server that allows the client author to sign usage policies for protected information.

The client first calls the FindServiceLocationsForUser web method, providing the authentication information, to determine at which URL the server that issues CLCs is located. Once this URL is obtained, the client calls the GetClientLicensorCert web method at this URL and provides the user RAC. A successful response from the server results in a CLC being returned to the client.

1. Encrypt protected information using client APIs.

   At this point the application and the client have all certificates and keys needed to complete the publishing and protection step. The application encrypts the information using these certificates, keys, and the RMS client APIs.

2. Construct the usage policy using client APIs.

   The application uses the RM client APIs to construct the usage policy (unsigned issuance license) that expresses the set of users that can use this protected information, in what ways, and under what conditions. The usage policy can be created either directly or by using a rights policy template.

3. Sign the usage policy using client APIs and a CLC key.

   The unsigned issuance license is signed using the key represented by the CLC, producing official usage policy in the form of a signed issuance license.

4. Application persists policy with protected information.

   Finally, the application persists the signed issuance license in a location it can access along with the protected information.