2.3 Binary Group Expansion Interface

An RMS server uses the Binary Group Expansion interface to verify group membership of a specific user with another RMS server. Each message in this interface consists of a serialized octet stream.

The interface provides a mechanism for a requester to verify with a responder whether a specific user is currently a member of specific groups that the requestor cannot expand by contacting the directory itself.

It is possible that a requested group contains a subgroup in another forest, causing the responder to make a new IsPrincipalMemberOf request to another server before it can respond to the original requestor. To prevent infinite loops or unacceptably long response times, the request specifies a number of servers that have been involved in servicing this group expansion request so far.