1.3.4 GroupExpansionWebServiceSoap Overview

RMS servers use the Group Expansion over SOAP port type of the RMS: Server-Server Protocol to determine group membership of authorized users across complex network directories.

Access policy on RMS protected content can specify individual users as well as distribution groups. When a consumer contacts the RMS server for authorization to access protected content, the server might need to consult the directory to determine whether that user is a member of a group that is specified in the policy. If the group exists in a partition of the directory to which the RMS server does not have access, that RMS server needs to contact another server that does have appropriate permissions. This server-to-server communication can use either the Group Expansion over SOAP port type or the Binary Group Expansion interface.

The Group Expansion over SOAP port type exposes one request/response operation: IsPrincipalMemberOf.