3.3.4.1 SubEnroll
During the SubEnroll operation, the requestor submits its public key and its metadata. The response contains signed SLC that grants the requestor the right to issue licenses.
Figure 4: SubEnroll message sequence diagram
A subordinate RMS server generates its own asymmetric key pair. It then uses the SubEnroll operation to request that its public key be contained within an SLC chain that it can use to issue licenses to protected content.
-
<wsdl:operation name="SubEnroll">
The SOAP operation is defined as follows.
-
<soap:operation soapAction="http://microsoft.com/DRM/SubEnrollmentService/SubEnroll" style="document" />
Request Validation:
The responding server MUST validate the input parameters upon receiving a SubEnroll request. The SubEnroll request MUST follow the schema specified in section 3.3.4.1.1.1.
|
Parameter |
Description |
|---|---|
|
aPublicKeyBytes |
MUST contain the requestor's public key, represented as a base-64 encoded string. This key will be the public key that is issued in the resulting SLC.<20> |
|
Guid |
MUST contain a GUID that will be used to identify the public key inside the resulting SLC. MUST be formatted as a 32-character hexadecimal string in the following format: {8chars-4chars-4chars-4chars-12chars}. |
|
SKU |
MUST be a string. Contains information such as the version information of the requesting server. |
|
Version |
MUST be a string. Contains information such as the version information of the requesting server. |
|
URL |
MUST be a string that contains the URL of the requesting server. |
Data Processing:
For a successful request, the responding server MUST generate and return a signed SLC chain. The leaf-node SLC MUST contain the public key that was submitted in the request and associate the SKU, version, and URL with that key. The responder's own SLC chain MUST be appended to the SLC that is generated for the requestor. The SLC format is specified in [MS-RMPR] section 2.2.9.3. The SLC chain is specified in [MS-RMPR] section 2.2.9.2.
Response:
A successful SubEnroll response MUST follow the schema specified in section 3.3.4.1.1.2. A successful response MUST return the SLC chain that was generated for the requestor. For an unsuccessful request, the server MUST return a fault code. This operation throws only Common Fault Codes for the RMS: Server-Server Protocol.