REVOCATIONLIST

  • Article

[The AD RMS SDK leveraging functionality exposed by the client in Msdrm.dll is available for use in Windows Server 2008, Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. It may be altered or unavailable in subsequent versions. Instead, use Active Directory Rights Management Services SDK 2.1, which leverages functionality exposed by the client in Msipc.dll.]

Contains a collection of all entities that cannot be granted access or items of content that cannot be used by any application that requires the AD RMS certificate or license. This element has the following definition.

<!ELEMENT REVOCATIONLIST (REVOKE*)>
<!ATTLIST REVOCATIONLIST
  type CDATA #REQUIRED>

<!ELEMENT REVOKE (OBJECT?,
                  DIGEST?,
                  PUBLICKEY?)>
<!ATTLIST REVOKE
  type CDATA #REQUIRED
  category CDATA #REQUIRED>

Remarks

Each item to be revoked (principal, license, or content) can be identified by the OBJECT, PUBLICKEY, or DIGEST elements as shown in the following example.

Examples

<REVOCATIONLIST>
  <REVOKE category="license" type="license-id">
    <OBJECT>
      <ID type="MS-GUID">EUL{...}</ID>
    </OBJECT>
  </REVOKE>
  <REVOKE category="license" type="license-hash">
    <DIGEST>
      <ALGORITHM>SHA1</ALGORITHM>
      <VALUE encoding="base64" size="160">...</VALUE>
    </DIGEST>
  </REVOKE>
  <REVOKE category="license" type="issuer-key">
    <PUBLICKEY>
      <ALGORITHM>RSA</ALGORITHM>
      <PARAMETER name="public-exponent">
        <VALUE encoding="integer32">65537</VALUE>
      </PARAMETER>
      <PARAMETER name="modulus">
       <VALUE encoding="base64" size="512">...</VALUE>
      </PARAMETER>
    </PUBLICKEY>
  </REVOKE>
  <REVOKE category="license" type="issuer-id">
    <OBJECT>
      <ID type="ascii-tag">Contoso, Inc.</ID>
    </OBJECT>
  </REVOKE>
  <REVOKE category="content" type="content-id">
    <OBJECT>
      <ID type="ascii-tag">July 2003 Subscriber List</ID>
    </OBJECT>
  </REVOKE>
  <REVOKE category="principal" type="principal-id">
    <OBJECT>
      <ID type="MS-PassportID">Compromised@example.com</ID>
    </OBJECT>
  </REVOKE>
  <REVOKE category="principal" type="principal-key">
    <PUBLICKEY>
      <ALGORITHM>RSA</ALGORITHM>
      <PARAMETER name="public-exponent">
        <VALUE encoding="integer32">65537</VALUE>
      </PARAMETER>
      <PARAMETER name="modulus">
        <VALUE encoding="base64" size="512">...</VALUE>
      </PARAMETER>
   </PUBLICKEY>
  </REVOKE>
 </REVOCATIONLIST>

Requirements
Product
 Rights Management Services client 1.0 or later

See also

BODY

XrML Elements