The following terms are defined in [MS-GLOS]:
Advanced Encryption Standard (AES)
certification authority (CA)
configuration naming context (config NC)
Coordinated Universal Time (UTC)
Data Encryption Standard (DES)
domain controller (DC)
fully qualified domain name (FQDN)
globally unique identifier (GUID)
NT LAN Manager (NTLM) Authentication Protocol
security identifier (SID)
SOAP fault code
Stock Keeping Unit (SKU)
Universal Naming Convention (UNC)
The following terms are specific to this document:
certificate: As used in this document, certificates are expressed in XrML 1.2.
client licensor certificate (CLC) chain: An XrML 1.2 certificate chain that contains an asymmetric signing key pair issued to a user account by an RMS publishing service and binds that user account to a specific computer. The CLC grants the role of a user who can publish protected content.
cloud service: A set of one or more publicly available services that Microsoft operates.
consumer: The user who uses protected content.
content key: The symmetric key used to encrypt content.
creator: The user who creates protected content.
endpoint: A network-specific address of a server process for remote procedure calls. The actual name of the endpoint depends on the RPC protocol sequence being used. For example, for the NCACN_IP_TCP RPC protocol sequence, an endpoint might be TCP port 1025. For more information, see [C706].
hardware ID (HID): A string usually derived from a fingerprint of an individual computer. The HID is an identifier for a computer.
license: An XrML1.2 document that describes usage policy for protected content.
license chain: Similar to a certificate chain, but for a license.
offline publishing: The process of creating protected content and signing the associated publishing license using a previously acquired CLC.
online publishing: The process of creating protected content and contacting a server to have the publishing license signed.
protected content: Any content or information (file, email) that has an RMS usage policy assigned to it and is encrypted according to that policy. Also known as "Protected Information".
publishing license (PL): An XrML 1.2 license that defines usage policy for protected content and contains the content key with which that content is encrypted. The usage policy identifies all authorized users and the actions they are authorized to take with the content, along with any conditions on that usage. The publishing license tells the server what usage policies apply to a given piece of content and grants the server the right to issue use licenses (ULs) based on that policy. The PL is created when content is protected. Also known as an "Issuance License (IL)".
Passport Unique ID (PUID): A unique user name associated with a Microsoft Passport account.
rights policy template: An XrML 1.2 document that contains a predefined usage policy that is used to create the PL when content is protected. Conceptually, a rights policy template (or "template") is a blueprint for a PL, identifying authorized users and the actions they are authorized to take with the content (along with any conditions on that usage). Unlike a PL, a template does not contain a content key or information about the content owner. The content key and information about the content owner are required to be added when the PL for a given piece is created from the template. End users can use a template when protecting a document instead of defining the specifics of the usage policy themselves. When a document is published using a template, the template is used to generate the PL.
RMS account certificate (RAC): An XrML 1.2 certificate chain that contains an asymmetric encryption key pair issued to a user account by an RMS Certification Service. The RAC binds that user account to a specific computer. The RAC represents the identity of a user who can access protected content. The RAC is also known as a "Group Identity Certificate (GIC)".
security processor: A trusted component on the client machine that enforces usage policy. It has exclusive access to the security processor certificate (SPC) private key.
security processor certificate (SPC): An XrML 1.2 certificate chain generated during activation that contains the public key corresponding to the SPC private key. The SPC grants the role of a machine that can be used for working with protected content.
security processor certificate (SPC) private key: A unique private key that is generated at activation time and issued to the machine, either by self-activation or by calling the Activate method.
server licensor certificate (SLC): An XrML 1.2 certificate that contains a public key issued to an RMS server by an RMS cloud service (RMS 1.0, RMS 1.0 SP1, and RMS 1.0 SP2) or Self Enrollment (RMS 2.0). The RMS client uses the RMS server's public key to encrypt the usage policy and content key in a publish license.
service connection point (SCP): An object stored in Active Directory that specifies the location of an RMS server.
use license (UL): An XrML 1.2 license that authorizes a user to access a given protected content file and describes the usage policies that apply. Also known as an "End-User License (EUL)".
XrML: The eXtensible rights Markup Language [XRML] is a general-purpose, XML-based specification grammar for expressing rights and conditions associated with digital content, services, or any digital resource.
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as described in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.