2.2.9.5.5 FEDERATIONPRINCIPALS

The FEDERATIONPRINCIPALS element of the RAC issues the RAC private key to the user account and binds it to the machine by encrypting it with the SPC. It MUST use the following template.

 <FEDERATIONPRINCIPALS>
    <PRINCIPAL>
       [[- machineobject -]]
       [[- enablingbits -]]
       [[- platform -]]
       [[- manufacturer -]]
       [[- repository -]]
    </PRINCIPAL>
 </FEDERATIONPRINCIPALS>

[[- machineobject -]]: MUST be an object element that identifies the machine. MUST be copied verbatim from the object in the principal element in the ISSUEDPRINCIPALS element of the SPC, including the same GUID.

[[- enablingbits -]]: MUST be the RAC private key encrypted with the SPC public key, contained within an ENABLINGBITS element. The encryption method can be any public key algorithm.

[[- platform -]]: MUST be a SECURITYLEVEL element with the name "Platform" and the value of a string that contains the version of the client platform. MUST be copied verbatim from the principal element in the ISSUEDPRINCIPALS element of the SPC.

[[- manufacturer -]]: MUST be a SECURITYLEVEL element with the name "Manufacturer" and the value of a string that contains identifying information about the creator of the security processor. MUST be copied verbatim from the principal element in the ISSUEDPRINCIPALS element of the SPC.

[[- repository -]]: MUST be a SECURITYLEVEL element with the name "Repository" and the value of a string that contains the version of the security processor. MUST be copied verbatim from the principal element in the ISSUEDPRINCIPALS element of the SPC.