Creating and Using Issuance Licenses
[The AD RMS SDK leveraging functionality exposed by the client in Msdrm.dll is available for use in Windows Server 2008, Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. It may be altered or unavailable in subsequent versions. Instead, use Active Directory Rights Management Services SDK 2.1, which leverages functionality exposed by the client in Msipc.dll.]
An issuance license is a version 1.2 Extensible Rights Markup Language (XrML) document that identifies the rights that can be made available to users who want to consume content that has been protected by using Active Directory Rights Management Services (AD RMS). The issuance license is used to acquire an owner license that the content owner can use to encrypt content or an end-user license that a consumer can use to decrypt content.
An application can create an issuance license from scratch, from a template, or from an existing license by using the DRMCreateIssuanceLicense function. The function returns a license handle. After a license has been created, it must be signed before it can be used. Licenses can be signed online or offline by using the DRMGetSignedIssuanceLicense function. Additionally, online signing can be accomplished by using the AcquireIssuanceLicense SOAP method. Online signing uses the AD RMS certification service. Offline signing uses a client licensor certificate issued previously by an AD RMS service. When signed online, only the issuance license is returned to the caller. When signed offline, the license chain includes the signed issuance license and the client licensor certificate.
Unsigned issuance licenses can be used to create issuance license templates or to update existing issuance licenses. For more information, see DRMGetIssuanceLicenseTemplate.
An issuance license can contain the following items.
- The date and time that it was issued.
- The validity period.
- The content ID, name, and description.
- The name and public key of the license issuer.
- The silent license acquisition URL (signed issuance license only).
- The nonsilent license acquisition URL and fallback URL (RMS client 1.0 signed issuance licenses only).
- The users and groups that can be granted issuance licenses.
- The rights available to the users and groups.
- The conditions for using the issuance license.
- The content key and rights information encrypted by using the server public key.
- The digital signature of the license contents.
Issuance licenses are discussed in more detail in the following topics.
|Issuance License XML Examples||Contains XML examples for issuance licenses that have been signed online and offline.|
|Creating an Issuance License||Discusses multiple ways to create an issuance license.|
|Online Signing Code Example||Contains a C++ sample that creates an issuance license and signs it by using an AD RMS certification service in the enterprise.|
|Offline Signing Code Example||Contains a C++ sample that creates an issuance license and signs it by using a client licensor certificate from the local certificate store.|