RMS Revocation

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Revocation is a mechanism that revokes a credential that has already been issued, such as a certificate or license. The primary purpose of revocation is to prevent entities that are no longer trusted from participating in an RMS system. For example, revocation can be applied in the following scenarios:

• To prevent content from being consumed when a principal or identity that is in the chain of trust has been compromised, such as when an individual leaves your organization and should no longer be able to view rights-protected content.

• To prevent a particular RMS-enabled application from opening a piece of content if the application is no longer trusted.

• To prevent a piece of objectionable content that is already distributed and licensed for consumption from being consumed further.

Revocation works on the client to prevent users from consuming a piece of content, even if a use license has already been issued for it. When you enable it, revocation is in effect every time that a user attempts to consume rights-protected content, regardless of whether or not the user has a locally stored copy of the use license or is requesting a new use license from the RMS cluster at the time of consumption.

The section provides an overview of revocation. For information about how to use revocation with RMS, see "Managing Revocation" in "RMS: Operations " in this documentation collection.

This section covers:

• How RMS Revocation Works

• RMS Revocation Lists

• Revocation in Rights Policy Templates

• Revocation and Disconnected Authors