Rights Account Certificates

Updated: June 1, 2008

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Organizations must identify the users who are trusted entities in their RMS system. To do this, RMS issues rights account certificates that associate user accounts with specific computers. The user's rights account certificate must be included with the request for client licensor certificates and use licenses. A client licensor certificate allows an author to publish rights-protected content, such as files and e-mail, while offline. A use license allows a user to consume rights-protected content. Each rights account certificate contains the user's public key, which is used to encrypt data that is intended for that user.

There are two types of rights account certificates: standard and temporary. You can specify the validity period for both types. Standard certificates have a duration that is specified in days (365 days, by default). Temporary account certificates have a duration that is specified in minutes (15 minutes, by default). Temporary account certificates allow users to temporarily consume content, for example at a kiosk, when they cannot gain access to the computer that they usually use. This prevents another user from consuming the content from this computer at a later time.