Understanding AD RMS Trust Policies
Updated: March 8, 2008
Applies To: Windows Server 2008
You can add trust policies so that AD RMS can process licensing requests for content that was rights-protected by a different AD RMS cluster. You can define trust policies as follows:
Trusted user domains. The addition of a trusted user domain allows the AD RMS root cluster to process requests for client licensor certificates or use licenses from users whose rights account certificates (RACs) were issued by a different AD RMS root cluster. You add a trusted user domain by importing the server licensor certificate of the AD RMS cluster to trust.
Trusted publishing domains. The addition of a trusted publishing domain allows one AD RMS cluster to issue use licenses against publishing licenses that were issued by a different AD RMS cluster. You add a trusted publishing domain by importing the server licensor certificate and private key of the server to trust.
Windows Live ID. Setting up a trust with Windows Live ID allows an AD RMS user to send rights-protected content to a user with a Windows Live ID. The Windows Live ID user will be able to consume rights-protected content from the AD RMS cluster that has trusted Windows Live ID, but the Windows Live ID user will not be able to create content that is rights-protected by the AD RMS cluster.
Federated trust. Establishing a federated trust between two forests is done by using Active Directory Federation Services. This is useful if one forest does not have AD RMS installed, but its users need to consume rights-protected content from another forest. For more information about setting up federation support in AD RMS, see Configure Federated Identity Support Settings.