none
RMS Use License validity time?

    Question

  • A collegue and I were discussing the Use License certificate lifetime and the impact of cashing and content expiration.

    Can someone clarify how the EUL certificate validity is set?

    Allow EUL caching -> Forever? Or only remaining RAC validity?
    Allow EUL caching + content expiration -> Same as above (with datecheck)? Or only until expiration date?

    Allow short term EUL caching -> Forever (with datecheck)? Or the short term period?
    Allow short term EUL caching + content expiration -> Same as above? Or the shortest time of short term period/expiration date?
    (by "short term" I mean when user must reauthenticate every X days)

    Do not cache EUL -> No validity time? A minute? One use? Is the EUL saved at all?
    Do not cache EUL + expiration -> No validity time? A minute? One use? Is the EUL saved at all?

    Tom Aafloen, IT-security Consultant Onevinn AB

    Thursday, January 16, 2014 10:27 AM

Answers

  • Hi Tom -

    Once a document has expired, it is not accessible, regardless of the status of the use license (cached or not).

    By default, end use licenses are cached and I believe they stay cached for 365 days.

    If you decide to limit the cache period of the end use license, you have two options: 1) allow end use licenses to be cached for a certain number of days between 1 and 365, 2) do not cache end use licenses, which means that as soon as the Office document is closed, the use license is expired

    Does that help?

    Micah LaNasa

    Synergy Advisors

    synergyadvisors.biz

    • Marked as answer by Tom Aafloen Tuesday, January 28, 2014 8:33 AM
    Monday, January 27, 2014 6:16 PM
  • Yes, exactly. Once a document expires, no one can access it at all except a super user or the document author.

    Once a use license expires, the recipient calls to the RMS server to acquire a new use license.  At that time, the RMS server checks the user's rights and RAC to verify they still have access to the content (rights policy templates can change, users can be removed from AD, etc)

    Micah LaNasa

    Synergy Advisors

    synergyadvisors.biz

    • Marked as answer by Tom Aafloen Wednesday, January 29, 2014 9:14 AM
    Tuesday, January 28, 2014 4:54 PM

All replies

  • Hi Tom -

    Once a document has expired, it is not accessible, regardless of the status of the use license (cached or not).

    By default, end use licenses are cached and I believe they stay cached for 365 days.

    If you decide to limit the cache period of the end use license, you have two options: 1) allow end use licenses to be cached for a certain number of days between 1 and 365, 2) do not cache end use licenses, which means that as soon as the Office document is closed, the use license is expired

    Does that help?

    Micah LaNasa

    Synergy Advisors

    synergyadvisors.biz

    • Marked as answer by Tom Aafloen Tuesday, January 28, 2014 8:33 AM
    Monday, January 27, 2014 6:16 PM
  • Aha, so Document Expiration and Use License are two separate parts?

    Thank you for clarifying this, Micah.


    Tom Aafloen, IT-security Consultant Onevinn AB

    Tuesday, January 28, 2014 8:33 AM
  • Yes, exactly. Once a document expires, no one can access it at all except a super user or the document author.

    Once a use license expires, the recipient calls to the RMS server to acquire a new use license.  At that time, the RMS server checks the user's rights and RAC to verify they still have access to the content (rights policy templates can change, users can be removed from AD, etc)

    Micah LaNasa

    Synergy Advisors

    synergyadvisors.biz

    • Marked as answer by Tom Aafloen Wednesday, January 29, 2014 9:14 AM
    Tuesday, January 28, 2014 4:54 PM