You can add trust policies so that AD RMS can process licensing requests for content that was rights-protected by a different AD RMS cluster. You can define trust policies as follows:
- Trusted user domains. The addition of
a trusted user domain allows the AD RMS root cluster to
process requests for client licensor certificates or use licenses
from users whose rights account certificates (RACs) were issued by
a different AD RMS root cluster. You add a trusted user domain
by importing the server licensor certificate of the AD RMS
cluster to trust.
- Trusted publishing domains. The
addition of a trusted publishing domain allows one AD RMS
cluster to issue use licenses against publishing licenses that were
issued by a different AD RMS cluster. You add a trusted
publishing domain by importing the server licensor certificate and
private key of the server to trust.
- Windows Live ID. Setting up a trust
with Microsoft’s online RMS service allows an AD RMS user to
send rights-protected content to a user with a Windows Live ID. The
Windows Live ID user will be able to consume rights-protected
content from the AD RMS cluster that has trusted Microsoft’s
online RMS service, but the Windows Live ID user will not be able
to create content that is rights-protected by the AD RMS
cluster.
- Federated trust. Establishing a
federated trust between two forests is done by using Active
Directory Federation Services. This is useful if one forest does
not have AD RMS installed, but its users need to consume
rights-protected content from another forest. For more information
about setting up federation support in AD RMS, see Configure Federated
Identity Support Settings.