Last modified on Mar 24, 2017

Background and Strategic Fit

It is the responsibility of the authorized managers of EE operations to configure EEs properly. The RA, therefore, needs to provide its own appropriate, RA-specific local policy file to the EEs under its jurisdiction. Local EE policies are defined by OEMs, or other authorized managers of EE operations, for particular EE devices or EE device groups. The local EE policies must be consistent with relevant global policies. The RA needs to construct its own local policy file, within any restrictions imposed by global policies, and include all fields in the global policy file that are relevant to the EEs within that RA's jurisdiction. 

Design

The Local Policy File (LPF) has one section of interest: Custom Policy. This section is a local representation of the Global Policy File with custom changes requested by the RA that issues the file. The RA has the option to remove any GPF values that are not relevant for any of the EE's that is services. The RA may also modify some global default values and replace them with local settings. The data elements for the Custom Policy section of the LPF are identical to the data elements for the GPF (listed here: Step 18.1: Policy Configuration Options). The Policy Generator (PG) must validate and sign the custom policy.

In creating the Custom Policy section of the LPF, it is assumed that the RA will start with the latest version of the Global Policy File (GPF) and make adjustments or delete specific data elements based on the needs of the EEs that it services. If the RA chooses to make no changes to the GPF, it must copy the content of the GPF into the Custom Policy section of the LPF. This allows the EEs to download a single policy file (the complete LPF) which contains all relevant policies. 

Once the Custom Policy is created, the RA shall send a copy of the data structure to the PG to be validated and signed. Since the Custom Policy shares the same structure as the GPF, the RA's host ID is added to the Custom Policy to identify clearly which RA created the content. If the PG approves the Custom Policy, it will sign the complete structure (including the RA Host ID) and send it back to the RA. Note that if the RA Host ID changes, it will need to request a new Custom Policy signature to match the new Host ID.

Specific details on which GPF parameters may be modified or eliminated when translating the GPF into the Custom Policy section of the LPF must be defined by the SCMS Manager and implemented by the Policy Generator in validating signature requests.

Access & Download

To download the LPF, the EE will retrieve it from an URL defined in RA - Services View.

The EE will download the files via a HTTP get request, analogous with the mechanism used to download the pseudonym certificate batch files.

Not Doing

The current Design foresees two sections in the LPF, whereas the second section is not used in the current version of the SCMS but might be utilized in future versions:

  1. Custom Policy - This section is a local representation of the Global Policy File with custom changes requested by the RA that issues the file. The RA has the option to remove any GPF values that are not relevant to any of the EE's that is services. The RA may also modify some global default values and replace them with local settings. The data elements for the Custom Policy section of the LPF are identical to the data elements for the GPF (listed here: Step 18.1: Policy Configuration Options). The Policy Generator (PG) must validate and sign the custom policy.
  2. Local Policy - This section contains local parameters that are not included in the Global Policy File but helps manage the EEs under RA's jurisdiction through additional configuration parameters. This section is signed by the RA only and added to the LPF after the Custom Policy was added.