In order to allow for security beyond revocation lists, a policy regarding
when permissions may be granted (in the form of a rights document, e.g. a
use license or a certificate) is enforced. When a request is made for a
rights document, the requester submits an account certificate which
includes certain metadata regarding the requester. This metadata is
analyzed to determine whether it meets a specific policy before the
request is granted. If the request is not granted, the cause of the
rejection may be overcome, for example by updating or upgrading some
system component (hardware or software) in the requesting system. In
certain cases, such an update to overcome a policy-based rejection may be
performed transparently to the user.