Introduction to PolicyChapter 18 Setting Up Policies 561Policy RulesA policy rule refers to a uniquely configured instance of any policy plug-inimplementation. For example, you can use the plug-in module provided for settingvalidity periods on certificates to configure a policy rule that forces validity periodsfor all client certificates issued by a Certificate Manager to fall within apredetermined range, say between 6 and 24 months. A subsystem’s policyconfiguration can consist of one or more policy rules, each performing one or moreof the following operations:• Validate the request content by comparing it with configured criteria; reject,modify, or defer (for agent approval) the request if any of the requestparameters are invalid.• Build certificate content—for example, set common extensions and the validityperiod.• Enforce organizational constraints, such as subject name, key algorithm, keysize, and validity period.• Determine whether the private key should be archived.Keep in mind that the server applies the rules when processing end-entity requestsand after agent approval (for deferred requests).Types of Policy RulesCertificate Management System supports distinct policy rules for each of theoperations that end entities perform—certificate enrollment, renewal, andrevocation, and key archival and recovery. Consequently, there are five broadcategories of policies, corresponding to these types of operations:• Enrollment policies• Renewal policies• Revocation policies• Key-archival policies• Key-recovery policiesTo facilitate this classification, Certificate Management System supports a parentinterface for a generic policy rule and other operation-specific interfaces thatextend the parent interface. Check the CMS SDK, available in the form of Javadocsat this location: /cms_sdk/cms_jdk/javadocs