SKFS 4.16.0 and after

Enabling Digital Asset Links (DAL) for a specific domain

Switch to (or login as) the strongkey user
```
shell> su - strongkey
```
Add DAL target and associated X509 certificate(s) and fingerprint(s) to the database using the dal web service.
Please note: At least one active DAL target must be configured for a domain; otherwise, DAL cannot be enabled in the FIDO Policy
Retrieve the current policy for the domain using the instructions here. Set the value for enabled to true in the digitalAssetLinks policy element:
```
"digitalAssetLinks": {
   "enabled": true
}
```
Use the updatePolicy web service or skfsadminclient to update the modified policy for the domain.

Please note: SKFS administrator must create assetlinks.json file and host it at a location specified in the DAL specification (Please follow this link to retrieve the list of all active DAL configurations for a domain).

Disabling ROR for specific domain

Switch to (or login as) the strongkey user
```
shell> su - strongkey
```
Retrieve the current policy for the domain using the instructions here. Set the value of enabled to false in the digitalAssetLinks policy element:
```
"digitalAssetLinks": {
   "enabled": false
}
```
Use the skfsadminclient update Policy or updatePolicy web service to update the modified policy for the domain.