Authorization refers to a security feature for granting or denying access to protected resources. For NetShow, the protected resources include Pay-Per-View (PPV) or Pay-Per-Minute (PPM) titles, or free but otherwise sensitive content. Authorization works hand-in-hand with authentication that serves to confirm the user identity. In general, a user who has failed authentication will not have permission to access the requested resource. A NetShow content provider may choose to grant an authenticated user limited or unlimited accesses to the requested title only after the user has accepted posted terms of agreement or has submitted a valid credit card number.
A server can be configured to implement authorization as a service or via plug-in components. Delegating such tasks to dedicated plug-in components gives service providers the flexibility to implement different authorization schemes to meet different business needs. A plug-in component is responsible for not only carrying out the business policy, but also responding to event notificatioins. The NetShow server supports any number of plug-in components running simultaneously. Each component can specify a unique set of events for notification and authorization.
The NetShow Event Notification and Authorization API helps you to focus on the business logic by providing a common protocol for developing COM-compliant plug-in components that perform authorization on behalf of the NetShow server when specified events occur. The API lets you leverage the established application infrastructure.
As COM objects, these plug-in components must be properly registered before they can be instantiated and initialized. At startup, the server queries the components to determine the type of events that require authorization and notification. When a client makes a request, the server attempts to trigger one of the specified events and solicits the associated component for approval. After granting or denying the access, the server notifies the component of the outcome of the event. For example, the component could specify that the Play event requires authorization and notification. When a client asks the server to play a title, the server first seeks permission from the component, which in turns tries to secure an appropriate payment plan before granting permission to stream the title. When the authorization is successful, the server starts playing the title and notifies the component that the Play event is underway. The component can then proceed to audit the playing time for billing.
© 1996-1998 Microsoft Corporation. All rights reserved.