|
|
Authorization refers to a security feature for granting or denying access to protected resources. For NetShow Theater Server, the protected resources include Pay-per-View (PPV) or Pay-per-Minute (PPM) titles, or free but otherwise sensitive content. Authorization works hand-in-hand with authentication, which confirms the user identity. In general, a user who has failed authentication does not have permission to access the requested resource. A content provider using NetShow Theater Server can choose whether to grant an authenticated user limited or unlimited access to the requested title. Notification, on the other hand, refers to reporting of events by the server to plug-in components for logging, or reporting of other types of information.
A server implements authorization and a notification by using plug-in components. Delegating such tasks to dedicated plug-in components gives service providers the flexibility to implement different authorization schemes to meet different business needs. The server running NetShow Theater Server supports any number of plug-in components running simultaneously. Each component can specify a unique set of events for notification and authorization.
The NetShow Theater Server Event Notification and Authorization API enables you to build solutions to meet your own business needs by providing a common protocol for developing COM-compliant plug-in components. These perform authorization on behalf of the server when specified events occur. The API lets you leverage the established application infrastructure.
A COM component must support the free-threading (COINIT_MULTITHREADED) model for NetShow Theater Server. Thus, when creating an authorization component, avoid using the apartment-threading (COINIT_APARTMENTHREADED) model for the authorizer. While providing better performance and greater flexibility, the free-threading concurrency model lacks thread-safe features. Therefore, as the creator of the COM component, you are responsible for serializing the access to calls to the methods of the object. For more information on the concurrency control in COM, see the COM and ActiveX Objects sections of the Microsoft Platform Software Development Kit (SDK) documentation.
As COM objects, these plug-in components must be properly registered before a new instance of them can be created and initialized. When it starts up, the server queries the components to determine the type of events that require authorization and notification. When a client makes a request, the server attempts to trigger one of the specified events, and solicits the associated component for approval. After granting or denying access, the server notifies the component of the outcome of the event.
For example, the component can specify that the Play event requires authorization and notification. When a client asks the server to play a title, the server first seeks permission from the component, which in turn tries to secure an appropriate payment plan before granting permission to stream the title. When the authorization is successful, the server starts playing the title, and notifies the component that the Play event is under way. The component then audits the playing time for billing.
[Previous][Next]