|
|
| Previous | Next |
Authorization refers to a security feature used by the plug-in components for granting or denying access to the protected resources. For Windows Media Services, example of the protected resources include Pay-per-View (PPV), Pay-per-Minute (PPM) titles, and free but otherwise sensitive content. Authorization works hand-in-hand with authentication, which confirms the user identity. In general, a user who has failed authentication does not have permission to access the requested resource. A content provider using Windows Media Services can choose whether to grant an authenticated user limited or unlimited access to the requested title.
Notification, on the other hand, refers to a feature used by the server to notify the plug-in components of any other events that must be logged, or other types of information that must be reported.
A server performs authorization and notification tasks by using plug-in components. Delegating such tasks to dedicated plug-in components gives service providers the flexibility to implement different authorization schemes to meet different business needs. The server running Windows Media Services supports any number of plug-in components running simultaneously. Each component can specify a unique set of events for authorization and notification.
The Windows Media Services Event Notification and Authorization API enables you to build solutions to meet your own business needs by providing a common protocol for developing COM-compliant plug-in components. These plug-ins perform authorization on behalf of the server when specified events occur. The API lets you leverage the established application infrastructure.
A COM component must support the free-threading (COINIT_MULTITHREADED) model for Windows Media Services. Thus, when creating an authorization component, avoid using the apartment-threading (COINIT_APARTMENTHREADED) model for the authorizer. While providing better performance and greater flexibility, the free-threading concurrency model lacks thread-safe features. Therefore, as the creator of the COM component, you are responsible for serializing the access to calls to the methods of the object. For more information on the concurrency control in COM, see the COM and ActiveX Objects sections of the Microsoft Platform Software Development Kit.
As COM objects, these plug-in components must be properly registered before a new instance of them can be created and initialized. When it starts, the server queries the components to determine the type of events that require authorization and notification. When a client makes a request, the server attempts to trigger one of the specified events, and solicits the associated component for approval. After granting or denying access, the server notifies the component of the outcome of the event.
For example, the component can specify that the Play event requires authorization and notification. When a client requests that the server plays a title, the server seeks permission from the component, which in turn tries to secure an appropriate payment plan before granting permission to stream the title. If the authorization succeeds, the server starts playing the title, and notifies the component that the Play event is under way. The component then audits the playing time for billing.
| Previous | Next |