Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Click here to - Secure Support

with DMDfusion
Addendum to
DRM Fusion
Toolkit 1.3
Installation GuideForeword
This addendum document contains information that complements the Installation
documentation that is a part of DRM Fusion Toolkit release version 1.3.
Table of Contents
1
ADDENDUM .................................................................................................................................. 2
1.1
1.2
1.3
1.4
1.4.1.
1.4.2.
1.4.3.
1.5
1.6
SETTING TIMEOUT VALUE FOR DATABASE. ............................................................................... 2
SETTING JMS TIMEOUT VALUE FOR PROXY COMPONENT.......................................................... 2
SETTING SOAP PROXY TIMEOUT VALUE FOR PROXY COMPONENT. .......................................... 2
DEPLOYMENT TYPES. ................................................................................................................ 3
IN-A-BOX DEPLOYMENT. ....................................................................................................... 3
DISTRIBUTED DEPLOYMENT WITH MIDDLEWARE AND PROXY. .............................................. 3
DEPLOYMENT USING WEB SERVICES. (NO PROXY) ................................................................. 4
CACHING ................................................................................................................................... 6
GLOSSARY. ................................................................................................................................ 7
Proprietary and Confidential Information
(c) 2006 SafeNet, Inc. All rights reserved
-1-
1 Addendum
Late information on configuration options that fine tune certain operational
properties such as timeout values in an Installation of the Toolkit.
1.1
Setting Timeout value for Database.
In DRM Fusion Toolkit v1.3 the Database connection timeout value can be
additionally defined by use of C3P0 JDBC Connection Pooling.
To enable this property in your installation of the DRM Fusion Toolkit v1.3, unjar
the safenet-toolkit-configuration.jar then edit (add) the below mentioned XML
segment to “hivemodule.xml” file. Rejar and deploy this jar.
<contribution configuration-id="com.safenet.dal.hibernate.HibernateSettings">
<property name="hibernate.c3p0.acquire_increment" value="10"/>
<property name="hibernate.c3p0.idle_test_period" value="100"/>
<property name="hibernate.c3p0.max_size" value="1000"/>
<property name="hibernate.c3p0.max_statements" value="100"/>
<property name="hibernate.c3p0.min_size" value="10"/>
<property name="hibernate.c3p0.timeout" value="1000"/>
</contribution>
In addition, you need the C3P0 java library, which can be downloaded from
http://sourceforge.net/projects/c3p0. The version tested with the toolkit is 0.9.1.
1.2 Setting JMS Timeout value for Proxy
component.
To configure the timeout of the JMS proxy used by the toolkit, please edit the
safenet.properties file in the safenet-toolkit-configuration.jar and add the
property remoting.jms.proxy.timeout. The value should be specified in
milliseconds and defines the amount of time the proxy will wait for a reply from
the remote server.
1.3 Setting SOAP Proxy Timeout value for Proxy
component.
Version 2.0.1 will add the capability to configure the proxy timeout for the SOAP
remoting extensions.
Proprietary and Confidential Information
(c) 2006 SafeNet, Inc. All rights reserved
-2-
1.4
Deployment types.
Selecting a deployment type should be based on certain factors that are specific
to the individual deployment such as expected DRM traffic in your SDP,
availability of IT infrastructure/budgets or the significance of scaling/failover in
your SDP.
Given below are some ways in which DRM Fusion Toolkit can be deployed.
1.4.1.
In-a-Box deployment.
Client call to
License
Client Call to
Protection
Core
Functionality
Database
Figure 1 – In-a-box deployment
In a single box deployment of the DRM Fusion Toolkit, all services or major
functionality lives in the same server. (Not including the dependent services like a
Databse.) As shown in Figure 1, there are some client call interfaces that make
API calls to the Toolkit deployed in the same server directly.
1.4.2.
Distributed deployment with middleware
and proxy.
The DRM Fusion Toolkit v1.3 can also be deployed in a distributed architecture,
such that available IT infrastructure are best utilized. It also provides for scaling
for those operations that hit peak performance rates in business cycles.
For instance, an SDP may receive a huge number of License requests when one
of their content offerings to the public becomes very popular. (scaling Licensing)
At other times, their content provider may supply them with a lot of content
anticipating good business in that business cycle. (scaling Protection/Packaging)
Proprietary and Confidential Information
(c) 2006 SafeNet, Inc. All rights reserved
-3-
Such a deployment is done by use of middleware (JMS or SOAP) between the
various DRM Fusion Toolkit components and by use of proxies for the clients to be
able to use the middleware as shown in Figure -2.
Call to Protection
Or
Packaging
Proxy
Call to License
Call to Protection
Or
Packaging
Proxy
Proxy
Call to License
Proxy
Middleware
Core
Functionality
(slave)
Failover
Comm.
Database
Replica2
Replication
Core
Functionality
(master)
Database
Replica1
Figure 2 – Distributed Deployment with
Middleware.
Another advantage of using a distributed deployment is the failover and High
availability enhancements that are enabled because of it.
1.4.3.
Deployment using web services. (no proxy)
The DRM Fusion Toolkit v1.3 web services publish the APIs of the toolkit and
therefore, the data types that are used are complex types, specific to the Toolkit
domain. These data type are automatically mapped to their corresponding Java
type by the DRM Fusion Toolkit proxy component.
If it is needed, the DRM Fusion Toolkit v1.3 web services can also be called
directly without having to go thru the proxy component at the client end. It
should be noted however, that by by-passing the proxy, you loose validation code
built into the toolkit proxy.
Proprietary and Confidential Information
(c) 2006 SafeNet, Inc. All rights reserved
-4-
To accomplish this, please use the type maps supplied with the toolkit, which can
subsequently be added to the client consuming the web service.
An example code snippet is given below:
[code snippet]
package packagename;
import …
import com.safenet.remoting.webservice.util.MappingManager;
try{
//instantiate MappingManager
MappingManagerImpl mappingManager = new MappingManagerImpl();
//set logging.
mappingManager.setLog(LogFactory.getLog(com.safenet.remoting.webservi
ce.util.MappingManagerImpl.class);
// Add all mappings files
List list = new ArrayList();
list.add("maps/com-safenet-content.map");
list.add("maps/com-safenet-crypto.map");
list.add("maps/com-safenet-device.map");
list.add("maps/com-safenet-domain.map");
list.add("maps/com-safenet-engines.map");
list.add("maps/com-safenet-entity.map");
list.add("maps/com-safenet-exceptions.map");
list.add("maps/com-safenet-ids.map");
list.add("maps/com-safenet-licensing-request.map");
list.add("maps/com-safenet-licensing-response.map");
list.add("maps/com-safenet-packaging-contexts.map");
list.add("maps/com-safenet-product.map");
list.add("maps/com-safenet-protection-contexts.map");
list.add("maps/com-safenet-rightsissuer.map");
list.add("maps/com-safenet-rightstemplates.map");
list.add("maps/com-safenet-technology-oma20-workflow-session.map");
list.add("maps/com-safenet-technology-wm10-workflow-session.map");
list.add("maps/com-safenet-voucher.map");
list.add("maps/com-safenet.map");
list.add("maps/Pattern.map");
list.add("maps/File.map");
mappingManager.setMappingFiles(list);
mappingManager.initializeService();
// End of block which only needs to be done only once
// Next, set up the proxy itself
String url = "http://localhost:8080/safenet-remoting-webserviceserver//services/protectionBusinessEngine.wsdl";
ProtectionBusinessEngine protectionBusinessEngine =
(ProtectionBusinessEngine) electric.registry.Registry.bind(url,
ProtectionBusinessEngine.class);
// Create a request for protection
final ContentExternalID contentExternalID = new
ContentExternalID(GUID.generate().asString());
final OMA10SDProtectionContext protectionContext = new
OMA10SDProtectionContext(DefaultEntities.DEFAULT_PROTECTION_POINT_ID,
contentExternalID, "audio/mpeg", contentStore);
Proprietary and Confidential Information
(c) 2006 SafeNet, Inc. All rights reserved
-5-
// Call protection
protectionBusinessEngine.protect(protectionContext);
}
catch (Exception e)
{
e.printStackTrace();
}
[End of Code Snippet]
1.5
Caching
The toolkit has a simple caching framework available as an extension. This
caching framework plugs into the existing managers code and will, when enabled,
provide caching of business entities.
To enable caching, include the safenet-caching-layer-1.3.jar file in your classpath.
No other changes should be required.
The caching layer is most suitable on the local end of a proxy (remoting)
configured toolkit component.
Please note that the caching functionality is currently not distributed, which
means that if the toolkit is used in a scenario where there are a lot of changes to
base entities, it may not be suitable to include it. On the other hand, if the usage
scenario includes mainly licensing and protection/packaging, the caching should
be included.
Proprietary and Confidential Information
(c) 2006 SafeNet, Inc. All rights reserved
-6-
1.6
Glossary.
Given below is the glossary for DRM or otherwise centric terminology used in
SafeNet DRM Fusion Toolkit documentation.
Backup/Remote Storage Transferring Rights Objects and Content Objects to another location with the
intention of transferring them back to the original Device.
Billing Service Provider The entity responsible for collecting payment from a User.
Certificate A X.509 Public Key certificate. In DRM context it is the digital identity of a Rights Issuer.
The device that will receive ROs (Rights Objects) will verify the identity of the RightsIssuer and vise
versa.
Certificate Authority Is a central entity that issues digital certificates to other parties. It implements a
web of trust model or a trusted third party whereby an entity vows for trust for another. Example
Verisgn and Thawte are popular public CAs.
Combined Delivery A Release 1 method for delivering Protected Content and Rights Object. The
Rights Object and Protected Content are delivered together in a single entity, the DRM Message.
Composite Object A content object that contains one or more Media Objects by means of inclusion.
Confidentiality The property that information is not made available or disclosed to unauthorized
individuals, entities or processes. (From [ISO 7498-2])
Connected Device A Connected Device is a Device that is capable of directly connecting to a Rights
Issuer using an appropriate protocol over an appropriate transport/network layer interface. E,g, HTTP
over TCP-IP.
Content One or more Media Objects
Content Issuer The entity making content available to the DRM Agent in a Device.
Content Provider An entity that is either a Content Issuer or a Rights Issuer.
Content subscription A subscription that a User has with a Content Provider for the purposes of
paying for Protected Content purchased from that Content Provider and played on a Users Device.
CRL Certificate Revocation List(s). Is a list of certificates (or IDs thereof) published by a CA that has
a status any other than valid. The CA has the responsibility to maintain a most up to date CRL.
Clients have to download CRLs on a regular basis as well, this not being the most efficient way of
ascertaining the update of CRLs by either parties newer standards and protocols such as OCSP are
taking its place.
Device A Device is the entity (hardware/software or combination thereof) within a user-equipment that
implements a DRM Agent. The Device is also conformant to the OMA DRM specifications.
In the case where functionality is specific to either Connected Devices or Unconnected Devices the
explicit terminology (i.e. Unconnected Device or Connected Device) will be used, in all other cases
the term Device generically applies to both Connected Devices and Unconnected Devices.
Device Revocation The process of an RI indicating that a Device is no longer trusted to acquire ROs.
Device Rights Object An RO dedicated for a particular Device by means of the Device Public Key.
Domain A set of Devices, which are able to share Domain Rights Objects. Devices in a Domain share
a Domain Key. A Domain is defined and managed by an RI.
Domain Identifier A unique string identifier of the Domain Key
Domain Key A 128 bit symmetric cipher key
Proprietary and Confidential Information
(c) 2006 SafeNet, Inc. All rights reserved
-7-
Domain Generation A Counter reflecting the number of times the Domain has been upgraded. The
Domain Generation is a part of the Domain Identifier (the last three digits).
Domain Context The Domain Context consists of information necessary for the Device to install
Domain Rights Objects, such as Domain Key, Domain Identifier and Expiry Time.
Domain Context Expiry Time
An absolute time after which the Device is not allowed to install ROs for this Domain. Usage of
ROs installed before the expiry time are not affected by the expiry.
Domain Revocation The process of an RI indicating that a Domain Key is not trusted for protection of
Domain ROs.
Domain Rights Object An RO that is dedicated to Devices in a particular Domain by means of a
Domain Key.
DRM Agent The entity in the Device that manages Permissions for Media Objects on the Device.
DRM Message An OMA DRM Release 1 term defined in [DRM]
DRM Time A secure, non user-changeable time source. The DRM Time is measured in the UTC time
scale.
Forward Lock An OMA DRM Release 1 term defined in [DRM]
Hash Chains A Method of derivation of Domain Keys of different Domain Generations.
Integrity The property that data has not been altered or destroyed in an unauthorized manner. (ISO
7498-2 )
Join Domain The process of an RI including a Device in a Domain.
Leave (De-Join) Domain The process of an RI excluding a non-revoked Device from a Domain.
Media Object A digital work e.g. a ringing tone, a screen saver, a Java game or a Composite Object.
Middleware Middleware is computer software that connects software components or applications. It is
Most commonly used to create loosely coupled enterprise applications where components are
distributed and communicate by messaging. For example: JMS and SOAP can be used as middleware.
OCSP Online Certificate Status Protocol: Is an internet based protocol that can be used to verify the
status of a certificate. It is a newer implementation diminishing the need for clients to download/update
and maintain CRLs. The CA publishes an OCSP URL to where clients can send certificate verification
requests in real time and get the most updated status information. (Which comes in as an OCSP
response.) A certificate can be of a variety of statuses such as expired, compromised or valid.
OCSP Responder Same as an OCSP or OCSP server.
OCSP URL The internet address of an OSCP or OCSP Responder. It is usually a HTTP URL.
Permission Actual usages or activities allowed (by the Rights Issuer) over Protected Content (From
[ODRL 1.1])
Play To create a transient, perceivable rendition of a resource (From [MPEG21 RDD])
Protected Content Media Objects that are consumed according to a set of Permissions in a Rights
Object.
Proxy In the context of this document means software that allows making indirect network connections
to other network objects.
Restore Transferring the Protected Content and/or Rights Objects from an external location back to the
Proprietary and Confidential Information
(c) 2006 SafeNet, Inc. All rights reserved
-8-
Device from which they were backed up.
Revoke Process of declaring a Device or Rights Issuer certificate as invalid.
Rights Issuer An entity that issues Rights Objects to OMA DRM Conformant Devices.
RI Context RI Context (Rights Issuer Context) consists of information that was negotiated with a
given RightsIssuer, during the 4-pass Registration Protocol such as RI ID, RI certificate chain, version,
algorithms and other information. This RI Context is necessary for a Device to successfully
participate in all the protocols of the ROAP suite, except the Registration Protocol.
Rights Object A collection of Permissions and other attributes which are linked to Protected Content.
Rights Object Acquisition Protocol (ROAP)
A protocol defined within this specification. This protocol enables Devices to request and acquire
Rights Objects from a Rights Issuer.
ROAP Trigger An XML document including a URL that, when received by the Device, initiates the
ROAP.
ROAP URL A URL according to [RFC2396] that is specifically used by a Device for exchanging
ROAP PDU’s with a Rights Issuer.
Separate Delivery A Release 1 term defined in [DRM].
Stateless Rights Stateless Rights are Rights Objects for which the Device does not have to maintain
state information.
Stateful Rights Stateful Rights are Rights Objects for which the Device has to explicitly maintain state
information, so that the constraints and permissions expressed in the RO can be enforced correctly. An
RO containing any of the following constraints or permissions is considered Stateful Rights
:<interval>, <count>, <timed-count>, <datetime>, <accumulated> or <export> .
Superdistribution A mechanism that (1) allows a User to distribute Protected Content to other
Devices through potentially insecure channels and (2) enables the User of that Device to obtain a
Rights Object for the superdistributed Protected Content.
Unconnected Device An Unconnected Device is a Device that is capable of connecting to a Rights
Issuer via a Connected Device using an appropriate protocol over a local connectivity technology. E.g.
OBEX over IrDA, Bluetooth or USB. An Unconnected Device may support DRM Time.
User The human user of a Device. The User does not necessarily own the Device.
[- End -]
Proprietary and Confidential Information
(c) 2006 SafeNet, Inc. All rights reserved
-9-
Related documents
The Impact Map
The Impact Map
Presenting DFA Concepts and Results for Executive Level Decision
Presenting DFA Concepts and Results for Executive Level Decision
Information and Educational Technology University of California, Davis
Information and Educational Technology University of California, Davis
NetIS - C.D.I. Systems Ltd.
NetIS - C.D.I. Systems Ltd.
New Microsoft Word Document
New Microsoft Word Document
Mock AFM (Atomic Force Microscope) powerpoint
Mock AFM (Atomic Force Microscope) powerpoint
Ordering Process and Website Instructions
Ordering Process and Website Instructions
Online Resources
Online Resources
Download