#Adobe Content Server (Draft Documentation)

Introduction

Tizra sites can issue access to content via the Adobe Content Server (ACS). Tizra operates an ACS server capable of issuing locked copies of e-pub or PDF content that can be securely downloaded to Adobe's Digital Editions application or other software that supports Adobe DRM. Adobe's software does not work with content formats other than ePub and PDF.

Many publishers are not happy with the requirement that customers create a new Adobe-specific login in order to access content. This imposes an additional burden on customers.

Tizra licenses can be can be configured to control the issuance of ACS download privileges including "single-device" downloads. The advantage of single-device licenses is that no Adobe account is required, as access to the download URL can be controlled and managed by Tizra, using the an existing Tizra account.

Site Setup

Setting up ACS for a site involves a number of tasks at Tizra's end; it's definitely not self-service! Also, device installations are billable items (a small fee is required for each new device licensed, so there are administrative arrangements to be made).

Contact us if you need ACS, even if the single-device model is not exactly right. It's possible that one of Adobe's other access control models may make sense, in combination with Tizra. It is probably possible, but Tizra will need to do some of the setup, and we need to understand the user interaction to make sure that the result meets your needs.

GLobal information about the ACS configuration for a site is stored in an advanced site property. This property is a JSON Hash containing all the relevant configuration properties, including the security keys used to authorize downloads.

Tizra/ACS technical notes and configuration details

Adobe Transactions, Downloads and Devices

While Adobe's ACS ensures that a single download will only work on the device where it is installed, you may need a License that will grant access on multiple devices -- Tizra must know what license downloads have been authorized Adobe Transactions. Tizra represents each Adobe Transaction by a License.

An ACS-enabled site design will only show download links for licenses that correspond to an Adobe Transaction for the device the user is using to access the page. You can control which devices are eligible to download an ACS file by matching on the User-Agent accessing the page; this allows you to offer downloads to a device App rather than all web browsers.

For privacy reasons, most device manufacturers (including Apple) do not allow direct access to device identity keys. However we can set a permanent cookie (Device Cookie) on any device with the right User-Agent (note that if you allow PC downloads, you need not limit by User-Agent). This persistent cookie serves to let us recognize when the same machine is used. This is how we recognize re-downloads, and limit the total number of devices usable by an account across all licensed content.

License properties

Tizra Licenses support custom properties like most other Tizra objects. License properties are determined by the list of custom properties defined on Offers, and when an Offer is turned into a License, its properties are usually direclty copied to that License. The ACS behavior of a license is triggered by properties on that license, and some of those properties are updated during the license's existence.

Licenses for ACS content are specially marked (so that the download links can be customized, and wrapped with Adobe's proprietary encryption.

The following list shows the Offer/License properties that are used in managing ACS access:

• Tizra-ACS-license (true/false) this indicates whether this offer will create an ACS license.
• Tizra-ACS-device-id this is the property that holds the device ID for a given license.
• Tizra-ACS-model (keyword) indicates what kind of ACS license assignment is managed by this license. May be extended in the future.
  • device This model (the only one currently existing) equates to device-level licensing verified by ACS. Tizra's use of cookies to identify devices is really only important to enable re-downloads, and/or multiple file downloads for a given licensed object.

Downloads are offered for licenses that match the Device Cookie for the device the user is using. If the license is a multi-pack license for ACS content, following the link will:

• create a new single license (child license) from the multi-pack (which will match the Device Cookie)
• decrease the usage count on the multi-pack license. If there is already a child license associated with this device, a new link will not be offered for the multi-pack license itself (they get the old link for re-download).

ACS encrypted content is stored in a separate attachment area (Source area) on a document. Since attachment areas can be included or excluded on an offer-by-offer or license-by-license basis, it is actually possible to have multiple ACS-controlled resources on a single Tizra document, with different sorts of offer and license controlling access to the different attachment areas.

The download link triggers an action which validates the device ID from a given license against the device cookie, or creates a child license from the the given multipack license, and assigns that cookie to it.

Note that each new device license fulfilled is a billable event from Adobe.

User properties

Certain information about ACS transactions is stored in the user account. This will be done even if the property is not defined on the user account (in which case, even administrative users will not be able to see it).

• Tizra-ACS-Devices (JSON Array) holds Device Cookies that have been used by a given account. Currently, there is a system-enforced limit of 5 distinct devices, but if you need this customized, we can make that limit configurable on a site basis.

ACS configuration values

ACS setup is stored in a JSON record as an advanced site property adobeAcsConfig, e.g.:

{
   "server-url":"https://acs-delivery.agilepublisher.com:2300/fulfillment/URLLink.acsm",
   "distributor":"AAOS",
   "shared-secret":"Vtgbe120Xcgz88koKl/ytxwMOXA=",
   "user-agent-pattern", "*bluefire.*"
}

Brief descriptions of these values:

• server-url URl of the ACS fulfillment link to be used in generating ACSM links for the client.
• distributor The name of the distributor within the ACS server that will be accountable for the download transaction.
• shared-secret Secret string that is used in securing requests against the fulfillment server.
• user-agent-pattern this regexp must match against the user-agent for a device cookie to be assigned, and for ACS offers to be deemed relevant.

ACS properties and constants

• Tizra-ACS-device-cookie the name of the permanent cookie used to identify a device.