Adobe Primetime Authentication - Most frequently used terms

Description

Many times support agents, partners, and other stakeholders wonder what specific terms mean in Adobe Primetime. Here is a list of the most commonly used terms in Adobe Primetime.

Resolution


Most Common Terms



Entities

  • Programmer - a programmer is a Content Provider who plans to integrate Adobe Pass into their website or application.
  • Channel - a channel is the actual resource through which a programmer serves the content. One programmer can serve one or many channels. For example: A programmer Star can have Star Sports and Star Movies as channels.
  • RequestorID - it is a unique ID that identifies a programmer or its resources – account, brand, or channel, and so on, to Adobe Pass. 
  • ResourceID - an ID (a string) that identifies programmer to MVPD. 
  • Service provider - this refers to the role of SP, played by Adobe Primetime authentication, acting on behalf of a Programmer during an integration with an MVPD.
  • Content provider - a programmer is also referred as a content provide
  • Media company - Media Companies are PayTV providers, essentially MPVDs.
  • MVPD - Multi-channel Video Programming Distributors (MVPDs), as the name suggests, are distributors of the programmers’ content to multiple platforms. for example: TV, mobile and clientless devices (Xbox, Roku, and so on).

Flows

  • authN - authN refers to authentication which essentially is a user login process to MVPD platform. Adobe Primetime authentication generates an authN token and the same is stored on the user’s device or on Adobe’s server, depending upon the programmer’s integration platform
  • authZ - authZ refers to authorization process that enables user to view protected content served by a channel\ programmer.  Adobe Primetime authentication generates the authZ token and the same is stored on Adobe’s server.
  • Preflight - Preflight authorization is a lightweight authorization check for multiple resources.
  • Logout - Essentially it is a process of user exiting out of the Windows Media Player by selecting Logout option. The Windows Media Player handles the logout via Access Enabler API which logs out the user and deletes all AuthN and AuthZ tokens from the user’s local system. Adobe Primetime authentication ensures that all tokens are deleted, and notifies the MVPD to delete their session as well. Generally, a SAML logout request is sent to the IdP (MVPD).

Protocols

  • SAML - Security Assertion Markup Language (SAML) is an XML-based data format for exchanging authentication and authorization data between an IdP and an SP.
  • OAuth - The OAuth authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. We currently use OAuth 2.0.
  • XACML - eXtensible Access Control Markup Language defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests as per the rules defined in policies. It is used by Adobe Primetime authentication to translate the MRSS into formats supported by MVPDs.
  • SOAP- Simple Object Access Protocol is used for exchanging structured information in the implementation of web services in computer networks. Its purpose is to induce extensibility, neutrality, and independence. It uses XML Information Set for its message format, and relies on application layer protocols, mostly HTTP or SMTP, for message negotiation and transmission.
  • REST - REST is one way of providing interoperability between computer systems on the Internet. REST-compliant web services allow requesting systems to access and manipulate textual representations of Web resources using a uniform and predefined set of stateless operations. It is another supported approach to translate the MRSS into formats supported by MVPDs. The MRSS is base64 encoded and passed as a URL parameter on the REST call.



User Metadata:


MPVDs maintain the User Metadata and Programmers can request the same using Access Enabler’s getMetadata() function and via the /usermetadata endpoint in the Clientless API.   The User Metadata feature enables Programmers to access different types of user-specific data, such as ZIP codes, parental ratings, user IDs, and more. User metadata is an extension to the previously available static metadata (Authentication token TTL, Authorization token TTL, and Device ID). The application can access metadata by providing a composite MetadataKey object.

  • void getMetadata(MetadataKey metadataKey) – method available in AE for this get instance.

The metadata is returned as follows: setMetadataStatus(key, encrypted, data):

  • Key (String) Specifies the type of metadata requested
  • encrypted (Boolean) A Boolean flag signifying whether the value is encrypted or not. If this is true then the value is a JSON Web Encrypted representation of the actual value
  • Data (Object) A JSON object that contains the representation of the metadata

On this page