Adobe Primetime Authentication - Most frequently used terms

This article features a list of of the most commonly used terms and their explanations with respect to Adobe Primetime.

Description description

Environment

Primetime

Issue/Symptoms

Here is a list of the most commonly used terms in Adobe Primetime.

Resolution resolution

Most Common Terms

Entities

  • Programmer - a programmer is a  Content Provider  who plans to integrate the Adobe Pass into their website or application.
  • Channel - a channel is the  actual resource  through which a programmer serves the content. One programmer can serve one or many channels. For example: A programmer Star can have Star Sports and Star Movies as channels.
  • RequestorID - it is a unique ID that  identifies a programmer  or its resources – account, brand, or channel, and so on, to Adobe Pass.
  • ResourceID - an ID (a string) that identifies programmer to  Multichannel Video Programming Distributor (MVPD).
  • Service provider - this refers to the role of SP, played by Adobe Primetime authentication, acting on behalf of a Programmer during an integration with an MVPD.
  • Content provider - a  programmer  is also referred as a content provider.
  • Media company - Media Companies are  PayTV providers, essentially MPVDs.
  • MVPD - Multi-channel Video Programming Distributors (MVPDs), as the name suggests, are  distributors  of the programmers’ content to  multiple platforms. for example: TV, mobile and clientless devices (Xbox, Roku, and so on).

Flows

  • AuthN - authN refers to  authentication  which essentially is a user login process to MVPD platform. Adobe Primetime authentication generates an  authN token  and the same is stored on the their device or on Adobe’s server, depending upon the programmer’s integration platform
  • AuthZ - authZ refers to  authorization  process that enables one to  view protected content  served by a channel/programmer.  Adobe Primetime authentication generates the  authZ token  and the same is stored on Adobe’s server.
  • Preflight - Preflight authorization is a lightweight authorization check for multiple resources.
  • Logout - Essentially, it is a process of a user exiting out of the Windows Media Player by selecting the Logout option. The Windows Media Player handles the logout via  Access Enabler API  which logs you out and  deletes all AuthN and AuthZ tokens  from your local system. Adobe Primetime authentication ensures that all tokens are deleted and  notifies the MVPD  to delete their session as well. Generally, a SAML logout request is sent to the Identity Provider - IdP (MVPD).

Protocols

  • SAML - Security Assertion Markup Language (SAML)  is an XML-based data format for exchanging  authentication  and  authorization  data between an IdP and an SP.
  • OAuth - The OAuth authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. We currently use  OAuth 2.0.
  • XACML - e Xtensible Access Control Markup Language  defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests as per the rules defined in policies. It is used by Adobe Primetime authentication to translate the Media Rich Site Summary   (MRSS)  into formats supported by MVPDs.
  • SOAP- Simple Object Access Protocol  is used for  exchanging structured information  in the implementation of web services in computer networks. Its purpose is to induce extensibility, neutrality, and independence. It uses  XML Information Set  for its message format, and relies on application layer protocols, mostly HTTP or SMTP, for message negotiation and transmission.
  • REST - REST is one way of providing interoperability between computer systems on the Internet. REST-compliant web services allow requesting systems to access and manipulate textual representations of Web resources using a uniform and predefined set of  stateless operations. It is another supported approach to translate the MRSS into formats supported by MVPDs. The  MRSS  is base64 encoded and passed as a URL parameter on the REST call.

User Metadata:

MPVDs  maintain the  User Metadata  and programmers can request the same using Access Enabler’s  getMetadata()  function and via the  /usermetadata  endpoint in the Clientless API.

The User Metadata feature enables programmers to access different types of user-specific data, such as ZIP codes, parental ratings, user IDs, and more. User metadata is an  extension  to the previously available static metadata (Authentication token TTL, Authorization token TTL, and Device ID). The application can access metadata by providing a composite MetadataKey object.

  • void getMetadata(MetadataKey metadataKey) – method available in AE for this get instance.

The metadata is returned as follows:  setMetadataStatus(key, encrypted, data):

  • Key (String): Specifies the type of metadata requested
  • Encrypted (Boolean): A Boolean flag, signifying whether the value is encrypted or not. If this is true, then the value is a JSON Web Encrypted representation of the actual value
  • Data (Object): A JSON object that contains the representation of the metadata
recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f