SIGMA DRMIntroduction
In this section we will introduce the authorization models and flows supported by the Sigma DRM system. Currently, Sigma DRM system supports 4 user authorization methods:
- Allow All Request: Do not authenticate the user
- Deny All Request: Block all users.
- Authorization using JWT
- Authorization using callback
In these methods, we will dive into the last 2 methods, Authorization using JWT and Authorization using callback
1. Authorization using Callback
Below is a detailed diagram of user authorization flow using callback
The components in the diagram
Client Device: The device the user uses to display the content. Example: Phone, browser
DRM License Server: Sigma DRM license server
Merchant Auth Server: Merchant service to authenticate a licensed Client Device.
Merchant Session Provider: Merchant service to generate and authenticate sessionId
The flows in the diagram
- authenticate: Before a user can apply for a license, they must authenticate with the merchant. If the authorization is successful, Merchant Session Provider will generate a sessionId and return it to Client Device
- license request: Client Device uses the received sessionId to send to the DRM License Server to apply for a license
- user authorization callback: While processing license request, DRM License Server will use User authorization callback to send information of Client Device to Merchant Auth Server
- validate sessionId: Merchant Auth Server re-validate sessionId to make sure Client Device can see the requested content
2. Authenticate users using License Proxy model
Below is a detailed diagram of user authorization flow using License Proxy model
The components in the diagram
- Client Device: The device the user uses to display the content. Example: Phone, browser
- DRM License Server: Sigma DRM license server
- Merchant Auth Proxy: The merchant service is responsible for transferring the license request to the DRM License Server
- Merchant Session Provider: Merchant service to generate and authenticate sessionId
The flows in the diagram
- authenticate: Before a user can send a license request, they must authenticate with the merchant. If authenticate is successful, Merchant Session Provider will generate a sessionId and return it to Client Device
- license request: Client Device uses the received sessionId to send to Mechant Auth Proxy to apply for a license.
- validate sessionId: Merchant Auth Server re-validate sessionId to make sure Client Device can see the requested content
- forward license request: if the sessionId is valid, Merchant Auth Proxy will forward the license request to DRM License Server
3. User authorization using JWT
Below is a detailed diagram of the user authorization flow using JWT
The components in the diagram
- Client Device: The device the user uses to display the content. Example: Phone, browser
- DRM License Server: Sigma DRM license server
- Merchant Session Provider: Merchant service to generate and authenticate sessionId
The flows in the diagram
- authenticate: Before a user can send a license request, they must authenticate with the merchant. If authenticate is successful, Merchant Session Provider will generate a sessionId and return it to Client Device
- license request: Client Device uses the received sessionId to send to DRM License Server to apply for a license.
- verify sessionId by JWT: DRM License Server use JWT verify sessionId to make sure Client Device can see the requested content