Skip navigation
elauris2011
Currently Being Moderated

FAXS configuration for CDN

Apr 5, 2011 2:50 PM

What is Adobe's best practices recommendation for FAXS configuration that needs to support multiple customers, such as e.g. in the context of a CDN ?  Specifically, the assumptions are:

 

1. All customers are happy to outsource to the CDN the signing of  their certs, packaging  their content and serving licenses for it.

2. There may be overlapping set of end-users among these customers

3. It should never be possible for an end-user and anyone else associated with one customer to somehow use their cert  to decrypt the content of another customer

 

Under these assumptions, is it still advisable for the CDN  to use a single set of certificates to package all customers' content and to serve license from single-tenant configuration ?  Or is better to use separate set of certs for each customer and to map each one to a different tenant on the license server ? Bear in mind that the latter configuration is more complex in terms of managing and configuring multiple certs in the system.

 

Any recommendations will be very much appreciated

 

Eli

 
Replies
  • Currently Being Moderated
    Apr 5, 2011 5:08 PM   in reply to elauris2011

    If a licensee is managing a multi-tenant installation it is acceptable for those tenants to share a single set of production certificates (License, transport, and packager) managed by the host/licensee. (The host/licensee is still beholden to the Highly Confidential Information handling terms in the compliance and robustness rules.) The ability of a client to decrypt content would be gated by license issuance and the business rules that control it.

     

    However, in this scenario no key material can be shared with the customer. In cases where the customer wishes to package their own content they will need their own set of certificates. Also, keep in mind that some customers who are licensing premium content may have explicit statements in their content licensing agreements which would preclude the use of a single set of credentials managed by a host-- in these instances you would need to issue customer-specific set of certificates to meet that contractual obligation.

     

    Does this answer your question?

     

       --- Joseph R. Jones

           Sr. Product Manager

           Adobe Systems

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points