Skip to content

Home

Jump to bottom
L. Le Meur edited this page Nov 15, 2019 · 25 revisions

Welcome to the readium-lcp-server wiki!

In this Wiki, you'll find How To guidelines and the specification of the REST API of the LCP License Server and LCP Status Server.

Daily communication about this open-source project should be handled via a "lcp" channel of the Readium Slack (https://readium.slack.com).

You can get an invite for the Readium Slack using http://readium-slack.herokuapp.com/; the lcp channel is public.

Global Architecture

This open-source server software is split into three parts:

  • LCP Encryption tool: a command line utility for content encryption.
  • LCP License Server: the server module which generates LCP licenses.
  • LCP Status Server: the server module which generates LCP license status documents, handles device activation, lending returns and renewals, license revocation.

General architecture

The Provider Frontend (i.e. the system Bookseller, Public Library or Distributor implements for handling its catalog of ebooks, users (or patrons) and purchases (or loans)) and LCP Status Server must be accessible from the Web. The LCP License Server must be hidden from the Web and only accessible from the Provider Frontend and Encryption Tool with proper authentication.

In order to facilitate testing, we also provide a Test Frontend server module and its Angular.js client, which mimics a Provider Frontend. This Test Frontend should not be used in production: as its name indicates, it is only used for testing the LCP solution more easily.

The Provider Frontend

The Provider Frontend (Bookseller's website, Library's circulation manager ...) must be able to:

  1. request from the License Server the generation of a license when a user acquires a publication. API details here.
  2. request from the License Server an existing license, using the license identifier as a key, when a client device requests an updated license. API details here.

The Provider Frontend, or a separate tool developed by the provider, should also be able to use the Status Server API in order to:

  • Check which licenses are used by a large number of devices. API details here.
  • If the number of devices hooked to a license exceeds a certain business limit (which is up to the provider to decide), revoke this license. API details here.
  • Handle license cancellations, in case a user declares he cannot use a license because he has no LCP compliant device in hand. API details here.

Note: The Provider Frontend may also request from the License Server the generation of a protected publication (with a license embedded in the content) but this is not a recommended practice as it invalidates any effort to cache the encrypted content on the Web.

How to integrate these modules?

  1. Install the servers: the installation steps and server configuration are listed in the home page of this project.

  2. Start the LCP License Server and LCP Status Server.

  3. Integrate these servers into your frontend solution, a.k.a the Provider Frontend.

  4. Batch encrypt your ebooks.

You can use the encryption tool provided as open-source as a command line tool or embed it in any workflow you like.

Interactions between the different modules

The following diagrams illustrate the interactions between the different modules of a Readium LCP server side solution.

Step 1: publications are encrypted. Each encrypted publication is notified to the License Server. The resulting encrypted publication is stored into a repository accessible from the Web. Be careful about the content identifier you pass to the encryption tool (see the command line parameters), as it will be the key you'll use later to generate licenses for such content.

Encrypt publications

Step 2: the user acquires a publication on the Provider Frontend via a client device. The Provider Frontend requests the generation of an LCP license from the License Server, with user information as parameters. The Status Server is notified of this new license. The license is returned to the client device.

Acquire a publication, get back a license

Step 3: the client device requests the encrypted content referenced by a license; it is fetched from the Encrypted Content Repository.

Fetch encrypted content

Step 4: the client device requests a status document from the Status Server (GET). Same kind of interaction for license registration (POST), loan returns or renewals (PUT) and license revocation (PATCH).

Get a Status Document

Step 5: the client device requests an existing license via the Provider Frontend, used as a proxy to the License Server (the License Server adds user information to the request). The up-to-date license is returned to the client device.

Get an existing license

Process diagram

This more detailed process diagram can help understanding the different interactions.

LCP server process diagram

To get more details about the interactions shown in this process diagram, you'll find useful to check the associated sequence diagrams.

Detailed documentation

Just follow the links on the right column menu.

Specifications

Note also the the specification of Readium LCP and Readium License Status Document are found on the Readium.org website.

Clone this wiki locally