Content Access Framework Overview

The Content Access Framework (CAF) provides a common interface for applications to access Digital Rights Management (DRM) protected content. An application might be a video or sound player or an internet browser and DRM content might be a media files or a game.

Purpose

CAF provides a single point of access to all functionality related to DRM-protected content.

  • Access to DRM-protected content for content consumers, such as media players or software installers

  • Management of DRM protected content

  • Import DRM protected information

  • Notification on DRM related events, such as rights expiry

  • Implementation of new DRM schemes

Key concepts and terms

Content

Content is logically-coupled data such as a movie, a soundtrack or a ringtone forming a content file.

Content consumer

Content consumers are applications such as media players or software installers that access DRM-protected content.

Content access agent

A content access agent is an ECom plug-in which implements the CAF interface and performs the following functions:

  • Provides access to protected content such as MPEG and MP3, and allows viewing them as plain text (even if the content is encrypted).

  • Provides indirect access to a private server directory.

  • Provides platform security enforcement. CAF does not provide any capability enforcement so the agent must police access to the APIs. The agent can choose to deny some operations in the CAF API based upon both the application's capabilities and the agent's policy.

F32 agent

The F32 agent provides access to unprotected files. CAF treats the F32 agent as a special case. If no other agent is responsible for a file or directory, the F32 Agent is used.

The F32 agent runs in the same process and thread as the calling application, so its file operations are limited to the capability of the calling application's.

Handling and sharing content in a private directory

Few agents can provide access to files stored in their private directory. They can share their files existence to applications through implementation of the ContentAccess::CAgentManager::GetDir() function. In the file system the private directories have the format:

\private\xxxxxxxx\directory_1\...directory_n\filename.ext

where xxxxxxxx is the UID of the agent.

CAF will translate that path so applications see the file as:

\private\agent_name\directory_1\...directory_n\filename.ext

where agent_name is the name of the agent.

When an application opens a file stored in the private directory, CAF selects the agent which handles that content based upon the name in the path. If the file is not stored in a private directory, CAF asks each of the agents in turn whether they support the file. If no agent supports the file, it will be read as plaintext using the F32Agent.

Architecture

CAF provides interfaces for applications to read both unprotected and DRM protected content. It behaves as a switch between different Content Access Agents.

CAF uses a client-server architecture. The CAF client DLL must be linked with the client process. CAF agents can be implemented as plug-ins to the CAF client if they do not require access to keys or rights. An agent requiring access to encryption or decryption of keys, or rights must be implemented as a server-side plug-in. A server side plug-in must ensure that only applications with the right capabilities can access the content.

Each agent is an ECOM plug-in implementing the content access agent interface UID 0x10204740. The agents can run in separate processes and need not have the capability to open files in the TCB or private server directories using just a file name. Files must be opened by the process that owns them and an open RFile handle passed to CAF to read it.

In the following diagram the yellow blocks represent the components provided by Symbian and the blue blocks represent the components that must be implemented by device creators.

Figure 1. CAF Architecture

Note: The F32 agent is a client-side implementation as it is used for accessing unprotected content only.

Key classes

The following table summarizes the important classes provided by CAF:

Note: The classes below are defined within the namespace ContentAccess

Class Description

CSupplier

Delivers and transforms content into a secure format for storing it in the device

CContent

Provides read access to content (including protected content) stored in a device.

CManager

Manages files and content access agents

CRightsManager

Manages DRM rights for a specific CAF agent

CData

Allows clients to read data from a content object

CAgentFactory

Represents the ECom interface for a CAF Agent. A CAF agent must implement a concrete factory derived from ContentAccess::CAgentFactory.

The above APIs are grouped as follows:

Supplier API

The classes ContentAccess::CSupplier and ContentAccess::CImportFile together represents the supplier API.

The Supplier API handles the delivery and transformation of content. It is used to transform DRM protected files when they arrive on a device into a compatible format for storing it securely on the device. It is also used to intercept content and ensure it is stored in an agent's private directory.

Consumer API

The classes ContentAccess::CContent and ContentAccess::CData together represents the consumer API.

The consumer API allows applications to view the content as plain text, regardless of how it is actually stored on the device. (For instance, it might be encrypted). It is used by applications to render content and multimedia plug-ins. Note: Rendering implies reading data from a file, transforming it, then playing or displaying it on the device.

Manager API

The ContentAccess::CManager class, which manages the files and content access agents forms the manager API.

Rights Manager API

The ContentAccess::CRightsManager class, which manages DRM rights within a particular DRM agent forms the rights manager API.

Agent API

The ContentAccess::CAgentFactory class forms the agent interface. It allows to integrate new agents at a later date, dynamically if required. The agent's factory produces products derived from the following:

Typical uses

CAF provides interfaces for implementing and using CAF agents. CAF agents allows authorised users to access the DRM protected content for installation and playback. CAF APIs can be used to perform the following tasks: