C2E encompasses an ‘Open Document Specification’ and a set of Open APIs designed to facilitate the synchronization of extensible JSON objects representing various components of an open document. Source platforms, such as CurrikiStudio, leverage the C2E Writer SDK to define the content types for a single C2E document. These content types serve as a blueprint for structuring C2E content objects, ensuring seamless integration between the source platforms’ application objects and the corresponding C2E document elements.
Additionally, source platforms like CurrikiStudio can connect to the C2E Wallet application, which houses the C2E Builder. By implementing the ‘Source Search API’ specification, CurrikiStudio enables the generation of a C2E content index. This index becomes a valuable resource for the C2E Builder, empowering it to efficiently locate and gather the necessary C2E content objects required for constructing a comprehensive C2E document. Through this integration, CurrikiStudio demonstrates how the defined content types, the C2E content index, and the licensing and marketplace capabilities collectively contribute to a seamless connection between its application objects and the corresponding C2E document elements.
Moreover, within the C2E ecosystem, elements can contain media content, which can be licensed, protected, and published to a marketplace. This feature allows for the monetization and distribution of media assets within the C2E framework. For example, source platforms like CurrikiStudio—an authoring platform that includes Projects, Playlists, and Activities as its application objects—enable the addition of licensed media content to C2E elements. By leveraging licensing mechanisms, media assets can be protected and securely integrated into the C2E ecosystem. These licensed media assets can then be published to a marketplace, providing creators with opportunities to showcase and commercialize their content.
C2E Identity Provider
Curriki is currently collaborating with IndyKite to prototype an Identity and Access Management (IAM) solution that goes beyond traditional security measures. The goals for C2E include:
Leveraging open-source federated identity solutions widely used in academic and research institutions tha enables Single Sign-On (SSO) across multiple organizations by using SAML-based authentication and attribute-sharing mechanisms.
Leveraging open-source identity and access management solutions that support self-custodial, federated identity through multiple protocols such as SAML, OpenID Connect, and OAuth. The C2E specification requires features like SSO, user federation, and social login integration.
IndyKite/C2E Custom Identity Provider:
Through a collaboratie effort with IndyKite, we are developing methods to establish a custom identity provider, and granting users access to C2E services such as the C2E Wallet, the Core API, the C2E Writer, and C2E Player, starting with:
OpenID Connect (OIDC) provider for social logins. This functionality allows integration with and utilization of third-party OIDC providers for authentication by participants in a C2E ecosystem.
Creating a custom identity provider: IndyKite Custom Identity Provider Documentation
Setting up a generic OIDC provider: IndyKite OIDC Provider Setup Documentation
REST API Specification
As a C2E application/service implementing OIDC OAuth2, you will need the following endpoints to receive responses from the authorization server:
GET - /c2e/oauth2/callback
This URI is where the authorization server redirects the user after the authentication and authorization process. During the initial authorization request, your C2E application/service specifies this URI as the callback endpoint. The authorization server includes the authorization code or access token in the query parameters of the redirect URL.
Token Endpoint (for receiving access tokens)
POST - /c2e/oauth2/token
This endpoint is used by your C2E application to exchange the authorization code received in the callback for an access token. Your application sends a POST request to this endpoint, including the authorization code in the request parameters or body. The authorization server responds with an access token that your C2E application can use to access protected resources.
These are the primary endpoints that your C2E application needs to handle in the OIDC OAuth2 flow to receive responses from the authorization server. Depending on your specific requirements, you may also need to implement additional endpoints such as token revocation or token refresh, as specified by the OIDC specification, or any optional features you wish to support.
C2E Registry Service
The C2E Registry Service is responsible for assigning unique IDs to C2E entities using the pattern c2eid-xxxx-xxxx-xxxx-xxxx, where ‘xxxx-xxxx-[xxxx…]-[xxxx…]-xxxx’ is determined by an algorithm specifically designed for generating IDs that unique to a single C2E across licensing issuers/licensing authorities.
The C2E scheme for issuing unique IDs is based on the one used by credit card providers. It is a standardized process for issuing unique identification numbers. Here’s a general overview of how the unique ID numbers are generated:
1. C2E Network Identification:
The credit card number begins with a prefix that identifies a marketplace network for the C2E.
2. Issuer Identification Number:
Following the network identification, the next set of digits is the issuer identification number. This identifies the specific institution or licensing service/authority that issued the unique ID. Each licesing authority has a unique IIN range assigned to them.
3. C2E Creator ID:
The Creator ID (CCID) typically comprises digits following the IIN. It represents the individual creator associated with the C2E. The length of the Creator ID varies depending on the network and issuer.
4. C2E ID:
The C2E ID (C2EID) typically comprises the digits following the CCID. It represents the unique C2E associated with the content creator. The length of the C2E ID varies depending on the volumne of work licensed by Content Creator.
4. Checksum Digit:
The final digit is a checksum digit. It is calculated using a mathematical algorithm (commonly the Luhn algorithm) applied to the preceding digits. The checksum digit is used for error detection and helps ensure the accuracy of the credit card number.
The process of issuing C2E IDs will involve a combination of standardized rules and algorithms to ensure uniqueness and consistency across marketplaces and licesing authorities while maintaining security and integrity.
This ensures that the Register Service can handle scenarios where there may be collisions or conflicts in generating these IDs. The service implements strategies such as retries, fallback mechanisms, and error handling to effectively address such situations and ensure the uniqueness and integrity of the generated IDs.
REST API Specification
Register a new C2E document
This endpoint is used to register a new C2E document and generate a unique ID for it. The request body should contain the necessary information for the document being registered.
Get details of a registered C2E document
This endpoint retrieves the details of a registered C2E document by its unique ID.
Update a registered C2E document:
This endpoint allows updating the details of a registered C2E document identified by its unique ID. The updated document information should be included in the request body.
Delete a registered C2E document:
This endpoint is used to delete a registered C2E document by its unique ID.
Generate a unique ID for a C2E document:
This endpoint generates a unique ID that can be used for registering a new C2E document. It returns the generated ID as the response.
C2E Document (.c2e package)
C2E Document Specification can be found on the specification link:
Licensing, Copyright, and Royalties Explained in the Context of a C2E.
Licensing, copyright, and royalties are related concepts in the field of intellectual property, but they each have distinct meanings and roles. Let’s explore their differences:
Licensing refers to the process of granting permission to use intellectual property, such as copyrighted works, trademarks, or patents, to another party. It involves an agreement or contract between the owner of the intellectual property (licensor) and the party seeking to use it (licensee). The license outlines the terms and conditions under which the licensee can utilize the intellectual property, including the scope, duration, territory, and any limitations or restrictions. In exchange for the license, the licensee usually pays a fee or royalty to the licensor.
In the world of a C2E, the marketplace initiates the licensing process when a buyer purchases a C2E. The Buyer is granted a license to the particular C2E during the buying process.
Copyright is a legal right granted to the creators of original works, such as literary, artistic, musical, or dramatic works, giving them exclusive control over the use and distribution of their creations. It automatically applies to original works as soon as they are fixed in a tangible form, such as writing a book or composing a song. Copyright protection grants the creator certain exclusive rights, including the right to reproduce, distribute, display, perform, and create derivative works based on the original. Copyright generally lasts for the life of the author plus a specific number of years after their death, varying from country to country.
In the world of a C2E, the creator of a C2E generates the copyright for a C2E. A C2E may include other licensed materials where royalties are paid based on the sale of derivative works.
Royalties are the payments made to the owner of intellectual property by another party (often referred to as a licensee) for the authorized use of that property. Royalties are typically a percentage or a fixed amount of money agreed upon in a licensing agreement. The payment of royalties serves as compensation to the owner for granting permission to use their intellectual property. Royalties can be based on various factors, such as the number of units sold, the usage duration, or the revenue generated from the licensed work. They are commonly associated with copyrighted works but can also apply to other forms of intellectual property, like patents or trademarks.
Below is a link to the detailed licensing specification.
Protecting C2E from unauthorized user access, unlicensed user access and shared C2E across multiple users are important to handle the authenticity of utilization of Content and Royalty management.
In order to make C2E protected and accessible to legitimate users only, we follow licensing mechanism which is mapped to the user who purchases the C2E and can only accessible by the same user in Online and Offline mode on C2E Player/Reader.
How to achieve Protection in C2E?
This is core component of Protection and License management Module which takes care of generating unique license keys which has information related to the content, users who is purchasing the c2e, transaction details and validity. All these information together forms a string which is encrypted through AES algorithm and sealed in the downloadable C2E package along with database entries for log and validation.
When user loads the C2E package on C2E Reader/Player, it validates the authenticity by extracting the sealed license key and the details of user who has logged in to the C2E Wallet/Reader, details of content like content_id like ISBN/UUID by Making API call to C2E Protection Service with license and extracted information to check the authenticity. Once approved by the C2E Protection API Service, user will able to consume the content and information can be stored in the device for offline access of the content.
C2E Protection API Service will check the information received as an API call and data available in the database. If record matches with values stored entries, then license will be accepted otherwise response will be sent with information like Invalid License Key, Invalid User Information, License expired, etc.
In order to validate/activate the purchased C2E on C2E Wallet or C2E Reader/Player, user will need one time internet connection to check the license information.
How this will safeguard from Intruder/Attacker/Shared across the User?
As seen above, license key has the information related to users’ information, content information, transaction details like timestamp and validity, if other user uploads the same C2E on the C2E Wallet/Reader/Player it will not be authenticated because user information in the license key and user information on the C2E Wallet/Reader will not match and hence they will not able to consume the content.
Following 2 diagram explains the flow of License Generation and Validation Process.
Lets Understand this with the help of an example.
License Generation Process/User Journey
As shown in the user journey above,
- Actor / User search the C2E content on Marketplace listing and adds C2E to the Cart and makes checkout call
- User will be taken to the checkout page where they can provide addon information if required, select the type of License like 1 time view, 3-time views, 1 year validity, etc and makes the payment.
- On successful payment, following information will be sent to Protection API which will store the information in database and generate license key which will be based on the concatenation of following information and encryption using AES and will get store in the database.
- User ID
- User Email
- Content ID like ISBN or UUID
- Date of Purchase
- Type of License and Tenure of License
- As payment was successful and encrypted license key is generated, user will have option to download C2E which will have sealed license key in the package.
- User can use the download C2E on Online or Offline C2E Readers
License Validation Process/User Journey
As shown in the user journey above,
- Actor / User logins to the C2E Reader/Player/Wallet
- Actor / User uploads the downloaded C2E Package on C2E Reader/Player/Wallet
- Application will validate the C2E Package in terms of the structure and extract the sealed encrypted license key and Content information like Content ID like ISB or UUID
- First Online Attempt to activate/validate the license and C2E Package.
Application will make API call to C2E Protection Service with following information
- User ID
- User Email
- Content ID like ISBN or UUID
- Encrypted License Key
- Device Id or IP Address if possible (As Apple device does not allow to extract such information)
This information will be validated at server end on Protection Management API with the database and response will be provided with appropriate message and response code for Activation of License, Invalid License Key, Invalid User or License Expired, etc
If license is validated and activated successfully, information will be stored on local device for future offline access by the user.
If application is browser based then encrypted information will be stored in sessions/cookies and if application is android or ios apps then encrypted information will be stored in the storage area of application.
Once the above activities are performed as a backend services, user will able to consume the C2E content.
- Offline Attempt to activate/validate the license and C2E Package
Application will check for the same information in the local storage and validate the data by decrypting with the details of user who is logged-in to the application.
If information matches and validity of license is still active based on the expiry date and system date then user will able to consume the C2E Content.
C2E Payments & Ledger
Unleashing the Benefits of a Market Economy with the C2E Digital Document Specification in Education
the concept of a market economy has the power to revolutionize the way we create, distribute, and consume digital educational content. By aligning the C2E digital document specification with a vibrant marketplace economy, we can unlock numerous benefits that propel education to new heights.
In this section we explore a solid use case that highlights the advantages of creating a market economy around the C2E specification, specifically as it relates to education.
Competition and Quality
A market economy driven by the C2E specification promotes healthy competition among content creators and. With the marketplace as the stage, creators strive to produce the highest quality digital educational content to captivate learners. This competitive environment leads to continuous improvement, innovation, and the delivery of exceptional learning experiences. As a result, educators, content curators, educational institutions and learners benefit from a rich pool of top-notch educational resources that meet rigorous standards of quality.
The integration of a market economy with the C2E specification ensures that content creators receive fair compensation for their efforts. By allowing creators to monetize their digital educational content, the marketplace becomes a platform for financial recognition and sustainability. Fair compensation not only rewards content creators for their hard work but also incentivizes them to invest in producing high-quality materials, fostering a culture of ongoing educational innovation and quality.
Amplifying Content Diversity
Integrating a market economy with the C2E digital document specification encourages content diversity in education. By attracting a wide range of content creators, the marketplace becomes a melting pot of innovative ideas, pedagogical approaches, and diverse perspectives. Educators and learners gain access to an extensive array of digital educational content, ensuring that their needs and preferences are met. This abundance of content fosters creativity, promotes critical thinking, and enhances the overall learning experience.
Flow into the marketplace
C2E-compliant digital documents contain sufficient information to enforce the specificic licensing and royalty agreements