Merge pull request #59 from Dash-Industry-Forum/v2.1-communityreview

V2.1 released and approved

.gitattributes

@@ -0,0 +1,3 @@
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.exe filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1,2 @@
+# The output directory contains the build output. This is not checked in to source control.
+Output

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+    "files.associations": {
+        "*.bs": "markdown"
+    }
+}

.vscode/tasks.json

@@ -0,0 +1,14 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "build",
+            "type": "shell",
+            "command": "./Tooling/Build-All.ps1",
+            "group": {
+                "kind": "build",
+                "isDefault": true
+            }
+        }
+    ]
+}

Building.md

@@ -0,0 +1,29 @@
+# Build process - quick start
+
+Most of the build tooling is packaged directly in the repository. You need to have [Git LFS](https://git-lfs.github.com/) installed in order to download them, as they are stored in Large File Storage due to their size.
+
+On first run, execute */Tooling/Install-Tooling.ps1* in PowerShell. You only need to do this once (or when the tooling is updated, which is rare).
+
+Then execute */Tooling/Build-All.ps1* in PowerShell to build the document. This script performs all the steps of the build workflow.
+
+You can find the publishable output in the */Output/* directory.
+
+# Building on Windows
+Prerequisites:
+* Java
+* Git LFS
+
+If you use Visual Studio Code as your text editor, the build script is already wired up to the editor's build shortcut (Control+Shift+B).
+
+NOTE: If you get the error "The specified executable is not a valid application for this OS platform", it may be because you cloned the repository without having Git LFS installed. Install it and clone the repository once more into a new directory.
+
+# Building on Linux & Mac
+Prerequisites:
+* Java
+* curl
+* [Graphviz](https://www.graphviz.org/)
+* [wkthmltopdf](https://wkhtmltopdf.org/)
+
+The prerequisites are either already installed, or can be easily installed using the Debian Package Manager for Linux (apt get install ...)  or Homebrew for Mac (brew install ...).
+
+Once installed, just execute Tooling/build-all.sh from the command line.

Contributing.md

@@ -0,0 +1,22 @@
+# Contributing guidelines
+
+To propose an addition or edit to the document, [open a pull request](https://help.github.com/articles/creating-a-pull-request/) from a branch in your [personal fork](https://help.github.com/articles/about-forks/) that contains the changes you wish to contribute.
+
+# What is where?
+
+The main text of the document is in the *Index.bs* file. It is written in the [Bikeshed](https://github.com/tabatkins/bikeshed) format, which is a mixture of [Markdown](http://commonmark.org/help/) and HTML.
+
+XML Schema files are in the repository root directory.
+
+Diagrams are created as [PlantUML](http://plantuml.com/) text documents that are compiled into PNG images for publishing. You can find the diagram definitions in the */Diagrams/* directory.
+
+Some externally-sourced images are merged into the document from the */StaticFiles/* directory.
+
+All these different components must be processed by the [build scripts](Building.md) in order to arrive at the publishable output.
+
+# Contribution rules
+
+You are expected to conform to the following rules in your contributions:
+
+* Follow existing style and conventions used in the document.
+* Ensure that the document builds successfully after your modifications (*Build-All.ps1*).

Diagrams/DocumentKeyStructure.wsd

@@ -0,0 +1,26 @@
+@startuml
+
+package "Recipient A delivery data" {
+    [Document key] as DKforA #lightskyblue
+    [Recipient A public key] as KpubA
+
+    KpubA <-- DKforA : Encrypted with
+}
+
+package "Recipient B delivery data" {
+    [Document key] as DKforB #lightskyblue
+    [Recipient B public key] as KpubB
+
+    KpubB <-- DKforB : Encrypted with
+}
+
+[Content key 1] as Key1 #lightskyblue
+[Content key 2] as Key2 #lightskyblue
+
+Key1 -up-> DKforA : Encrypted with
+Key1 -up-> DKforB
+
+Key2 -up-> DKforA : Encrypted with
+Key2 -up-> DKforB
+
+@enduml

Diagrams/UseCase-ClearDeliveryToOne.wsd

@@ -0,0 +1,10 @@
+@startuml
+hide footbox
+
+participant "Service A" as A
+participant "Service B" as B
+
+A->B: CPIX document with:\n\
+* Content Keys
+
+@enduml

Diagrams/UseCase-DeliveryWithDrmSignaling.wsd

@@ -0,0 +1,11 @@
+@startuml
+hide footbox
+
+participant "Service A" as A
+participant "Service B" as B
+
+A->B: CPIX document with:\n\
+* Content Keys\n\
+* DRM system signaling
+
+@enduml

Diagrams/UseCase-DeliveryWithIncrementalUpdate_Part1.wsd

@@ -0,0 +1,26 @@
+@startuml
+hide footbox
+
+title Part 1
+
+participant "Key Server" as KeyServer
+participant "Policy Engine" as PolicyEngine
+participant "DRM System" as DrmSystem
+
+KeyServer->PolicyEngine: CPIX document with:\n\
+* Encrypted Content Keys\n\
+* Content Keys signed by Key Server\n\
+* Delivery data for Encryption Engine\n\
+* Key Usage Rules\n\
+* Key Usage Rules signed by Key Server\n\
+* Document signed by Key Server
+
+PolicyEngine->DrmSystem: CPIX document with:\n\
+* Encrypted Content Keys\n\
+* Content Keys signed by Key Server\n\
+* Delivery data for Encryption Engine\n\
+* **Key Usage Rules (updated)**\n\
+* **Key Usage Rules signed by Policy Engine**\n\
+* **Document signed by Policy Engine**
+
+@enduml

Diagrams/UseCase-DeliveryWithIncrementalUpdate_Part2.wsd

@@ -0,0 +1,30 @@
+@startuml
+hide footbox
+
+title Part 2
+
+participant "DRM System" as DrmSystem
+participant "Encryption Engine" as Encryptor
+participant Packager
+
+DrmSystem->Encryptor: CPIX document with:\n\
+* Encrypted Content Keys\n\
+* Content Keys signed by Key Server\n\
+* Delivery data for Encryption Engine\n\
+* Key Usage Rules\n\
+* Key Usage Rules signed by Policy Engine\n\
+* **DRM system signaling**\n\
+* **DRM system signaling signed by DRM system**\n\
+* **Document signed by DRM system**
+
+Encryptor->Packager: CPIX document with:\n\
+* Encrypted Content Keys\n\
+* Content Keys signed by Key Server\n\
+* Delivery data for Encryption Engine\n\
+* **Key Usage Rules (updated)**\n\
+* **Key Usage Rules signed by Encryption Engine**\n\
+* DRM system signaling\n\
+* DRM system signaling signed by DRM system\n\
+* **Document signed by Encryption Engine**
+
+@enduml

Diagrams/UseCase-DeliveryWithUsageRules.wsd

@@ -0,0 +1,11 @@
+@startuml
+hide footbox
+
+participant "Service A" as A
+participant "Service B" as B
+
+A->B: CPIX document with:\n\
+* Content Keys\n\
+* Key usage rules
+
+@enduml

Diagrams/UseCase-EncryptedDeliveryToMany.wsd

@@ -0,0 +1,17 @@
+@startuml
+hide footbox
+
+participant "Service A" as A
+participant "Service B" as B
+participant "Service C" as C
+
+A->B: CPIX document with:\n\
+* Encrypted Content Keys\n\
+* Content Keys signed by Service A\n\
+* Delivery data for Service B\n\
+* Delivery data for Service C\n\
+* Document signed by Service A
+
+A->C:
+
+@enduml