Adobe's Emerging Rich Media Ecosystem, Part 3: Marketing, Service Level Agreements, and Security

The Flash Player Security Environment

The Flash Player client runtime security model has been designed around resources, which are objects such as SWF files, local data, and Internet URLs. Stakeholders are the parties who own or use those resources. Within the Flash Player security model, each stakeholder can exercise controls (security settings) over their own resources, and each resource has four stakeholders. Flash Player strictly enforces a hierarchy of authority for these controls, as Figure 5 shows:

Figure 5: Hierarchy of security controls

This means, for instance, that if an administrator restricts access to a resource, no other stakeholders can override that restriction. In Flash Player, it is common for multiple stakeholders to have the ability to control access to a resource, and for some stakeholders to formally delegate the right of control to a lower level in the hierarchy. For example, Administrators regularly allow users to make security decisions about their own environment.

Figure 6: Adobe Flash vis-à-vis other players on Internet-enabled PCs

References

• Service-Level Agreements for Web Services: http://www.iupindia.org/108/pp.asp?mag=http://www.iupindia.org/108/pp_sub.asp
• The Key to Service Success: Operating Level Agreements: http://www.cioupdate.com/insights/article.php/11049_3736526_1
• Deep-linking to frames in Flash web sites: http://www.adobe.com/devnet/flash/articles/deep_linking.html
• Deep linking for Flash and Ajax: http://www.asual.com/swfaddress/
• The Flash Player security environment: http://www.adobe.com/devnet/flashplayer/articles/flash_player_9_security.pdf
• The Flash Player Settings Manager: http://www.adobe.com/support/documentation/en/flashplayer/help/settings_manager.html
• Sanders, W. Learning Flash Media Server 3, O'Reilly (2008)
• Suresh, K. Social Media: Concepts and Marketing Applications, ICFAI (2008)
• Rayburn, D. et al. The Business of Streaming and Digital Media, Elsevier (2005)
• McConnell, J. Practical Service Level Management, Cisco (2004)
• Hiles, A. The Complete Guide to IT Service Level Agreements - 3rd Ed., Rothstein (2002)
• Reinhardt, R. Adobe Flash CS3 Professional Video Studio Techniques, Cisco (2007)

About the Author

Marcia Gulesian is an IT strategist, hands-on practitioner, and advocate for business-driven architectures. She has served as software developer, project manager, CTO, and CIO. Marcia is author of well more than 100 feature articles on IT, its economics, and its management.

Page 6 of 6



This article was originally published on May 5, 2008