12 Ways

12 Ways

Featured Article from Software Monetization

Feature-Based Cloud Pricing Requires Good Authorization Technology

January 02, 2013

Authorization is often overlooked in many cases when it comes to features of web applications.

“As applications grow and add features, there is a push to better monetize and control who has access to those features,” according to Andy Mayhew, SRM Service Operations Manager at SafeNet (News - Alert) in a recent LicensingLive! blog post.

A one-size-fits-all subscription model is often not the best way to maximize revenue for full-featured web applications. In many cases, it is better to offer different plans based on feature availability.

But rolling out feature-based pricing can be a challenge.

“While some big players have stepped in to the authentication space, the developer of web applications has been often left to their own devices. This often leads to a simple yes/no on the rights and permissions for the authenticated user across an entire web application,” noted Mayhew.

Early in the lifespan of the web service this not a big issue, but as the web service matures, feature-based pricing often makes sense. And by then, it doesn’t come easily because the infrastructure is not in place.

“Attempting to graft on feature-level permissions after the fact can be time consuming, cost prohibitive, and takes time away from developing the core of your application,” wrote Mayhew.

Confusion over the difference between authorization and authentication is part of the problem. Authorization is granting access to a service based on identity, similar to the permission to drive an automobile with a driver’s license. Authentication is using that driver’s license to prove the person driving the car is the person on the license.

These two related concepts are often decoupled at the enterprise level, and single sign-on authentication options are pushed by Facebook (News - Alert), Google, Twitter, as well as proposed open standards such as OAuth. For products that require cryptographically strong multi-factor authentication, there’s also SafeNet’s BlackShield product.

But authorization does not have as many champions, making it difficult for many developers.

The Windows Active Directory system authenticates the user when they login and that identity confirmation is then used by various licensing systems to authorize or otherwise allow access to applications, but this is not a good option for developers working on web services.

Thankfully, though, there are some options for thoughtful developers.

One option is SafeNet’s Sentinel Cloud Services, which provide feature-level licensing as a service. It is relatively simple to bake feature-level authorization into a web service using Sentinel Cloud’s runTime library or its secure REST API. This can be done on a feature-by-feature basis.

With a solution such as Sentinel Cloud Services, the web developer no longer must create a licensing infrastructure. Instead, he or she can focus on getting applications to market faster and developing the core business.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXP. Follow us on Twitter

Edited by Peter Bernstein
IDC Infographic