Readium LCP
Become an LCP reading system provider
This document details the steps required to become a Readium LCP reading system provider, i.e. develop and release an LCP compliant reading system.
Step 1 : Choose a platform
To ease deployments of LCP solutions, EDRLab has developed several LCP open-source modules, to fit different Readium codebase.
Readium “1” SDK: for use with the original Readium SDK, EDRLab and Mantano have developed the C++ “readium-lcp-client” module, which fits well with the SDK architecture (it contains a content filter). In order to use this module, the “feature/lcp” branch of the SDK Launchers (iOS or Android) must be used. The “test” grade module is provided as open-source, but the “production” grade module is provided pre-compiled by EDRLab. See below for more information.
Readium “2” iOS: for use with the new Readium-2 iOS SDK, EDRLab has developed the “r2-lcp-swift” module. It can be easily integrated in the “r2-testapp-swift” by following steps described in “r2-workspace-swift“. It requires a tiny pre-compiled lib described on step 2.
Readium “2” Android: for use with the new Readium-2 Android SDK, EDRLab has developed the “r2-lcp-kotlin” module. It can be easily integrated in the “r2-testapp-kotlin” by following steps described in “r2-workspace-kotlin“. It requires a tiny pre-compiled lib described on step 2.
Readium “2” Desktop: for use with the new Readium-2 Desktop SDK, EDRLab has also developed an LCP module, available on demand.
Alternative commercial solutions, with a professional support, have also been developed by EDRLab partners (members of our association). EDRLab can provide more information on these solutions.
Step 2 : ask for the pre-compiled Readium LCP module.
If you are using the Readium “1” SDK, you can move to the next step.
Readium LCP is a DRM. As any protection technology, care must be taken to avoid disclosing too much technical information to the open world without good reasons. This is why EDRLab has chosen to provide a small pre-compiled Readium LCP module to R2 implementers, in two flavors:
- a “test” grade LCP library, provided after a direct contact between the developer and EDRLab. To get this library, a developer must only provide to EDRLab its company name, web site and basic information about the context of the project involving Readium LCP. It comes with a “test” X509 root certificate which will be used during your tests.
- a “production” grade LCP library, which simply replaces the “test” library in the project after the development has been fully tested. Go get access to this production module, the client company must be trusted and the Readium LCP Terms of Used must have been signed. It comes with a “production” X509 root certificate.
To contact EDRLab, please send an email to contact@edrlab.org or use the Readium Slack on the “lcp” channel and provide this information.
As a first step, you will get the “test” grade module.
Step 3 : develop your application in “test” mode
You should use the Readium test applications as a start. Some protection features (e.g. copy, print contraints, status document interactions) are managed at the app level, therefore some review of this codebase seems mandatory at least.
Read the Readium LCP (Licensed Content Protection) and LSD (License Status Document) specifications in details. Some LCP interactions are not obvious and must be implemented carefully.
Step 4 : test the LCP integration
EDRLab has installed a Readium LCP test server, freely available at https://front-test.edrlab.org.
You can use it freely to generate test licenses and test them in your application.
In order to get more insight on the messages exchanged between the client and the server, you can install your own test license server, by following the procedure described in “How to become an LCP license provider“.
Step 5 : sign the EDRLab Terms of Use
EDRLab is responsible for managing the “Readium LCP network”, i.e. all the interoperable nodes of this distributed solution. EDRLab therefore manages the certificates of the LCP PKI, and must check all reading applications and license servers of this network for compliance with the specifications.
The Terms of Use (ToU) drafted by EDRLab commit the organizations of the LCP network to respect the DRM specifications and to set up sufficiently secure and truly interoperable systems.
Signing the LCP ToUs also requires solution providers to allow EDRLab verifying each year the conformity of their solution, and to pay each year to EDRLab a certain amount for this task.
Step 6 : move the application to “production” mode
Once the ToUs are signed, EDRLab securely delivers to the reading system provider:
- a “production” X509 root certificate, to be integrated in the application;
- a “production” grade LCP module, which will replace the “test” grade module;
This information is confidential and must be protected by the license provider.
Step 7 : test the “production” integration
There are already several production grade LCP servers on the Web, and EDRLab has setup a sandbox server for freely testing your application.
Step 8 : ask EDRLab to certify the solution
Once the system has been properly tested by the integrator, the reading system provider will have to provide EDRLab with the application.
Once all tests have passed positively, EDRLab will return a test report and an “LCP Certified” logo to the supplier, which can be displayed in the application or on a website.
Other Readium projects
Readium-2
The major evolution of the Readium SDK codebase, the objectives being better performances and stability, clarity of source code and documentation.
Readium SDK & JS
The reference EPUB 3 open-source reading engine for Web, desktop and mobile apps, on active maintenance by the Readium community.