I’ve been an Adobe Flex consultant for over 5 years, and when Adobe introduced AIR, like everyone else, I was tantalized with the possibilities. In today’s constantly-connected world, with more APIs than a developer can shake a stick at, you could do anything. The sky is the limit!

And like so many other developers, I’d like to supplement the income from my consultancy with a side income of some sort. Coding is what comes natural to me, and with the Adobe AIR installed user base now over 100 million users and growing strong, releasing an AIR app seemed a perfect way to make that extra income happen.

Once I began thinking about it, boy did the good ideas come.

Each and every idea that came to mind begged the same question: How can I make sure that I don’t just sell one license and then everyone else gets it from a ‘warez’ site?

If you’re planning to put your valuable time into developing an application for the purpose of supplementing your income, then you really need to be sure you ask yourself this question and are very confident of the answer before you write your first line of code.

Deliver Me from the Server Side, Please!

Another thing is that I don’t want to have to code and deploy and sweat over the server side of any of these applications.

I just want to use public APIs to get data from various places and do something unique and useful enough to charge for. I don’t want to worry that the license holder information stored in some database of mine is going to be hacked or go down. Ever.

So, it seemed before I could set about writing any of these exciting, Internet-shaking apps, I was going to have to find a licensing package. I looked around the web and didn’t find anything at the time. So I decided to write it myself.

In the interim, a few competitors have cropped up, but I’m pleased that I charged on with Zarqon. Their approaches are very different. The main difference is that Futurescale doesn’t charge a percentage of your licenses and none of your data is ever transmitted to, served from, or stored on Futurescale servers.

Total Control

The first consideration was how to manage a license in such a way that it could be shut down if I discovered that it had been shared/compromised.

I imagined a simple scenario where I would release an application that might have an ad-driven free license, but you could pay for a license to make the ads go away. But if someone bought a license and then shared it with everyone on Twitter, it’d all be for naught. If I discover that’s happened, I’d like the power to disable that license so that it simply reverts to the ad-driven free behavior for everyone using that compromised license.

In order for the above scenario to work, the application would have to check some Internet location to validate its license each time it ran, so that it could configure itself accordingly. But again, I didn’t want to end up responsible for writing and supporting a server side component. This is where Amazon AWS came into the picture.

Trust and Reliability

The encryption is strong, the storage is reliable, and no one has to trust me or my company with hosting and protecting their valuable data from attack. Best of all Zarqon uses its own API for license control, so it acts as a sort of self-referential proof of concept.

I’ve had my eye on Amazon Web Services for quite awhile now. I’ve received their developer newsletter for years and read the success stories of people building on their ‘cloud-based’ services. It’s been one of those things I couldn’t wait to be asked by a client to build an app upon. Now I had a great excuse to use it!

Amazon S3 is arguably one of the most reliable and secure locations on the Internet. It is a simple but secure system of ‘buckets’ into which you store arbitrary data as key value pairs. Since I have a smart client, I’m perfectly happy for the server to be dumb as a bucket

Basically what evolved over the last year of research, experimentation, architecture and building was a system whereby an AIR application (the Zarqon Desktop Control Center) and an AS3 library (the Zarqon API) communicate with Amazon S3 to persist product and feature descriptions in XML format in the S3 account of the licensed Zarqon user.

Licenses are stored in a publicly readable bucket with the license key I issue being used to retrieve an encrypted license object. Anyone can read that public bucket but only the license holder and the license issuer will be in possession of the information necessary to create the encryption key that will decrypt the license.

Oh, yeah, what about Site Licensing?

Late in the game, when Zarqon was almost complete, another breakthrough idea came. A way to license Flex web applications. I'd previously considered this impossible with this scheme, since you'd have to have the secret info and the key 'baked into' the application which could be disassembled and stolen by anyone.

The answer to this dilemma was to encrypt the license with just the License Key and the Site from which the license holder will serve the application (i.e. 'futurescale.com').

The Desktop Control Center and the developer API were modified to recognize that if it is a site license, it should encrypt and decrypt the license with the license key and the site (instead of the license key, holder name and holder email) being the inputs to the key algorithm. And the site the app is being served from is derived by the API when the validation call is made, so there is no way to foil it by sending in a different site name.

So there you have it. Flex and AIR apps secured by one powerful but simple to use utility that you control completely. We've tested it pretty extensively and are finally proud to announce that Zarqon is available for public beta today.

User Rating: / 1
PoorBest