Applications for Macromedia Central can be licensed in any number of ways, thanks to the Open Distribution license introduced with Central 1.5. Getting started with managing licenses for your users can be tricky. Central Open Licensing Architecture (COLA) solves this problem by solving the issues of license management and providing a starting point for developers to implement their own license models. Version 1 is a reference implementation for PHP or Macromedia ColdFusion.

COLA in a Nutshell
COLA provides a method for processing and tracking licenses for commercial Macromedia Central applications. It is server software in Macromedia ColdFusion and PHP that provides secure, automated payment and software licensing management, and enables you to sell an application to an end user. COLA gives developers a wide range of licensing options and can be modified as needed. Since COLA integrates with PayPal, software licensing and delivery is fully automated. The software ships as a reference implementation providing a solid foundation from which to customize a licensing solution. COLA is released as an open model - you can use it for free and modify the source code to suit your needs.

COLA manages software licenses on the server side through the product.xml file for a Central application. For every licensed user in COLA, there is a unique URL to the product.xml file. As such, COLA has the ability to manage a single user allowing for simple license creation and expiration. COLA also provides the ability to detect fraudulent installations and prevent them from occurring. Unlike the try/buy model, you can easily revoke a license server-side that has been provided to an end user.

COLA is a gift to the Central developer community. However, it is not the final word on licensing Central applications. Thanks to COLA, developers can construct their own licensing schemes, and are encouraged to use COLA as a starting point. COLA is provided as is; it is supported neither by Macromedia nor by PowerSDK Software Corp.

COLA Security
COLA security is based on the installation services provided by Central. When any application is installed, the URL to the product.xml file is encrypted and stored within Central. To make COLA simple, we reused this feature to store a license securely in the same way. In COLA, the individual license identifier is encoded in the URL to the product.xml file. This provides a first line of defense, since Central stores only the encrypted form of the URL. The second line of defense is that COLA can detect multiple installations for a single license. Should a user obtain a product.xml URL, the server can detect unauthorized installations and licenses can be easily revoked.

COLA passes values using the MD5 hash format. MD5 is designed to produce a unique hash from an initial value. It is theoretically impossible to calculate the value from a hash so these are typically described as one-way hash functions. Within a COLA secured application, the License ID (LID) only occurs within the product.xml URL. All other files are secured under the hash of the LID. If you look at the Central path for a COLA application you can see the hash(LID) value but not the LID. This makes it easy for any part of an application (pod, agent, or shell) to test the license server side by simply passing the hash of the LID.

Because COLA does not require any modifications of an application's SWF file, it is essentially transparent to the developer. The developer need only create a licensed version of a Central application and modify the product.xml template. You also have the option to use COLA's server-side logic to integrate security more tightly. COLA provides a means of testing the license of a running application through an XML file and provides a callback to disable secondary installation.

As I mentioned earlier, you are free to extend and modify COLA to suit your needs. COLA provides a solid foundation on which to build custom commercial Central applications. It is simple enough to secure a wide range of applications and can be customized easily.

COLA Example
It is helpful to understand the flow of licensing a COLA application. The following steps walk you through the entire process of a user purchasing an application:

• The user installs a demo version of Icon Builder from the Central Application Finder.
• Note: Demo and trial versions are normal Central applications with limited functionality or timeouts.
• The user clicks a purchase button within the demo version and is taken to the PayPal site.
• The user completes purchase at PayPal.
• PayPal IPN notification calls the COLA IPN script. IPN notification is a private server-to-server HTTP/HTTPS POST request. The IPN request contains the purchase information and confirms that the user has purchased an application.
• The COLA IPN script creates a new License ID (LID) and an Install ID (IID) for the user. The script then e-mails the user an installation URL that contains the IID value along with a friendly message confirming the purchase.
• The user opens an e-mail and clicks the installation URL. The installation badge for the licensed application is displayed to the user.
• The user clicks the installation badge. Central is passed the licensed version of the product.xml URL, and the licensed version of the application is installed. The product.xml file contains a <file> tag that invalidates the installation URL and installation badge by contacting the server. Note that the LID persists on the server; only the IID is single-use.
• The user has a COLA application installed. The installation URL is no longer valid preventing subsequent installations.

• Enhanced security: Since each COLA installation contains a unique ID, you can augment security for network services with COLA. Instead of requiring only a user name and password, users must also access services from a Central application licensed to them.
• Private applications: COLA can be used to distribute private versions of an application. Say you have a customer service application that you do not want to expose publicly. Adding this application under COLA allows the application to reside privately on the Internet and enables you to manage access closely through licenses.
• Subscriptions: COLA can be used to secure subscription services. As each user is granted a unique license, you can allocate or remove content based on a user's license. Also, since licenses reside server side, you can upgrade a user from one type of access level to another with no installation changes.
• Personalized applications: With Macromedia Flex you can generate applications for end users based on their LID values. The contents of the SWF files installed within Central differ on a per-user basis.