3.1.1.2 Authorization
Authorization is the procedure by which a receiver is granted access to content from a transmitter. This procedure is required before a receiver can perform registration and access protected content. The transmitter MUST only start data transfer of content to receivers that have been authorized.
A transmitter SHOULD perform the authorization procedure when the transmitter discovers a new receiver that supports WMDRM: Network Devices Protocol. For example, authorization can occur when the transmitter detects a receiver sending SSDP messages (ssdp:alive); authorization can also occur when an unknown new receiver attempts to perform the registration or license retrieval procedures. It is recommended that transmitters maintain a record of authorized devices. A transmitter SHOULD NOT attempt authorization with receivers that do not support WMDRM: Network Devices Protocol.
The authorization procedure is implementation-specific and not defined by this specification. For example, the authorization procedure can be implemented by requiring explicit approval from the user of the transmitter to grant each receiver access to content and metadata.
As another example, authorization can be defined by the registration and revalidation procedure in conjunction with proximity detection.
The user MAY also de-authorize a receiver. This will remove the receiver's access to content and metadata on the transmitter.
UPnP authorization specifies how the authorization procedure is mapped to UPnP. When WMDRM: Network Devices Protocol is used over IP networks, transmitters and receivers SHOULD implement the mapping of authorization to UPnP.