This glossary describes the key concepts and terminology used throughout THRON Platform, and is a good place to get started learning how to set up and use your THRON.
Access control lists (ACL)
Access control lists are specific sets of rights assigned to users or groups, which regulate their access to THRON entities: contents, folders, applications, Intelligence classifications.
Access rights identify the capabilities that each user or group has on a specific folder or content. Referring to content there are three different access rights (acl):
- Read: user can view content
- Write: user can edit and delete content
- Share: user can distribute and download the content
Content owner will always have full access rights (read+write+share).
Folders' access rights are structured on two different levels. The first level is about access rights that will be applied to content within the folder, a second level is about access rights on the folder itself, hence the ability to manage it.
The following scheme summarises the different access rights that can be managed on a folder.
Content (published in folder) access rights:
- Read: Users, groups or applications can see the content within the folder. This access right implies the visibility of the folder itself and of all its parent folders (but not necessarily their content).
- Write: Users and groups can edit content within the specific folder. This access right does not allow users to publish content within the folder.
- Share: Users and groups can share content which have been published within the specific folder. It is worth reminding that content sharing on different modes (as indicated here) is subject to the specific user's permissions.
Folder access rights:
- Folder management:
- Users and groups with such access right will be able to edit the folder's basic information (title and prettyId).
- Users with such access right combined with the permission to create public folders will be able to create subfolders on any level within the folder's tree.
- Users with such access right and with the permission to publish content into folders will be able to publish content within the specific folder and to remove content from the folder itself.
- Users management:
- Users and groups with such access right will be able to add new users/groups to the folder's access list and set their access rights.
- Each user can not give more access rights than those he owns on the folder.
- The owner always has full rights on its folders and can never be removed.
- It is not possible to edit rights of those users for which you do not have visibility.
Some behaviors to be considered are:
All access rights illustrated above are always inherited by the subfolders, but it is still possible to add access rights (never remove) starting from a certain level in the folder's tree: such rights will be propagated to all subfolders starting from that specific level. For example you can have a department manager who accesses the content of the main folder "Departments" in read-only, while he accesses the content of the subfolder related to its department with full access rights. It is worth reminding that, if access rights are modified on a folder (regardless its position on the folder's tree), such rights will be inherited by ALL its subfolders, regardless the set of access right up to that moment.
As described before, a user/group or an application which has been added to a subfolder will automatically see its parent folders too, but not the content therein published, unless it has been specifically provided with the proper access right on each folder.
To grant flexibility and integration simplicity, the platform offers a series of web services that allow third parties to develop add-ons and applications that exploit the capabilities exposed by THRON.
The documentation for these web services is available in the Developer Center; more generically, you can find documentation on the platform’s features at the Support Portal, We kindly invite you to browse this website in order to understand the functioning of the platform, save time to find the right web services and check if someone else has already stumbled upon the same question.
The web services must be accessed by the HTTPS protocol; it is also compulsory to pass an “identification token” to each call, in order to link the user to the call itself.
If your development cycle allows it, we warmly suggest you to take advantage of the available Java/Scala libraries to simplify the integration; the libraries are available from a Maven and a GitHub repository.
THRON offers a number of pre-packaged tools that allow to perform specific actions on its key elements (i.e, content and users). These packages are called "applications", and they can be installed and configured through the Marketplace. In THRON there are two types of applications:
- Extensions: platform add-ons that extend its functionality.
- Connectors: applications that integrate with third-party tools.
Each application is assigned with a special user (application type) and is provided with “username & password” (appId and appKey in THRON API).
Each application has pre-defined access rights (eg. Can write content, can update users, can create folders, etc) depending on integration features.
THRON applications may be installed on public folders only by Administrators. Other users may be included within the access list of an application in order to be able to manage it.
Public folders on which applications have been installed, will be differentiated within Dashboard with a specific "A" icon.
Attached content will be available for download when a content is being played by THRON player.
Different content types have different characteristics:
- audio, video, document content will provide a transcoded file when downloaded as attachment in order to maximize accessibility and to prevent users to obtain source code/document with no authentication enforcement;
- images and generic content will trigger source file download when accessed as attachment because, due to browsers implementations, there is no way to protect source file/code from being downloaded.
Each content can be inserted between the attachments of itself to make it downloadable to all users.
Every action performed in THRON is recorded and can be consulted by users with the specific administrative permission: “Can manage Platform Audit”. Audit console is available in THRON Advanced Menu. Recorded actions are classified according to their type: creation, modification, removal, other. For every action, enabled users will be able to see: user who performed it, the IP address and the user agent through which the action was taken, the date and time and any additional information regarding the specific action breakthrough.
A label identifying content author, by default it matches the Owner, it can be used in order to put credits on content's copyrights. [mandatory] [128 characters max]
THRON Behavior engine is an Artificial Intelligence engine, fully integrated with THRON Platform, that processes several user access parameters including content view duration, content view frequency and recency. Behavior engine works at concept level so it extracts, among the other values, how much time a user spent on a specific topic, how often he engages with that topic and how recent was his interest towards such topic. Based on those values it enriches user profile (works also on anonymous users) by adding topic of interest as tags. The engine will remove ONLY tags managed by the engine. Tags that have been added manually will never be removed by the engine. Tags which have been automatically added by the engine cannot be manually removed (because they are based on real analytics).
Channels allow content playback on different technologies and different qualities.
In case of video content type they represent the content through one or more bit rate; the presence of multiple bitrates allows the player to dynamically adjust the playback quality according to the actual situation (connection quality, bandwidth, device etc.), guaranteeing better performances and a much more better experience for the end users. This is the reason why dynamic streaming has the priority over progressive download when delivering content on browsers supporting such technology.
THRON integrates a conversation system between users within the Collaboration Center area. Conversations in THRON can be of two types:
- One to one conversations: only two users involved
- One to many conversations: more than two users involved
Each conversation is identified by a Title, default title is the name of the interlocutor (or interlocutors if it is a group chat) but it can be changed at any time within the conversation.
Inactive conversation will be automatically archived after seven days, unless they have been marked as “preferred”. Archived conversation can be searched at any time, and automatically brought back in the “Last Week” section simply by sending a new message.
By leaving a conversation it will be removed from the archive and it will be no longer available.
Users can be added to conversations at any time; whenever you invite a user into an active conversation you will be able to choose whether to show him previous messages or to create a new conversation with the same participants.
The macro-category used for content/contact classification. Typically it corresponds to the criteria by which you want to categorize your content/contact (e.g. Topic, Target).
THRON integrates a powerful engine specifically built for collaboration called “Realtime Notification Engine”. Specifically, it allows realtime notifications and collaborative chats between users, both for web and mobile applications. In order to create bidirectional messaging for web and mobile, Realtime Notification Engine leverages HTTP/HTTPS protocol with full proxy/firewall/natting compliance. The counterpart of this engine within THRON Dashboard is the Collaboration Center, the area within which users receive notifications and are able to create chats with other users /groups.
A contact is an entity who has had some form of interaction with the Platform (e.g. has seen a content). Each contact can be of two types: anonymous or profiled. An anonymous contact is nothing more than a device for which profiling has not yet taken place. Profiling occurs when at least one identity is collected for that specific device (e. g. username, email, name). Each contact, whether anonymous or profiled, is uniquely identified by a contactId. In case of anonymous contacts, contactId matches deviceId.
Content is the most important entity in THRON, it's the digital representation of something which needs to be expressed through digital medium.
Content is usually composed by a source and is enriched by additional information referred to as metadata. A source can be one or more data streams (eg. files).
To simplify content management THRON groups content into different types:
Video: single multimedia content consisting of video and audio information;
Audio: single multimedia content consisting of audio information only;
Image: single content consisting of a raster image (no vector images);
Other: single content generated from a document file (e.g. archives);
Page: simple content consisting of HTML text, can also be referred to as Pagelet for disambiguation purposes;
Playlist: content consisting of an ordered sequence of simple content of the same type (audio, video or image);
Context is a special label which can be related to external content sharing and which is used to identify its context of use (e.g: support portal, product site, registration form). Its purpose is to facilitate the identification and the retrieval of statistics according to a specific context: for example you might want to view all the accesses to your content made on your product site.
Context can be created within Dashboard in the "Settings" menu, it can be created and managed by users with a specific permission.
Each context, when created will be related to a specific contextId which is useful when you want to integrate with tracking library; for example you might have an application which is distributing your content on a specific website, but those same content are also distributed by a webTV; in this case, the context will help you identify different sources of contacts visualizations.
A timestamp identifying when the content has been created in THRON [mandatory]
Additional content information such as an abstract or a short description [multi-language] [10000 characters max].
A software or hardware tool used to connect to THRON or to have any type of interaction with THRON Platform (e.g.: access to a content, download of a content), just for sample purpose, desktop browser, mobile browser and mobile applications. Each device is associated with a contact, which may be anonymous or profiled.
Folders are used in THRON for workflow management. THRON folders deviate from the traditional paradigm of operating system folders. A content can be found in multiple folders at the same time, but this does not mean that there are multiple copies, the content is always the same. As a matter of fact, in THRON, folders are "areas" within which content is shared to make it accessible to other users/groups or applications.
Groups represent aggregates of users. They are used in THRON to speed up workflow organization and map users with the same roles. In fact, the roles assigned to groups will be inherited by their members, as well as access rights on content. In addition, users belonging to the same group will be able to see each other hence share content to each other and chat via Collaboration Center.
Every action performed on THRON content is recorded and can be consulted by all users with full access rights on the content through the "Content History" tab. Recorded actions are classified according to their type: creation, modification, removal, other. For every action, enabled users will be able to see: user who performed it, the IP address and the user agent through which the action was taken, the date and time and any additional information regarding the specific action breakthrough.
An information related to a contact which determines the possibility of indirectly identifying one person. E.g.: Full Name, ID in a CRM, email, ID in a e-commerce or THRON username. One contact might have more than one identity.
A timestamp identifying last content update action, includes metadata updates, content source updates, content classification (tag) updates [mandatory]
THRON is capable of managing simple but powerful content relationships: you can "link" content together in different ways to provide users a "path" for content exploration/viewing.
The simplest way to create a relationship between content is to "link" them: linked content are used by THRON player to provide users a quick way to view content related to the one being played. Content with a "link" relationship are referred to as "linked content". Once this type of relationship has been created, the access control on linked content (acl rules) id delegated to the main content: all users who have the right to access the main content will be able to view its linked content. This type of link is referred to in THRON API as "RECOMMENDED".
A deeper level of content classification, which is the most punctual. These metadata are defined within tags and assigned to all the content related to that specific tag. Each metadata is identified by a “key” which is an identification code used by web services and SDKs; and a “label” which is the name of the metadata itself. Both information are set during its creation process.
Available metadata types are:
- Text (both monolingual and multilingual)
- Single selection
- Multiple selection
Key metadata is specifically designed to perform optimized search on content; you can find more information here.
Each metadata might also have additional properties such as:
- Mandatory: meaning that it has been added to a content through a tag , its definition is mandatory
- Visible: meaning that this metadata can be seen by users within THRON Dashboard.
Since metadata are related to tags and tags are organized into "trees", if a metadata is related to a "parent" tag, it will be inherited by all its "child" tags.
Any significant action made in THRON by any user will generate a personal notification.
Notifications will be delivered through 3 different channels:
embedded web console notifications (within Collaboration Center)
email notifications (if this preference is enabled on user’s Passport)
mobile push notifications
Content owner is the business user who created the content. Since owner will always have all content rights which cannot be removed, it will always be able to pull it back from any shared channel, update it, delete it or change other users access rights. Content owner will always have its own content in its personal folder.
Application users will not be content owner because they cannot access THRON Dashboard to keep content sharing and security under control. However, a specific procedure for uploading content via application is provided.
When an administrator removes a user from the platform he must also choose how to manage its existing content by assigning them to a new owner.
Finally, we remind that author metadata is an additional information which is automatically filled with owner full name, but can be modified at your will.
Ownership applies to folders too. A folder's owner is the user who created it. It will have full access rights on that folders and so on the content therein published. Be aware that a folder's owner cannot be removed from the folder's access list.
A complete permissions management system is designed to enable Platform Administrators to easily map company organization. At the same time, it defines how users can access content and which actions they can perform. Those permissions are defined within "Users" section in THRON Dashboard. Default permissions sets are assigned to users and groups through Roles. If necessary, you can assign a custom role, defining the permissions assigned to a specific user or group.
An authentication key that identifies a specific content sharing, such as an embed code. When the pkey is revoked or deleted, the content will no longer be usable through that specific sharing. Sometimes in the API it is referred to as sessId, which can be alternatively a pkey or user token.
THRON Player is the easiest way to access content: it's a document viewer as well as a multimedia player, it provides embedded tracking library and allows users to customize its appearance and behavior.
A human-readable label used to build SEO oriented URLs. In THRON Dashboard it may be referred to as "Title to be used on URLs". [multi-language][ Constraints: max length = 150 characters; only lower case chars, digits, "-", and "_" are allowed; no spaces allowed]
Each user has its own private folder. Private folder acts in a similar way to inbox folder of your mail client: it shows all content you created or received. Private folder is available (thus visible) only to the specific user accessing THRON. Content listed inside private folder may not be private (shared users and groups can be seen on Shareboard). Each user is provided with an additional personal area called “Trash”. This area hosts all removed content belonging to the user itself. Content inside Trash area can be restored without any further transcoding process or permanently deleted.
One or more profiles are used for content fruition: those profiles represent the available quality for the content itself. Profiles are specific sets of channels used for content playback. THRON presets are “Standard” and “HD” profiles; in addition, other custom profiles may exist, but it is advisable to contact our technical support for a discussion on the specific need.
Public folders mime the well known shared file server directory paradigm: a public folder is an area where you can put content you want to be accessible (with specific rights) to a defined set of users and groups. Public folders are defined by a name ([mandatory],[multilanguage]), an ID, and an optional parent folder.
Topmost level folders are often referred to as “main” folders and are the only folders where access rights can be managed. In order to keep simple the folder management, subfolders are forced to inherit access rights from their “main” folder, anyway, it will be possible to set a different access rights set on the subfolders.
Roles are specific sets of permissions that allow you to map a user's capabilities based on their role within your organization.
An artificial intelligence engine, fully integrated with THRON Platform, capable of analyzing content the moment they are published and automatically creating and assigning tags related to their topic. The elasticity of the engine in tags assignation is entirely configurable through system settings.
Tags created by the Semantic engine are "not categorized". Semantic engine will not generate multiple tags with the same name: if a tag already exists it will be associated to the content. Replacing content's version will trigger the update of tags associated by the engine.
Content sharing represents the action of content’s distribution and it can be expressed through a variety of different destinations. It is usually managed from the “Shareboard” interface available in THRON Dashboard.
Content can be shared by those users having the right to do so (see “Rights” for more info). Available destinations for content sharing are:
- Specific users: content will be available in target user’s personal folder
- Specific groups: content will be available in target group members’ personal folder
- Specific public folders: content will be available in specific public folder
- Social network: content will be available (read only) on specific social networks (Facebook and Twitter)
- Email: a link to a specific customizable webpage will be delivered via e-mail to external users
- Embed: content can be embedded (using THRON player) into external websites, you will be able to choose both classic embed and iframe.
- Link: content will be available in a specific customizable webpage
THRON handles the sharing process by means of a specific access key, called “pkey”, which is mandatory to access each specific content sharing. Each time a content is shared a new pkey is created.
Any content sharing is always revocable: from the time it is revoked the content is no longer accessible from that specific destination whether if it was a user, a group, a folder or an embed (websites and social networks are identified by means of a specific pkey).
Typically, only the owner of a content (and the other entities he has granted access to) will be able to access the content; the granted rights allow to operate on the content:
- with read-only operations (“the user can access and read the content”),
- modifying it (“the user can change the content’s thumbnail”),
- sharing it (“the user can share this content on a web page”).
In the latter case, it is possible not only to share the content to a physical user (or an application), but also to a third “unidentified” entity, which can be unlinked to THRON. In this case, the system links the content to this specific “sharing instance” identifying it with a pkey, an alphanumeric value which authenticates a specific embed. This is needed to grant that only authorized embeds can play the content. Protected content will not be played when a valid secure code is missing.
When a “non-THRON” entity tries to access a content, the platform checks that (in order)
- the pkey is present (non-empty string),
- the pkey is indeed associated to the content,
- the pkey is valid (non-revoked),
and if only all of these conditions have been correctly checked the content will be displayed.
A pkey is withdrawable at any moment; when a pkey has been withdrawn, the content won’t be accessible in the sharing context
The physical file that is the starting point on which the THRON content is built. The source file uniquely identifies the version of the content, each version corresponds to the uploading of a new source file. The source file is only available for downloading within THRON Dashboard to those users who have full access rights on the content. For security reasons, the source file of each content is not managed by THRON CDN, it is only stored internally. Hence, its distribution is not accelerated by any application or web service.
A tag is a concept expressing the answer to the question that identifies the relationship between an entity (content or contact) and the classification. Tags are organized into "trees" so if a content or a contact is tagged with a "child" tag, it will automatically inherit all the "parent" tags in the tree. Tags can be created in two ways (each kind of tag will have a different color):
- Manually, by those users having the proper administrative permission (default orange).
- Automatically, by the built-in Semantic Engine: a powerful tool that analyzes documents, audio and video content right after their publication, identifying keywords and main topics covered by the content itself (default purple).
Furthermore, we distinguish between:
- Categorized tags: tags created within the "Settings" section of THRON dashboard (or via web services) by a user with the relative permission, or tags which have been moved from "Not categorized" to "Categorized".
- Not categorized tags (Misc): tags created by the semantic engine which have never been categorized or tags created within the "edit" section of a content/user.
Tags can be linked to content/contacts in three ways:
- by a user with relative permission (from "edit" section of the content/user).
- by the Semantic engine (during content publishing process).
- by the Behavior engine (once a week, according to analytics).
The Intelligence classification that identifies, depending on the entity to which its tags are applied, the profile of people or the target audience of content.
THRON Multimedia Proxy
THRON Multimedia Proxy is an appliance based on Docker, properly built for native integration with THRON platform and its services. It has been created to be positioned within corporate LANs to accelerate content delivery thus improving user experience. THRON platform, combined with the extraordinary capabilities of the Multimedia Proxy, allows users to enjoy multimedia content up to fullHD quality with simplicity and without invading the ordinary performance of the enterprise network.
It has been designed to be deployed and configured within intranets, improving and/or optimizing Internet bandwidth for the internal use of multimedia content (live and/or on demand) which are served to different clients, desktops, Digital Signage terminals (e.g. totems or displays), in store radios, mobile devices and tablets. All contents are delivered by HTTP/HTTPS protocol for both static and multimedia content, http-streaming live and on-demand streaming (HLS for iOS and Android devices, HDS for “traditional” personal computers), assets like images, html, and other web interface elements assuming they are hosted within “weebo” or “thron” domain.
Moreover, THRON Multimedia Proxy can divert the entire multimedia traffic generated by the platform towards dedicated lines for all LAN users, thus separating the normal operation of the intranet from digital communication activities.
Media traffic within corporate LAN can potentially be very costly in terms of bandwidth usage, both in case of “live streaming” events and in case of “on demand” content distribution, thus quickly degrading intranet performance. By adopting THRON Multimedia Proxy all connections can be optimized in order to use bandwidth required for the playback of a single stream and/or file download: connectivity impacts only during the first access to content; all subsequent requests will be distributed from the local network. The following technical documentation is also available in the download area.
In this article you can find a comparison between THRON Multimedia Proxy and traditional WAN accelerators.
You can find more information on THRON Multimedia Proxy within the Marketplace.
THRON processes any content provided in order to improve its accessibility. An important processing step is Thumbnail generation: a thumbnail is a representative image of the content itself, to be used as preview. THRON generates multiple thumbnails for each content.
Thumbnails are public assets (they do not require any authentication to be accessed) and are usually retrieved with public content metadata, if you own documents with sensitive information we strongly recommend to replace their thumbnail (instructions can be found here)
Content thumbnail can be changed at any time.
Default settings provide different resolutions for content thumbnail:
Width: 4096 px; 1920px ; 1024px ; 720px ; 520px ; 340px ; 240px ; 160px ; 75px
Height: is calculated by preserving content's aspect ratio.
Thumbnail's quality is lower than a regular image in order to optimize its size and accessibility performances.
When managing documents instead of multimedia files, if the original content's format is supported then a thumbnail will be generated from the document's first page.
The following is a list of the supported document's formats for automatic thumbnail generation:
|Text files||txt; xml (managed as plain text)|
|Microsoft Office documents||doc; docx; docxm; ppt; pptx; pptxm; xls; xlsx; xlsxm|
|Open/Libre/Star Office Documents||ods; odt; odp; odf|
|Postscript File / Encapsulated Postscript||ps, eps|
|Image files||bmp; jpeg; jpg; gif; png|
If the content is a playlist, THRON will try to apply the thumbnail by copying it from one of the first five elements. If none of the first five elements has a thumbnail, THRON will apply a default image.
A label describing the content, often used for minimal content identification [mandatory], [multi-language] [150 characters max]. The title is referred to in the API with the "Name" parameter.
A unique session key that is generated after a successful authentication via username and password. It allows to use THRON API depending on the role of the user that generated it. Sometimes in the API it may be referred to as X-TOKENID or tokenId. Its validity ends after one hour of inactivity.
The Intelligence classification that identifies, depending on the entity to which its tags are applied, the topics covered by the content or the interests of individuals.
The preparation phase of the content, whether it is the first release or a version update, is called transcoding. During this phase the content is converted to all channels enabled to make it usable on all devices, the various versions of thumbnail are also generated and the content is scanned by the Semantic Engine.
THRON provides its users with a special area called “Trash”, in which all removed content are stored. There are two different levels of Trash.
The first level is the Personal Trash: this is the area where each user can find content that have been deleted and for which he is the owner, regardless of who deleted them.
The second level is the System Trash: here you will find all the content that have been deleted by users; in fact it is the sum of all Personal Trashes. This second level is accessible only by those users who have the specific Administrative Permission.
Within System Trash it is possible to determine content persistence (this parameter will effect both system and personal trash), which is the time before of which they are permanently deleted. Content in Trash can be either restored or permanently deleted by users. Once a content is moved to Trash, it will lose all its shares, while all the links with other content (attachments or recommended) will be preserved. If the content was used as recommended or attachment by other content, it will have to be re-linked.
IMPORTANT: Please note that once a content is deleted from trash (either manually or automatically), it will be PERMANENTLY deleted from the Platform, and it cannot be brought back in any way.
Users are people who have access to THRON Dashboard through authentication with a unique username and password. Each user is characterized in THRON by one or more roles that define their capabilities. Users can be put into groups, from which they will inherit the role, any acl attribution on content and visibility between members of the same group.
Each user also has its own “visibility” list. Thanks to this list, Administrators will be able to limit which users and groups a specific user will be able to interact with. All sharing actions within Dashboard and the ability to open new conversations within the Collaboration Center are subject to visibility; this means you cannot share a content with a user you do not see, nor open a conversation with him. Just like permissions, visibility is inherited by users within a group.
A unique alphanumeric identifier representing each content within THRON Platform.