It’s true, we are a long way off from seeing serious uptake of SharePoint 2013. In fact, most organizations are still using SharePoint 2007 despite the advantages that 2010, and 2013, are offering. But that doesn’t mean we can’t take some time to consider how this latest version of SharePoint will change the way we implement new applications within our companies.
SharePoint as a Platform
We could simply implement SharePoint as a simple team-based collaboration tool, that’s probably the most common use of SharePoint. And it would work perfectly fine. But that’s not using SharePoint to its fullest extent. SharePoint isn’t a product, it’s a platform. And as a platform, it is both customizable and extensible.
While Microsoft focuses on ensuring core collaboration, document management and social capabilities are built into the platform, it depends on partners and other third party application developers to build applications that enhance these basics with richer functionality.
It’s these applications that take SharePoint to the next level, and with SharePoint 2013, there’s a new flexible licensing model that has changed the whole idea of distributing these applications to end users.
Your SharePoint-Based Apps
SharePoint 2013 changes the way third party vendors can offer applications to you. With the new cloud app model, apps are now self-contained, and can offer distinct pieces of functionality that either add to, or extend SharePoint’s core functionality.
Mike Ferrara gives a great overview of the new SharePoint App Model, so there’s no need to go into the details here. It’s this new licensing model and how data is shared between SharePoint and third party apps that interests me.
An Overview of the SharePoint 2013 Licensing Model
The new licensing framework is optimized for services and is all about protecting application content. This is an opt-in framework, but if offers some great features that developers can take advantage of.
For starters, Microsoft provides the Office Store for licensed apps. It also offers APIs and services that developers use to retrieve, verify and act on license information. This allows developers to include code in their apps that enforce the legal use of their application. App license categories for SharePoint based apps are Free Trial, Paid and Site (for Office apps, it’s Free, Trial and Paid).
If the app is going through the Office store, it must go through a validation process, but if it’s internal to the organization it doesn’t need to (this is called side loading apps).
SharePoint 2013 provides an administrative interface for app license management. Licenses are downloaded to a specific SharePoint deployment (managed through App Management Shared Services) and it’s through this interface the app purchaser manages how the app is used, assigning a license to a particular user(s), farm, or deployment ID, or delegating the management of the license to others.
Note that although the license framework is offered by Microsoft and the Office store does store the licenses and the renewal of license tokens, the actual work to include and enforce the license in the app is done by the app developer, not Microsoft. Microsoft does include a verification system built into the cloud that monitors issuance and verification licenses for potential abuse and, if necessary, can revoke a license.
Remote Apps and SharePoint Data
Along with the licensing model, the other interesting aspect of the new SharePoint App Model is that remote applications can now manipulate information within SharePoint. Consider the app that is simply a button, a control or a web part that works within SharePoint. Microsoft places that feature in an iFrame and then delegates the task of rendering content to a remote app located somewhere else.
This app may actually sit in a cloud hosted environment such as Azure, or even Amazon. Using the standard OAuth protocol, SharePoint and the app exchange symmetrical keys. The first is a context token which provides the remote app the current context (the user, the SharePoint web rendered). This token is used by the remote app to request an Access token from SharePoint that then allows that remote app to take some action on SharePoint content.
This is a somewhat simplified description of what happens. What’s important to understand is that now app developers can create these remotely hosted SharePoint applications and have data travelling around the world between datacenters that is completely secure.