Equilibrium OneViewer for Office 365 is a SharePoint Provider-Hosted Add-In authorized by Microsoft. Equilibrium is a Microsoft Enterprise Cloud Alliance partner.
OneViewer for it’s normal operation uses the standard SharePoint User Authentication and Authorization Systems. It also uses the standard Add-In Authentication and Authorization Systems. At installation time the Add-In will prompt the Administrator for the appropriate permissions to carry out its functions.
Regarding Add-In Authorization, OneViewer uses all 3 policies (user-only policy, user+add-in policy, or add-in-only) as needed. It does this as part of the low-trust authorization system for SharePoint Add-ins, which employs OAuth 2.0 and Azure ACS as the access token issuer.
Specifically related to files: all original binaries are stored in SharePoint normally, unaltered by OneViewer. As needed these binaries may be transferred to the OneViewer Provider-Host where derivatives are created and cached. These derivates are stored and managed by the Provider-Host in OneViewers cache. This management may include altering or deleting the cached derivatives. Metadata about the originals and derivatives may also be stored in the SharePoint Items and at times altered by the Add-In, but not the never the original binaries of the uploaded files.
This enables OneViewer for Office 365 to provide a seamless viewing and collaboration experience
For additional information about Microsoft’s Authentication and Authorization of SharePoint Provider-Hosted Add-Ins, see: