Right-- you have to site-license for anyone that has access to download, basically. If the school has ONE account, then all content is available (theoretically) to everyone on the network. The alternative is building specific pages to act as content gateways, and recognizing individual devices by ID and governing what content is permitted for the device.
I know this because Pearson/Connections uses this kind of model and so we've gotten used to some of the peculiarities of DRM and how the work-arounds have to operate in order to pinch pennies. It's cheaper for them to send textbooks to math tutors than it is to provide them with the links to the iTexts, or at least some of the time it works out that way. I'm not entirely sure if the reason is number of downloads, or if it's number of unique IP's, but either way, it leads to weirdness.
I also know that I can get to things that theoretically are only available to staff-- if I know the URL, that is. So it's not IP governing access. It's controlling who gets the link.
In an app-store model, that doesn't work. Because a third-party is the content host.
