Online Multimedia Authorization Protocol

OATC standards secure back-end data exchanges between content websites/applications and MVPD billing and authentication systems that preserve consumer anonymity and privacy. In addition, the standards define the architecture, protocols and data formats needed to build and deploy interoperable systems that authorize access by consumers. The OATC OMAP specification is a voluntary open standard that provides MVPDs and programmers with consistent technology guidelines for verification service systems that make customers’ subscription content available online across a variety of Internet-based platforms. Multimedia content publishers and distributors are expanding their reach beyond traditional outlets to include a broad range of Internet connected devices, enabling greater consumer access, choice and convenience. Extending subscription and related business models to provide consumer access to media content over the Internet requires new methods of securely authorizing users, their devices and client software. Consumers want these methods to provide a simple and consistent experience, avoiding unfamiliar, intrusive or frequent logins which could discourage usage and broad adoption. They should enable sites and applications to provide customized search results, navigation and personalization while ensuring that the consumer’s identity and privacy are adequately protected. For technology vendors and third-party service providers these methods must provide interoperability, enabling them to develop value-added services and commercial solutions that can be used across the entire TV ecosystem on the Internet. This specification addresses Authorization – the process of granting or denying access to a network resource, e.g. protected media content. It defines the architecture, protocols and data formats needed to build and deploy interoperable systems that authorize access to protected media content on any Internet-connected device. User Authentication, which validates the consumer’s identity, is out of scope. Various authentication methods, such as SAML 2.0, may be used as needed in conjunction with this specification This specification is compliant with the OAuth 2.0 protocol. OAuth 2.0 provides support for both browser and native applications, is natively RESTful with strong developer framework support, and has broad and growing industry adoption. The OAuth 2.0 specification uses JSON data structures. JSON (JavaScript Object Notation) is a lightweight, text-based, data interchange format for the portable representation of structured data. This specification uses additional JSON based specifications for web tokens, encryption and digital signatures.