Open Caching Relayed Token Authentication

Project Status:

Completed

Start:

June 1, 2019

Estimated Completion:

March 1, 2020
  • Home
  • Open Caching Relayed Token Authentication

Share this page:

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on print

Problem Statement

URL tokenization is a crucial element of an overall streaming video security approach. The current Open Caching design and specifications needed to provide support for authenticating tokenization.

Project Description

The security of delivering video streams, from origin to edge cache and from edge cache to player, is of critical concern to video distributors. Although DRM and other security mechanisms provide a way to protect the playback of content to only authorized viewers, these mechanisms must be employed in conjunction with other security features like URL tokenization. Prior to this project, the Open Caching specifications did not provide support for authenticating tokenized URLs (which is often used within CDN environments for the delivery of video streams and assets). By providing for this functionality, Open Caching can be included in a video distributors ecosystem of caches and service providers.

Current Document

Open Caching Relayed Token Authentication

This document describes the functional specification of open-caching relayed-token-authentication mechanism. The focus is on generically supporting URI signing using this method. There are additional applications – like user Cookies, which are mentioned in this document without getting into the specifics. While multiple different CDNs, as well as CDNi, support Tokenization in alternative methods, the goal of this implementation is to support all of these different formats via the relay authentication mechanism.

Goals and Objectives

The objectives and goals of this project are:
  • Develop a comprehensive mechanism to allow for token authentication using an existing tokenization scheme currently employed in the marketplace.
  • Design a relay authentication workflow that:
      • Enables an Open Cache Node (OCN) to authenticate a token without requiring sharing of secure keys beyond existing participants in the delivery chain.
      • Requires little or no change by a content provider so that they can continue to use their existing token authentication setup across different providers with any OCN.
      • Works with existing Open Caching specifications.

Project Scope

The document produced from this project will PROVIDE:
  • An overview of the relay authentication workflow for CDN URI tokenization.
  • Instructions on how to authenticate sessions between different OCN and CDN participants.
  • Examples of tokenization, methods for verification, and suggestions for logging behavior.
This document will NOT PROVIDE:
  • Need some stuff here…

Contributors

The following members have contributed to this project. Click on their name to visit their profile. If the have not published their profile, the link will redirect to their LinkedIn profile.

Presentations

The following presentations delivered during Open Caching working group sessions may provide additional information about this project.
Scroll to Top
X