AMWA BCP-003 Security Recommendations for NMOS APIs
Security is an essential foundation of networked media workflows. For NMOS this means that APIs need to provide:
- Confidentiality: Data passing between client and the APIs is unreadable to third parties.
- Identification: The client can check whether the API it is interacting with is owned by a trusted party.
- Integrity: It must be clear if data travelling to or from the API been tampered with.
- Authentication: The client can check if packets actually came from the API it is interacting with, and vice versa.
- Authorisation: The API can determine whether the client interacting with it has authorisation to carry out the operation requested.
The BCP-003 set of recommendations help provide these features using widely adopted technologies used for the web:
- BCP-003-01 recommends securing API communication using TLS 1.2 or better.
- BCP-003-02 recommends using OAuth 2.0 authorisation using JWT, as per IS-10.
- BCP-003-03 recommends using Enrollment over Secure Transport for certificate provisioning.
- INFO-002 provides guidance for implementers.