Networked Media Open Specifications

HOME DOCS

Docs for main

Overview

VERSIONS

Branches

main

Releases

*

IS

Interface Specifications

IS-04: Discovery & Registration

IS-05: Device Connection Management

IS-07: Event & Tally

IS-08: Audio Channel Mapping

IS-09: System Parameters

IS-10: Authorization

IS-11: Stream Compatibility Management

IS-12: Control Protocol

IS-13: Annotation

BCP

Best Common Practices

BCP-002-01: Natural Grouping

BCP-002-02: Asset Distinguishing Information

BCP-003-01: Secure Communications in NMOS Systems

BCP-003-02: Authorization in NMOS Systems

BCP-003-03: Certificate Provisioning in NMOS Systems

BCP-004-01: Receiver Capabilities

BCP-005-01: EDID to Receiver Capabilities Mapping

BCP-006-01: NMOS With JPEG XS

BCP-006-02: NMOS With H.264

BCP-006-03: NMOS With H.265

MS

Data Model Specifications

MS-04: ID & Timing Model

MS-05-01: NMOS Control Architecture

MS-05-02: AMWA NMOS Control Framework

MS-05-03: AMWA NMOS Control Block Specs

INFO

Informative Documents

INFO-002: Security Implementation Guide

INFO-003: Sink Metadata Processing Architecture

INFO-004: Implementation Guide for DNS-SD

INFO-005: Implementation Guide for NMOS Controllers

INFO-006: Implementation guide for NMOS Device Capabilities Control

REG

Parameter Registers

General Procedures and Criteria

Capabilities

Device Control Types

Device Types

Flow Attributes

Formats

Node Service Types

Sender Attributes

Source Attributes

Tags

Transports

Transport Parameters

DEVEL

Developer Links

GitHub Repo

API Testing Tool

CI Dashboard

SEARCH

AMWA BCP-003 Security Recommendations for NMOS APIs

Index↑

Security is an essential foundation of networked media workflows. For NMOS this means that APIs need to provide:

• Confidentiality: Data passing between client and the APIs is unreadable to third parties.
• Identification: The client can check whether the API it is interacting with is owned by a trusted party.
• Integrity: It must be clear if data travelling to or from the API been tampered with.
• Authentication: The client can check if packets actually came from the API it is interacting with, and vice versa.
• Authorisation: The API can determine whether the client interacting with it has authorisation to carry out the operation requested.

The BCP-003 set of recommendations help provide these features using widely adopted technologies used for the web:

• BCP-003-01 recommends securing API communication using TLS 1.2 or better.
• BCP-003-02 recommends using OAuth 2.0 authorisation using JWT, as per IS-10.
• BCP-003-03 recommends using Enrollment over Secure Transport for certificate provisioning.
• INFO-002 provides guidance for implementers.

Index↑

Documentation built at 13:05:12 CDT on 2023-07-12.
(c) AMWA 2023. RAML/JSON licensed under Apache 2.0. Documentation licensed under CC BY-ND 4.0.