Networked Media Open Specifications

HOME DOCS

Docs for main

Overview

Prerequisites

JSON Web Tokens (JWT)

Authorization Server Setup

Implementing Authenticated API Calls

Node to Authorization Server Interactions

Node to Registry Interactions (IS-04)

Controller to Authorization Server Interactions

Controller to Registry (IS-04) and Node Interactions (IS-05, IS-08)

Event and Tally Interactions (IS-07)

Validating Access Tokens

Development Resources

VERSIONS

Branches

main

No releases yet

IS

Interface Specifications

IS-04: Discovery & Registration

IS-05: Device Connection Management

IS-07: Event & Tally

IS-08: Audio Channel Mapping

IS-09: System Parameters

IS-10: Authorization

IS-11: Stream Compatibility Management

IS-12: Control Protocol

IS-13: Annotation

BCP

Best Common Practices

BCP-002-01: Natural Grouping

BCP-002-02: Asset Distinguishing Information

BCP-003-01: Secure Communications in NMOS Systems

BCP-003-02: Authorization in NMOS Systems

BCP-003-03: Certificate Provisioning in NMOS Systems

BCP-004-01: Receiver Capabilities

BCP-005-01: EDID to Receiver Capabilities Mapping

BCP-006-01: NMOS With JPEG XS

BCP-006-02: NMOS With H.264

BCP-006-03: NMOS With H.265

MS

Data Model Specifications

MS-04: ID & Timing Model

MS-05-01: NMOS Control Architecture

MS-05-02: AMWA NMOS Control Framework

MS-05-03: AMWA NMOS Control Block Specs

INFO

Informative Documents

INFO-002: Security Implementation Guide

INFO-003: Sink Metadata Processing Architecture

INFO-004: Implementation Guide for DNS-SD

INFO-005: Implementation Guide for NMOS Controllers

INFO-006: Implementation guide for NMOS Device Capabilities Control

REG

Parameter Registers

General Procedures and Criteria

Capabilities

Device Control Types

Device Types

Flow Attributes

Formats

Node Service Types

Sender Attributes

Source Attributes

Tags

Transports

Transport Parameters

DEVEL

Developer Links

GitHub Repo

API Testing Tool

CI Dashboard

SEARCH

NMOS Security Implementation Guide: Overview

Index↑ · Prerequisites→

Scope

This document is intended as a guide for implementers who want to add security to their NMOS Nodes and Controllers.

Following feedback from implementers, the focus of this document is currently on implementing NMOS Nodes and Controllers with support for IS-10 and BCP-003-02. However, this is a living document and guidance on the use of other NMOS security specifications will be added as necessary.

Use of Normative Language

This document is a guide to the AMWA NMOS security specifications only and not a specification itself. It provides informational guidance around the normative requirements of the relevant specifications. If there are any inconsistencies between this guide and the specifications then, unequivocally, the specification is correct. Any normative language key words found in this document are not to be interpreted as RFC 2119 key words.

Adding Authentication to API Calls

IS-10 authorization is based on OAuth 2.0 and so adding authorization to your IS-04, IS-05, IS-07 and IS-08 API calls simply involves adding an Access Token to the HTTP header of your requests, whether that be a Node interacting with a Registry, or a Controller interacting with a Registry or Node. Additional requirements that are specific to particular APIs are defined by BCP-003-02.

Getting an Access Token

Both NMOS Nodes and Controllers can retrieve Access Tokens from an Authorization Server.

Validating API Calls

If you receive an authenticated API call you will need to check that the token you’ve received is valid.

Getting Started

There is some prerequisite knowledge needed and some suggested resources to help get you started.

Terminology

The use of OAuth 2.0 terminology has been adopted in the IS-10 specification. OAuth 2.0 was originally developed for allowing web apps to access protected resources, where the web app is the Client and the protected resource is the Resource Server. However, the NMOS Node acts as both a Client (when, for instance, registering with the NMOS Registry) AND as a Resource Server (when, for instance, accepting a connection request). For this reason the Node is sometimes referred to as the Client and sometimes as the Resource Server depending on context.

Index↑ · Prerequisites→

Documentation built at 13:06:13 CDT on 2023-07-12.
(c) AMWA 2023. RAML/JSON licensed under Apache 2.0. Documentation licensed under CC BY-ND 4.0.