Networked Media Open Specifications

DOCS

Docs for v1.0.0

Overview

APIs

Discovery

Behaviour

Behaviour - Authorization Servers

Behaviour - Clients

Behaviour - Token Requests

Behaviour - Access Tokens

Behaviour - Resource Servers

Definitions

Upgrade Path

APIS

RAML APIs for v1.0.0

Authorization API

ServerMetadata API

JSON Schemas for v1.0.0

auth_metadata

jwks_response

jwks_schema

register_client_error_response

register_client_request

register_client_response

token_error_response

token_response

token_schema

EXAMPLES

JSON Examples for v1.0.0

access_token

auth-metadata-get-200

auth-metadata-issuer-get-200

jwks-get-200

register-authorization-code-grant-client-post-201

register-authorization-code-grant-client-post-request

register-client-credentials-grant-client-post-201

register-client-credentials-grant-client-post-request

register-client-post-201

register-client-post-400

token-post-200

token-post-400

VERSIONS

Branches

v1.0.x

publish-fix-113

publish-fix-111

Releases

v1.0.0

IS

Interface Specifications

IS-04: Discovery & Registration

IS-05: Device Connection Management

IS-07: Event & Tally

IS-08: Audio Channel Mapping

IS-09: System Parameters

IS-10: Authorization

IS-11: Stream Compatibility Management

IS-12: Control Protocol

IS-13: Annotation

IS-14: Device Configuration

BCP

Best Common Practices

BCP-002-01: Natural Grouping

BCP-002-02: Asset Distinguishing Information

BCP-003-01: Secure Communications in NMOS Systems

BCP-003-02: Authorization in NMOS Systems

BCP-003-03: Certificate Provisioning in NMOS Systems

BCP-004-01: Receiver Capabilities

BCP-005-01: EDID to Receiver Capabilities Mapping

BCP-006-01: NMOS With JPEG XS

BCP-006-02: NMOS With H.264

BCP-006-03: NMOS With H.265

BCP-007-01: NMOS With NDI

BCP-008-01: NMOS Receiver Status

BCP-008-02: NMOS Sender Status

MS

Data Model Specifications

MS-04: ID & Timing Model

MS-05-01: NMOS Control Architecture

MS-05-02: AMWA NMOS Control Framework

MS-05-03: AMWA NMOS Control Block Specs

INFO

Informative Documents

INFO-002: Security Implementation Guide

INFO-003: Sink Metadata Processing Architecture

INFO-004: Implementation Guide for DNS-SD

INFO-005: Implementation Guide for NMOS Controllers

INFO-006: Implementation guide for NMOS Device Capabilities Control

REG

Parameter Registers

General Procedures and Criteria

Capabilities

Device Control Types

Device Types

Flow Attributes

Formats

Node Service Types

Sender Attributes

Source Attributes

Tags

Transports

Transport Parameters

F-SETS

Control Feature Sets

Identification

Monitoring

DEVEL

Developer Links

GitHub Repo

API Testing Tool

CI Dashboard

SEARCH

IS-10 ➤ releases ➤ v1.0.0 ➤ docs ➤

Definitions

←Behaviour - Resource Servers · Index↑ · Upgrade Path→

See also the NMOS Glossary for concepts regarding the JT-NM reference architecture, and definitions within RFCs.

The below definitions are based on the OAuth 2.0 spec.

API

An HTTP/WebSocket Application Programming Interface as defined in an AMWA NMOS Specification (e.g. IS-04, IS-05, IS-06, etc.)

Protected Resource

Any part of the API that is access-restricted. This may apply to read (e.g GET) or write (e.g POST) operations.

Resource Server

The entity that is providing APIs containing protected resources, for example:

• a Registry implementing IS-04 Registration and Query APIs
• a Node implementing IS-04 Node API and IS-05 Connection API.

Resource Owner / End-User

An entity capable of granting a client access to a protected resource. When the resource owner is a person, it is referred to as an end-user.

Authorization Server

The server hosting the Authorization API. It is responsible for the issuing of authorization codes and Access Tokens to registered clients, after successfully authenticating the client and resource owner and obtaining authorization.

Client

The entity, usually a Web Application, Native application, or SPA (Single Page Application) that is attempting to act on the user’s behalf or access a Protected Resource. A client must register with the Authorization Server before being able to request tokens. Once registered, the client is assigned client credentials in the form of a client_id and, for confidential clients, a client_secret. Clients are usually deemed to be Confidential or Public based on their ability to authenticate securely with the Authorization Server.

Within NMOS this may be:

• a Node registering with a Registry using the IS-04 Registration API
• a monitoring application querying Nodes using the IS-04 Query API
• a connection control application using the IS-05 Connection API

Access Token

A short-lived JSON Web Token (JWT) that may be used by a client to access Protected Resources on the Resource Server. It consists of a JSON object in which each key:value pair is referred to as a claim.

Bearer Token

A Bearer Token is passed from the Authorization Server to the client after successful authentication of the request. Section 5.1. of RFC 6749 defines it as consisting of:

• an access_token - this is the JWT used to access a protected resource.
• an expires_at value - this coincides with the lifetime of the Access Token
• a token_type - always “Bearer” within the scope of this document
• a refresh_token (OPTIONAL) - this is present depending on the grant type. Refresh Tokens can be used to retrieve further Access Tokens from the Authorization Server if the shorter-lived Access Token has expired.
• a scope (OPTIONAL) - if the scope granted by the Authorization Server differs from the requested scope in the authorization request, the granted scope must be included in the Bearer Token.

←Behaviour - Resource Servers · Index↑ · Upgrade Path→

Documentation built at 14:25:50 CST on 2024-11-19.
(c) AMWA 2024. RAML/JSON licensed under Apache 2.0. Documentation licensed under CC BY-ND 4.0.