Ping Identity > Blogs > PingTalk 

PingTalk Blog

TV Everywhere and Federated Authorization

Earlier this week I discussed SAML and how it meets the requirements around TV Everywhere authentication.  While SAML 2.0 looks to be the de facto solution for solving the TV Everywhere authentication problem, there is still some debate as to what mechanisms and protocols will be used to address how authorization decisions are made by the MVPD’s on behalf of the programmers. XACML is the leading candidate, but XACML is only a starting point that defines the syntax for expressing an authorization query and an authorization response.

The first question is to define an appropriate back-channel protocol to convey the XACML authorization queries and responses between programmers and MVPD’s. This could be achieved via the XACML profile for SAML, or even via a simple REST API.

In addition a TV Everywhere specific taxonomy for authorization queries that programmers ask of MVPD’s needs to be defined. This taxonomy is dependent on the business rules that will be established for TV Everywhere. For example, if the user is trying to watch an R-rated program then the programmer needs to check with the MVPD before making the content available to the user.  The query could be one of ‘What is the users birth date?,  ‘Is the user over 18?’ or ‘Can this user watch Mature content?’.  

Another issue is that, unlike books and ISBN numbers, there is no globally unique identification system for programming content. Each MVPD and programmer has its own content classification and identification system. This becomes problematic if the MVPDs need to make authorization decisions based on the specific program each user is attempting to watch.  What do you do in federated authorization model where the object or resource (i.e. the program) is known by a different identifier at the programmer and the MVPD? Best case is to define an MVPD neutral identification scheme for all programming content.

The TV Everywhere industry is driving to have this all wrapped up by September 2010. It should be a fun ride participating in this effort and watching it all unfold. 

 

Comments

Paul Madsen, January 29, 2010 9:51am

if you used the SAML-OAuth hybrid to get the OAuth tokens to the programmer, you could secure the REST API with OAuth

paul

Reply

Giedrius Trumpickas, January 29, 2010 4:04pm

I think correct statement is that programmer will check with MVPD if the user can consume content and it's up to MVPD to make decision based and various attributes about the user and the content - user subscription level, age, content consuming device, content metadata. In addition to that XACML Obligations and Advice semantical constructs can be used to communicate additional information to the programmer. For example user can consumer regular quality content but not HD content

Reply

Joe L., January 20, 2011 10:27am

I wanted to comment on the TV Everywhere. I work at DISH and I am a consumer. I like that DISH allows me to maximize my TV enjoyment with TV Everywhere. I can take my Iphone and go where ever and watch TV. I watch it on my laptop too, and it’s great! I can never go back now that I have my shows at my time when and where ever.

Reply

Paul Madsen, January 20, 2011 11:29am

Hi Joe, coincidentally I'm representing Ping at TVE meetings this week. Also attending is a DISH colleague of yours

paul

Reply

Add your comment