Earlier this week I discussed SAML and how it meets the requirements around TV Everywhere authentication. While SAML 2.0 looks to be the de facto solution for solving the TV Everywhere authentication problem, there is still some debate as to what mechanisms and protocols will be used to address how authorization decisions are made by the MVPD's on behalf of the programmers. XACML is the leading candidate, but XACML is only a starting point that defines the syntax for expressing an authorization query and an authorization response.
The first question is to define an appropriate back-channel protocol to convey the XACML authorization queries and responses between programmers and MVPD's. This could be achieved via the XACML profile for SAML, or even via a simple REST API.
In addition a TV Everywhere specific taxonomy for authorization queries that programmers ask of MVPD's needs to be defined. This taxonomy is dependent on the business rules that will be established for TV Everywhere. For example, if the user is trying to watch an R-rated program then the programmer needs to check with the MVPD before making the content available to the user. The query could be one of 'What is the users birth date?, 'Is the user over 18?' or 'Can this user watch Mature content?'.
Another issue is that, unlike books and ISBN numbers, there is no globally unique identification system for programming content. Each MVPD and programmer has its own content classification and identification system. This becomes problematic if the MVPDs need to make authorization decisions based on the specific program each user is attempting to watch. What do you do in federated authorization model where the object or resource (i.e. the program) is known by a different identifier at the programmer and the MVPD? Best case is to define an MVPD neutral identification scheme for all programming content.
The TV Everywhere industry is driving to have this all wrapped up by September 2010. It should be a fun ride participating in this effort and watching it all unfold.