(roll over for info)
The project is actively being worked on.
(DRAFT) OTT Streaming Security Checklist
This working group has written two papers, “Securing Video Streaming” and “Securing Video Player” where both papers provide examples of vulnerabilities and best practices to address them. While those papers are educational and informative, it does not provide an end-to-end view of what OTT service providers should consider. As more direct-to-consumer OTT apps are making its way to the marketplace, it will be helpful to provide a checklist in one place that a newcomer can reference which contains a list of the security options in use by contemporary OTT services. This ensures that security options are taken into consideration every step of the way during the design/architecture phase. This will also provide an understanding of potential security risk when certain security options are foregone. The content will cover all aspects of an OTT service – Password policy, geo-location, DRM, concurrency management, etc.
Estimated Publication Date: Q2 2023
Goals and Objectives
- It is a list of the common controls used in streaming services. “That’s a good idea – I should explore further.”
- It is not mandatory. The checklist simply lists controls in common use. Operator requirements will vary.
- It will focus more on consumer content streaming rather than other areas – IT/cloud/content handling/etc.
- It may span both product and technical controls.
- It will include a simple description for each control.
- It will include detailed controls where it adds value, but we will generally aim for coverage rather than depth.
- It will include notes to give additional information where required. (e.g. this control protects against xyz).
- It will avoid configuration or implementation information.
- User Management (Login, etc)
- Playback Control
- Usage Rules (Concurrency limits, etc)
- Data Center
- Operational Processes (Non-streaming specific)
The following members have contributed to this project. Click on their name to visit their profile. If they have not published their profile, the link will redirect to their LinkedIn profile.