—CableLabs has published a new specification to help simplify and standardize the way video services are provided to subscribers who want to watch video on devices other than their home televisions, such as through Internet-connected PCs and mobile phones. The "Online Content Access" or OLCA spec, defines the protocols to be used between MVPDs (Multichannel Video Programming Distributors) and programmers that own the content. These protocols are necessary to ensure that viewers are properly identified and have paid for the rights to watch programs on alternate platforms.
The specification was developed by CableLabs, the same standards organization that developed the DOCSIS specs for cable modems, in conjunction with Comcast and Time Warner Cable. This spec is a result of a process that kicked off with an RFI published over a year ago. At that time, Time Warner Cable president and CEO Glenn Britt said "our intention is to make this technology open and non-exclusive." Services that have already launched prior to the OLCA spec, such as HBO GO, use a proprietary system for validating each viewer prior to delivering content. Scaling up to provide these same functions in an environment with hundreds of cable channels would be difficult without industry standards.
"Industry adoption of common authentication and authorization mechanisms for Online Content Access will simplify the technical integration process with programmers and will help to ensure a consistent experience for subscribers," CableLabs said, upon release of the spec.
Fig. 1: Relationships between the three main actors in an OLC A transaction: Customers, Programmers and MVPDs.
There are three main actors that participate in an OLCA transaction, according to the new spec. MVPDs are traditional cable MSOs, but the category includes many other multichannel programming distributors such as direct-to-home satellite providers and IPTV providers. Programmers are suppliers of content for distribution by an MVPD, including a wide variety of basic and premium cable channels. Customers are viewers who want to obtain access to the content on devices other than their home televisions. The relationships between these three actors are shown in Fig. 1.
The basic scenario covered in the OLCA begins with the Subscriber accessing the Programmer's website and deciding to view some content. The Programmer then redirects the Subscriber's web browser to the MVPD website, where the Subscriber is Authenticated. Control passes back to the Programmer's website, where a list of suitable content is prepared and displayed to the Subscriber. Once a selection has been made, the Programmer verifies that the Subscriber is authorized to view the content by communicating with the MVPD to confirm that the Subscriber is Authorized. As soon as that is completed, the content can begin to play.
DETERMINING WHO'S WHO
Two security functions need to be completed before content is delivered to a viewer. The first is Authentication, which verifies that a user accessing the website is actually a subscriber to the MVPD. The second is Authorization, which determines if the subscriber has permission to receive the content they desire.
Authentication is required because customers will want to access the content from a variety of different platforms and locations, so some means is necessary for subscribers to "log in" and verify their identity. Normally, this takes the form of a user name and password. Rather than have subscribers sign up with an account at each of the different programmers, single-sign on technology is used. This means that the customer only has to remember one user name and password, along with the name of the MVPD that they subscribe to. When the customer's browser connects to the Programmer, the connection is redirected to the MVPD website, where the login name and password are validated. Control then shifts back to the Programmer's website, where authenticated users are allowed to select the desired content.
Authorization is required because authenticated customers may or may not be able to watch certain content items, depending on their current subscription status. For example, a customer may be an authentic subscriber of a cable MSO, but may not be a customer of a particular channel. In this case, the subscriber would not be allowed to view content that is outside the subscriber's list of subscriptions.
The OLCA spec uses SAML (Security Assertion Markup Language) to implement web browser single sign-on technology. This is important, because it avoids requiring the Customer to set up multiple accounts to access content across web portals from different Programmers. Also, some degree of privacy is maintained, because the Programmers never have to process the Customer credentials. In addition, the MVPD is not involved with the actual delivery of the content to the Customer.
Download the spec here.