Getting into the Weeds with TV Everywhere

I am excited for TV Everywhere (TVE). It will allow me to watch TV on my time, but controls the content to allow me to only watch programs that I pay for. Without paying customers there wouldn't be great programming to watch. Looking at my favorite TV apps on my iPad, the ones that I use the most are the ones that have TVE authentication.

Luke posted earlier this month about strategizing for TVE. One of the points he brought up is to provide great TVE solution, there needs to be assurance that the right 'plumbing' is in place. Lets take a closer look at the plumbing and the authentication platforms that make TVE possible.

TV everywhere, simplified, is a verification system that allows content providers to verify that the user has actually paid for the content. For example, if I run a TV channel called TomTV that reports on Chipotle Burritos and Android Phones, it is hard to be able to verify that a user has paid for my content on my website (that information is kept by the cable provider, not TomTV). This is the problem that TVE authentication attempts to solve.

In the security space, this is generally called federated authentication or trusted authentication. Authentication federations are set up to handle single-sign-on, and provide a pleasant login experience for the end user. This occurs by establishing security protocols and trust between different systems. As a web/mobile user, you experience this every time you use Facebook authentication to use a non-facebook service. There is established trust between the 3rd party that Facebook will authenticate the user. As TomTV, I need to trust a cable provider to authenticate (authn) and authorize (authz) a user to view my content. There are many different technologies under the hood that make federated authentication possible (such as OAuth, Open ID, and SAML). At a higher level though, there are solutions that have already implemented these technologies and have protocols to leverage their systems. Two of the most common systems for TVE authentication are Adobe Pass and Akamai['s Sola Vision Identity Services.

Both Adobe Pass and Akamai Identity Services provide steps for multichannel video programming distributor (MVPD) to register as an authentication provider. These authentication providers can be used to authenticate and authorize a user. This is very important for TVE authentication because a user could possibly authenticate at multiple places (such as Comcast, Verizon or Dish Network).

That being said, below is a common workflow for TVE authentication:

  1. The user goes to a website to view a catalog of videos to be watched. Some videos may require authorization, and some may not.
  2. If the user clicks on a video that requires authorization, a dialog is displayed that shows common MVPD for the user to choose where they want to authenticate.
  3. When the user selects their MVPD - they are redirected to a login page to input credentials.
  4. If the user can authenticate, they are redirected back to the videos page.
  5. When selecting the video that requires authorization again, communication happens behind the scene to gather an authorization token. This token is a statement from the system that the user can play the video and requires verification at the server hosting the video. This is transparent to the end user.
  6. If the token can be verified, the video will be returned and will play for the user.

Where does Brightcove come into play?

Brightcove can act as either a validator of the token and/or the video player. This is based on the platform used for TVE authentication. With Adobe Pass, there is a token validator implemented by Brightcove that sits infront of the video to protect the full video URL until the user can be authenticated. With Akamai's Sola Vision Identity Services, the URL of the video asset is not protected, but the content requires authorization to be accessed. The token is validated in Akamai's Universal Streaming service, where the video is hosted.

To be able to provide TVE authentication, the video player will need to understand how to handle passing the token correctly for each individual platform. This functionality is already built into the Brightcove Video Cloud player. This was designed carefully to give the developer the ability to integrate both player-driven and page-driven workflows.

Want to learn more? Reach out to your Account Manager for more information on the options for TVE authentication.