Transcript User logs in the Service Provider Authentication and Authorization

A conditional access proposal for IP
based Video on Demand
Antonio F. Gómez Skarmeta
University of Murcia (Spain)
Dublin, 23-24 February
VIDIOS develops an advanced
IP/MPLS high quality video
distribution service.
VIDIOS assumes a federated provider
environment. Interfaces and protocols
are based on standardised interfaces.
Dublin, 23-24 February
Vidios Main Goals
• Reutilizes already deployed core infrastructure mainly based in MPLS
and DSL broadband access as widely adopted users internet
connection
• Uses standardised protocols:
–
–
–
–
–
RTSP. Real Time Streaming Protocol
SRTP. Secure Real-time Transport Protocol
MIKEY. Multimedia Internet KEYing
DIAMETER. AAA Protocol
SAML. Security Assertion Markup Language
• Offers an improved Video Quality getting through network errors using
state of the art codecs (H.264) and error recovery algorithms
• Frees users of being technical experts
• Admission Control guarantees QoS
• Offers users only the contents they are paying for based in an access
level model (conditional access) preserving DRM
Dublin, 23-24 February
General Overview
ISP customer
DSL
Modem
Carrier
Broadband
Access Router
Content provider
AAA
Carrier LER
Carrier Network
Core POP
ISP
Multimedia
Content
Server
Cache
• Assume a confederation of domains
• AAA infrastructure contains access-levels and subscriber information
about the customer and contents.
• It is used to reduce interactions between end user and the other
players
• It is used to simplify accounting between all partners
Dublin, 23-24 February
User perspective
• The video service automatically ensures that
the customer access allows for one or more
simultaneous Video-transmissions with the
VIDIOS transfer quality.
• The video service need to cover the technical
details to facilitate the adaptation needed to
support the best quality
• Simple interfaces and support of standard
and most used clients
Dublin, 23-24 February
H264 and FEC
• H264 achieves high
levels of quality whilst
maintaining low
bandwidth usage
• H264 beats MPEG2
• Forward Error Correction (FEC) is a technique which
enables the receiver to correct errors once they are
detected. This reduces the need for retransmissions
Dublin, 23-24 February
Users see an intuitive
interface
Service Provider
Userlogs
clicks
on aService
video
User
in the
link
Provider
AAA Server
Authentication
and
Authorization
Streaming
RTSP Sever
Dublin, 23-24 February
login process
1. User internet login
2. Login at content provider
3. User validation
2
list o f videos
QoS offer
IP
ISP customer
1
DSL
Modem
Carrier
Broadband
Access Router
user name
password
user name
password
IP
3
AAA
user validation
Content
provider
Carrier LER
Carrier Network
Core POP
ISP
Multimedia
Content
Server
Cache
AAA
Dublin, 23-24 February
selecting a video
4. User selects video, codec, QoS
5. Bandwidth measurement
6. Loading cache with video file, DRM, QoS class,
destination IP
user name
password
IP
4
list of videos
codec offer
QoS offer
IP
ISP customer
DSL
Modem
Carrier
Broadband
Access Router
selected video
codec
QoS
user name
password
AAA
Carrier LER
Multimedia
Content
Server
bandwidth
5
Carrier Network
Core POP
ISP
Cache
Dublin, 23-24 February
Content
provider
user name
selected video
codec
QoS
bandwidth
IP
DRM
6
AAA
watching video
7. User watches video
8. Accounting
user name
password
IP
OS (Win/Linux/Mac)
list of videos
codec offer
QoS offer
IP
ISP customer
DSL
Modem
Carrier
Broadband
Access Router
selected video
codec
QoS
user name
password
bandwidth
Content
provider
AAA
Carrier LER
Multimedia
Content
Server
Carrier Network
Core POP
ISP
7
selected video
codec
QoS
DRM
Dublin, 23-24 February
Cache
user name
selected video
codec
QoS
bandwidth
IP
DRM
8
accounting data
AAA
System Design
• Integration of authentication with authorization
approaches based on SAML
• A token/credential is associated to the services and
used to link user and service
• A token which identifies the user is added to the
RTSP URI’s which are presented to the user
• The token is used by the RTSP server to check if the
user has the needed access level to receive the
multiedia content selected
• And it is used by the RTSP proxy to get and enforce
the specific QoS for this user
• All the authorization task are delegated in the AAA
infrastructure
Dublin, 23-24 February
Dublin, 23-24 February
Admission Control and QoS
• A modified customer Router Gateway supporting
admission control
• Router Gateway acts as a RTSP proxy
• DiffServ is used on IP layer to deploy some
measurement based admission control and to enforce
QoS.
• Priority Promotion Scheme (PPS) used in the core
• The video service automatically ensures the quality of
all the concurrent video-transmission for each customer.
• Ensures customers are not allowed to watch more
simultaneus videos if it can be done with enough quality
Dublin, 23-24 February
Conclusion: VIDIOS aims on intuitive
usability
• Customers should be able to display their video
streams at high quality without having to be technical
experts, fill in large forms or read large manuals.
• VIDIOS focuses on all standardised control and data
mechanisms offering to improve stream transmission
quality after a user ordered a video by a http
dialogue.
• VIDIOS assumes a commercial video service
environment and aims on testing all developments
under corresponding conditions.
Dublin, 23-24 February
VIDIOS Partners
•
•
•
•
•
•
•
•
•
Partners
Fachhochschule Mannheim, Germany
Quix, Israel
Satec, Spain
Scopus, Israel
Telefónica I+D, Spain
T-Systems, Germany
University of Göttingen, Germany
University of Murcia, Spain
Dublin, 23-24 February