AMWA IS-10 NMOS Authorization API [Work In Progress]
What does it do?
- Allows an API server to accept or reject requests depending on what a client is authorised to do
Why does it matter?
- Security in the control plane is essential
- Best practice is to limit what clients can do
How does it work?
- Control client provides credentials and gets an access token
- Sends token with API requests
- Based on JSON Web Tokens and OAuth 2.0
- Encryption is a prerequisite (see BCP-003-01)
See here for an overview of NMOS specifications.
The formal specification is provided in this GitHub repository. These pages provide supporting documentation and HTML renders of the APIs (which are specified in RAML and JSON Schema).
The documentation and API links immediately below, and the links in the page heading, are for an example development branch. Links to other releases (tags) and other branches appear later in the page, or under “VERSIONS…” in the page heading.
Once AMWA has approved a Specification, its documentation and API links will be for the most recent approved release (which may be earlier than what is shown by the default branch on the GitHub repo).