Closed sdhesika closed 4 years ago
garethsb
commented
4 years ago @andrewbonney, @dannymeloy, @JamesGibo, is there anything in terms of the way permitted operations on resources are described in the IS-10 draft vs how IS-06 describes resources and operations, that ought to be considered by both groups?
dannymeloy
commented
4 years ago Without being familiar with the spec, if host devices are registering endpoints with a Network Device, and there is no user concept required (i.e. Nodes are implicitly trusted and there are no user specific permissions required) then the client_credentials grant may need to be added to IS-10 to allow for this interaction... Equally, if these endpoints are likely to be registered once a user has "logged in" to the host, due to specific interactions requiring authorization, then there's likely no difference from an auth standpoint.
garethsb
commented
4 years ago Thanks, @dannymeloy, that's exactly the conversation I think we need. In IS-06, it's currently described to be the Broadcast Controller's job to register particular Endpoints (in IS-04/-05 terms, a Node's interfaces and IP addresses). Hopefully we can discuss this amongst interested participants before IS-10 gets too close to final!
NEOAdvancedTechnology
commented
4 years ago Will be addressed by the AMWA NMOS interoperable security group.
The API need to be secure and hence we may need some Authorization and Authentication of the same.
This may be taken up globally for all the AMWA NMOS APIs.