THE LATEST News
AMWA WORKSHOP ON SECURITY IN MEDIA INFRASTRUCTURES
There has been much discussion about the importance of security within media systems – both for the content and for the facilities that create it.
AMWA research by the NMOS API Security group identified that within the IT domain there were several “best practice” solutions, all of which had merit. However, the existence of several potential solutions makes it difficult to guarantee the interoperability needed when building systems with products from different suppliers. After some early discussions, the AMWA created a working group to improve interoperability with regard to NMOS API security which has created several Best Current Practices. Also recently, the AMWA held a virtual workshop, hosted by Disney, to test implementations of these Best Current Practices and to fine-tune the work before final publication of the Best Current Practice on authentication.
Thomas Edwards, who leads the NMOS API Security group, has provided the summary below. Please let us know if you’d like more information.
In May 2020, the NMOS Interoperable Security Working Group staged a “virtual workshop” where participants used a cloud-based VPN to test interoperation, without needing to travel or transport equipment. This was supported by daily Zoom videoconferences and the Slack real-time chat facility. This workshop concentrated on testing the draft of IS-10 “NMOS Authorization Specification”, which will specify how authorization servers, resource servers, and clients will utilize the OAuth 2.0 authorization framework (IETF RFC 6749) for NMOS systems. This includes a description of the JSON Web Tokens (JWTs) and their claims delivered by the authorization server to a client so that it can be authorized to access resource servers. The virtual workshop allowed NMOS clients to use draft IS-10 to become authorized by both a participant-provided authorization server as well as the open source “Keycloak” authorization server.
Enrolment over Secure Transport (EST, IETF RFC 7030) was also tested at this workshop for the automated deployment of security certificates in a broadcast plant. Several participants received certificates using EST from the open source “OpenXPKI” server.
Important lessons were learned from this workshop by working with these well-known open source solutions (as opposed to the “theoretical” world of reading RFCs), and this experience will be used to improve IS-10 and best practices for the use of EST before their publication.
AMWA publishes User Requirements for High Value, Low Latency, Live Video Production on Public Cloud
The video broadcast industry is gradually moving all aspects of its production and delivery processes away from bespoke electronic transports like SDI, and towards networked IP and scalable computing infrastructures. It has been demonstrated that the processing requirements of broadcasting infrastructure can be performed on COTS computer systems, and the industry desires to implement these processing functions in combinations of private and public cloud.
This documents captures those requirements as guidance for industry suppliers and discussion among end users.
JT-NM publishes Cybersecurity report
You may have been fortunate to see the JT-NM Cybersecurity presentation on the EBU stand at IBC2019. It showed the significant amount of work that has been used to explore vulnerabilities in media production products from a wide range of suppliers and showed a general picture of the results.
That work has now been published by the JT-NM and is available on their website
It provides a valuable overview of the subject, with a breakdown of the vulnerabilities tested, a summary of the findings, a section debunking the some of the myths around security (helpful for end users) plus, importantly, recommendations for suppliers.
If you are non-technical or short of time, just read the three sections:- Introduction, Broadcast Industry Security Posture and General Recommendations. It will be worth the time!
New NMOS Steering Committee
The AMWA is pleased to announce the formation of an NMOS Steering Committee (NMOS Steering). This will manage the project ownership and roadmap of the NMOS family of specifications.
It will provide both suppliers and end users the opportunity to set the overall strategy and direction of this important project.
The AMWA Board will select the members of NMOS Steering, based on the following criteria. They must be:-
A public and vocal supporter of the NMOS work, as a supplier, service provider or end-user.
An active participant, which has demonstrated commitment to the adoption and implementation of the NMOS developments.
A Principal or General member of the AMWA.
Willing to give an 18 month commitment to the NMOS Steering Committee.
The Board will be responsible both for determining the initial membership and for maintaining this, seeking to achieve an appropriate balance between end-users and implementers. Every 18 months the Board will evaluate each member and the overall make up of NMOS Steering.
The initial tasks of the NMOS Steering Committee will be:
To establish documented application profiles for specific types of systems to enhance interoperability.
To document the current NMOS roadmap by EOY 2019 for approval by the Board.
To establish an operating methodology of NMOS Steering, which will be in accordance with BCP-001-01.
Another early task will be governance around the IS-07 specification and its evolution. The next stage of this project will explore the best practices in modelling devices, their capabilities and expectations, the goal being to make interoperability easier and to help customers define requirements for their interconnected systems.
If your company fits the criteria above and you would like to contribute to this important committee, please let us know. Neil.Dunstan@AMWA.tv
Self-nomination by existing NMOS participants is encouraged. The AMWA board will review the list of nominations and ensure the correct mix of contributors. If chosen for NMOS Steering, members that are currently at Associate level will be expected to upgrade their membership to General or Principal within 30 days.
Sep 2019 newsletter for IBC
The content of the newsletter can be read here!
"JT-NM Tested" opportunity for products at IBC2019 IP Showcase
JT-NM Tested Program returns to the IP Showcase. The JT-NM continues to partner with vendors and users to provide information that aids the transition to IP. As the industry’s use of IP matures, the JT-NM Tested program offers prospective purchasers of IP based equipment greater, more documented insight into how vendor equipment conforms to the SMPTE standards and AMWA NMOS specifications. Sponsored by the JT-NM and administered by the EBU and IRT, two top European technical bodies, vendors who submit equipment for evaluation will have the opportunity to list that equipment in a JT-NM Tested catalog which will be made publicly available at the IP Showcase booth and on-line.
For further details, please read the following message, posted on behalf of Bob Ruhl who is managing the application part of the process.
Subject: [jt-nm-adm] MOU for the face-to-face test event at Riedel, publication of JT-NM Tested results at IBC 2019 IP Showcase & Rules of Engagement
Please forward the following message to your members.
This MOU pertains to the face-to-face test event to be held during the week of August 19th at the Riedel facility in Wuppertal, Germany related to the Joint Task Force on Networked Media (JT-NM) Qualified Test Event & the publication of JT-NM Tested results at the IBC 2019 IP Showcase in Amsterdam, the Netherlands, from September 13, 2019 to September 17, 2019.
The link to the MOU document is here:
The link to the Rules of Engagement document is here:
Please sign and return the MOU to Bob Ruhl (email@example.com) by June 28, 2019 if you would like to participate.
After we receive your signed MOU you be provided with the link to a Google Doc where you will be asked to provide specific information regarding your participation in these events. The Google Doc is planned to be available by June 24, 2019
If you have any questions please reply to Bob Ruhl.
VSF Operations Manager/JT-NM Secretary
AMWA NMOS Interoperable Security
AMWA’s NMOS Interoperable Security project is developing best practices for the use of AMWA NMOS APIs that both ensure security for the APIs as well as multi-vendor interoperability of that security. In today’s IT environment, it is essential that API communication is authenticated & secure with fine-grained levels of authorization.
The first output of this project is the publication of Best Current Practice (BCP) 003-01, “Securing communications in NMOS APIs”, which specifies how to secure HTTP and WebSocket communications within NMOS APIs. BCP 003-01 is based on the use of industry-standard TLS (Transport Layer Security) tunnels for HTTP (HTTPS) and WebSockets (WebSocket Secure aka WSS). This ensures confidentiality and integrity of API messaging, as well as identification and authentication of API servers. You can read BCP-003-01 here:
BCP 003-02 “Best Practice Authorization” is a work-in-progress (WIP), and specifies how to implement client authorization for the NMOS APIs. BCP-003-02 is based on the OAuth 2.0 Authorization Framework (RFC 6749), and uses JSON Web Tokens (JWTs) as OAuth 2.0 bearer tokens and for client authorization (as per RFC 7523). You can read the current draft of BCP-003-02 here:
It is important that all implementers of AMWA NMOS APIs take note of this security work, as it will become essential in the future for all elements that utilize the NMOS APIs.
There will be a “Virtual Security Workshop” from June 3-7, 2019. This virtual workshop will have regular web conferences to allow participation by companies in the USA, Europe and Asia. Participants will then connect to a L2 SoftEther VPN server located in a public cloud, and will attempt interoperation using VPN tunnels over the Internet. A Slack channel will be available for instant messaging between participants. Since the data rates for the NMOS APIs are fairly low, such a virtual workshop is possible, and far cheaper than a physical workshop where people and equipment need to travel to a specific geographical location.
To participate in the NMOS Interoperable Security project, please use the contact form at the top of this page.
09/06/2018 - AMWA - the IBC2018 edition
08/31/2018 - Will you be attending IBC2018?
08/16/2018 - NMOS – building on the success
04/04/2018 - Networked Media – Steps towards Agile Systems
09/05/2017 - Networked Media Working at IBC2017
04/18/2017 - Networked Media at NAB 2017
02/03/2017 - Networked Media. Where to next?
10/17/2016 - IP at IBC. Where to next?
08/23/2016 - An Industry First at IBC
18/02/2016 - Will you be attending VidTrans or BVE?
14/01/2016 - AMWA - making life simpler for IP-based systems
17/08/2015 - Launch of AMWA Networked Media Incubator project