Session revocation guide

For improving video streams protection, this solution relies on restricting the usage of the token by scoping down viewer specific attributes and video assets path by the relevant token claims. In an ideal situation, the generated token would work with a single video asset and more importantly grant access to a single individual the token was created for. To accomplish this type of strong uniqueness in token to viewer mapping requires selecting a right set of viewer attributes when creating the token, which in aggregation create a unique attributes combination not easily replicable. The weaker the level of viewer attributes uniqueness used in the token, the easier is to reuse the token by other viewers which would give them unauthorized access. Therefore, while it is recommended to include a number of attributes that increase uniqueness of resulting their sum it can also come at the price of false positives as explained in the Using viewer’s source IP in the token section as an example. To better manage that tradeoff, this solution also provides an option to revoke playback sessions that were identified as compromised ones – meaning, shared with other viewers through unauthorized channels. If you decide to complement token-based protection with session revocation, think about what type of logic you can employ to discover and block suspicious traffic pattern.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Access tokens management guide

SessionId and access token relation