(DRAFT) SVTA5056: OTT Streaming Security Checklist

This working group has written two papers, “Securing Video Streaming” and “Securing Video Player” where both papers provide examples of vulnerabilities and best practices to address them. While those papers are educational and informative, it does not provide an end-to-end view of what OTT service providers should consider. As more direct-to-consumer OTT apps are making its way to the marketplace, it will be helpful to provide a checklist in one place that a newcomer can reference which contains a list of the security options in use by contemporary OTT services. This ensures that security options are taken into consideration every step of the way during the design/architecture phase. This will also provide an understanding of potential security risk when certain security options are foregone. The content will cover all aspects of an OTT service – Password policy, geo-location, DRM, concurrency management, etc.