Overview
Triton Digital's Secure Token provides a trusted mechanism to provide additional information about users. Being trusted means that the token can only be issued by someone (broadcaster, web site, player application, etc.) that is in possession of the secret key.
Triton Digital's Secure Token works the same way for live streams, on-demand music services, and podcasts.
You can use the Secure Token mechanism to:
Perform access control. This token must be named
tdtok, Triton servers do not recognize other names. For details, see Access Token.Vary the number of ads between registered/non-registered users, or other similar scenarios.
Send targeting data for advertising in a trusted and obfuscated manner.
Obtain analytics break-downs, based on the token's attributes.
The Secure Token mechanism has the following design goals:
Based on JSON Web Token (JWT) and JSON Web Signature (JWS) RFCs.
Use the token’s limited validity period to reduce the risk of replay attacks, and prevents bookmarks and the reuse of a stream URL by an unauthorized aggregator.
The token must be cryptographically signed using a secret key.
The token's secret key must not be shared between Triton customers. This allows revocation of old keys, and prevents other customers from generating tokens that are valid for mounts/stations they do not own.
Must work for mobile and web-based players.
References
JSON Web Token (JWT): https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32
JSON Web Signature (JWS): https://tools.ietf.org/html/draft-ietf-jose-json-web-signature
JSON Web Algorithms (JWA): https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
RFC 4648, Section 5 (Base64URL Encoding): https://tools.ietf.org/html/rfc4648#section-5