none
Can Dynamic Encryption be applied to a Stream Locator instead of the entire asset? RRS feed

  • Question

  • Hello,

     I am exploring the use of Dynamic Encryption for video assets stored in AMS and have found that it is only possible to apply encryption to an Asset directly, not to its Stream Locators.

    I need to deliver video streams to multiple device types, and only a subset support AES decryption. I would prefer to avoid duplicating assets in storage in order to selectively apply encryption.

    Is it possible to have Dynamic Encryption applied only to certain Stream Locators for an asset, or is there any other alternative to conditionally encrypting the assets based on the capabilities of a given client device?

    Thank you

    Tuesday, September 18, 2018 5:04 PM

Answers

  • Yes, in the version 3 of our APIs, you now have the concept of a StreamingPolicy and a StreamingLocator.

    We provide some out of the box Streaming Policies for common DRM scenarios, and you are able to customize the StreamingPolicy any way you like to enable various protocols or DRMs for Dynamic Packaging.

    Once defined, you can apply any StreamingPolicy by name to a new Streaming Locator. 

    Here is an example built-in StreamingPolicy that can handle multi DRM. Note it only allows applies CENC to Smooth and DASH streaming, and applies CBCS encryption to the HLS protocol. 

     {
                "name": "Predefined_MultiDrmStreaming",
                "id": "/subscriptions/XXXXX/resourceGroups/XXXX/providers/Microsoft.Media/mediaservices/XXXX/streamingPolicies/Predefined_MultiDrmStreaming",
                "type": "Microsoft.Media/mediaservices/streamingPolicies",
                "properties": {
                    "created": "2018-03-19T06:06:06Z",
                    "commonEncryptionCenc": {
                        "enabledProtocols": {
                            "download": false,
                            "dash": true,
                            "hls": false,
                            "smoothStreaming": true
                        },
                        "clearTracks": [],
                        "contentKeys": {
                            "defaultKey": {
                                "label": "cencKeyDefault"
                            },
                            "keyToTrackMappings": []
                        },
                        "drm": {
                            "playReady": {},
                            "widevine": {}
                        }
                    },
                    "commonEncryptionCbcs": {
                        "enabledProtocols": {
                            "download": false,
                            "dash": false,
                            "hls": true,
                            "smoothStreaming": false
                        },
                        "clearTracks": [],
                        "contentKeys": {
                            "defaultKey": {
                                "label": "cbcsKeyDefault"
                            },
                            "keyToTrackMappings": []
                        },
                        "drm": {
                            "fairPlay": {
                                "allowPersistentLicense": false
                            }
                        }
                    }
                }

    You can then apply this StreamingPolicy to a StreamingLocator but doing a PUT on the StreamingLocators resource.
    Repeat this process with other policy names on the same asset to get more locators with different settings. 

    {
    "properties":{
    "assetName": "{{assetName}}",
    "streamingPolicyName": "Predefined_MultiDrmStreaming"
    }
       
    }

    Tuesday, September 18, 2018 5:17 PM

All replies

  • Yes, in the version 3 of our APIs, you now have the concept of a StreamingPolicy and a StreamingLocator.

    We provide some out of the box Streaming Policies for common DRM scenarios, and you are able to customize the StreamingPolicy any way you like to enable various protocols or DRMs for Dynamic Packaging.

    Once defined, you can apply any StreamingPolicy by name to a new Streaming Locator. 

    Here is an example built-in StreamingPolicy that can handle multi DRM. Note it only allows applies CENC to Smooth and DASH streaming, and applies CBCS encryption to the HLS protocol. 

     {
                "name": "Predefined_MultiDrmStreaming",
                "id": "/subscriptions/XXXXX/resourceGroups/XXXX/providers/Microsoft.Media/mediaservices/XXXX/streamingPolicies/Predefined_MultiDrmStreaming",
                "type": "Microsoft.Media/mediaservices/streamingPolicies",
                "properties": {
                    "created": "2018-03-19T06:06:06Z",
                    "commonEncryptionCenc": {
                        "enabledProtocols": {
                            "download": false,
                            "dash": true,
                            "hls": false,
                            "smoothStreaming": true
                        },
                        "clearTracks": [],
                        "contentKeys": {
                            "defaultKey": {
                                "label": "cencKeyDefault"
                            },
                            "keyToTrackMappings": []
                        },
                        "drm": {
                            "playReady": {},
                            "widevine": {}
                        }
                    },
                    "commonEncryptionCbcs": {
                        "enabledProtocols": {
                            "download": false,
                            "dash": false,
                            "hls": true,
                            "smoothStreaming": false
                        },
                        "clearTracks": [],
                        "contentKeys": {
                            "defaultKey": {
                                "label": "cbcsKeyDefault"
                            },
                            "keyToTrackMappings": []
                        },
                        "drm": {
                            "fairPlay": {
                                "allowPersistentLicense": false
                            }
                        }
                    }
                }

    You can then apply this StreamingPolicy to a StreamingLocator but doing a PUT on the StreamingLocators resource.
    Repeat this process with other policy names on the same asset to get more locators with different settings. 

    {
    "properties":{
    "assetName": "{{assetName}}",
    "streamingPolicyName": "Predefined_MultiDrmStreaming"
    }
       
    }

    Tuesday, September 18, 2018 5:17 PM
  • Thank you, John, for the excellent answer! Much appreciated
    Thursday, September 20, 2018 2:10 PM
  • To clarify this a bit, I have found that you cannot currently update/edit StreamLocators as described in the answer above. As of Azure CLI v2.0.45 (ams 0.2.3) there is no edit/update command and the REST API rejects PUT requests with the following message:

    // 400: Bad Request
    {
        "error": {
            "code": "BadRequest",
            "message": "Streaming Locator update is not allowed, please delete and create a new one if needed"
        }
    }

    However, I was able to create a new StreamLocator and assign it the desired StreamPolicy. 

    Example via the Azure CLI:

    az ams streaming locator create --account-name ACCOUNT_NAME --resource-group RESOURCE_GROUP --asset-name "ASSET_NAME" --name LOCATOR_NAME --streaming-policy-name "Predefined_MultiDrmStreaming" --content-policy-name POLICY_NAME

    Thursday, September 20, 2018 7:56 PM