I'm currently working up a proof-of-concept secure streaming solution using Wowza- my institution currently uses FMS, but implementing any sort of security on that platform has proven far too difficult.
I've so far managed to install the media security plugin, and successfully stream encrypted video over RTMP using the SecureToken feature. My next step is to set up username/password authentication for clients connecting to the server- my research indicates that this is not a common security measure, but it's non-negotiable for us because we want to start delivering sensitive media such as surgery videos, where the patient's privacy needs protecting.
The security plugin appears to provide server-side support for authentication in a very sensible fashion, but I'm having trouble finding client software which will interact with this out of the box- it seems that this functionality is mainly implemented by encoders such as FMLE, rather than video players. I'm currently using JW Player 5.9, recompiled to include secure token. I'm willing to write custom front-end code to support authentication, but as I am not a flash developer and dislike working with AS, I'd rather avoid it if at all possible.
Does anyone know of front-end video player implementations which support username/password auth out of the box? If not, are there any suggestions for the easiest way to implement this myself?
With Flash RTMP clients using SecureToken/RTMPE and
HotlinkDenial Addon, you can be sure that users are using your player to view your content and that they can't download the content. To authenticate them, you have to pass credentials somehow.
You might authentication before streaming over HTTPS, then set a cookie, then grab the cookie in Flash and pass it to Wowza with NetConnection.connect or NetStream.play. You can use ExternalInterface in Flash to get a cookie from the HTML container. The cookie could be specially formed for re-authentication of some kind. Some customers have done time based tokens/cookie, that expire.