As an admin I want a component that is signing URLs
With stream security, a contract is being established between Opencast and the distribution servers to protect distributed artifacts from being downloaded by unauthorized users.
The implementation in Opencast ensures that requests to those artifacts are authorized via a policy and then signed to ensure the policy cannot be altered. On the other end, mechanisms are implemented to verify the signature and interpret the policy to decide whether the request should be served or not. Since the policy contains a maximum valid time, donwload links can only be misused for a short amount of time.
For 2.2.0, this issue has been resolved.
After thinking about this for a while I think the current precise state is: merged in develop (so it will be in 2.2.0) and PR for 1.7.x in review (so it will be in 1.7.0)
Currently under review with the two pull requests, one for 2.1 and the other for 1.6
The current work on this can be tracked here: