Historically, if one wanted to limit access (either for security reasons or paying customers etc), a server would be handle the authentication and then serve up the content. This could clearly still work but doesn't leverage the power of modern day CDNs.<p>How does one approach content delivery when the access to the content should be limited? Should a server provide the authentication and then pass along a token that is used to access the CDN? Can the CDN handle token signature verification or other forms that would allow a particular user to be cut off or a cert to be revoked if it was compromised?<p>I am looking to setup a system to distribute access to some artwork (still and video) and would greatly appreciate a nudge in the right direction or shared experiences around best practices for this type of setup.
there's so many options that it's difficult to say.<p>Two options are immediately obvious:<p>First option is to serve only encrypted content, and only hand out the decryption key to the parties that need it. If it's web then you can use javascript to unencrypt- though I'm not a web developer and that could be cumbersome.<p>This was how we did it for uPlay.<p>Second option: Akamai/Google CDN have the concept of a "signed" URL: <a href="https://cloud.google.com/cdn/docs/using-signed-urls" rel="nofollow">https://cloud.google.com/cdn/docs/using-signed-urls</a> which does basically what you're asking, but can be cumbersome to use in practice too.
Another option is Firebase which uses a simple set of rules (on their server, not in your app) to control access to individual data points. The cloud hosting service has easy CLI tools to setup and deploy a static site.