Super-scalable session management
Streaming video and content for large populations require a different type of session management.
In these cases, you want to avoid that millions of sessions need to be maintained on your content server or that millions of user profiles need to be kept on your web server. Yet, you want to verify the viewer’s rights to view your streaming video before every video block that is being downloaded.
OpenID Connect provides the standard for Policy-tokens, a special form of bearer id-tokens. Using Policy-tokens, stateless sessions can be set up whereby the Policy-token contains all information to control access. There is no need for caching user data and user sessions and no need to verify against an external system in real-time.