Encryption of data on computer systems can be utilized to prevent unauthorized access to the data. An enterprise may encrypt data (e.g., video and/or audio) to limit access of the data to particular users and/or class(es) of users. Further, data may be encrypted to protect the data from unauthorized access during transit. For example, an entity may encrypt data related to streaming of a live broadcast of a corporate event and desire to have only employees of the entity be able to access the stream. In another example, an entity may encrypt data related to streaming of a live broadcast of a sporting event and limit access to the stream event to users that have paid a subscription fee.
Authorization techniques are useful to allow content owner(s) to specify rule(s) regarding authorizing and/or denying access to content. A token is one example of an authorization technique. The token can be employed in order to limit access (e.g., time-based) to encrypted data. The token can be provided based upon successful authentication of credential(s) presented by a client application such as a media player. The token can be provided to a key service that, upon successful verification of the provided token, returns a decryption key that can be utilized to decrypt the encrypted data. For example, the token can have claim(s) that can be validated again configuration rules stored in the key service and utilized by the key service to grant or deny access to decryption key(s).