Question
Design a token-authorized media delivery system that protects paid video segments served from a CDN, without per-request calls back to your auth service (the CDN must validate access at the edge). A logged-in subscriber gets a time-limited, possibly geo/IP/device-bound capability that authorizes the manifest + its segments; links must not be shareable indefinitely, must be revocable for a banned account, and signing keys must rotate without breaking in-flight playback. Scale: millions of concurrent streams, each pulling a new segment every few seconds.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.