ONVIF signals end of support for video-focused Profile S

Profile S, the first-ever Profile introduced by ONVIF back in 2011, provides a standardised set of specifications that enable basic video streaming capabilities between conformant devices (eg IP cameras) and clients (eg video management software) from different vendors.

However, Profile S specifies authentication mechanisms that are no longer consistent with current cyber security recommendations. 

“After 14 years, Profile S has served its purpose of enabling basic video streaming interoperability for more than 33,000 conformant devices and clients from different vendors,” explained Leo Levit, chair of the ONVIF Steering Committee. “As ONVIF Profiles don’t change to preserve the interoperability of conformant products, we recognise the need to phase it out in line with today’s security recommendations. We encourage instead the use of Profile T, which better supports the needs of video surveillance applications.”

Although the deprecation of Profile S has no effect on the operation of deployed Profile S-based systems, ONVIF strongly encourages, if possible, the discontinuation of the use of the username token authentication in Profile S.

ONVIF also recommends the adoption of more secure authentication methods, such as using Transport Layer Security (TLS)/HTTPS or Profile T. The majority of ONVIF-conformant devices and clients available on the market today support both ONVIF Profile S and Profile T.

Introduced in 2018, Profile T contains virtually all of the features of Profile S in addition to other advanced features for video surveillance. ONVIF recommends that system integrators and end users follow manufacturers’ product hardening guides, industry Best Practice and local regulations and remain informed about technology changes in the market.

ONVIF Network Interface Specifications

The ONVIF Network Interface Specifications have defined network protocols that include security elements such as TLS, which allows ONVIF devices with that feature to communicate with clients across a network in a way that protects against eavesdropping and tampering.

ONVIF specifications also cover the ONVIF Default Access Policy, which specifies that there should be different access classes to services based on different user roles. Manufacturers can implement these ONVIF specifications regardless of whether the specifications are included in a Profile or not.

The June 2026 version of the ONVIF conformance test tools, which have a nine-month validity period, will be the last test tool version that enables manufacturers to claim product conformance to Profile S.

As ONVIF adapts to new cyber security requirements, the specifications of the current ONVIF TLS Configuration Add-On will also be upgraded at the end of 2026. Unlike Profiles, add-ons are adaptable to changing technology/specification requirements due to version handling.

*Further information is available online at www.onvif.org