[Bug 27055] Surfacing license to the user from bugzilla@jessica.w3.org on 2014-12-03 (public-html-bugzilla@w3.org from December 2014)

From: <bugzilla@jessica.w3.org>
Date: Wed, 03 Dec 2014 15:56:47 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-27055-2486-z3HlDejneu@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27055

--- Comment #18 from Mark Watson <watsonm@netflix.com> ---
(In reply to Sergey Konstantinov from comment #17)
> Some points from telcon discussion[1]:
> 
>   * Our goal is not to formalize every possible legal term or restriction: we
>     are seeking a way to define what *CDM* can possible do. Our concern is
> about
>     «black-hole»-like piece of third-party software installed on user device
>     following some instructions sent through the Web.

The primary way we address this concern is that the CDM is not a "black hole",
as you call it, but very much a known quantity to the UA. The CDM is also quite
constrained in what it is responsible for (see below). This is a significant
difference from <object>.

In the case of IE, Safari and Chrome, the CDM is provided by the UA vendor
themselves. For Firefox it is validated to be the expected code from Adobe and
Firefox have considerable insight into what that is / does.

We can discuss what "known quantity" means here. Adobe suggested at TPAC that
there could be a requirement for (perhaps 3rd party) source code review.

It's possible that in future some UA vendor introduces a capability to interact
with additional 3rd party CDMs. Our specification should be clear that in this
scenario we expect the same level of UA oversight as in the initial
implementations mentioned above.

> 
>   * Defining in the spec some rules what CDMs must or must not do is
>     better than nothing, though I'd prefer to have a standardized white list
> of
>     such actions and a mechanism of checking what instructions were really
> sent
>     by content provider to CDM.
> 
>   * Most obvious cases which should be regulated in my opinion are:
>     * terms for caching and pre-caching video frames;

The CDM has no control or visibility of caching or storage of encrypted media
performed by the UA or application. The CDM decrypts, decodes and possibly
renders the media at playback time.

>     * terms for replaying content;
>     * terms for using content offline;

The CDM likely does not generally know whether the device is online or offline
(the CDM may not access the network directly for playback-specific operations).
So, the primary issue is whether the license is still valid at the time of
playback.

We already expose an "expiration" time to the application, but there could be
other properties of the license which make it not so useful for offline
playback. 

>     * operations requiring internet connection.

The specification is clear that direct network access by the CDM is restricted
to origin-independent initialization (e.g. individualization).

> 
> --
> [1] http://www.w3.org/2014/12/02-html-media-minutes.html

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 3 December 2014 15:56:49 UTC