W3C home > Mailing lists > Public > public-html-media@w3.org > June 2012

Re: [EME] Support for multiple initData values in a single session?

From: Mark Watson <watsonm@netflix.com>
Date: Tue, 26 Jun 2012 17:14:20 +0000
To: Yang Sun <sun.yang.nj@gmail.com>
CC: David Dorwin <ddorwin@google.com>, "<public-html-media@w3.org>" <public-html-media@w3.org>
Message-ID: <D1269FAB-4A9F-468C-AE6A-48FCBEF7F961@netflix.com>

On Jun 26, 2012, at 8:38 AM, Yang Sun wrote:



On Sun, Jun 24, 2012 at 9:58 AM, David Dorwin <ddorwin@google.com<mailto:ddorwin@google.com>> wrote:

On Tue, Jun 19, 2012 at 8:27 AM, Mark Watson <watsonm@netflix.com<mailto:watsonm@netflix.com>> wrote:
Hi David,

If we define a session by the rule that different sessions represent CDM state that needs a different lifecycle (create/update/delete), then there could at least be a one-to-many relationship between initData and sessions. i.e. the same initData block could be used to create multiple sessions.
Yes, though that seems like a less likely use case. My concern is that the current draft does not allow a many-to-one relationship (i.e. multiple initData blocks within a single session) and whether that is a problem.

It seems Mark mentionedthe one initData to many sessions?
And you mentiened the many initData to one sessions.
My question is one initData can generate multiple key request, it contain multiple metadata for multiple files?
>From the specification, it seems initData is per content file basis, and can only generate one key for one session.

The specification doesn't really lock this down either way right now.

One can easily imagine an initData in a file which contains all the initialization information for the key or keys needed for a bunch of associated files (for example all the files in a adaptive bitrate group).

Without any further specification, it could be up to the CDM to decide whether all these keys are managed within one session or whether multiple sessions are required.

What I believe we decided today was that, for simplicity, we could constrain it so that the CDM does not get to make this decision: one initData creates a single session. If the application gives the same initData again it gets the same session back (* - see below), not a new one (or more strictly, if the application provides two initData blocks to the same keysystem, then the CDM may determine that its part of the initData for these two is equivalent - in a key-system-specific sense - and return the same session for both).

What this means is that as a service provider, if I want to manage the lifecycle of the audio and video keys separately, say, I need separate initData for them. This seems pretty logical.

Equally, without further specification, it could be that within a single session the CDM decides to manage multiple keys. That's fine.

So, said another way, if a new initData is passed to the CDM, the CDM decides whether this is actually new, or simply repeats information it had before. If it's new, it creates a new session (specifically, it *does not* "update" an existing session). If just a repetition, then an existing session could be returned.

* from a Javascript point of view, I guess this might still be a different object, since when we return the object the CDM has not yet had a chance to process the initData. The three possibilities are (a) the new object gets the same session id as an existing one and essentially just duplicates the behavior of the existing one (b) you get an error event on this new object directing you to the already-existing session or (c) the CDM does get to process the initData synchronously.





I don't equate this as being a "single license exchange" - as per the other discussion on heartbeat and key rotation, the CDM can ask for a message exchange at any time and whether these message exchanges result in new 'licenses' inside the session state depends on how you define 'license'. Since we're not defining 'license' ourselves it must be up to the CDM.
I was using "single license" to refer to the keys/permissions for a single initData (i.e. key or set of keys for a single stream). I did not mean to imply a limitation on what can occur within a session or how the license might be obtained or maintained.

The current draft assumes generateKeyRequest is only called once (and each time it is called, a new session ID is generated), so the _application_ can only request key(s)/license(s) once per session. The CDM can request new or renewed licenses (as in the heartbeat discussion), but the application cannot (i.e. if it encounters new initData).



There are two approaches for the use case where a single session can be used to decrypt multiple files (e.g. audio/video).
1) we require that all the necessary initData is included in both files, so the session can be initialized with one initData and when the other file is encountered the CDM will discover that there is a session already created with all the necessary state (for example the initData contains the key ids and the CDM recognizes it already has those keys).
I'd prefer not to do this since it imposes an artificial requirement on the media files.

2) we would need to provide multiple initData blocks to a single session
If we are going to support the use case, we probably need to do this. We would need to decide how and whether all initData values (i.e. from multiple files) need to be provided at the beginning or can be added later (i.e. found later in the file or after a stream switch).

In (2), it's not certain that providing additional initData to a session will result in a new message exchange.
Is there a use case for providing additional initData other than to cause a key/license for it to be requested? Or were you just observing this might be the case, such as with the current APIs?

Also, when new initData is encountered, who should decide whether a new session is required or whether this initData can be absorbed into an existing session ? Probably the CDM, right ?
As with most things in the proposal, I think the application should be responsible for making this decision. The initData is not known to the CDM until the application provides it. (The media element provides it to the app, not the CDM.)

Suppose for example the initData in the audio file states that you need the keys with ids X and Y (which happen to be the keys for the audio and video for the session). The initData in the video files says that you need the keys with ids Y and X. The key ids are just listed in the opposite order, so the bytes of the initData in the audio and video files are different. Only the CDM can tell that they are asking for the same keys. So only the CDM would know that a new session is not needed when the second of these initData is passed in.

That is, unless we require the application to have a priori knowledge of whether the content needs separate sessions for the audio and video or not. A custom Netflix player would know this and would never pass in the second initData. But a generic player wouldn't know.


If we use the object-oriented design, do we just overload the method which creates a new session (from some initData) so that it can either create a new one or return an existing one ?
I think that if we allow initData to be added, it would be via a new method on the session object. This may look something like:
var session = video.createKeySession();
session.generateKeyRequest(initData1);
...
session.addKey(keyForInitData1);
...
session.generateKeyRequest(initData2);
...
session.addKey(keyForInitData2);

This results in multiple "license exchanges" within a single session. The application could, of course, bundle them before sending them to the server.

Since the exchanges share a single session ID and can be correlated in that way, we probably don't need the ability to bundle multiple initData values within the CDM (i.e. via generateKeyRequest()). I think supporting that would complicate the API.

Because we have multiple files, how we let session know which initData or key is for a certain file?

That's up to the CDM. For example, for any keysystem supporting ISO Common Encryption, the initData contains key ids and the samples themselves are also each linked to the key id needed to decrypt them.



ůMark




On Jun 11, 2012, at 10:34 PM, David Dorwin wrote:

In the current draft, each successful call to generateKeyRequest() generates a new session. Since initData is passed to generateKeyRequest(), each initData would be in a separate session. I'd like to get feedback on whether separating each initData into a separate session or object would be a problem.

Possible issues with only allowing one initData value per session include:
 * Each session is a separate license exchange.
 * Applications that care about session IDs will need to deal with multiple IDs.
 * In the potential sessions as objects design (https://www.w3.org/Bugs/Public/show_bug.cgi?id=16613), each session would be a separate object.

The following are some possible scenarios where multiple initData values may occur:
 * Audio and video are in separate files and have different initData.
 * Different tracks or bitrates have different initData.
 * A container supports multiple initData values.

To allow multiple initData values per session, we would either need to separate session creation from providing initData or allow an array of initData to be provided. Both solutions would work in both the current and sessions as objects designs. However, note that since needkey events may occur at different times, the application might not know when it has all initData values that it needs to send. In addition, initData values that are encountered later (i.e. after a stream switch or later in the container) could not be added to the session. Addressing that would probably require changing the 1:1 license/session ratio.






--
Yang
Huawei
Received on Tuesday, 26 June 2012 17:14:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:56 UTC