W3C home > Mailing lists > Public > public-html-media@w3.org > January 2013

Re: [EME] Authentication to unknown license servers

From: David Dorwin <ddorwin@google.com>
Date: Fri, 25 Jan 2013 22:15:44 -0800
Message-ID: <CAHD2rshTtVDJtWO+1MAdwFQ6YHrxZNEPdQHfcyFYxrN3kqzKYA@mail.gmail.com>
To: Joe Steele <steele@adobe.com>
Cc: Mark Watson <watsonm@netflix.com>, "public-html-media@w3.org" <public-html-media@w3.org>
On Fri, Jan 25, 2013 at 5:42 PM, Joe Steele <steele@adobe.com> wrote:

>
> [steele] Agreed.
>
> I think this is a useful example. Why don't we change the "Other Content
> Decryption Module" example to show the application processing the license
> server response in some way? Developers could otherwise assume that doing a
> simple XMLHttpRequest and pushing the results down into the CDM is this the
> only type of protocol supported, since that is what is shown for all the
> key acquisition examples.
>

Adding or modifying examples has come up several times, so I'd like to
address this. The examples are non-normative and not meant to be all
encompassing. They are intended to show how to use the APIs in simple and
common ways - selecting a key system, using each method, handling each
event, etc. This doesn't mean we shouldn't add or modify examples, but we
do not need to make sure they encompass all use cases. The EME spec
document probably already has more example text than the entire spec for
the media element, and this has not prevented people from implementing
advanced applications based on it.

Authentication and authorization are contained in the difference between
> these two.
>
>
> I don't completely agree with this. Authentication and authorization
> information may be in the initData and accessible to the CDM. If it is - it
> could be supplied to the application to allow it to execute the appropriate
> protocol.
>
> Let me give you an example. Assume my initData looks like this:
>
> <key_request>
> <contentId>9287219837</contentId>
>  <licenseServer>http://blah.example.com/keyserver/v4</licenseServer>
>  <licenseServerAuth>inbandUsernameAndPassword</licenseServerAuth>
> </key_request>
>
> In this case the CDM *could* tell the application how to authenticate, if
> it had a mechanism for doing so. It could tell the application that
> "usernameAndPassword" is expected in the key request. But we don't have a
> designated channel for this kind of communication and there is a risk that
> we will prevent the one channel that does exist from being used for this
> purpose.
>
> As I understand the use case, a media search engine  applicatoin might ask
the user to enter a password for an unrelated site so that the application
can send the password to a license server to get a license for the content?
That seems like a really bad idea from a security (and user conditioning)
point of view. Surely there are better authentication mechanisms and they
are better handled by the application and not permanently encoded in the
media. (What if the media owner wants to change the authentication
mechanism.)

While the initData could contain a lot of things, I don't think we should
necessarily expose everything that it might contain to the application.
There was a similar discussion of media metadata, such as ID3 tags, on
WHATWG. The initData is just another type of metadata. One proposal in that
case is that the application could parse the media itself. I think that's
perfectly reasonable if there is a key system- or application-specific need
to access the data. In the initData case, the amount of data to parse is
very small.
Received on Saturday, 26 January 2013 06:16:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 26 January 2013 06:16:33 GMT