Re: Custom and extending CDM to support other DRM systems from Mark Watson on 2015-01-30 (public-html-media@w3.org from January 2015)

From: Mark Watson <watsonm@netflix.com>
Date: Fri, 30 Jan 2015 07:14:05 -0800
To: Glenn Adams <glenn@skynav.com>
Cc: Emmanuel Poitier <emmanuel.poitier@enman.fr>, "public-html-media@w3.org" <public-html-media@w3.org>
Message-ID: <CAEnTvdAQReQaXKuE4=fHHmfwu+PPR5tKucMwrEU+ZRxkPsRW2w@mail.gmail.com>

On Fri, Jan 30, 2015 at 6:58 AM, Glenn Adams <glenn@skynav.com> wrote:

>
> On Fri, Jan 30, 2015 at 7:49 AM, Emmanuel Poitier <
> emmanuel.poitier@enman.fr> wrote:
>
>>  All,
>>
>> I am currently looking after the information on how to extend the CDM to
>> support other DRM systems, which is nowadays fixed and hardcoded for each
>> browsers (IE with PlayReady, Chrome with Widevine, Safari with FairPlay).
>> It would be nice to ensure the EME spec does provide information and also
>> how browsers would support that in an agnostic manner to ensure a non
>> fragmented market where the user does want to play a protected video
>> content whatever the browser he is using.
>>
>
> I doubt if anything has changed on this front, but this type of
> specification was ruled out of scope for EME. EME uses the term and concept
> "CDM" only in a notional manner, and does not specify any concrete
> interface to such a component.
>
> It is likely that interface and any mechanism for adding/extending UA
> supplied CDMs will remain UA specific, that is, until some organization
> steps forward to standardize it (assuming UA vendors are willing to do
> that... a dubitable proposition).
>

Yes, such an API is not really in scope of W3C, never mind just EME. Just
as NPAPI for <object> was created by UA vendors any such cross-browser CDM
API would need to come from the UA vendors. Of course, the open source
implementations of EME have CDM APIs in their code, but a major point of
EME was to bring DRM under UA control, so I would not expect UAs ever to
support download of arbitrary user-installable CDMs - at least it's not
clear to me how this could be done and simultaneously meet the privacy and
security requirements of the specification. Whilst UAs can technically
enforce many security and privacy properties through sandboxing I'm not
sure they will be willing to host CDMs about which they have no knowledge
whatsoever.

…Mark

>
>
>
>>
>> Thanks in advance for any information and help you may provide.
>>
>> Best regards,
>> --
>> Emmanuel Poitier - Chief Executive Officer (CEO)
>> Enman
>>
>>   Telephone: +33 (0)2 54 67 15 38
>>  Mobile: +33 (0)780 381 124  Email: emmanuel.poitier@enman.fr
>>  Web site:http://enman.fr
>>
>
>

Received on Friday, 30 January 2015 15:14:32 UTC