Re: [EME] Users of "persistent-release-message" (secure proof of key release for non-persistent licenses)? from Bob Lund on 2015-03-19 (public-html-media@w3.org from March 2015)

From: Bob Lund <B.Lund@CableLabs.com>
Date: Thu, 19 Mar 2015 20:56:18 +0000
To: David Dorwin <ddorwin@google.com>
CC: "public-html-media@w3.org" <public-html-media@w3.org>
Message-ID: <D130487B.4E645%b.lund@cablelabs.com>

From: David Dorwin <ddorwin@google.com<mailto:ddorwin@google.com>>
Date: Wednesday, March 18, 2015 at 4:33 PM
To: Bob Lund <b.lund@cablelabs.com<mailto:b.lund@cablelabs.com>>
Cc: "<public-html-media@w3. org>" <public-html-media@w3.org<mailto:public-html-media@w3.org>>
Subject: Re: [EME] Users of "persistent-release-message" (secure proof of key release for non-persistent licenses)?

On Wed, Mar 18, 2015 at 2:19 PM, Bob Lund <B.Lund@cablelabs.com<mailto:B.Lund@cablelabs.com>> wrote:

From: David Dorwin <ddorwin@google.com<mailto:ddorwin@google.com>>
Date: Wednesday, March 18, 2015 at 2:30 PM
To: "<public-html-media@w3. org>" <public-html-media@w3.org<mailto:public-html-media@w3.org>>
Subject: [EME] Users of "persistent-release-message" (secure proof of key release for non-persistent licenses)?
Resent-From: "<public-html-media@w3. org>" <public-html-media@w3.org<mailto:public-html-media@w3.org>>
Resent-Date: Wednesday, March 18, 2015 at 2:31 PM

Several of the open bugs that have been proposed for discussion at the f2f relate to "persistent-release-message<https://w3c.github.io/encrypted-media/#idl-def-MediaKeySessionType.persistent-release-message>" sessions. Other than Mark, is anyone planning to use such sessions in an application? If so, please reply with information about your use case before the telecon on March 31, to give the group time to plan for possible face-to-face discussion.

It would appear that the Limited Concurrent Streams via Key Release<https://www.w3.org/wiki/HTML/Media_Task_Force/EME_Use_Cases#Limited_Concurrent_Streams_via_Key_Release> requires the "persistent-release-message" session type. Support for this use case is important to a number of large service providers.

Limiting concurrent streams is important to many content providers, but do these large service providers to which you refer use a (persistent) secure proof of key release to do enforce such limitations? For context, there are other ways to enforce concurrency limits, including Limited Concurrent Streams via Key Renewal<https://www.w3.org/wiki/HTML/Media_Task_Force/EME_Use_Cases#Limited_Concurrent_Streams_via_Key_Renewal>.

Key renewal is an acceptable alternative when the CDM has network connectivity to the license server. What about the case where there isn't network connectivity? In this case the app would want to notify the server of key release once re-connected. Would this be a  persistent-license<https://w3c.github.io/encrypted-media/#idl-def-MediaKeySessionType.persistent-license> or persistent-release-message<https://w3c.github.io/encrypted-media/#idl-def-MediaKeySessionType.persistent-release-message> session?

Note: This session type specifically relates to persisting a secure proof of key/license release for non-persistent licenses for later retrieval. It does not apply to release messages related to persistent licenses (“persistent-license<https://w3c.github.io/encrypted-media/#idl-def-MediaKeySessionType.persistent-license>” sessions) or even release messages from “temporary” sessions that do not need to be persisted.

David

Received on Thursday, 19 March 2015 20:56:52 UTC