- From: <bugzilla@jessica.w3.org>
- Date: Fri, 22 Feb 2013 18:47:45 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20965 --- Comment #17 from Joe Steele <steele@adobe.com> --- (In reply to comment #13) > (In reply to comment #10) > I'm pretty sure you'll find that browser vendors treat the issue of > "globally unique persistent identifier exposed to all sites" as an issue for > all modes of operation, not just "private" mode issue. Agreed. However that is not required by EME. My point was about the persistence of unique identifiers, not how global they are. I am *not* arguing for the existence of a globally unique persistent identifier exposed to all sites, nor is it required for CDMs (at least not the one I am most familiar with) > What's your use case of persistent storage of CDM-related information? I > thought it wasn't worthwhile to propose more complex requirements without > knowing the use cases that the requirements were supposed to address. In cases where a license can have a longer lifetime than a single session, it is useful (and sometimes necessary) to not require the user to reacquire the license the next time they want to play. Here are some of the benefits: * Allows the license provider to lower their cost (less network transactions required) which can result in lower costs for the user. * Allows the user to request a license in a secure environment and then continue to play back content when they are in an insecure environment without having to reacquire the license over the insecure network. * Reduces the number of times the user needs to authenticate. > In any case, persistent storage of licenses gives a person with access to > the computing device information about what sites have been accessed. This is dependent on how the information is secured on disk. The browser cache seems like a more likely target for snooping though, since the location you downloaded the movie from is probably much more informative. If I have local access to the computing device I can gather information on the user in any number of ways. Or is your point that the user can get access to the list when the DRM vendor might not want them to? -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Friday, 22 February 2013 18:47:51 UTC