[Bug 26887] Allowing license servers and CDMs to control data persistence and secure release from bugzilla@jessica.w3.org on 2014-10-01 (public-html-bugzilla@w3.org from October 2014)

From: <bugzilla@jessica.w3.org>
Date: Wed, 01 Oct 2014 17:44:55 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-26887-2486-QvTBzNeqsK@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26887

--- Comment #7 from Mark Watson <watsonm@netflix.com> ---
Ok, so the only kind of ID we have on the API (that we all agree on) are the
key IDs. And we know that keys may be acted on by the CDM in groups.

So, for the sake of argument, suppose we have a concept of a 'group of keys',
identified by an Array of Key IDs.

On a MediaKeySession, we can get an Array<KeyId> for the keys managed in that
session.

On MediaKeys, we can get an Array< Array<KeyId> > for all the groups of key ids
that have some persisted state (and are not managed by an current session?).
The persisted state could be licenses for the keys, or secure release
information: we might expose a type, that it, what we get is Array <Pair< Type,
Array<KeyId> > >.

And then if we want to use / interact with one of these persisted groups, we
can create a MediaKeySession initialized with the Array<KeyId>, rather than
initData (though if we use initData we can still get back one of the existing
groups - we will see that keychange is fired and the Array of key ids appears
on the session without any messaging).

One further thing might be to expose on the MediaKeySession a boolean that
tells the application whether the keys will be persisted when the session is
closed.

I am not necessarily proposing the above, but I think it meets (most of) the
requirements from both Jerry and David.
- the application can deny persistence, by calling remove() on the
MediaKeySession.
- the application has full visibility of the keys and key release information
which is persisted
- the application can see when existing keys are re-used and can explicitly
request that existing keys be re-used
- the license server can direct that keys are persisted
- sessions are entirely ephemeral, used for interaction with groups of keys

Here are the remaining problems:
- what if there are multiple licenses for the same set of key ids ? In our
existing specification this can be managed by the application, which knows what
kind licenses it is requesting and can persist the sessionIds for the different
sessions.
- what if there are multiple secure release records for the same set of key ids
? Again, in the existing specification the application can track which is which
based on the sessionId.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 1 October 2014 17:44:57 UTC