[Bug 26887] Allowing license servers and CDMs to control data persistence and secure release from bugzilla@jessica.w3.org on 2014-10-02 (public-html-bugzilla@w3.org from October 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 02 Oct 2014 02:29:03 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-26887-2486-TG3KQ7yhXS@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26887

--- Comment #11 from David Dorwin <ddorwin@google.com> ---
(In reply to Jerry Smith from comment #6)
> Reply to David:
> 
> It should be sufficient to establish that the license server model is valid.

I don't think anyone is arguing whether it is valid. I'm arguing that it is not
appropriate as-is for the web platform. The current spec basically adds a
normative framework around this opaque model.

There are likely many valid models, but that doesn't mean EME is designed
around all of them. In fact, we have decided that some models are out of scope
for similar reasons.

> That it’s already used by more than one established DRM system argues that
> is the case.

These DRM systems were developed in the context of generally DRM-specific
applications, often built on associated vertical application stacks. I believe
it is misguided to project this onto the web platform, user agents,
interoperable applications, and all clients, DRM systems, and use cases.

>  I am asserting that it should be allowed.

I disagree with this characterization. The proposal appears to force this model
on all implementations and fundamentally changes the long-standing meaning of
MediaKeySession. That's much different than _allowing_ something.

> We believe a license with a persistent attribute always be stored (outside
> of inprivate), and that the license server model can fully allow the app to
> participate in the decisions that lead up to that happening.  There is no
> loss of app control.

How do the app *and user agent*, which the app relies on, participate in these
decisions? I don't see any proposal for a normative and interoperable
mechanism. (See comment #10 for why this is important.)

You mention inprivate as an exception, but there is no clear mechanism to
enable a user agent to implement such an exception.
Implementing InPrivate/Incognito/private browsing in a way that makes sense to
applications is one of the reasons I want the application to specify what it
needs.


Why do you and/or Microsoft feel so strongly that involving the application and
user agent is a problem? Is that the real issue or are your concerns more about
related issues, such as how license are loaded/prepared for use?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 2 October 2014 02:29:04 UTC