[Bug 27124] New: Add "individualizationrequest" to the MediaKeyMessageType enum

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27124

            Bug ID: 27124
           Summary: Add "individualizationrequest" to the
                    MediaKeyMessageType enum
           Product: HTML WG
           Version: unspecified
          Hardware: All
               URL: http://lists.w3.org/Archives/Public/public-html-media/
                    2014Oct/0006.html
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Encrypted Media Extensions
          Assignee: adrianba@microsoft.com
          Reporter: hsivonen@hsivonen.fi
        QA Contact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-media@w3.org

The spec currently says:
"Application- and origin-independent messages related to per-client
initialization (or reinitialization) that are sent to a fixed
non-application-dependent URL MUST be handled by the user agent and MUST NOT be
passed to the application via the APIs."

I think this is inappropriate. As far as I am aware, no rationale has been
given for the above-quoted design restriction. As described in
http://lists.w3.org/Archives/Public/public-html-media/2014Oct/0006.html , it's
a totally reasonable design that individualization (is there "initialization"
of another kind?) requests are made as EME messages and either the JS app knows
how to route these to a different server than the license requests or the
license server knows how to proxy these to an individualization server.

I request that

 1) The above-quoted sentence be edited to say that individualization MAY be
handled by the user agent without exposing the process to the application via
EME or individualization MAY be performed via EME messages whose type is
"individualizationrequest".

 2) "individualizationrequest" be added to the MediaKeyMessageType enumeration.

(I could live with the string "individualizationrequest" to be bikeshedded to
the more generic "initializationrequest" if spec text explains that it is meant
to cover individualization.)

Please note that individualization could reasonably be origin-*dependent*.
(This is desirable for privacy reasons to prevent cross-site correlation of
individualized bits that the key system exposes.) Sure, it's possible to read
the above-quoted sentence as not restricting origin-*dependent*
individualization via EME messages, but I still request change #1 above.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 22 October 2014 07:05:43 UTC