[Bug 26887] Allowing license servers and CDMs to control data persistence and secure release from bugzilla@jessica.w3.org on 2014-10-30 (public-html-bugzilla@w3.org from October 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 30 Oct 2014 22:32:25 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-26887-2486-fzKzogyLhu@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26887

--- Comment #13 from Jerry Smith <jdsmith@microsoft.com> ---
We have a revised proposal that drops querying the CDM for IDs and accommodates
specific requests we received when this bug was last discussed.  That feedback
included these specific requests:
1.    Apps must have control over data storage
2.    Apps should be able to control whether an existing license is reused or a
new one obtained
3.    SessionId should be retained
4.    If multiple persistent licenses were available, the app should be able to
select which it uses

Our revised proposal would:
1.    Give apps control over reusing persistent keys by calling a load method
using the same initData as generateRequest.  Apps then have complete control
over re-use, and it’s natural for them to choose between re-use or requesting a
new license.
2.    Separate secure release session retrieval from re-using persisted
licenses.  We’ve continued that in the model of the current spec with a session
retrieval an remove methods.
3.    Retain sessionId (or whatever it becomes) and return errors if license
terms don’t conform.

We’ve not resolved the issue about apps selecting from specific persisted
licenses.  We’d not believed this was an issue previously in our DRM, and think
it deserves further discussion.

An updated WebIDL would be:

interface MediaKeys {
    MediaKeySession createSession (optional SessionType sessionType =
"temporary");
    Promise<void>   setServerCertificate (BufferSource serverCertificate); 
    Promise<void>                   removeKey (sequence<ArrayBuffer>);      
Removes keys based on keyId, including persisted copies (affects all relevant
existing MediaKeySessions)
    Promise<void>                   removeAllKey ();  Removes all keys
currently loaded, including persisted copies (affects all relevant existing
MediaKeySessions)
 };

interface MediaKeySession : EventTarget {
    readonly    attribute DOMString           sessionId;
    readonly    attribute unrestricted double expiration;
    readonly    attribute Promise<void>       closed;
    Promise<void>                  request (DOMString initDataType,
BufferSource initData);
    Promise<void>                  update (BufferSource response);

    Promise<boolean>               retrieve (DOMString sessionId);        
Loads session data based on sessonId, except for keys
    Promise<boolean>               load (DOMString initDataType, BufferSource
initData);        Loads stored keys based on initData

    Promise<void>            remove() 
    Promise<void>                  close ();
    Promise<sequence<ArrayBuffer>> getUsableKeyIds ();
};

This does some renaming that I hope doesn't confuse the discussion:

1.    The previous generateRequest becomes request
2.    The previous load becomes retreive (for session data retreival)
3.    A new load is used to attempt loading persistent licenses
4.    New removeKey and removeAllKeys are intended to remove specific keys
based on individual keyId or remove all keys currently loaded

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 30 October 2014 22:32:26 UTC