[Bug 26887] Allowing license servers and CDMs to control data persistence and secure release from bugzilla@jessica.w3.org on 2014-09-30 (public-html-bugzilla@w3.org from September 2014)

From: <bugzilla@jessica.w3.org>
Date: Tue, 30 Sep 2014 20:32:42 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-26887-2486-fuauPl57W6@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26887

--- Comment #5 from Mark Watson <watsonm@netflix.com> ---
Thinking about this some more. I think one aspect of our current design that
makes a lot of sense is the idea of a session as a container for keys and
associated state as well as a context for message exchange.

We expose the available keys on each session, not on MediaKeys. remove()
removes the keys that were created as a result of the messages of the session.
Key release messages for the set of keys are fired on the associated session.
Script control of persistence is done at the session level. If sessions were to
be changed to be purely ephemeral context for message exchange, all of the
above would need to change too.

However, I do see we have a problem in unifying different underlying DRM
implementations. Basically, we have a difference of opinion as to whether some
application decisions (persist or not, reload existing or create new) should be
communicated to the CDM though the message exchange, directly through the API
or both.

If we're thinking of monolithic applications, where the same party develops the
entire client and server side, I'm not sure we're going to be able to derive
any rationale one way or another. If we're thinking of a general-purpose player
that might work with multiple services, we have some way to think about who
should do what.

It seems clear in such a model that persistence requires permission from both
the license server and the client application.

It's also clear that the client application should be informed when existing
state is used instead of a message exchange, but we have this as the session
state jumps to ready without any messaging.

Some questions:
1) Should the client application be able to force a new message exchange even
when there exists state (a license) that could be used for the content ?
2) Should the client be required to know, a priori, that there exists suitable
state in order to make use of it ?
3) Could there be multiple distinct licenses created from the same initData and
if yes, what are the requirements for the application to control which is used
?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 30 September 2014 20:32:43 UTC