Re: [EME] Key Release from David Dorwin on 2012-07-20 (public-html-media@w3.org from July 2012)

From: David Dorwin <ddorwin@google.com>
Date: Fri, 20 Jul 2012 09:13:59 -0700
To: Mark Watson <watsonm@netflix.com>
Cc: "<public-html-media@w3.org>" <public-html-media@w3.org>
Message-ID: <CAHD2rsjrAg4_CA1A4Whi2LsJccEMqk08M-69urYajAJ9B4xLbQ@mail.gmail.com>
Now that we've chosen an object oriented session approach [1], we should
revisit the idea of key releases. Presumably, MediaKeySession objects would
be obtained from the MediaKeys object, which can be instantiated
independent of a media element (solving the "dummy" HTMLMediaElement case).

However, there are some implementation and use issues to address before we
decide on a specific API. For example, assuming key release is used to
support business logic, it is probably important that the key releases be
reported as soon as playback stops and/or the key is no longer in use. This
might be less reliable in a native browser and/or computer environment than
in existing systems. Potentially problematic scenarios include:

   - User navigates away from the media page (i.e. from the address
   bar) while the media is playing.
   - User closes a tab or browser window while the media is playing.
   - User closes the lid on a laptop or otherwise suspend the system while
   the media is playing.

In the first two scenarios, the application would need to detect that the
page is being unloaded, request a key release, receive it, and send it to
the server (i.e. via XHR). Is this guaranteed to work by the HTML spec or
in common implementations? I think this would at least require a method to
synchronously request released session(s) whereas the rest of the API is
asynchronous.

In the third scenario, I assume the application won't even be notified.

[1] http://lists.w3.org/Archives/Public/public-html-media/2012Jul/0002.html

On Fri, Jun 22, 2012 at 3:33 PM, David Dorwin <ddorwin@google.com> wrote:

> I corrected my last sentence below to:
>
> See https://www.w3.org/Bugs/Public/show_bug.cgi?id=17470, which is
> tracking *when applications can call* other methods, specifically
> generateKeyRequest().
>
>
> On Fri, Jun 22, 2012 at 3:30 PM, David Dorwin <ddorwin@google.com> wrote:
>
>>
>>
>> On Tue, Jun 19, 2012 at 8:52 AM, Mark Watson <watsonm@netflix.com> wrote:
>>
>>>
>>>  On Jun 11, 2012, at 11:57 PM, David Dorwin wrote:
>>>
>>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=17199
>>>
>>>  The Key Release portion (
>>> http://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html#key-release)
>>> of the proposal hasn't received a lot of feedback, so I'd like to start a
>>> discussion about it.
>>>
>>>  Section 4.1 gives a good overview of the problem. Briefly, the goal is
>>> the provide the application with secure proof that a key is no longer
>>> present on the client ("released"). The application must also be able to
>>> ACK proofs. One particular thing to note is that proofs are not related
>>> to any particular media element. In addition, the current API proposal does
>>> not associate key release with HTMLMediaElement or any other object.
>>>
>>>  Some possible topics for discussion:
>>>  * Multiple KeyReleaseManagers could be created, but they would all
>>> represent the same data. How might we make KeyReleaseManager global or a
>>> singleton?
>>>
>>>
>>>  I would like to better understand what is the "normal" way to do this
>>> ? Should this be window.mediakeyreleasemanager ? What are the issues with
>>> that ?
>>>
>>>   * While not related to HTMLMediaElement from an API point of view,
>>> key release would need to be tightly integrated with the implementation
>>> underlying the rest of the proposal, which is related to HTMLMediaElement.
>>>    - What is the impact on implementations?
>>>    - How might we more closely associate key release
>>> with HTMLMediaElement and/or the rest of the EME implementation?
>>>
>>>
>>>  If it makes a significant difference for implementations then this
>>> could be dealt with using methods on HTMLMediaElement, with the consequence
>>> that you might need to create a "dummy" HTMLMediaElement to get access to
>>> the proof of key release messages.
>>>
>>
>> I think this is worth investigating. One thing we will have to address is
>> ensuring that the media element implementation can be sufficiently
>> initialized in the "dummy" case. See
>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=17470, which is tracking
>> when applications can call other methods, specifically generateKeyRequest().
>>
>>>
>>>   * How might representing sessions as objects (
>>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=16613) affect the design?
>>>
>>>
>>>  I think it makes it clearer, since the "proof of key release" messages
>>> are created (and stored in the CDM) exactly when a  "session" is destroyed.
>>> In fact they become "proof of session destruction" instead.
>>>
>>>  …Mark
>>>
>>>
>>
>
Received on Friday, 20 July 2012 16:14:50 UTC