Re: Request to add parameters to createSession (bug 17660)

On Fri, Oct 19, 2012 at 4:08 PM, Joe Steele <steele@adobe.com> wrote:
> On Oct 19, 2012, at 12:45 PM, Mark Watson wrote:
>> If, however, you are proposing that the appData is *opaque to the CDM*, then
>> things might be different. i.e. the appData would be an opaque BLOB that the
>> CDM is supposed to include within the license request message (protected by
>> whatever mechanisms the CDM uses to protect its messages). Is that what you
>> meant ? I'd have to think further about that.
>
> [steele] I am not sure I see the distinction here. I can already append
> opaque data to the initData passed in createSession from the client app.
> However I would have to include additional logic in the client app to encode
> the opaque data in a way that key-system wants. With my proposal - any CDM
> (including ClearKey) can use the information directly or encode it
> appropriately for the key server without having the encoding logic in the
> app itself.

[strobe] I think the issue is that *every* CDM would have to do so in
order for this to be usable, and that mandating such a change would
shut out most key systems available today (and thus basically kill the
spec). The worst-case scenario is that some combinations of key system
/ CDM / license format support embedding in a secure way, some support
embedding in a non-secure way, and some do not support embedding at
all, in which case the app must become uncomfortably aware of the
license request format. If this is an optional feature, it could be
argued that nobody would have to use it in cases where there were
differences in the security levels of various key systems, but I posit
that even as an optional feature some authors would come to rely on
this behavior, which would then limit interoperability if new key
systems became available in the future which did not support secure
transmission of appData.

Steve

Received on Tuesday, 23 October 2012 17:26:31 UTC