Re: Request to add parameters to createSession (bug 17660)

Joe Steele
steele@adobe.com<mailto:steele@adobe.com>

On Oct 23, 2012, at 10:25 AM, Steven Robertson wrote:

On Fri, Oct 19, 2012 at 4:08 PM, Joe Steele <steele@adobe.com<mailto:steele@adobe.com>> wrote:
On Oct 19, 2012, at 12:45 PM, Mark Watson wrote:
If, however, you are proposing that the appData is *opaque to the CDM*, then
things might be different. i.e. the appData would be an opaque BLOB that the
CDM is supposed to include within the license request message (protected by
whatever mechanisms the CDM uses to protect its messages). Is that what you
meant ? I'd have to think further about that.

[steele] I am not sure I see the distinction here. I can already append
opaque data to the initData passed in createSession from the client app.
However I would have to include additional logic in the client app to encode
the opaque data in a way that key-system wants. With my proposal - any CDM
(including ClearKey) can use the information directly or encode it
appropriately for the key server without having the encoding logic in the
app itself.

[strobe] I think the issue is that *every* CDM would have to do so in
order for this to be usable, and that mandating such a change would
shut out most key systems available today (and thus basically kill the
spec). The worst-case scenario is that some combinations of key system
/ CDM / license format support embedding in a secure way, some support
embedding in a non-secure way, and some do not support embedding at
all, in which case the app must become uncomfortably aware of the
license request format. If this is an optional feature, it could be
argued that nobody would have to use it in cases where there were
differences in the security levels of various key systems, but I posit
that even as an optional feature some authors would come to rely on
this behavior, which would then limit interoperability if new key
systems became available in the future which did not support secure
transmission of appData.

My proposal does not require every CDM to actually use the information passed, nor every application to pass the information. It only says that applications can pass this information and CDMs can use it if available. I am more than happy to stipulate that if an application does not pass information in this fashion, the CDM is not allowed to fail because of it.

I am further saying that interoperability is already limited by the fact that some key systems transmit appData in this fashion and it is not allowed by this spec. We don't have to speculate about whether this will become a problem - it is a problem right now for my key system.

Joe


Steve

Received on Tuesday, 30 October 2012 15:21:05 UTC