- From: Mark Watson <watsonm@netflix.com>
- Date: Wed, 31 Oct 2012 15:39:55 +0000
- To: Joe Steele <steele@adobe.com>
- CC: Martin Soukup <martin.soukup@irdeto.com>, Steven Robertson <strobe@google.com>, "<public-html-media@w3.org>" <public-html-media@w3.org>
- Message-ID: <DA66C2F8-2CEA-417A-BE2C-D8F2674EFD5E@netflix.com>
On Oct 31, 2012, at 4:09 PM, Joe Steele wrote: Nothing _has_ to be changed for this to work. However for the reasons I stated below (uniformity, error handling) it would be useful to give some guidance about how to do this in the spec. This could be handled by a question/answer in the FAQ and some example code. This would indicate to developers that the app is allowed to intercept, modify and respond to the needKey requests in the manner described. I think we'd have to see the text. It is of course up to the application what to do with the keymessage. There's a desire for keysystem-independence in the client code - so I can write my client application to behave the same for all keysystems. I'm not sure I understand how I would use a keysystem of the kind you described together with other keysystems ? The way we imagine our application working is that the user would already be "logged in" to our application and we would have cookies, tokens or whatever that ensure that log in is maintained through all server transactions. We'll just send the keymessage to our application servers and ask the appropriate keysystem-specific back-end to process it and give its a message to pass back. If I understand rightly, you're considering a scenario where user login and authentication does not take place until playback is requested. The app needs to handle that before sending the keymessage to the application server - at least it does so for all other key systems, so it would probably like to do the same thing for this one. If the keysystem needs this authentication information, wouldn't it be possible for the back-end keysystem-specific system to place it in the message that it returns ? Or are you considering a case where the application code and server architecture is specific to one keysystem ? Sorry if this is repeating some of the earlier discussion, but I'm not sure I understand how these keysystem-specific client behaviors would sit beside the normal keysystem-independent ones. …Mark Joe Steele steele@adobe.com<mailto:steele@adobe.com> On Oct 30, 2012, at 2:02 PM, Mark Watson wrote: Sent from my iPhone On Oct 30, 2012, at 9:16 PM, "Joe Steele" <steele@adobe.com<mailto:steele@adobe.com>> wrote: Let me start a side thread on this with an alternate proposal. What if instead of adding a new parameter to createSession to allow for application data to be passed to the CDM, we explicitly allow for the CDM to request data directly from the application via an established URI scheme? Take this example: A media source is loaded and the media stack decides it needs a key. The application decides that it wants to use the "com.foo.keysystem" keysystem. It calls createSession, passing the initData from the media stack. The CDM then examines the initData and determines that an in-band authentication needs to occur. The CDM then fires a needkey event setting the destinationURI to be something like "app://com.foo.keysystem?username&password". The app is watching for destinationURIs beginning with "app://" which it then handles directly rather than resulting in an network request. The app parses the URI into the keysystem and the request portions. The app then decides how it wants to respond to the key request and returns the information requested via the addKey method. This would put some of the burden back on the app developers, in terms of possibly needing to encode multiple pieces of information into the single key parameter. However it would be better than my current proposal in the sense that the app needs to have less information when createSession is called. And I think it would satisfy the concerns about fragmentation since only the CDMs that want this behavior would generate key requests like this. I would prefer codifying the scheme that will trigger app handling of the URI (e.g. "app://" followed by the keysystem) to enforce some level of uniformity and allow for app developers to display reasonable error messages should the CDM do something they are not expecting. This would address the issue I am concerned about. Would this be an acceptable alternative? Assuming this is acceptable -- how can we reflect this in the spec? Does anything need to be changed in the spec to support what you describe above ? ...Mark Joe Steele steele@adobe.com<mailto:steele@adobe.com>
Received on Wednesday, 31 October 2012 15:40:33 UTC