Re: Bug 25269

You are right — as a random 16-byte value it *should* be unique. However the CENC spec does not seem to say that must be the case. Thus my concern.

I am looking at this text (emphasis mine) from ISO/IEC CD 23001-7 2nd Edition: 
"NOTE: For global uniqueness, a UUID [1] should be used for each unique KID /key value pair to prevent
duplicate IDs for different keys by independent publishers. Publishers may use the same key value and
KID  in more than one track or file according to their rights management intentions."

Option #2 only works if the keys are unique for all titles as you point out. This is a catch-22. My assumption is that they are not unique. 
Option #3 is a non-starter because the CDM needs to be able to attest to the information in the license request and it can’t unless it has all of it.

I suggest we add a note in the spec that emphasizes that these must be unique and suggests Option #1 as a good way to do it. 
That seems like minimal effort. If implementers run into this problem it will point them in the right direction even if they can’t make the suggested change.

Joe

On Jun 4, 2014, at 10:47 AM, David Dorwin <ddorwin@google.com> wrote:

> Yes, it is just an array of key IDs.
> 
> There are a few options to identify the title:
> The key ID(s) could include the title ID in them, allowing it to be easily extracted on the server. (This forces unique key IDs.)
> The server can look the title up based on the key ID(s). (This assumes they are unique.)
> The application knows the title and can include this in its request.
> 
> Why do you say KID isn't generally unique across streams? That should probably be a best practice for content providers.
> 
> David
> 
> 
> On Tue, Jun 3, 2014 at 10:42 AM, Joe Steele <steele@adobe.com> wrote:
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25269
> 
> This bug was closed on Saturday. Rather than just re-open it — maybe you can give me some clarification. 
> 
> Your proposal only includes the KIDs in the data that is sent into the CDM — correct? 
> 
> Given that KID is not generally unique across streams, how are you planning to support this? I would expect implementations to require a title identifier to pass to the server in order to identify the title that the KID is associated with. It sounds like you are proposing that the application which has this information should send it to the server in some out of band communication.
> 
> Joe
> 

Received on Friday, 6 June 2014 23:40:06 UTC