W3C home > Mailing lists > Public > public-html-media@w3.org > October 2014

Re: [EME] Handling CDM availability, permissions, and supported types

From: David Dorwin <ddorwin@google.com>
Date: Mon, 6 Oct 2014 13:34:37 -0700
Message-ID: <CAHD2rsjd68EbROtoH0goT+4OrKaT3cwi9CbjOAkZWv+nvZta8A@mail.gmail.com>
To: Mark Watson <watsonm@netflix.com>
Cc: Boris Zbarsky <bzbarsky@mit.edu>, "public-html-media@w3.org" <public-html-media@w3.org>, Anne van Kesteren <annevk@annevk.nl>
On Mon, Oct 6, 2014 at 11:28 AM, Mark Watson <watsonm@netflix.com> wrote:

>
>
> On Mon, Oct 6, 2014 at 10:46 AM, David Dorwin <ddorwin@google.com> wrote:
>
>>
>>
>> On Mon, Oct 6, 2014 at 8:38 AM, Mark Watson <watsonm@netflix.com> wrote:
>>
>>> Hi David,
>>>
>>> It's not clear to my why we can't require that all capability
>>> information for all keysystems supported by a UA is registered with the UA
>>> up front, so that the original isTypeSupported can operate in a synchronous
>>> manner. This capability information is essentially a static table for each
>>> keysystem. The UA presumably has *some* information for each supported
>>> keysystem, even if the CDM itself has not been downloaded (for example, it
>>> probably knows the URL and hash of the CDM) and that information could
>>> include capability information. Is there some issue associated with
>>> exposing that information in advance of CDM download ?
>>>
>>
>> See the discussion in the bug. Yes, the UA could know the possible
>> functionality (I called this "best case support" in comment 35
>> <https://www.w3.org/Bugs/Public/show_bug.cgi?id=25923#c35>), but the UA
>> may not know what the user will allow. Also, it's possible that different
>> functionality will be enabled depending on what the user allows (regardless
>> of whether the CDM needs to be downloaded). The only way to provide the
>> application with a definitive answer is to allow the prompt, download, etc.
>> to take place before responding.
>>
>
> Could we have a synchronous isTypeSupported​ method, which checks the
> statically configured capabilities information and then a member method on
> MediaKeys that checks what is actually supported / allowed after the user
> permissions step ?
>

This is returning  "best case support." The API would have to be named such
that this would be clear to the author. However, I don't think this is a
common API model and I don't see why we would do this when we have an
alternative.

>
> Then sites would use isTypeSupported to determine a keysystem supported by
> the UA with the capabilities that the site needs, create the MediaKeys
> (which might prompt) and then check that the returned MediaKeys object does
> indeed support what they need.
>

It's also possible that no MediaKeys object is returned.

>
> This would seem to be an easy flow to implement, since the site will need
> to handle the case where the createMediaKeys fails, so the case where it
> succeeds but the "allowed capabilities" check fails can be handled
> similarly (try a different keysystem, say).
>

What is the advantage of this two-step flow to the current proposal? The
application would need to handle lack of support in at least two locations.
It seems less likely that applications would implement this two-step flow
correctly, especially to handle the potential for another key system.

See the discussion starting at
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25923#c30.

>
> Additionally, if there are CDM capabilities that the user might not allow
> (persistent identifier and persistent storage might be examples, since you
> call those out), then a site might provide different levels of service
> depending on whether these are supported.
>

This is also supported by the current proposal. (See the last item
under Areas for Discussion.)

>
> So, we have "isTypeSupported" as a static method based on static
> configured properties of the keysystem and "isTypeSupportedAndAllowed"
> member method which is based on the post-download, post-prompt status.
> [That naming might not be right, since once the load/permissions step has
> been done once, you would expect the static isTypeSupported to return the
> "supported + allowed" information.
>

The current proposal ensures that the correct response is always returned
and applications only need one flow and one API to call.

>
> If users are to individually approve CDM capabilities, there is also a
> problem of making it possible / easy for them to change their minds. A user
> might click through a permission prompt quickly and they it would be sad if
> we have to direct them to an obscure settings page to undo that and give
> the CDM permissions that a site needs.
>

These are implementation details. I don't think the current proposal makes
this any worse. If anything, it gives the user agent insight into what is
required, which might help surface UX to help the user.

>
> ...Mark
>
>
>
>
>>
>>> Secondly, whilst it is up to UAs whether and when to prompt for user
>>> permission, we should not assume that a permission prompt is required: the
>>> ideal situation is that the CDM is designed such that it introduces no
>>> incremental privacy or security risks to the user (and the UA knows this)
>>> and so no permission prompt is required. I think we should aim for this
>>> outcome.
>>>
>>
>> The proposal does not assume or require a prompt, but it does consider
>> it, which is necessary to design a solution that accommodates inclusion of
>> this outside data into the response.
>>
>>>
>>> ...Mark
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Oct 3, 2014 at 7:22 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
>>>
>>>> On 10/3/14, 6:18 PM, David Dorwin wrote:
>>>>
>>>>>          1. If the member's name is unrecognized or unhandled and the
>>>>>             value is not “optional”, continue to next iteration of the
>>>>> loop.
>>>>>
>>>>
>>>> This requirement can't be fulfilled for the "unrecognized" case.  See
>>>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25923#c40
>>>>
>>>> Other than that, this makes me happy.
>>>>
>>>>        o It's unclear why this is the case or why the same rule does not
>>>>>         apply to Sequence. Maybe Boris knows.
>>>>>
>>>>
>>>> Also see the link above.
>>>>
>>>> -Boris
>>>>
>>>>
>>>
>>
>
Received on Monday, 6 October 2014 20:35:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 15:48:55 UTC