Re: Custom and extending CDM to support other DRM systems from Mark Watson on 2015-01-30 (public-html-media@w3.org from January 2015)

From: Mark Watson <watsonm@netflix.com>
Date: Fri, 30 Jan 2015 07:59:53 -0800
To: Emmanuel Poitier <emmanuel.poitier@enman.fr>
Cc: Glenn Adams <glenn@skynav.com>, "public-html-media@w3.org" <public-html-media@w3.org>
Message-ID: <CAEnTvdBxxTNG1S0ysL38rF019JFxTpmx_eY+Fse-m_DzTEaHDg@mail.gmail.com>

On Fri, Jan 30, 2015 at 7:53 AM, Emmanuel Poitier <emmanuel.poitier@enman.fr
> wrote:

>  Matt,
>
> Le 30/01/2015 16:14, Mark Watson a écrit :
>
>
>
> On Fri, Jan 30, 2015 at 6:58 AM, Glenn Adams <glenn@skynav.com> wrote:
>
>>
>> On Fri, Jan 30, 2015 at 7:49 AM, Emmanuel Poitier <
>> emmanuel.poitier@enman.fr> wrote:
>>
>>>  All,
>>>
>>> I am currently looking after the information on how to extend the CDM to
>>> support other DRM systems, which is nowadays fixed and hardcoded for each
>>> browsers (IE with PlayReady, Chrome with Widevine, Safari with FairPlay).
>>> It would be nice to ensure the EME spec does provide information and also
>>> how browsers would support that in an agnostic manner to ensure a non
>>> fragmented market where the user does want to play a protected video
>>> content whatever the browser he is using.
>>>
>>
>>  I doubt if anything has changed on this front, but this type of
>> specification was ruled out of scope for EME. EME uses the term and concept
>> "CDM" only in a notional manner, and does not specify any concrete
>> interface to such a component.
>>
>>  It is likely that interface and any mechanism for adding/extending UA
>> supplied CDMs will remain UA specific, that is, until some organization
>> steps forward to standardize it (assuming UA vendors are willing to do
>> that... a dubitable proposition).
>>
>
>  Yes, such an API is not really in scope of W3C, never mind just EME.
> Just as NPAPI for <object> was created by UA vendors any such cross-browser
> CDM API would need to come from the UA vendors. Of course, the open source
> implementations of EME have CDM APIs in their code, but a major point of
> EME was to bring DRM under UA control, so I would not expect UAs ever to
> support download of arbitrary user-installable CDMs - at least it's not
> clear to me how this could be done and simultaneously meet the privacy and
> security requirements of the specification. Whilst UAs can technically
> enforce many security and privacy properties through sandboxing I'm not
> sure they will be willing to host CDMs about which they have no knowledge
> whatsoever.
>
>  …Mark
>
>
> I can understand this point, though a service provider protecting their
> content will evaluate DRM systems based on the UA CDM DRM support before
> using EME which is at the moment quite split across browsers. Thanks anyway
> for your view on this issue.
>

What's your alternative and how does it address the security and privacy
issues ?

…Mark



>
>
> Best regards,
> --
> Emmanuel Poitier - Chief Executive Officer (CEO)
> Enman
>
>   Telephone: +33 (0)2 54 67 15 38
>  Mobile: +33 (0)780 381 124  Email: emmanuel.poitier@enman.fr
>  Web site:http://enman.fr
>

Received on Friday, 30 January 2015 16:00:21 UTC