Encrypted Media Extensions is a W3C Proposed Recommendation


W3C published today the Encrypted Media Extensions specification as a 
Proposed Recommendation:

The "persistent-usage-record" session type and the related 
MediaKeySession destroyed algorithm were removed since the previous version.

This publication follows section 6.5 of the W3C Process Document:

Keep in mind that publication as a Proposed Recommendation does not 
imply endorsement by the W3C Membership. This phase establishes a 
deadline for the Advisory Committee review:

Advisory Committee Representatives should consult their WBS 
questionnaires and review the document through 13 April 2017.

Security Disclosures Best Practices

W3C is also soliciting feedback on the recently-published W3C Security 
Disclosures Best Practices:

This Team Submission contains a template intended for organizations 
interested in protecting their users and applications from fraud, 
malware, and computer viruses, as well as interested in ensuring proper 
adherence to security and privacy considerations included in W3C 
Recommendations. It also helps to support broad participation, testing, 
and audit from the security community to keep users safe and the web’s 
security model intact. for security and privacy disclosure programs. 
Please send comments to public-security-disclosure@w3.org.

Formal Objections

Formal Objections were raised on three points:

The objections included:
* inadequate protection for users;
* difficulties in supporting the specification in free software projects;
* lack of covenant regarding anti-circumvention regulations.

The specification contains 2 separate sections regarding security and 
privacy considerations to prevent attacks and preserve the protection of 
users, including by recommending explicit consent.

The specification does not mandate a particular CDM. It does however 
mandate support for the Clear Key common key systems, to provide a 
common baseline level of functionality.

While the Director recognizes the technical progress and stability of
the work, the lack of consensus to protect security researchers remains 
an issue.  The Director has determined that a practical means to improve 
protections at this stage is to establish momentum for protection by 
establishing best practices for responsible vulnerability disclosure. 
The W3C Team published a set of guidelines intended to protect security 
and privacy researchers and is looking for expression of interest:

Additionally, accessibility concerns were brought to the attention of
the Director.  Testing validated that the specification's approach for 
captions did not prevent access to captions for users with disabilities. 
Other accessibility concerns were suggested, including color 
daltonization and flash mitigation. They were determined to be outside 
of the scope of EME, but represent potentially useful areas for 
accessibility research for video in general. See also

Thank you,


Received on Thursday, 16 March 2017 13:47:17 UTC