[encrypted-media] Add a note about the case where all keys are released after load() (#448) from xhwang-chromium via GitHub on 2018-12-04 (public-html-media@w3.org from December 2018)

From: xhwang-chromium via GitHub <sysbot+gh@w3.org>
Date: Tue, 04 Dec 2018 01:22:29 +0000
To: public-html-media@w3.org
Message-ID: <issues.opened-387077700-1543886548-sysbot+gh@w3.org>

xhwang-chromium has just created a new issue for https://github.com/w3c/encrypted-media:

== Add a note about the case where all keys are released after load() ==
Considering the following case. A persistent-license is stored. However, after a CDM, UA or hardware update, the license could not be loaded by the CDM anymore. For example, a certificate associated with the persistent license has been reset during the update.

In this case, upon [load()](https://w3c.github.io/encrypted-media/#dom-mediakeysession-load) of the session ID, the UA has a few options:

1. Clear the session data and declare that the session doesn't exist, i.e. resolve the promise with false. But the original session can never be released any more.
2. Perform a full migration so that the session is loaded as normal. However, the migration logic could be very complicated, and in many cases, simply impossible.
3. Load the session but declare all keys are released. The JS player can still call remove() on the session to trigger a license-release message, and finish the license release process. After the process, the JS player can recreate a session and store a new license if needed.

I think option 3 is the best in terms of user experience and complexity. It's much easier for the CDM to implement, and is easy to be handled by JS.

However, it's not mentioned in the current spec that without remove() having been called previously, it's possible that all keys are immediately released after load(). JS players may not handle this case correctly or at all.

In the current spec we have a note that [sessions can be closed by itself](https://w3c.github.io/encrypted-media/#session-closed):

> The CDM may close a session at any point, such as when the session is no longer needed or when system resources are lost. In that case, the Monitor for CDM Changes algorithm detects the change and runs this algorithm.

I propose to add similar note in the spec under [load()](https://w3c.github.io/encrypted-media/#dom-mediakeysession-load) about this case.

Please view or discuss this issue at https://github.com/w3c/encrypted-media/issues/448 using your GitHub account

Received on Tuesday, 4 December 2018 01:22:38 UTC