[EME] Further clarify that stored data must only be accessible to this user agent and profile.
--- a/encrypted-media/encrypted-media.html Tue Aug 26 17:49:18 2014 -0700
+++ b/encrypted-media/encrypted-media.html Wed Aug 27 10:22:17 2014 -0700
@@ -104,7 +104,7 @@
<div class="head">
<p><a href="http://www.w3.org/"><img src="https://www.w3.org/Icons/w3c_home" alt="W3C" width="72" height="48"></a></p>
<h1>Encrypted Media Extensions</h1>
- <h2 id="draft-date">W3C Editor's Draft 26 August 2014</h2>
+ <h2 id="draft-date">W3C Editor's Draft 27 August 2014</h2>
<dl>
<dt>This Version:</dt>
<dd><a href="http://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html">http://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html</a></dd>
@@ -644,7 +644,9 @@
<p>If <var title="true">session type</var> is "<code><a href="#dom-sessiontypetemporary">temporary</a></code>", the request is for a temporary non-persisted license.
If <var title="true">session type</var> is "<code><a href="#dom-sessiontypepersistent">persistent</a></code>", the request is for a persistable session, possibly with a persistable license.</p>
<p>If <var title="true">session type</var> is <em>not</em> "<code><a href="#dom-sessiontypepersistent">persistent</a></code>", the CDM must <em>not</em> store a record of or data related to the session at any point.</p>
- <p>When storage is allowed, data must always be stored such that only the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <code><a href="http://www.w3.org/TR/dom/#document">Document</a></code> can access it.</p>
+ <p>When storage is allowed, data must always be stored such that only the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <code><a href="http://www.w3.org/TR/dom/#document">Document</a></code> can access it and only in the current profile of this user agent.
+ Other user agent profiles, user agents, and applications must not be able to access the stored data.
+ </p>
<p class="non-normative">Note: The license server may reject the requested type, but it should not issue a different type.</p>
<p><var title="true">cdm</var> must not use any stream-specific data, including <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, not provided via the <var>init data</var>.</p>
</li>
@@ -1456,7 +1458,7 @@
<p>CDMs, especially those implemented outside the user agent, may not have the same fundamental isolations as the web platform.
It is important that steps be taken to avoid information leakage, especially across origins.
This includes both in-memory and stored data.
- Failure to do so could lead to information leakage to/from Incognito/Private Browsing sessions, across profiles, and even across different operating system user accounts.
+ Failure to do so could lead to information leakage to/from Incognito/Private Browsing sessions, across profiles, and even across different browsers, applications, and operating system user accounts.
</p>
<p>To avoid such issues, user agent and CDM implementations should ensure that:</p>
--- a/encrypted-media/encrypted-media.xml Tue Aug 26 17:49:18 2014 -0700
+++ b/encrypted-media/encrypted-media.xml Wed Aug 27 10:22:17 2014 -0700
@@ -103,7 +103,7 @@
<div class="head">
<p><a href="http://www.w3.org/"><img src="https://www.w3.org/Icons/w3c_home" alt="W3C" width="72" height="48" /></a></p>
<h1>Encrypted Media Extensions</h1>
- <h2 id="draft-date">W3C Editor's Draft 26 August 2014</h2>
+ <h2 id="draft-date">W3C Editor's Draft 27 August 2014</h2>
<dl>
<dt>This Version:</dt>
<dd><a href="http://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html">http://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html</a></dd>
@@ -615,7 +615,9 @@
<p>If <var title="true">session type</var> is "<coderef prefix="sessiontype">temporary</coderef>", the request is for a temporary non-persisted license.
If <var title="true">session type</var> is "<coderef prefix="sessiontype">persistent</coderef>", the request is for a persistable session, possibly with a persistable license.</p>
<p>If <var title="true">session type</var> is <em>not</em> "<coderef prefix="sessiontype">persistent</coderef>", the CDM must <em>not</em> store a record of or data related to the session at any point.</p>
- <p>When storage is allowed, data must always be stored such that only the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <code><dom4ref name="document">Document</dom4ref></code> can access it.</p>
+ <p>When storage is allowed, data must always be stored such that only the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <code><dom4ref name="document">Document</dom4ref></code> can access it and only in the current profile of this user agent.
+ Other user agent profiles, user agents, and applications must not be able to access the stored data.
+ </p>
<p class="non-normative">Note: The license server may reject the requested type, but it should not issue a different type.</p>
<p><var title="true">cdm</var> must not use any stream-specific data, including <videoanchor name="media-data">media data</videoanchor>, not provided via the <var>init data</var>.</p>
</li>
@@ -1385,7 +1387,7 @@
<p>CDMs, especially those implemented outside the user agent, may not have the same fundamental isolations as the web platform.
It is important that steps be taken to avoid information leakage, especially across origins.
This includes both in-memory and stored data.
- Failure to do so could lead to information leakage to/from Incognito/Private Browsing sessions, across profiles, and even across different operating system user accounts.
+ Failure to do so could lead to information leakage to/from Incognito/Private Browsing sessions, across profiles, and even across different browsers, applications, and operating system user accounts.
</p>
<p>To avoid such issues, user agent and CDM implementations should ensure that:</p>