[EME] Added a Session Storage and Persistence section to cover cross-algorithm behavior and removed such text from the generateRequest() algorithm.
authorDavid Dorwin <ddorwin@google.com>
Mon, 15 Sep 2014 15:11:12 -0700
changeset 429 1a115507e196
parent 428 79d5d9c3d701
child 430 1f049d683307
[EME] Added a Session Storage and Persistence section to cover cross-algorithm behavior and removed such text from the generateRequest() algorithm.
encrypted-media/encrypted-media.html
encrypted-media/encrypted-media.xml
--- a/encrypted-media/encrypted-media.html	Mon Sep 15 13:04:47 2014 -0700
+++ b/encrypted-media/encrypted-media.html	Mon Sep 15 15:11:12 2014 -0700
@@ -561,18 +561,24 @@
             <ol>
               <li><p>If the <var>init data</var> is not valid for <var title="true">initDataType</var>, reject <var>promise</var> with a new <code><a href="http://www.w3.org/TR/dom/#exception-domexception">DOMException</a></code> whose name is <code><a href="#dfn-InvalidAccessError">"InvalidAccessError"</a></code>.</p></li>
               <li><p>If the <var>init data</var> is not supported by the <var title="true">cdm</var>, reject <var>promise</var> with a new <code><a href="http://www.w3.org/TR/dom/#exception-domexception">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">"NotSupportedError"</a></code>.</p></li>
+              <li>
+<p>Follow the steps for the first matching condition from the following list:</p>
+                <dl class="switch">
+                  <dt>If <var title="true">session type</var> is "<code><a href="#dom-sessiontypetemporary">temporary</a></code>"</dt>
+                  <dd>Let <var title="true">requested session type</var> be a temporary non-persisted session. <span class="non-normative">(The returned license must not be persistable.)</span>
+</dd>
+                  <dt>If <var title="true">session type</var> is "<code><a href="#dom-sessiontypepersistent">persistent</a></code>"</dt>
+                  <dd>Let <var title="true">requested session type</var> be a persistable session. <span class="non-normative">(The returned license may be persistable.)</span>
+</dd>
+                </dl>
+                <p class="non-normative">Note: The license server determines the type of license that is returned, either persistent or non-persistent. A persistent license cannot be added to a non-persistable session.</p>
+              </li>
+
               <li><p>Let <var title="true">session id</var> be a unique <a href="#session-id">Session ID</a> string.</p></li>
               <li>
-<p>Let <var title="true">request</var> be a request <span class="non-normative">(e.g. a license request)</span> generated based on the <var>init data</var>, which is interpreted per <var title="true">initDataType</var>, and <var title="true">session type</var>.</p>
-                <p>If <var title="true">session type</var> is "<code><a href="#dom-sessiontypetemporary">temporary</a></code>", the request is for a temporary non-persisted session. <span class="non-normative">(The returned license must not be persistable.)</span>
-                If <var title="true">session type</var> is "<code><a href="#dom-sessiontypepersistent">persistent</a></code>", the request is for a persistable session. <span class="non-normative">(The returned license may be persistable.)</span>
-                </p>
-                <p>If <var title="true">session type</var> is <em>not</em> "<code><a href="#dom-sessiontypepersistent">persistent</a></code>", the CDM must <em>not</em> store a record of or data related to the session at any point.</p>
-                <p>When storage is allowed, data must always be stored such that only the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <code><a href="http://www.w3.org/TR/dom/#document">Document</a></code> can access it and only in the current profile of this user agent.
-                  Other user agent profiles, user agents, and applications must not be able to access the stored data.
-                </p>
-                <p class="non-normative">Note: The license server determines the type of license that is returned, either persistent or non-persistent. A persistent license cannot be added to a non-persistable session.</p>
-                <p><var title="true">cdm</var> must not use any stream-specific data, including <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, not provided via the <var>init data</var>.</p>
+<p>Let <var title="true">request</var> be a request <span class="non-normative">(e.g. a license request)</span> for the <var title="true">requested session type</var> generated based on the <var>init data</var>, which is interpreted per <var title="true">initDataType</var>.</p>
+                <p>The <var title="true">cdm</var> must not use any stream-specific data, including <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, not provided via the <var>init data</var>.</p>
+                <p>The <var title="true">cdm</var> should <em>not</em> store session data, including the session ID, at this point. See <a href="#session-storage">Session Storage and Persistence</a>.</p>
               </li>
             </ol>
           </li>
@@ -672,6 +678,7 @@
                   <dt>Otherwise</dt>
                   <dd>Reject <var>promise</var> with a new <code><a href="http://www.w3.org/TR/dom/#exception-domexception">DOMException</a></code> whose name is <code><a href="#dfn-InvalidAccessError">"InvalidAccessError"</a></code>.</dd>
                 </dl>
+                <p>See also <a href="#session-storage">Session Storage and Persistence</a>.</p>
                 <p class="non-normative">Note: When <var>message</var> contains key(s) and/or related data, <var title="true">cdm</var> will likely cache the key and related data indexed by key ID.</p>
                 <p class="non-normative">Note: The replacement algorithm within a session is <a href="#key-system">Key System</a>-dependent.</p>
                 <p class="non-normative">Note: Keys from different sessions should be cached independently such that closing one session does not affect keys in other sessions, even if they have overlapping key IDs.</p>
@@ -1032,6 +1039,24 @@
       </tbody>
     </table>
 
+    <h3 id="session-storage">3.7. Session Storage and Persistence</h3>
+    <p>This section provides an overview of session stroage and persistence that complements the algorithms.</p>
+    <p>If this object's <var title="true">session type</var> is not "<code><a href="#dom-sessiontypepersistent">persistent</a></code>", the user agent and CDM must <em>not</em> persist a record of or data related to the session at any point.
+      This includes license(s), key(s), and the <a href="#session-id">Session ID</a>.
+    </p>
+    <p>The remainder of this section applies to "<code><a href="#dom-sessiontypepersistent">persistent</a></code>" sessions, which implementatations may optionally support.</p>
+    <p>Persisted data must always be stored such that only the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <code><a href="http://www.w3.org/TR/dom/#document">Document</a></code> can access it.
+      In addition, the data must only be accessible by the current profile of this user agent - other user agent profiles, user agents, and applications must not be able to access the stored data.
+    </p>
+    <p>The CDM should not store session data, including the Session ID, until <code><a href="#dom-update">update()</a></code> is called the first time.
+      Specifically, the CDM should not store session data during the <code><a href="#dom-generaterequest">generateRequest()</a></code> algorithm.
+      This ensures that the application is aware of the session and knows it needs to eventually remove it.
+    </p>
+    <p>An application that creates a "<code><a href="#dom-sessiontypepersistent">persistent</a></code>" session should later remove the stored data using <code><a href="#dom-remove">remove()</a></code>.
+      The CDM may also remove sessions as appropriate, but applications should not rely on this.
+    </p>
+    <p class="non-normative">See the <a href="#security">Security Considerations</a> and <a href="#privacy">Privacy Considerations</a> sections for additional considerations when supporting persistent storage.</p>
+
 
     <h2 id="htmlmediaelement-extensions">4. HTMLMediaElement Extensions</h2>
     <p>This section specifies additions to and modifications of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a> when the Encrypted Media Extensions are supported.</p>
--- a/encrypted-media/encrypted-media.xml	Mon Sep 15 13:04:47 2014 -0700
+++ b/encrypted-media/encrypted-media.xml	Mon Sep 15 15:11:12 2014 -0700
@@ -539,17 +539,20 @@
             <ol>
               <li><p>If the <var>init data</var> is not valid for <var title="true">initDataType</var>, reject <var>promise</var> with a new <code><dom4ref name="exception-domexception">DOMException</dom4ref></code> whose name is <code><a href="#dfn-InvalidAccessError">"InvalidAccessError"</a></code>.</p></li>
               <li><p>If the <var>init data</var> is not supported by the <var title="true">cdm</var>, reject <var>promise</var> with a new <code><dom4ref name="exception-domexception">DOMException</dom4ref></code> whose name is <code><a href="#dfn-NotSupportedError">"NotSupportedError"</a></code>.</p></li>
+              <li><p>Follow the steps for the first matching condition from the following list:</p>
+                <dl class="switch">
+                  <dt>If <var title="true">session type</var> is "<coderef prefix="sessiontype">temporary</coderef>"</dt>
+                  <dd>Let <var title="true">requested session type</var> be a temporary non-persisted session. <span class="non-normative">(The returned license must not be persistable.)</span></dd>
+                  <dt>If <var title="true">session type</var> is "<coderef prefix="sessiontype">persistent</coderef>"</dt>
+                  <dd>Let <var title="true">requested session type</var> be a persistable session. <span class="non-normative">(The returned license may be persistable.)</span></dd>
+                </dl>
+                <p class="non-normative">Note: The license server determines the type of license that is returned, either persistent or non-persistent. A persistent license cannot be added to a non-persistable session.</p>
+              </li>
+
               <li><p>Let <var title="true">session id</var> be a unique <a href="#session-id">Session ID</a> string.</p></li>
-              <li><p>Let <var title="true">request</var> be a request <span class="non-normative">(e.g. a license request)</span> generated based on the <var>init data</var>, which is interpreted per <var title="true">initDataType</var>, and <var title="true">session type</var>.</p>
-                <p>If <var title="true">session type</var> is "<coderef prefix="sessiontype">temporary</coderef>", the request is for a temporary non-persisted session. <span class="non-normative">(The returned license must not be persistable.)</span>
-                If <var title="true">session type</var> is "<coderef prefix="sessiontype">persistent</coderef>", the request is for a persistable session. <span class="non-normative">(The returned license may be persistable.)</span>
-                </p>
-                <p>If <var title="true">session type</var> is <em>not</em> "<coderef prefix="sessiontype">persistent</coderef>", the CDM must <em>not</em> store a record of or data related to the session at any point.</p>
-                <p>When storage is allowed, data must always be stored such that only the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <code><dom4ref name="document">Document</dom4ref></code> can access it and only in the current profile of this user agent.
-                  Other user agent profiles, user agents, and applications must not be able to access the stored data.
-                </p>
-                <p class="non-normative">Note: The license server determines the type of license that is returned, either persistent or non-persistent. A persistent license cannot be added to a non-persistable session.</p>
-                <p><var title="true">cdm</var> must not use any stream-specific data, including <videoanchor name="media-data">media data</videoanchor>, not provided via the <var>init data</var>.</p>
+              <li><p>Let <var title="true">request</var> be a request <span class="non-normative">(e.g. a license request)</span> for the <var title="true">requested session type</var> generated based on the <var>init data</var>, which is interpreted per <var title="true">initDataType</var>.</p>
+                <p>The <var title="true">cdm</var> must not use any stream-specific data, including <videoanchor name="media-data">media data</videoanchor>, not provided via the <var>init data</var>.</p>
+                <p>The <var title="true">cdm</var> should <em>not</em> store session data, including the session ID, at this point. See <a href="#session-storage">Session Storage and Persistence</a>.</p>
               </li>
             </ol>
           </li>
@@ -641,6 +644,7 @@
                   <dt>Otherwise</dt>
                   <dd>Reject <var>promise</var> with a new <code><dom4ref name="exception-domexception">DOMException</dom4ref></code> whose name is <code><a href="#dfn-InvalidAccessError">"InvalidAccessError"</a></code>.</dd>
                 </dl>
+                <p>See also <a href="#session-storage">Session Storage and Persistence</a>.</p>
                 <p class="non-normative">Note: When <var>message</var> contains key(s) and/or related data, <var title="true">cdm</var> will likely cache the key and related data indexed by key ID.</p>
                 <p class="non-normative">Note: The replacement algorithm within a session is <a href="#key-system">Key System</a>-dependent.</p>
                 <p class="non-normative">Note: Keys from different sessions should be cached independently such that closing one session does not affect keys in other sessions, even if they have overlapping key IDs.</p>
@@ -976,6 +980,24 @@
       </tbody>
     </table>
 
+    <h3 id="session-storage">3.7. Session Storage and Persistence</h3>
+    <p>This section provides an overview of session stroage and persistence that complements the algorithms.</p>
+    <p>If this object's <var title="true">session type</var> is not "<coderef prefix="sessiontype">persistent</coderef>", the user agent and CDM must <em>not</em> persist a record of or data related to the session at any point.
+      This includes license(s), key(s), and the <a href="#session-id">Session ID</a>.
+    </p>
+    <p>The remainder of this section applies to "<coderef prefix="sessiontype">persistent</coderef>" sessions, which implementatations may optionally support.</p>
+    <p>Persisted data must always be stored such that only the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <code><dom4ref name="document">Document</dom4ref></code> can access it.
+      In addition, the data must only be accessible by the current profile of this user agent - other user agent profiles, user agents, and applications must not be able to access the stored data.
+    </p>
+    <p>The CDM should not store session data, including the Session ID, until <methodref>update</methodref> is called the first time.
+      Specifically, the CDM should not store session data during the <methodref>generateRequest</methodref> algorithm.
+      This ensures that the application is aware of the session and knows it needs to eventually remove it.
+    </p>
+    <p>An application that creates a "<coderef prefix="sessiontype">persistent</coderef>" session should later remove the stored data using <methodref>remove</methodref>.
+      The CDM may also remove sessions as appropriate, but applications should not rely on this.
+    </p>
+    <p class="non-normative">See the <a href="#security">Security Considerations</a> and <a href="#privacy">Privacy Considerations</a> sections for additional considerations when supporting persistent storage.</p>
+
 
     <h2 id="htmlmediaelement-extensions">4. HTMLMediaElement Extensions</h2>
     <p>This section specifies additions to and modifications of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a> when the Encrypted Media Extensions are supported.</p>