--- a/encrypted-media/encrypted-media-wd.html Tue Jan 28 11:29:34 2014 -0800
+++ b/encrypted-media/encrypted-media-wd.html Mon Feb 03 21:37:49 2014 -0800
@@ -1,9 +1,44 @@
-<!DOCTYPE html SYSTEM "about:legacy-compat">
+<!DOCTYPE html SYSTEM "about:legacy-compat">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Encrypted Media Extensions</title>
- <style>/* --- ISSUES/NOTES --- */
+ <style>
+
+ dt, dfn { font-weight: bold; font-style: normal; }
+
+
+ @media screen { code { color: orangered; } code :link, code :visited { color: inherit; } }
+
+
+ table { border-collapse: collapse; border-style: hidden hidden none hidden; }
+ table thead, table tbody { border-bottom: solid; }
+ table td, table th { border-left: solid; border-right: solid; border-bottom: solid thin; vertical-align: top; padding: 0.2em; }
+
+
+ .example { display: block; color: #222222; background: #FCFCFC; border-left: double; margin-left: 2em; padding-left: 1em; }
+
+
+ pre.idl { border: solid thin; background: #EEEEEE; color: black; padding: 0.5em 1em; }
+
+ pre.idl :link, pre.idl :visited { color: inherit; background: transparent; }
+
+
+ dl.domintro { color: green; margin: 2em 0 2em 2em; padding: 0.5em 1em; border: none; background: #DDFFDD; }
+
+ dl.domintro dt, dl.domintro dt * { color: black; text-decoration: none; }
+
+
+ dl.switch > dt:before { content: '\21AA'; padding: 0 0.5em 0 0; display: inline-block; width: 1em; text-align: right; line-height: 0.5em; }
+
+
+ p > span:not([title=""]):not([class="XXX"]):not([class="impl"]):not([class="note"]),
+ li > span:not([title=""]):not([class="XXX"]):not([class="impl"]):not([class="note"]) { border-bottom: solid #9999CC; }
+
+
+ .domintro:before { display: table; margin: -1em -0.5em -0.5em auto; width: auto; content: 'This box is non-normative. Implementation requirements are given below this box.'; color: black; font-style: italic; border: solid 2px; background: white; padding: 0 0.25em; }
+ </style>
+ <style>
div.issue-title, div.note-title {
padding-right: 1em;
min-width: 7.5em;
@@ -54,18 +89,19 @@
</head>
<body>
<div class="head">
- <p><a href="http://www.w3.org/"><img src="http://www.w3.org/Icons/w3c_home" alt="W3C" width="72" height="48"></a></p>
+ <p><a href="http://www.w3.org/"><img src="https://www.w3.org/Icons/w3c_home" alt="W3C" width="72" height="48"></a></p>
<h1>Encrypted Media Extensions</h1>
- <h2 id="draft-date">W3C Working Draft 1 October 2013</h2>
+ <h2 id="draft-date">W3C Working Draft 13 February 2014</h2>
<dl>
<dt>This Version:</dt>
- <dd><a href="http://www.w3.org/TR/2013/WD-encrypted-media-20131001/">http://www.w3.org/TR/2013/WD-encrypted-media-20131001/</a></dd>
+ <dd><a href="http://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html">http://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html</a></dd>
<dt>Latest Published Version:</dt>
<dd><a href="http://www.w3.org/TR/encrypted-media/">http://www.w3.org/TR/encrypted-media/</a></dd>
<dt>Latest editor's draft:</dt>
- <dd><a href="https://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html">https://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html</a></dd>
- <dt>Previous Version:</dt>
+ <dd><a href="http://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html">http://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html</a></dd>
+ <dt>Previous Versions:</dt>
<dd><a href="http://www.w3.org/TR/2013/WD-encrypted-media-20130510/">http://www.w3.org/TR/2013/WD-encrypted-media-20130510/</a></dd>
+ <dd><a href="http://www.w3.org/TR/2013/WD-encrypted-media-20131022/">http://www.w3.org/TR/2013/WD-encrypted-media-20131022/</a></dd>
<dt>Editors:</dt>
<dd>David Dorwin, Google, Inc.</dd>
<dd>Adrian Bateman, Microsoft Corporation</dd>
@@ -81,7 +117,7 @@
</dl>
</div>
- <p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2013 <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>, <a href="http://ev.buaa.edu.cn/">Beihang</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p>
+ <p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2014 <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>, <a href="http://ev.buaa.edu.cn/">Beihang</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p>
<hr>
<h2>Abstract</h2>
@@ -103,9 +139,9 @@
A list of current W3C publications and the latest revision of this technical report can be found in the
<a href="http://www.w3.org/TR/">W3C technical reports index</a> at http://www.w3.org/TR/.
</em></p>
- <p>Implementors should be aware that this specification is not stable. <strong>Implementors who are not taking part in the discussions are likely to find the specification changing out from under them in incompatible ways.</strong> Vendors interested in implementing this specification before it eventually reaches the Candidate Recommendation stage should join the mailing list mentioned below and take part in the discussions.</p>
+ <p>Implementers should be aware that this specification is not stable. <strong>Implementers who are not taking part in the discussions are likely to find the specification changing out from under them in incompatible ways.</strong> Vendors interested in implementing this specification before it eventually reaches the Candidate Recommendation stage should join the mailing list mentioned below and take part in the discussions.</p>
<p>
- This document was published by the <a href="http://www.w3.org/html/wg/">HTML working group</a>.
+ This document was published by the <a href="http://www.w3.org/html/wg/">HTML working group</a> as a Working Draft.
Please submit comments regarding this document by using the W3C's (<a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=HTML%20WG&component=Encrypted%20Media%20Extensions">public bug database</a>) with the product set to <kbd>HTML WG</kbd> and the component set to
<kbd>Encrypted Media Extensions</kbd>.
If you cannot access the bug database, submit comments to <a href="mailto:public-html-media@w3.org">public-html-media@w3.org</a>
@@ -118,7 +154,7 @@
replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
</p>
<p class="non-normative">Note: It is an open issue whether and how the spec should do more to encourage/ensure CDM-level interop. See <a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=20944">Bug 20944</a>.</p>
- <p class="non-normative">Note: This specification contains sections for describing <a href="#security">security</a> and <a href="#privacy">privacy</a> considerations. These sections are not final and are tracked in <a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=22909">Bug 22909</a> and <a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=22910">Bug 22910</a>.</p>
+ <p class="non-normative">Note: This specification contains sections for describing <a href="#security">security</a> and <a href="#privacy">privacy</a> considerations. These sections are not final and review is welcome.</p>
<p>
This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 W3C Patent Policy</a>.
W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/40318/status" rel="disclosure">public list of any patent disclosures</a> made in connection with
@@ -133,12 +169,11 @@
<ul style="list-style-type:none">
<li><a href="#introduction">1. Introduction</a></li>
<li><ul style="list-style-type:none">
- <li><a href="#goals">1.1 Goals</a></li>
- <li><a href="#definitions">1.2. Definitions</a></li>
+ <li><a href="#definitions">1.1. Definitions</a></li>
</ul></li>
<li><a href="#extensions">2. Media Element Extensions</a></li>
<li><ul style="list-style-type:none">
- <li><a href="#error-codes">2.1. Error Codes</a></li>
+ <li><a href="#error-codes">2.1. Errors</a></li>
<li><a href="#session-state">2.2. MediaKeySession States</a></li>
<li><a href="#media-element-restictions">2.3. Media Element Restrictions</a></li>
</ul></li>
@@ -150,68 +185,48 @@
<li><a href="#algorithms">4. Algorithms</a></li>
<li><ul style="list-style-type:none">
<li><a href="#algorithms-encrypted-stream">4.1. First Time a Key Reference is Encountered</a></li>
- <li><a href="#algorithms-enrypted-block">4.2. Encrypted Block Encountered</a></li>
- <li><a href="#algorithms-load">4.3. Addition to Media Element Load Algorithm</a></li>
- </ul></li>
- <li><a href="#key-release">5. Key Release</a></li>
- <li><a href="#simple-decryption">6. Simple Decryption</a></li>
- <li><ul style="list-style-type:none">
- <li><a href="#simple-decryption-clear-key">6.1. Clear Key</a></li>
+ <li><a href="#algorithms-encrypted-block">4.2. Encrypted Block Encountered</a></li>
+ <li><a href="#algorithms-queue-message">4.3. Queue a "message" Event</a></li>
+ <li><a href="#algorithms-session-close">4.4. Session Close</a></li>
</ul></li>
- <li><a href="#security">7. Security Considerations</a></li>
- <li><a href="#privacy">8. Privacy Considerations</a></li>
- <li><a href="#containers">9. Container Guidelines</a></li>
+ <li><a href="#simple-decryption">5. Simple Decryption</a></li>
<li><ul style="list-style-type:none">
- <li><a href="#webm">9.1. WebM</a></li>
- <li><a href="#iso">9.2. ISO Base Media File Format</a></li>
+ <li><a href="#simple-decryption-clear-key">5.1. Clear Key</a></li>
</ul></li>
- <li><a href="#examples">10. Examples</a></li>
- <li><a href="#revision-history">11. Revision History</a></li>
+ <li><a href="#security">6. Security Considerations</a></li>
+ <li><a href="#privacy">7. Privacy Considerations</a></li>
+ <li><a href="#containers">8. Container Guidelines</a></li>
+ <li><ul style="list-style-type:none">
+ <li><a href="#webm">8.1. WebM</a></li>
+ <li><a href="#iso">8.2. ISO Base Media File Format</a></li>
+ </ul></li>
+ <li><a href="#examples">9. Examples</a></li>
+ <li><a href="#revision-history">10. Revision History</a></li>
</ul>
<h2 id="introduction">1. Introduction</h2>
<p><i>This section is non-normative.</i></p>
- <p>This proposal allows JavaScript to select content protection mechanisms, control license/key exchange, and implement custom license management algorithms.
- It supports a wide range of use cases without requiring client-side modifications in each user agent for each use case.
- This also enables content providers to develop a single application solution for all devices.
- A generic stack implemented using the proposed APIs is shown below.
- This is just an example flow and is not intended to show all possible communication or uses.</p>
- <img src="stack_overview.png" alt="A generic stack implemented using the proposed APIs" height="700">
+ <p>
+ This proposal allows JavaScript to select content protection mechanisms, control license/key exchange, and implement custom license management algorithms.
+ It supports a wide range of use cases without requiring client-side modifications in each user agent for each use case.
+ This also enables content providers to develop a single application solution for all devices.
+ A generic stack implemented using the proposed APIs is shown below.
+ This diagram shows an example flow: other combinations of API calls and events are possible.
+ </p>
+ <img src="stack_overview.svg" alt="A generic stack implemented using the proposed APIs" height="700">
- <h3 id="goals">1.1 Goals</h3>
- <p><i>This section is non-normative.</i></p>
- <p>This proposal was designed with the following goals in mind:</p>
- <ul>
- <li>Support simple decryption without the need for DRM servers, etc.</li>
- <li>Support a wide range of media containers and codecs.</li>
- <li>Support a range of content security models, including software and hardware-based models</li>
- <li>Stream reusability - the actual encrypted content stream/file for a given container/codec should be identical regardless of the user agent and content decryption and protection mechanism.</li>
- <li>Support a wide range of use cases.</li>
- <li>Flexibility (and control) for applications and content providers without requiring client/user agent updates.</li>
- <li>Minimize additions to HTMLMediaElement and new capabilities added to the user agent.
- <ul>
- <li>Defer all information and algorithms about the content decryption and protection solution to the application/server and client <a href="#cdm">content decryption module</a>. The user agent should just pass information.</li>
- <li>The user agent should not be responsible for communication with license servers.</li>
- <li>The user agent should not select among content decryption and protection options. The application should make this decision.</li>
- <li>Note: Applications are already capable of everything required except secure decryption and decode.</li>
- </ul>
-</li>
- <li>Compatible with adaptive streaming.</li>
- <li>Usability.</li>
- </ul>
-
- <h3 id="definitions">1.2. Definitions</h3>
+ <h3 id="definitions">1.1. Definitions</h3>
<p>Text in <span class="non-normative">this font and color</span> is non-normative.</p>
- <h4 id="cdm">1.2.1. Content Decryption Module (CDM)</h4>
+ <h4 id="cdm">1.1.1. Content Decryption Module (CDM)</h4>
<p><i>This section is non-normative.</i></p>
<p>The Content Decryption Module (CDM) is a generic term for a part of or add-on to the user agent that provides functionality for one or more <a href="#key-system">Key Systems</a>.
Implementations may or may not separate the implementations of CDMs and may or may not treat them as separate from the user agent.
This is transparent to the API and application.
A user agent may support one or more CDMs.</p>
- <h4 id="key-system">1.2.2. Key System</h4>
+ <h4 id="key-system">1.1.2. Key System</h4>
<p>A Key System is a generic term for a decryption mechanism and/or content protection provider.
Key System strings provide unique identification of a Key System.
They are used by the user agent to select the <a href="#cdm">Content Decryption Modules</a> and identify the source of a key-related event.
@@ -227,23 +242,26 @@
Key System providers should keep in mind that these will be used for comparison and discovery, so they should be easy to compare and the structure should remain reasonably simple.
</p>
-
- <h4 id="session-id">1.2.3. Session ID</h4>
- <p>A Session ID is a string ID that can be used to associate calls related to a key/license lifetime, starting with the request.
- <span class="non-normative">It is a local binding between a request and key/license.
- It does not associate keys or licenses for different streams (i.e. audio and video).</span>
- It is generated by the user agent/CDM and provided to the application in the <code><a href="#dom-keymessage">keymessage</a></code> event.
- <span class="non-normative">(Session IDs need not necessarily be supported by the underlying content protection client or server.)</span>
+ <h4 id="key-session">1.1.3. Key Session</h4>
+ <p>A Key Session, or simply Session, represents the lifetime of the key(s) it contains and associates all messages related to them.
+ Sessions are embodied as <code><a href="#dom-mediakeysession">MediaKeySession</a></code> objects.
+ Each Key session is associated with a single instance of <a href="#initialization-data">Initialization Data</a> provided in the <code><a href="#dom-createsession">createSession()</a></code> call.
</p>
- <p>A new Session ID will be generated each time <code><a href="#dom-createsession">createSession()</a></code> successfully creates a <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.
- The user agent/CDM manage the lifetime of Session IDs.
- All Session IDs are cleared from the <a href="#media-element">media element</a> when a load occurs, although the CDM may retain them for longer periods.
+ <h4 id="session-id">1.1.4. Session ID</h4>
+ <p>A Session ID is a unique string identifier generated by the user agent or CDM that can be used by the application to identify <code><a href="#dom-mediakeysession">MediaKeySession</a></code> objects.
+ <span class="non-normative">(The underlying content protection client or server do not necessarily need to support Session IDs.)</span>
</p>
- <p>Each SessionID shall be unique within the browsing context in which it was created. If secure proof of key release is supported each Session ID shall
- be unique within the origin. Note that this last requirement implies that Session IDs shall be unique over time including across browsing sessions.</p>
- <h4 id="initialization-data">1.2.4. Initialization Data</h4>
+ <p>A new Session ID is generated each time the user agent successfully initializes a <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.
+ It must be valid before the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> enters the <code><a href="#dom-statepending">PENDING</a></code> or <code><a href="#dom-stateready">READY</a></code> states and the user agent fires the associated events.
+ </p>
+
+ <p>Each Session ID shall be unique within the browsing context in which it was created.
+ <span class="non-normative">(Note: Some use cases may require that Session IDs be unique within the origin over time, including across browsing sessions.)</span>
+ </p>
+
+ <h4 id="initialization-data">1.1.5. Initialization Data</h4>
<p><i>This section is non-normative.</i></p>
<p>Initialization Data is a generic term for container-specific data that is used by <a href="#cdm">Content Decryption Modules</a> to generate a key request.
It should always allow unique identification of the key or keys needed to decrypt the content, possibly after being parsed by a CDM or server.
@@ -259,9 +277,9 @@
This data has a container-specific format and is assumed to contain one or more generic or Key System-specific sets of initialization information.
</p>
- <h4 id="cross-origin-support">1.2.5. Cross Origin Support</h4>
+ <h4 id="cross-origin-support">1.1.6. Cross Origin Support</h4>
<p>During playback, embedded media data is exposed to script in the embedding origin. In order for the API to fire <code><a href="#dom-needkey">needkey</a></code>
- and <code><a href="#dom-keymessage">keymessage</a></code> events, <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> must be <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a> with the embedding page.
+ and <code><a href="#dom-eventmessage">message</a></code> events, <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> must be <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a> with the embedding page.
If <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> is cross-origin with the embedding document, authors should use the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#attr-media-crossorigin">crossorigin</a> attribute
on the <a href="#media-element">media element</a> and CORS headers on the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> response to make it <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a>.
</p>
@@ -273,22 +291,23 @@
<pre class="idl">
partial interface <dfn id="dom-htmlmediaelement">HTMLMediaElement</dfn> {
// Encrypted Media
- readonly attribute <a href="#dom-mediakeys">MediaKeys</a> <a href="#dom-keys">keys</a>;
+ readonly attribute <a href="#dom-mediakeys">MediaKeys</a> <a href="#dom-attrmediakeys">mediaKeys</a>;
void <a href="#dom-setmediakeys">setMediaKeys</a>(<a href="#dom-mediakeys">MediaKeys</a> mediaKeys);
attribute <a href="http://www.w3.org/TR/html5/webappapis.html#eventhandler">EventHandler</a> <a href="#dom-onneedkey">onneedkey</a>;
};
-[<a href="#dom-media-keys-constructor">Constructor</a> (DOMString <a href="#key-system">keySystem</a>)]
+[<a href="#dom-mediakeys-constructor">Constructor</a>(DOMString <a href="#key-system">keySystem</a>)]
interface <dfn id="dom-mediakeys">MediaKeys</dfn> {
readonly attribute DOMString <a href="#dom-keysystem">keySystem</a>;
- <a href="#dom-mediakeysession">MediaKeySession</a> <a href="#dom-createsession">createSession</a>(DOMString type, Uint8Array initData);
+ <a href="#dom-mediakeysession">MediaKeySession</a> <a href="#dom-createsession">createSession</a>(DOMString contentType, Uint8Array initData);
+ <a href="#dom-mediakeysession">MediaKeySession</a> <a href="#dom-loadsession">loadSession</a>(DOMString sessionId);
- static bool <a href="#dom-istypesupported">isTypeSupported</a>(DOMstring <a href="#key-system">keySystem</a>, DOMString? type);
+ static bool <a href="#dom-istypesupported">isTypeSupported</a>(DOMstring <a href="#key-system">keySystem</a>, DOMString? contentType);
};
-interface <dfn id="dom-mediakeysession">MediaKeySession</dfn> : <a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#eventtarget">EventTarget</a> {
+interface <dfn id="dom-mediakeysession">MediaKeySession</dfn> : <a href="http://www.w3.org/TR/dom/#eventtarget">EventTarget</a> {
// error state
readonly attribute <a href="#dom-mediakeyerror">MediaKeyError</a>? <a href="#dom-error">error</a>;
@@ -297,163 +316,261 @@
readonly attribute DOMString <a href="#dom-sessionid">sessionId</a>;
// session operations
- void <a href="#dom-update">update</a>(Uint8Array key);
- void <a href="#dom-close">close</a>();
+ void <a href="#dom-update">update</a>(Uint8Array response);
+ void <a href="#dom-release">release</a>();
};
partial interface <dfn id="dom-htmlsourceelement">HTMLSourceElement</dfn> {
attribute DOMString <a href="#dom-sourcekeysystem">keySystem</a>;
};</pre>
- <p>The <dfn id="dom-keys"><code>keys</code></dfn> attribute is the <code><a href="#dom-mediakeys">MediaKeys</a></code> being used when decrypting encrypted <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> for this <a href="#media-element">media element</a>.</p>
- <p>The <dfn id="dom-setmediakeys"><code>setMediaKeys</code></dfn> method provides the <code><a href="#dom-mediakeys">MediaKeys</a></code> to use. When calling this method, the media element must run the following steps:</p>
+ <p>The <dfn id="dom-attrmediakeys"><code>mediaKeys</code></dfn> attribute is the <code><a href="#dom-mediakeys">MediaKeys</a></code> being used when decrypting encrypted <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> for this <a href="#media-element">media element</a>.</p>
+ <p>The <dfn id="dom-setmediakeys"><code>setMediaKeys(mediaKeys</code></dfn> method provides the <code><a href="#dom-mediakeys">MediaKeys</a></code> to use. When calling this method, the media element must run the following steps:</p>
<ol>
- <li>
-<p>If loading has not started, throw an <code><a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#dom-domexception-invalid_access_err">INVALID_ACCESS_ERR</a></code> exception and abort these steps.</p>
- <p class="non-normative">In general, applications should wait for an event named <code><a href="#dom-needkey">needkey</a></code> or <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#event-media-loadstart">loadstart</a></code> (per the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>) before calling this method.</p>
- </li>
- <li><p>If the <code><a href="#dom-mediakeys">MediaKeys</a></code> object is already in use and the user agent is unable to re-use it with this element, throw a <code><a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#dom-domexception-quota_exceeded_err">QUOTA_EXCEEDED_ERR</a></code> exception and abort these steps.</p></li>
- <li>Set the <code><a href="#dom-keys">keys</a></code> attribute of the media element to <var>mediaKeys</var>.</li>
+ <li><p>If the <code><a href="#dom-mediakeys">MediaKeys</a></code> object is already in use and the user agent is unable to re-use it with this element, throw a <code><a href="http://www.w3.org/TR/dom/#dom-domexception-quota_exceeded_err">QUOTA_EXCEEDED_ERR</a></code> exception and abort these steps.</p></li>
+ <li>Set the <code><a href="#dom-attrmediakeys">mediaKeys</a></code> attribute of the media element to <var>mediaKeys</var>.</li>
</ol>
+ <p class="non-normative">Note: As a best practice, applications should create a MediaKeys object and call <code><a href="#dom-setmediakeys">setMediaKeys()</a></code> before providing <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> (for example, setting the src attribute of the <a href="#media-element">media element</a>). This avoids potential delays in some implementations.</p>
<p class="non-normative">Note: In some implementations, <code><a href="#dom-mediakeysession">MediaKeySession</a></code> objects created by <code><a href="#dom-createsession">createSession()</a></code> may not fire any events until the <code><a href="#dom-mediakeys">MediaKeys</a></code> object is associated with a media element with <code><a href="#dom-setmediakeys">setMediaKeys()</a></code>.</p>
<p>The <dfn id="dom-onneedkey"><code>onneedkey</code></dfn> event handler for the <code><a href="#dom-needkey">needkey</a></code> event must be supported by all HTMLMediaElements as both a content attribute and an IDL attribute.</p>
- <p>The <dfn id="dom-media-keys-constructor"><code>MediaKeys(<var title="true">keySystem</var>)</code></dfn> constructor must run the following steps:</p>
+ <p>The <dfn id="dom-mediakeys-constructor"><code>MediaKeys(<var title="true">keySystem</var>)</code></dfn> constructor must run the following steps:</p>
<ol>
- <li><p>If <var title="true">keySystem</var> is null or an empty string, throw an <code><a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#dom-domexception-invalid_state_err">INVALID_STATE_ERR</a></code> exception and abort these steps.</p></li>
-
- <li><p>If <var title="true">keySystem</var> is not one of the user agent's supported <a href="#key-system">Key Systems</a>, throw a <code><a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#dom-domexception-not_supported_err">NOT_SUPPORTED_ERR</a></code> and abort these steps. Key system string comparison is case-sensitive.</p></li>
-
- <li><p>Let <var title="true">cdm</var> be the <a href="#cdm">content decryption module</a> corresponding to <var title="true">keySystem</var>.</p></li>
-
- <li>
-<p>Load <var title="true">cdm</var> if necessary.</p>
- <div class="issue">
-<div class="issue-title"><span>Issue 1</span></div>
-<p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=20991">Bug 20991</a> - The CDM should be loaded asynchronously.</p>
-</div>
- <dl class="switch">
- <dt>If <var title="true">cdm</var> fails to load or initialize</dt>
- <dd><ol>
- <li>
-<p>Create a new <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> object with the following attributes:</p>
- <ul style="list-style-type:none"><li>
- <code><a href="#dom-code">code</a></code> = the appropriate <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> code<br>
- <code><a href="#dom-systemcode">systemCode</a></code> = a Key System-specific value, if provided, and 0 otherwise
- </li></ul>
- </li>
- <li><p>Set the new object's <code><a href="#dom-error">error</a></code> attribute to the error object created in the previous step.</p></li>
- <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-keyerror">keyerror</a></code> at the new object.</p></li>
- <li><p>Abort these steps.</p></li>
- </ol></dd>
- </dl>
- </li>
-
+ <li><p>If <var title="true">keySystem</var> is null or an empty string, throw an <code><a href="http://www.w3.org/TR/dom/#dom-domexception-invalid_access_err">INVALID_ACCESS_ERR</a></code> exception and abort these steps.</p></li>
+ <li><p>If <var title="true">keySystem</var> is not one of the user agent's supported <a href="#key-system">Key Systems</a>, throw a <code><a href="http://www.w3.org/TR/dom/#dom-domexception-not_supported_err">NOT_SUPPORTED_ERR</a></code> and abort these steps. Key system string comparison is case-sensitive.</p></li>
<li>Create a new <code><a href="#dom-mediakeys">MediaKeys</a></code> object.
<ol>
<li><p>Let the <code><a href="#dom-keysystem">keySystem</a></code> attribute be <var title="true">keySystem</var>.</p></li>
</ol>
</li>
- <li>Return the new object to the caller.</li>
+ <li>
+ <p>Schedule a task to execute the following steps:</p>
+ <ol>
+ <li><p>Let <var title="true">cdm</var> be the <a href="#cdm">content decryption module</a> corresponding to <var title="true">keySystem</var>.</p></li>
+ <li><p>Load and initialize the <var title="true">cdm</var> if necessary.</p></li>
+ <li>
+ <dl class="switch">
+ <dt>If <var title="true">cdm</var> fails to load or initialize</dt>
+ <dd><ol>
+ <li>
+<p>Create a new <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> object with the following attributes:</p>
+ <ul style="list-style-type:none"><li>
+ <code><a href="http://www.w3.org/TR/dom/#dom-domerror-name">name</a></code> = the appropriate <a href="#mediakeyerror-names">error name</a><br>
+ <code><a href="#dom-systemcode">systemCode</a></code> = a Key System-specific value, if provided, and 0 otherwise
+ </li></ul>
+ </li>
+ <li><p>Store this new error object internally with the <code><a href="#dom-mediakeys">MediaKeys</a></code> instance being created. This will be used to fire an error against any session created for this instance.</p></li>
+ </ol></dd>
+ </dl>
+ </li>
+ </ol>
+ </li>
+
+ <li>Return the new <code><a href="#dom-mediakeys">MediaKeys</a></code> object to the caller.</li>
</ol>
- <p>When destroying a <code><a href="#dom-mediakeys">MediaKeys</a></code> object, follow the steps in <code><a href="#dom-close">close()</a></code>.</p>
-
<p>The <dfn id="dom-keysystem"><code>keySystem</code></dfn> attribute is an identifier for the <a href="#key-system">Key System</a> being used.</p>
- <p>The <dfn id="dom-createsession"><code>createSession(type, initData)</code></dfn> method must run the following steps:</p>
- <p class="non-normative">Note: The contents of <var title="true">initData</var> are container-specific <a href="#initialization-data">Initialization Data</a>.</p>
+ <p>The <dfn id="dom-createsession"><code>createSession(contentType, initData)</code></dfn> method must run the following steps:</p>
+ <p class="non-normative">Note: The contents of <var title="true">initData</var> are container-specific <a href="#initialization-data">Initialization Data</a>.
+ <var title="true">contentType</var> specifies the container type and thus how to interpret <var title="true">initData</var>.
+ </p>
+ <p class="non-normative">Note: MIME types usually include "audio/" or "video/", and these should be included in <var title="true">contentType</var> as appropriate.
+ However, user agents and <a href="#cdm">CDMs</a> should not treat sessions created with "audio/" differently than those created with "video/".
+ That is, there is no such thing as an "audio session" or a "video session" - all sessions are used for all media streams processed by <var title="true">cdm</var>.
+ </p>
<ol>
- <li><p>If <var title="true">type</var> contains a MIME type that is not supported or is not supported by the <code><a href="#dom-keysystem">keySystem</a></code>, throw a <code><a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#dom-domexception-not_supported_err">NOT_SUPPORTED_ERR</a></code> exception and abort these steps.</p></li>
-
- <li><p>Let <var title="true">cdm</var> be the <var title="true">cdm</var> loaded in the <a href="#dom-media-keys-constructor"><code>MediaKeys</code> constructor</a>.</p></li>
+ <li><p>If <var title="true">contentType</var> is null or an empty string, throw an <code><a href="http://www.w3.org/TR/dom/#dom-domexception-invalid_access_err">INVALID_ACCESS_ERR</a></code> exception and abort these steps.</p></li>
+ <li><p>If <var title="true">initData</var> is null or an empty array, throw an <code><a href="http://www.w3.org/TR/dom/#dom-domexception-invalid_access_err">INVALID_ACCESS_ERR</a></code> exception and abort these steps.</p></li>
+ <li><p>If <var title="true">contentType</var> contains a MIME type that is not supported or is not supported by the <code><a href="#dom-keysystem">keySystem</a></code>, throw a <code><a href="http://www.w3.org/TR/dom/#dom-domexception-not_supported_err">NOT_SUPPORTED_ERR</a></code> exception and abort these steps.</p></li>
<li>Create a new <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.
<ol>
<li><p>Let the <code><a href="#dom-keysystem">keySystem</a></code> attribute be <var title="true">keySystem</var>.</p></li>
- <li><p>Let the <code><a href="#dom-sessionid">sessionId</a></code> attribute be a unique <a href="#session-id">Session ID</a> string. <span class="non-normative">It may be generated by <var title="true">cdm</var>.</span></p></li>
- <li><p>Let the state of the session be <code><a href="#dom-created">CREATED</a></code>.</p></li>
+ <li><p>Let the state of the session be <code><a href="#dom-statecreated">CREATED</a></code>.</p></li>
</ol>
</li>
- <li><p>Add the new object to an internal list of session objects.</p></li>
-
<li>
-<p>Schedule a task to generate a key request, providing <var title="true">type</var>, <var title="true">initData</var>, and the new object.</p>
+<p>Schedule a task to initialize the session, providing <var title="true">contentType</var>, <var title="true">initData</var>, and the new object.</p>
<p>The user agent will asynchronously execute the following steps in the task:</p>
<ol>
+ <li><p>Wait for the <a href="#dom-mediakeys-constructor"><code>MediaKeys</code> constructor</a> task to complete.</p></li>
+ <li><p>
+ If there is a <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> stored with the <code><a href="#dom-mediakeys">MediaKeys</a></code> object that occurred because of an error during the loading the <a href="#dom-mediakeys-constructor"><code>MediaKeys</code> constructor</a> task
+ then <a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-eventerror">error</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object and abort these steps.
+ </p></li>
+ <li><p>Let <var title="true">request</var> be null.</p></li>
<li><p>Let <var title="true">defaultURL</var> be null.</p></li>
+ <li><p>Let <var title="true">cdm</var> be the <var title="true">cdm</var> loaded in the <a href="#dom-mediakeys-constructor"><code>MediaKeys</code> constructor</a>.</p></li>
<li>
-<p>Use <var title="true">cdm</var> to generate a key request and follow the steps for the first matching condition from the following list:</p>
- <dl class="switch">
- <dt>If a request is successfully generated and the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> is <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a>
-</dt>
- <dd>
+<p>Use <var title="true">cdm</var> to execute the following steps:</p>
+ <ol>
+ <li>
+<p>Process <var title="true">contentType</var> and <var title="true">initData</var>.</p>
+ <p class="non-normative">Note: <var title="true">contentType</var> should be used to determine how to interpret <var title="true">initData</var>.</p>
+ </li>
+ <li>
+<p>If a message exchange <span class="non-normative">(e.g. a license request)</span> is required:</p>
+ <ol>
+ <li>
+<p>Let <var title="true">request</var> be a request generated by the <a href="#cdm">CDM</a> using <var title="true">initData</var>.</p>
+ <p><var title="true">cdm</var> must not use any stream-specific data, including <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, not provided via <var title="true">initData</var>.</p>
+ <p class="non-normative">Note: <var title="true">request</var> may be a request for multiple keys, depending on the <var title="true"><a href="#key-system">keySystem</a></var> and/or <var title="true">initData</var>. This is transparent to the application.</p>
+ </li>
+ <li><p>If <var title="true">initData</var> indicates a default URL relevant to <var title="true">keySystem</var>, let <var title="true">defaultURL</var> be that URL.</p></li>
+ </ol>
+ </li>
+ </ol>
+ </li>
+ <li><p>Let the <code><a href="#dom-sessionid">sessionId</a></code> attribute be a unique <a href="#session-id">Session ID</a> string. <span class="non-normative">It may be obtained from <var title="true">cdm</var>.</span></p></li>
+ <li>
+<p>If any of the preceding steps in the task failed, run the following steps:</p>
<ol>
<li>
-<p>Let <var title="true">key request</var> be a key request generated by the <a href="#cdm">CDM</a> using <var title="true">initData</var>, if provided. The <var title="true">key request</var> may be empty if the <a href="#cdm">CDM</a> does not need a message exchange.</p>
- <p>Note: <var title="true">cdm</var> must not use any stream-specific data, including <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, not provided via <var title="true">initData</var>.</p>
- <p class="non-normative"><var title="true">type</var> may be used to determine how to interpret <var title="true">initData</var>.</p>
- </li>
- <li><p>If <var title="true">initData</var> contains a default URL for <var title="true">keySystem</var>, let <var title="true">defaultURL</var> be that URL.</p></li>
- </ol>
- </dd>
- <dt>Otherwise</dt>
- <dd><ol>
- <li>
<p>Create a new <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> object with the following attributes:</p>
<ul style="list-style-type:none"><li>
- <code><a href="#dom-code">code</a></code> = the appropriate <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> code<br>
+ <code><a href="http://www.w3.org/TR/dom/#dom-domerror-name">name</a></code> = the appropriate <a href="#mediakeyerror-names">error name</a><br>
<code><a href="#dom-systemcode">systemCode</a></code> = a Key System-specific value, if provided, and 0 otherwise
</li></ul>
</li>
<li><p>Set the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object's <code><a href="#dom-error">error</a></code> attribute to the error object created in the previous step.</p></li>
<li><p>Let the state of the session be <code><a href="#dom-stateerror">ERROR</a></code>.</p></li>
- <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-keyerror">keyerror</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.</p></li>
+ <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-eventerror">error</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.</p></li>
<li><p>Abort the task.</p></li>
- </ol></dd>
- </dl>
+ </ol>
+ </li>
+ <li>
+ <p>If the associated <a href="#media-element">media element(s)</a> are <a href="#waiting-for-a-key">waiting for a key</a>, <a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to attempt to resume playback.</p>
+ <p class="non-normative">In other words, resume playback if the necessary key is provided.</p>
+ <p>The user agent may choose to skip this step if it knows resuming will fail <span class="non-normative">(i.e. no usable key was added)</span>.</p>
</li>
<li>
<p>Follow the steps for the first matching condition from the following list:</p>
<dl class="switch">
- <dt>If the <var title="true">key request</var> is not empty</dt>
+ <dt>If <var title="true">request</var> is not null</dt>
+ <dd>
+ <p>Run the <a href="#algorithms-queue-message">Queue a "message" Event</a> algorithm on the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object with:</p>
+ <ul style="list-style-type:none"><li>
+ <code><a href="#dom-message">message</a></code> = <var title="true">request</var><br>
+ <code><a href="#dom-destinationurl">destinationURL</a></code> = <var title="true">defaultURL</var>
+ </li></ul>
+ </dd>
+ <dt>Otherwise</dt>
<dd>
<ol>
- <li><p>Let the state of the session be <code><a href="#dom-pending">PENDING</a></code>.</p></li>
+ <li><p>Let the state of the session be <code><a href="#dom-stateready">READY</a></code>.</p></li>
<li>
- <p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-keymessage">keymessage</a></code> at the new object.</p>
- <p>The event is of type <code><a href="#dom-mediakeymessageevent">MediaKeyMessageEvent</a></code> and has:</p>
- <ul style="list-style-type:none"><li>
- <code><a href="#dom-message">message</a></code> = <var title="true">key request</var><br>
- <code><a href="#dom-destinationurl">destinationURL</a></code> = <var title="true">defaultURL</var>
- </li></ul>
- <p class="non-normative">Note: <code><a href="#dom-message">message</a></code> may be a request for multiple keys, depending on the <var title="true"><a href="#key-system">keySystem</a></var> and/or <var title="true">initData</var>. This is transparent to the application.</p>
+ <p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-eventready">ready</a></code> at the new object.</p>
+ <p class="non-normative">Note: this step makes it possible for a MediaKeySession to transition from the CREATED state to the READY state.
+ User agents might do this as an optimization but, even if this is done, all MediaKeySession instances must appear distinct regardless of the underlying implementation.</p>
</li>
</ol>
</dd>
- <dt>If the <var title="true">key request</var> is empty</dt>
- <dd>
- <ol>
- <li><p>Let the state of the session be <code><a href="#dom-ready">READY</a></code>.</p></li>
- <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-keyready">keyready</a></code> at the new object.</p></li>
- </ol>
- </dd>
</dl>
</li>
</ol>
</li>
-
- <li>Return the new object to the caller.</li>
+ <li>
+<p>Return the new object to the caller.</p>
+ <p class="non-normative">Note: User agents should always fire an event at the returned object in response to this call.
+ For some implementations, it is possible - especially the first time a <a href="#key-system">Key System</a> is used - that the first event will be delayed significantly while the client is initialized, the user responds to permission requests, etc.
+ Applications should expect and handle such delays.</p>
+ </li>
</ol>
- <p>The <dfn id="dom-istypesupported"><code>isTypeSupported(keySystem, type)</code></dfn> method returns whether <var title="true">keySystem</var> is supported with the specified container and codec <var title="true">type</var>(s).</p>
+ <p>The <dfn id="dom-loadsession"><code>loadSession(sessionId)</code></dfn> method must run the following steps:</p>
+ <ol>
+ <li><p>If the <code><a href="#dom-keysystem">keySystem</a></code> does not support loading previous sessions, throw a <code><a href="http://www.w3.org/TR/dom/#dom-domexception-not_supported_err">NOT_SUPPORTED_ERR</a></code> exception and abort these steps.</p></li>
+ <li><p>If <var title="true">sessionId</var> is null or an empty string, throw an <code><a href="http://www.w3.org/TR/dom/#dom-domexception-invalid_access_err">INVALID_ACCESS_ERR</a></code> exception and abort these steps.</p></li>
+ <li>Create a new <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.
+ <ol>
+ <li><p>Let the <code><a href="#dom-keysystem">keySystem</a></code> attribute be <var title="true">keySystem</var>.</p></li>
+ <li><p>Let the state of the session be <code><a href="#dom-statecreated">CREATED</a></code>.</p></li>
+ </ol>
+ </li>
+
+ <li>
+<p>Schedule a task to initialize the session, providing <var title="true">sessionId</var> and the new object.</p>
+ <p>The user agent will asynchronously execute the following steps in the task:</p>
+ <ol>
+ <li><p>Wait for the <a href="#dom-mediakeys-constructor"><code>MediaKeys</code> constructor</a> task to complete.</p></li>
+ <li><p>
+ If there is a <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> stored with the <code><a href="#dom-mediakeys">MediaKeys</a></code> object that occurred because of an error during the loading the <a href="#dom-mediakeys-constructor"><code>MediaKeys</code> constructor</a> task
+ then <a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-eventerror">error</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object and abort these steps.
+ </p></li>
+ <li><p>Let <var title="true">request</var> be null.</p></li>
+ <li><p>Let <var title="true">destinationURL</var> be null.</p></li>
+ <li><p>Let <var title="true">cdm</var> be the <var title="true">cdm</var> loaded in the <a href="#dom-mediakeys-constructor"><code>MediaKeys</code> constructor</a>.</p></li>
+ <li>
+<p>Use <var title="true">cdm</var> to execute the following steps:</p>
+ <ol>
+ <li><p>Initialize the session with stored data for the <var title="true">sessionId</var>.</p></li>
+ <li>
+<p>If a message exchange <span class="non-normative">(e.g. a license request)</span> is required:</p>
+ <ol>
+ <li><p>Let <var title="true">request</var> be a request generated by the <a href="#cdm">CDM</a> using <var title="true">sessionId</var>.</p></li>
+ <li><p>If the stored data for <var title="true">sessionId</var> indicates a destination URL relevant to <var title="true">keySystem</var>, let <var title="true">destinationURL</var> be that URL.</p></li>
+ </ol>
+ </li>
+ </ol>
+ </li>
+ <li><p>Set the <code><a href="#dom-sessionid">sessionId</a></code> attribute to <var title="true">sessionId</var></p></li>
+ <li>
+<p>If any of the preceding steps in the task failed, run the following steps:</p>
+ <ol>
+ <li>
+<p>Create a new <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> object with the following attributes:</p>
+ <ul style="list-style-type:none"><li>
+ <code><a href="http://www.w3.org/TR/dom/#dom-domerror-name">name</a></code> = the appropriate <a href="#mediakeyerror-names">error name</a><br>
+ <code><a href="#dom-systemcode">systemCode</a></code> = a Key System-specific value, if provided, and 0 otherwise
+ </li></ul>
+ </li>
+ <li><p>Set the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object's <code><a href="#dom-error">error</a></code> attribute to the error object created in the previous step.</p></li>
+ <li><p>Let the state of the session be <code><a href="#dom-stateerror">ERROR</a></code>.</p></li>
+ <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-eventerror">error</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.</p></li>
+ <li><p>Abort the task.</p></li>
+ </ol>
+ </li>
+ <li>
+ <p>If the associated <a href="#media-element">media element(s)</a> are <a href="#waiting-for-a-key">waiting for a key</a>, <a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to attempt to resume playback.</p>
+ <p class="non-normative">In other words, resume playback if the necessary key is provided.</p>
+ <p>The user agent may choose to skip this step if it knows resuming will fail <span class="non-normative">(i.e. no usable key was added)</span>.</p>
+ </li>
+ <li>
+<p>Follow the steps for the first matching condition from the following list:</p>
+ <dl class="switch">
+ <dt>If <var title="true">request</var> is not null</dt>
+ <dd>
+ <p>Run the <a href="#algorithms-queue-message">Queue a "message" Event</a> algorithm on the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object with:</p>
+ <ul style="list-style-type:none"><li>
+ <code><a href="#dom-message">message</a></code> = <var title="true">request</var><br>
+ <code><a href="#dom-destinationurl">destinationURL</a></code> = <var title="true">destinationURL</var>
+ </li></ul>
+ </dd>
+ <dt>Otherwise</dt>
+ <dd>
+ <ol>
+ <li><p>Let the state of the session be <code><a href="#dom-stateready">READY</a></code>.</p></li>
+ <li>
+ <p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-eventready">ready</a></code> at the new object.</p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+ </li>
+ </ol>
+ </li>
+ <li><p>Return the new object to the caller.</p></li>
+ </ol>
+
+ <p>The <dfn id="dom-istypesupported"><code>isTypeSupported(keySystem, contentType)</code></dfn> method returns whether <var title="true">keySystem</var> is supported with the specified container and codec <var title="true">contentType</var>(s).</p>
<div class="example">
<p>The following list shows some examples.</p>
<dl>
@@ -469,9 +586,10 @@
<p>It must run the following steps:</p>
<ol>
+ <li><p>If <var title="true">keySystem</var> is null or an empty string, return false and abort these steps.</p></li>
<li><p>If <var title="true">keySystem</var> contains an unrecognized or unsupported <a href="#key-system">Key System</a>, return false and abort these steps. Key system string comparison is case-sensitive.</p></li>
- <li><p>If <var title="true">type</var> is null or an empty string, return true and abort these steps.</p></li>
- <li><p>If the <a href="#key-system">Key System</a> specified by <var title="true">keySystem</var> does not support decrypting the container and/or codec specified by <var title="true">type</var>, return false and abort these steps.</p></li>
+ <li><p>If <var title="true">contentType</var> is null or an empty string, return true and abort these steps.</p></li>
+ <li><p>If the <a href="#key-system">Key System</a> specified by <var title="true">keySystem</var> does not support decrypting the container and/or codec specified by <var title="true">contentType</var>, return false and abort these steps.</p></li>
<li><p>Return true.</p></li>
</ol>
@@ -479,182 +597,144 @@
<p>The <dfn id="dom-sessionid"><code>sessionId</code></dfn> attribute is the <a href="#session-id">Session ID</a> for this object and the associated key(s) or license(s).</p>
- <p>The <dfn id="dom-update"><code>update(key)</code></dfn> method must run the following steps:</p>
- <p class="non-normative">Note: The contents of <var title="true">key</var> are <var title="true"><a href="#key-system">keySystem</a></var>-specific.
- It may be a raw key or a license containing a key.
- The contents may also vary depending on the container, key length, etc.</p>
+ <p>The <dfn id="dom-update"><code>update(response)</code></dfn> method must run the following steps:</p>
+ <p class="non-normative">Note: The contents of <var title="true">response</var> are <var title="true"><a href="#key-system">keySystem</a></var>-specific.</p>
<ol>
- <li><p>If the argument is null or an empty array, throw an <code><a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#dom-domexception-invalid_state_err">INVALID_STATE_ERR</a></code>.</p></li>
- <li><p>If the session is not in the <code><a href="#dom-pending">PENDING</a></code> state, throw an <code><a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#dom-domexception-invalid_access_err">INVALID_ACCESS_ERR</a></code>.</p></li>
+ <li><p>If <var title="true">response</var> is null or an empty array, throw an <code><a href="http://www.w3.org/TR/dom/#dom-domexception-invalid_access_err">INVALID_ACCESS_ERR</a></code> exception and abort these steps.</p></li>
+ <li><p>If the session is not in the <code><a href="#dom-statepending">PENDING</a></code> state, throw an <code><a href="http://www.w3.org/TR/dom/#dom-domexception-invalid_state_err">INVALID_STATE_ERR</a></code>.</p></li>
<li>
-<p>Schedule a task to handle the call, providing <var title="true">key</var>.</p>
+<p>Schedule a task to handle the call, providing <var title="true">response</var>.</p>
<p>The user agent will asynchronously execute the following steps in the task:</p>
<ol>
- <li><p>Let <var title="true">cdm</var> be the <var title="true">cdm</var> loaded in the <a href="#dom-media-keys-constructor"><code>MediaKeys</code> constructor</a>.</p></li>
- <li><p>Let <var title="true">did store key</var> be false.</p></li>
- <li><p>Let <var title="true">next message</var> be null.</p></li>
+ <li><p>Let <var title="true">cdm</var> be the <var title="true">cdm</var> loaded in the <a href="#dom-mediakeys-constructor"><code>MediaKeys</code> constructor</a>.</p></li>
+ <li><p>Let <var title="true">request</var> be null.</p></li>
<li>
-<p>Use <var title="true">cdm</var> to handle <var title="true">key</var>.</p>
- <p class="non-normative">Note: For some <a href="#key-system">Key Systems</a>, <var title="true">key</var> may be a license or other structure containing multiple keys.</p>
+<p>Use <var title="true">cdm</var> to execute the following steps:</p>
<ol>
- <li><p>Process <var title="true">key</var>.</p></li>
<li>
-<p>For each <var title="true">individual key</var> in <var title="true">key</var>, store the <var title="true">individual key</var>.</p>
- <ol>
- <li><p>Let <var title="true">key ID</var> be the key ID associated with the <var title="true">individual key</var>.</p></li>
- <li>
-<p>Store the <var title="true">individual key</var> by following the steps for the first matching condition from the following list:</p>
- <ol>
- <li><p>If a stored key already exists for <var title="true">key ID</var>, delete that key.</p></li>
- <li><p>Store the <var title="true">individual key</var>, license, and/or license information indexed by <var title="true">key ID</var>. <span class="non-normative">The replacement algorithm is <a href="#key-system">Key System</a>-dependent.</span></p></li>
- </ol>
- <p class="non-normative">Note: It is recommended that CDMs support a standard and reasonably high minimum number of cached keys/licenses (with IDs) per <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object as well as a standard replacement algorithm.
- This enables a reasonable number of key rotation algorithms to be implemented across user agents and may reduce the likelihood of playback interruptions in use cases that involve various streams in the same element (i.e. adaptive streams, various audio and video tracks) using different keys.
- </p>
- </li>
- <li><p>Let <var title="true">did store key</var> be true.</p></li>
- </ol>
- </li>
- <li><p>If another message needs to be sent to the server, let <var title="true">next message</var> be that message.</p></li>
+<p>Process <var title="true">response</var>.</p>
+ <p class="non-normative">Note: When <var title="true">response</var> contains key(s) and/or related data, <var title="true">cdm</var> will likely store the key and related data indexed by key ID.</p>
+ <p class="non-normative">Note: The replacement algorithm within a session is <a href="#key-system">Key System</a>-dependent.</p>
+ <p class="non-normative">Note: Keys from different sessions should be stored independently such that closing one session does not affect keys in other sessions, even if they have overlapping key IDs.</p>
+ <p class="non-normative">Note: It is recommended that CDMs support a standard and reasonably high minimum number of keys per <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object, including a standard replacement algorithm, and a standard and reasonably high minimum number of <code><a href="#dom-mediakeysession">MediaKeySession</a></code> objects.
+ This enables a reasonable number of key rotation algorithms to be implemented across user agents and may reduce the likelihood of playback interruptions in use cases that involve various streams in the same element (i.e. adaptive streams, various audio and video tracks) using different keys.
+ </p>
+ </li>
+ <li><p>If another message needs to be sent to the server, let <var title="true">request</var> be that message.</p></li>
</ol>
</li>
- <li>If <var title="true">did store key</var> is true and the <a href="#media-element">media element</a> is <a href="#waiting-for-a-key">waiting for a key</a>, <a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to attempt to resume playback.
- <p class="non-normative">In other words, resume playback if the necessary key is provided.</p>
- </li>
- <li><p>If <var title="true">next message</var> is not null and the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> is not <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a>, jump to the <i>Error</i> step below and perform the task failed steps.</p></li>
<li>
-<p>If <var title="true">next message</var> is not null, <a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-keymessage">keymessage</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.</p>
- <p>The event is of type <code><a href="#dom-mediakeymessageevent">MediaKeyMessageEvent</a></code> and has:</p>
- <ul style="list-style-type:none"><li>
- <code><a href="#dom-message">message</a></code> = <var title="true">next message</var><br>
- <code><a href="#dom-destinationurl">destinationURL</a></code> = null
- </li></ul>
- </li>
- <li><p>If <var title="true">next message</var> is null, let the state of the session be <code><a href="#dom-ready">READY</a></code> and <a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-keyready">keyready</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.</p></li>
- <li><p>If <var title="true">did store key</var> is true, <a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-keyadded">keyadded</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.</p></li>
- <li>
-<p><i>Error</i>: If any of the preceding steps in the task failed</p>
+<p>If any of the preceding steps in the task failed, run the following steps:</p>
<ol>
<li>
<p>Create a new <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> object with the following attributes:</p>
<ul style="list-style-type:none"><li>
- <code><a href="#dom-code">code</a></code> = the appropriate <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> code<br>
+ <code><a href="http://www.w3.org/TR/dom/#dom-domerror-name">name</a></code> = the appropriate <a href="#mediakeyerror-names">error name</a><br>
<code><a href="#dom-systemcode">systemCode</a></code> = a Key System-specific value, if provided, and 0 otherwise
</li></ul>
</li>
<li><p>Set the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object's <code><a href="#dom-error">error</a></code> attribute to the error object created in the previous step.</p></li>
<li><p>Let the state of the session be <code><a href="#dom-stateerror">ERROR</a></code>.</p></li>
- <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-keyerror">keyerror</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.</p></li>
+ <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-eventerror">error</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.</p></li>
<li><p>Abort the task.</p></li>
</ol>
</li>
+ <li>
+ <p>If the associated <a href="#media-element">media element(s)</a> are <a href="#waiting-for-a-key">waiting for a key</a>, <a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to attempt to resume playback.</p>
+ <p class="non-normative">In other words, resume playback if the necessary key is provided.</p>
+ <p>The user agent may choose to skip this step if it knows resuming will fail <span class="non-normative">(i.e. no usable key was added)</span>.</p>
+ </li>
+ <li>
+<p>Follow the steps for the first matching condition from the following list:</p>
+ <dl class="switch">
+ <dt>If <var title="true">request</var> is not null</dt>
+ <dd>
+ <p>Run the <a href="#algorithms-queue-message">Queue a "message" Event</a> algorithm on the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object with:</p>
+ <ul style="list-style-type:none"><li>
+ <code><a href="#dom-message">message</a></code> = <var title="true">request</var><br>
+ <code><a href="#dom-destinationurl">destinationURL</a></code> = null
+ </li></ul>
+ </dd>
+ <dt>Otherwise</dt>
+ <dd>
+ <ol>
+ <li><p>Let the state of the session be <code><a href="#dom-stateready">READY</a></code>.</p></li>
+ <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-eventready">ready</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.</p></li>
+ </ol>
+ </dd>
+ </dl>
+ </li>
</ol>
</li>
</ol>
- <p>The key acquisition process <em>may</em> involve the web page handling <code><a href="#dom-keymessage">keymessage</a></code> events, sending the message to a Key System-specific service, and calling <code><a href="#dom-update">update</a></code> with the response message.
- <code><a href="#dom-update">update</a></code> calls may generate <code><a href="#dom-keyadded">keyadded</a></code> or <code><a href="#dom-keymessage">keymessage</a></code> events.
- During the process, the web page may wish to cancel the acquisition process.
- <span class="non-normative">For example, if the page cannot contact the license service because of network issues it may wish to fallback to an alternative key system.</span>
- The page calls <code><a href="#dom-close">close()</a></code> to cancel the a key acquisition session.
- </p>
+ <p>The <dfn id="dom-release"><code>release()</code></dfn> method allows an application to indicate to the system that it may release any resources associated with the <code><a href="#dom-mediakeysession">MediaKeySession</a></code>. It must run the following steps:</p>
- <p>The <dfn id="dom-close"><code>close()</code></dfn> method causes the key acquisition session to close and all keys to be released. It must run the following steps:</p>
-
- <ol>
- <li>Clear any internal state associated with the session, including all keys and licenses.</li>
+ <ol>
+ <li><p>If the state of the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> is <code><a href="#dom-stateclosed">CLOSED</a></code> then abort these steps.</p></li>
+ <li><p>If the state of the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> is <code><a href="#dom-stateerror">ERROR</a></code>, throw an <code><a href="http://www.w3.org/TR/dom/#dom-domexception-invalid_state_err">INVALID_STATE_ERR</a></code> exception and abort these steps.</p></li>
+ <li>
+<p>Schedule a task to handle the call.</p>
+ <p>The user agent will asynchronously execute the following steps in the task:</p>
+ <ol>
+ <li><p>Let <var title="true">cdm</var> be the <var title="true">cdm</var> loaded in the <a href="#dom-mediakeys-constructor"><code>MediaKeys</code> constructor</a>.</p></li>
+ <li>
+<p>Use <var title="true">cdm</var> to execute the following steps:</p>
+ <ol>
+ <li>
+ <p>Process the release request.</p>
+ <p class="non-normative">Note: the release() method is intended to act as a hint to the user agent that the application believes the MediaKeySession is no longer needed.
+ However, the CDM determines whether resources can now be released.</p>
+ </li>
+ <li><p>If the previous step caused the session to be closed, run the <a href="#algorithms-session-close">Session Close</a> algorithm for the <code><a href="#dom-mediakeysession">MediaKeySession</a></code>.</p></li>
+ </ol>
+ </li>
+ </ol>
+ </li>
</ol>
- <p>The <dfn id="dom-sourcekeysystem"><code>keySystem</code></dfn> attribute of <code><a href="#dom-htmlsourceelement">HTMLSourceElement</a></code> specifies the <a href="#key-system">Key System</a> to be used with the <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-resource">media resource</a></code>.
+ <p>The <dfn id="dom-sourcekeysystem"><code>keySystem</code></dfn> attribute of <code><a href="#dom-htmlsourceelement">HTMLSourceElement</a></code> specifies the <a href="#key-system">Key System</a> to be used with the <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-resource">media resource</a></code>. The <code><a href="#dom-sourcekeysystem">keySystem</a></code> attribute must be supported by all HTMLSourceElement as both an IDL attribute and also a content attribute named <dfn id="dom-sourcecontentkeysystem"><code>keysystem</code></dfn>.
The <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-algorithm">resource selection algorithm</a> is modified to check the <code><a href="#dom-sourcekeysystem">keySystem</a></code> attribute after the existing <em>step 5</em> of the <em>Otherwise</em> branch of <em>step 6</em>:
</p>
<ol start="6">
<li><p>⌛ If <var title="">candidate</var> has a <code><a href="#dom-sourcekeysystem">keySystem</a></code> attribute whose value represents a <a href="#key-system">Key System</a> that the user agent knows it cannot use with <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#attr-source-type">type</a></code>, then end the <a href="http://www.w3.org/TR/html5/webappapis.html#synchronous-section">synchronous section</a>, and jump down to the <i title="">failed</i> step below.</p></li>
</ol>
- <h3 id="error-codes">2.1. Error Codes</h3>
- <div class="issue"><div class="issue-title"><span>Issue 2</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=21798">Bug 21798</a> - Some errors may change or be removed.</p></div>
- <p><code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#mediaerror">MediaError</a></code> is extended, and a new error type is added.</p>
+ <h3 id="error-codes">2.1. Errors</h3>
+ <h4 id="mediakeyerror">2.1.1. Interface</h4>
<pre class="idl">
-partial interface <dfn id="dom-mediaerror">MediaError</dfn> {
- const unsigned short <a href="#dom-media_err_encrypted">MEDIA_ERR_ENCRYPTED</a> = 5;
-};
-interface <dfn id="dom-mediakeyerror">MediaKeyError</dfn> {
- const unsigned short <a href="#dom-media_keyerr_unknown">MEDIA_KEYERR_UNKNOWN</a> = 1;
- const unsigned short <a href="#dom-media_keyerr_client">MEDIA_KEYERR_CLIENT</a> = 2;
- const unsigned short <a href="#dom-media_keyerr_service">MEDIA_KEYERR_SERVICE</a> = 3;
- const unsigned short <a href="#dom-media_keyerr_output">MEDIA_KEYERR_OUTPUT</a> = 4;
- const unsigned short <a href="#dom-media_keyerr_hardwarechange">MEDIA_KEYERR_HARDWARECHANGE</a> = 5;
- const unsigned short <a href="#dom-media_keyerr_domain">MEDIA_KEYERR_DOMAIN</a> = 6;
- readonly attribute unsigned short <a href="#dom-code">code</a>;
+[<a href="#dom-mediakeyerror-constructor">Constructor</a>(DOMString <a href="#mediakeyerror-names">name</a>, unsigned long <a href="#dom-systemcode">systemCode</a>, optional DOMString message = "")]
+interface <dfn id="dom-mediakeyerror">MediaKeyError</dfn> : <a href="http://www.w3.org/TR/dom/#interface-domerror">DOMError</a> {
readonly attribute unsigned long <a href="#dom-systemcode">systemCode</a>;
-};</pre>
- <dl class="domintro">
- <dt>
-<var title="">session</var> . <var title="">error</var> . <code><a href="#dom-code">code</a></code>
-</dt>
- <dd>
- <p>Returns the current error's error code, from the list below.</p>
- </dd>
- <dt>
-<var title="">session</var> . <var title="">error</var> . <code><a href="#dom-systemcode">systemCode</a></code>
-</dt>
- <dd>
- <p>Returns the current error's system code.</p>
- </dd>
- </dl>
-
- <p>The <dfn id="dom-mediaerrorcode"><code>code</code></dfn> attribute of a <code><a href="#dom-mediaerror">MediaError</a></code> may additionally return the following:</p>
- <dl>
- <dt>
-<dfn id="dom-media_err_encrypted"><code>MEDIA_ERR_ENCRYPTED</code></dfn> (numeric value 5)</dt>
- <dd>The stream could not be played because it is encrypted and one of the following:
- <ol>
- <li>The media element does not have a <code><a href="#dom-needkey">needkey</a></code> handler</li>
- <li>The media element's <code><a href="#dom-keys">keys</a></code> attribute is null</li>
- </ol>
- <p class="non-normative">Applications that support encrypted media should provide a <code><a href="#dom-needkey">needkey</a></code> handler and/or call <code><a href="#dom-setmediakeys">setMediaKeys()</a></code> no later than when <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> is provided.</p>
- <p class="non-normative">If the user agent does not support decryption of this <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, it should report the same error it would for any other unsupported media data (e.g. <code>MEDIA_ERR_SRC_NOT_SUPPORTED</code>).</p>
- </dd>
- </dl>
+};
+</pre>
<div class="impl">
- <p>The <dfn id="dom-code"><code>code</code></dfn> attribute of a <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> object must return the code for the error, which must be one of the following:</p>
- <dl>
- <dt>
-<dfn id="dom-media_keyerr_unknown"><code>MEDIA_KEYERR_UNKNOWN</code></dfn> (numeric value 1)</dt>
- <dd>An unspecified error occurred. This value is used for errors that don't match any of the following codes.</dd>
- <dt>
-<dfn id="dom-media_keyerr_client"><code>MEDIA_KEYERR_CLIENT</code></dfn> (numeric value 2)</dt>
- <dd>The <a href="#key-system">Key System</a> could not be installed or updated.</dd>
- <dt>
-<dfn id="dom-media_keyerr_service"><code>MEDIA_KEYERR_SERVICE</code></dfn> (numeric value 3)</dt>
- <dd>The message passed into <code><a href="#dom-update">update</a></code> indicated an error from the license service.</dd>
- <dt>
-<dfn id="dom-media_keyerr_output"><code>MEDIA_KEYERR_OUTPUT</code></dfn> (numeric value 4)</dt>
- <dd>There is no available output device with the required characteristics for the content protection system.</dd>
- <dt>
-<dfn id="dom-media_keyerr_hardwarechange"><code>MEDIA_KEYERR_HARDWARECHANGE</code></dfn> (numeric value 5)</dt>
- <dd>A hardware configuration change caused a content protection error.</dd>
- <dt>
-<dfn id="dom-media_keyerr_domain"><code>MEDIA_KEYERR_DOMAIN</code></dfn> (numeric value 6)</dt>
- <dd>An error occurred in a multi-device domain licensing configuration. <span class="non-normative">The most common error is a failure to join the domain.</span>
-</dd>
- </dl>
+ <p>The <dfn id="dom-mediakeyerror-constructor"><code>MediaKeys(<var title="true">keySystem</var>)</code></dfn> constructor must return a new <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> whose <code><a href="#dom-systemcode">systemCode</a></code> attribute is initialized to <var title="true">systemCode</var> and inherited attributes are initialized by passing <var title="true">name</var> and <var title="true">message</var> to the <code><a href="http://www.w3.org/TR/dom/#dom-domerror">DOMError</a></code> constructor.</p>
<p>The <dfn id="dom-systemcode"><code>systemCode</code></dfn> attribute of a <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object is a <a href="#key-system">Key System</a>-dependent status code for the error that occurred.
- <span class="non-normative">This allows a more granular status to be returned than the more general <code><a href="#dom-code">code</a></code>.</span>
+ <span class="non-normative">This allows a more granular status to be returned than the more general <a href="#mediakeyerror-names">name</a>.</span>
It should be 0 if there is no associated status code or such status codes are not supported by the Key System.
</p>
</div>
- <h3 id="session-state">2.3 MediaKeySession States</h3>
+ <h4 id="mediakeyerror-names">2.1.2. Error Names</h4>
+
+ <p>The <dfn id="error-names-table">error names table</dfn> below lists all the allowed error names for the <code><a href="http://www.w3.org/TR/dom/#dom-domerror-name">name</a></code> attribute along with a description.
+ In addition, any of the standard <a href="http://www.w3.org/TR/dom/#error-names-0">error names</a> are allowed.</p>
+
+ <div class="issue">
+<div class="issue-title"><span>Issue 1</span></div>
+<p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=21798">Bug 21798</a> - The additional error names are yet to be defined.</p>
+</div>
+
+ <h3 id="session-state">2.2 MediaKeySession States</h3>
<p><i>This section is non-normative.</i></p>
<p>Each <code><a href="#dom-mediakeysession">MediaKeySession</a></code> maintains an internal state that determines what events may be fired.</p>
- <h4 id="session-state-list">2.3.1 MediaKeySession State Definitions</h4>
+ <h4 id="session-state-list">2.2.1 MediaKeySession State Definitions</h4>
<p>The following table describes the possible states:</p>
<table>
@@ -666,28 +746,32 @@
</thead>
<tbody>
<tr>
- <td><dfn id="dom-created"><code>CREATED</code></dfn></td>
+ <td><dfn id="dom-statecreated"><code>CREATED</code></dfn></td>
<td>The <code><a href="#dom-mediakeysession">MediaKeySession</a></code> has been created with a <code><a href="#dom-createsession">createSession()</a></code> call.</td>
</tr>
<tr>
- <td><dfn id="dom-pending"><code>PENDING</code></dfn></td>
- <td>A <code><a href="#dom-keymessage">keymessage</a></code> event has been fired at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code>. A call to <code><a href="#dom-update">update()</a></code> is expected next. The <a href="#media-element">media element</a> may block waiting for a key if encrypted data is encountered.</td>
+ <td><dfn id="dom-statepending"><code>PENDING</code></dfn></td>
+ <td>A <code><a href="#dom-eventmessage">message</a></code> event has been fired at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code>. A call to <code><a href="#dom-update">update()</a></code> is expected next. The <a href="#media-element">media element</a> may block waiting for a key if encrypted data is encountered.</td>
</tr>
<tr>
- <td><dfn id="dom-ready"><code>READY</code></dfn></td>
- <td>A <code><a href="#dom-keyready">keyready</a></code> event has been fired at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code>. The <a href="#media-element">media element</a> should not need to block waiting for a key if encrypted data associated with this session is encountered.</td>
+ <td><dfn id="dom-stateready"><code>READY</code></dfn></td>
+ <td>A <code><a href="#dom-eventready">ready</a></code> event has been fired at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code>. The <a href="#media-element">media element</a> should not need to block waiting for a key if encrypted data associated with this session is encountered.</td>
</tr>
<tr>
<td><dfn id="dom-stateerror"><code>ERROR</code></dfn></td>
- <td>A <code><a href="#dom-keyerror">keyerror</a></code> event has been fired at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code>. The <code><a href="#dom-error">error</a></code> attribute of the session holds information about the most recent error.</td>
+ <td>A <code><a href="#dom-eventerror">error</a></code> event has been fired at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code>. The <code><a href="#dom-error">error</a></code> attribute of the session holds information about the most recent error.</td>
+ </tr>
+ <tr>
+ <td><dfn id="dom-stateclosed"><code>CLOSED</code></dfn></td>
+ <td>A <code><a href="#dom-eventclose">close</a></code> event has been fired at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code>. No further events will be fired at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code>.</td>
</tr>
</tbody>
</table>
- <h4 id="session-state-transitions">2.3.2 MediaKeySession State Transitions</h4>
+ <h4 id="session-state-transitions">2.2.2 MediaKeySession State Transitions</h4>
<p>The following diagram shows the possible state transitions and the events fired when changing state:</p>
- <p><img src="session_state.svg" width="528" height="408" alt="State transition diagram"></p>
+ <p><img src="session_state.svg" width="631" height="408" alt="State transition diagram"></p>
<h3 id="media-element-restictions">2.3 Media Element Restrictions</h3>
<p><i>This section is non-normative.</i></p>
@@ -700,34 +784,35 @@
<h3 id="event-definitions">3.1. Event Definitions</h3>
<pre class="idl">
+[Constructor(DOMString type, optional <a href="#dom-mediakeyneededeventinit">MediaKeyNeededEventInit</a> eventInitDict)]
+interface <dfn id="dom-mediakeyneededevent">MediaKeyNeededEvent</dfn> : <a href="http://www.w3.org/TR/dom/#event">Event</a> {
+ readonly attribute DOMString <a href="#dom-contenttype">contentType</a>;
+ readonly attribute Uint8Array? <a href="#dom-initdata">initData</a>;
+};
+
+dictionary <dfn id="dom-mediakeyneededeventinit">MediaKeyNeededEventInit</dfn> : <a href="http://www.w3.org/TR/dom/#eventinit">EventInit</a> {
+ DOMString <a href="#dom-contenttype">contentType</a>;
+ Uint8Array? <a href="#dom-initdata">initData</a>;
+};</pre>
+
+ <pre class="idl">
[Constructor(DOMString type, optional <a href="#dom-mediakeymessageeventinit">MediaKeyMessageEventInit</a> eventInitDict)]
-interface <dfn id="dom-mediakeymessageevent">MediaKeyMessageEvent</dfn> : <a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#event">Event</a> {
+interface <dfn id="dom-mediakeymessageevent">MediaKeyMessageEvent</dfn> : <a href="http://www.w3.org/TR/dom/#event">Event</a> {
readonly attribute Uint8Array <a href="#dom-message">message</a>;
readonly attribute DOMString? <a href="#dom-destinationurl">destinationURL</a>;
};
-dictionary <dfn id="dom-mediakeymessageeventinit">MediaKeyMessageEventInit</dfn> : <a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#eventinit">EventInit</a> {
+dictionary <dfn id="dom-mediakeymessageeventinit">MediaKeyMessageEventInit</dfn> : <a href="http://www.w3.org/TR/dom/#eventinit">EventInit</a> {
Uint8Array <a href="#dom-message">message</a>;
DOMString? <a href="#dom-destinationurl">destinationURL</a>;
};</pre>
- <pre class="idl">
-[Constructor(DOMString type, optional <a href="#dom-mediakeyneededeventinit">MediaKeyNeededEventInit</a> eventInitDict)]
-interface <dfn id="dom-mediakeyneededevent">MediaKeyNeededEvent</dfn> : <a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#event">Event</a> {
- readonly attribute Uint8Array? <a href="#dom-initdata">initData</a>;
- readonly attribute DOMString <a href="#dom-type">type</a>;
-};
-
-dictionary <dfn id="dom-mediakeyneededeventinit">MediaKeyNeededEventInit</dfn> : <a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#eventinit">EventInit</a> {
- Uint8Array? <a href="#dom-initdata">initData</a>;
-};</pre>
-
<dl class="domintro">
<dt>
-<var title="">event</var> . <code><a href="#dom-destinationurl">destinationURL</a></code>
+<var title="">event</var> . <code><a href="#dom-contenttype">contentType</a></code>
</dt>
<dd>
- <p>Returns the URL to send the <code><a href="#dom-message">message</a></code> to.</p>
+ <p>Returns the MIME type of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> related to the event.</p>
</dd>
<dt>
<var title="">event</var> . <code><a href="#dom-initdata">initData</a></code>
@@ -736,78 +821,35 @@
<p>Returns the <a href="#initialization-data">Initialization Data</a> related to the event.</p>
</dd>
<dt>
-<var title="">event</var> . <code><a href="#dom-type">type</a></code>
-</dt>
- <dd>
- <p>Returns the MIME type of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> related to the event.</p>
- </dd>
- <dt>
<var title="">event</var> . <code><a href="#dom-message">message</a></code>
</dt>
<dd>
<p>Returns the message <span class="non-normative">(i.e. key request)</span> to send.</p>
</dd>
+ <dt>
+<var title="">event</var> . <code><a href="#dom-destinationurl">destinationURL</a></code>
+</dt>
+ <dd>
+ <p>Returns the URL to send the <code><a href="#dom-message">message</a></code> to.</p>
+ </dd>
</dl>
<div class="impl">
+ <p>The <dfn id="dom-contenttype"><code>contentType</code></dfn> attribute contains the MIME type of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> specific to the event. The format of the <code><a href="#dom-initdata">initData</a></code> will depend on the <code><a href="#dom-contenttype">contentType</a></code>.</p>
+ <p class="non-normative">Note: MIME types usually include "audio/" or "video/", and user agents should include these in <var title="true">contentType</var> as appropriate.
+ However, either variant may be returned for any stream of a given MIME type, and this is does not reflect the type(s) of stream(s) in the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.
+ Applications processing this attribute should handle all such variants.
+ </p>
<p>The <dfn id="dom-initdata"><code>initData</code></dfn> attribute contains <a href="#initialization-data">Initialization Data</a> specific to the event.</p>
- <p>The <dfn id="dom-type"><code>type</code></dfn> attribute contains the MIME type of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> specific to the event. The format of the <code><a href="#dom-initdata">initData</a></code> will depend on the <code><a href="#dom-type">type</a></code>.</p>
<p>The <dfn id="dom-message"><code>message</code></dfn> attribute contains a message from the CDM. Messages are Key System-specific. <span class="non-normative">In most cases, it should be sent to a key server.</span></p>
<p>The <dfn id="dom-destinationurl"><code>destinationURL</code></dfn> is the URL to send the <code><a href="#dom-message">message</a></code> to.
An application <em>may</em> override this.
<span class="non-normative">In some cases, it may have been provided by the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.</span>
It may be null.
</p>
-
- <p>If a response (i.e. a license) is necessary, applications should use one of the <a href="#dom-htmlmediaelement">new methods</a> to provide the response.</p>
</div>
<h3 id="event-summary">3.2. Event Summary</h3>
- <p>The following events are fired at <code><a href="#dom-mediakeysession">MediaKeySession</a></code>.</p>
- <table>
- <thead>
- <tr>
- <th>Event name</th>
- <th>Interface</th>
- <th>Dispatched when...</th>
- <th>Preconditions</th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td><dfn id="dom-keyadded"><code>keyadded</code></dfn></td>
- <td><code><a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#event">Event</a></code></td>
- <td>A key has been added as the result of a <code><a href="#dom-update">update()</a></code> call.
- </td>
- <td></td>
- </tr>
- <tr>
- <td><dfn id="dom-keyerror"><code>keyerror</code></dfn></td>
- <td><code><a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#event">Event</a></code></td>
- <td>An error occurs in the session. The session moves to the <code><a href="#dom-stateerror">ERROR</a></code> state.</td>
- <td></td>
- </tr>
- <tr>
- <td><dfn id="dom-keymessage"><code>keymessage</code></dfn></td>
- <td><code><a href="#dom-mediakeymessageevent">MediaKeyMessageEvent</a></code></td>
- <td>
- A message has been generated <span class="non-normative">(and likely needs to be sent to a server)</span>.
- <span class="non-normative">For example, a key request has been generated as the result of a <code><a href="#dom-createsession">createSession()</a></code> call or another message must be sent in response to an <code><a href="#dom-update">update()</a></code> call.</span>
- The session moves to the <code><a href="#dom-pending">PENDING</a></code> state.
- </td>
- <td></td>
- </tr>
- <tr>
- <td><dfn id="dom-keyready"><code>keyready</code></dfn></td>
- <td><code><a href="https://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#event">Event</a></code></td>
- <td>
- The media element should not be blocked if encrypted data is encountered associated with the initData used to create the session. The session moves to the <code><a href="#dom-ready">READY</a></code> state.
- </td>
- <td></td>
- </tr>
- </tbody>
- </table>
-
<p>The following event is fired at <code><a href="#dom-htmlmediaelement">HTMLMediaElement</a></code>.</p>
<table>
<thead>
@@ -834,6 +876,52 @@
</tbody>
</table>
+ <p>The following events are fired at <code><a href="#dom-mediakeysession">MediaKeySession</a></code>.</p>
+ <table>
+ <thead>
+ <tr>
+ <th>Event name</th>
+ <th>Interface</th>
+ <th>Dispatched when...</th>
+ <th>Preconditions</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td><dfn id="dom-eventerror"><code>error</code></dfn></td>
+ <td><code><a href="http://www.w3.org/TR/dom/#event">Event</a></code></td>
+ <td>An error occurs in the session. The session moves to the <code><a href="#dom-stateerror">ERROR</a></code> state.</td>
+ <td></td>
+ </tr>
+ <tr>
+ <td><dfn id="dom-eventmessage"><code>message</code></dfn></td>
+ <td><code><a href="#dom-mediakeymessageevent">MediaKeyMessageEvent</a></code></td>
+ <td>
+ A message has been generated <span class="non-normative">(and likely needs to be sent to a server)</span>.
+ <span class="non-normative">For example, a key request has been generated as the result of a <code><a href="#dom-createsession">createSession()</a></code> call or another message must be sent in response to an <code><a href="#dom-update">update()</a></code> call.</span>
+ The session moves to the <code><a href="#dom-statepending">PENDING</a></code> state.
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td><dfn id="dom-eventready"><code>ready</code></dfn></td>
+ <td><code><a href="http://www.w3.org/TR/dom/#event">Event</a></code></td>
+ <td>
+ The CDM currently has all the information it needs to use keys/licenses from this session. The session moves to the <code><a href="#dom-stateready">READY</a></code> state.
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td><dfn id="dom-eventclose"><code>close</code></dfn></td>
+ <td><code><a href="http://www.w3.org/TR/dom/#event">Event</a></code></td>
+ <td>
+ The session is no longer needed. The session moves to the <code><a href="#dom-stateclosed">CLOSED</a></code> state.
+ </td>
+ <td></td>
+ </tr>
+ </tbody>
+ </table>
+
<h2 id="algorithms">4. Algorithms</h2>
@@ -841,119 +929,94 @@
<p>The following steps are run when the <a href="#media-element">media element</a> encounters a source that may contain encrypted blocks or streams during the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>:</p>
<ol>
- <li><p>Let <var title="">cdm</var> be null.</p></li>
<li><p>Let <var title="">initData</var> be null.</p></li>
- <li><p>If <a href="#initialization-data">Initialization Data</a> was encountered, let <var title="">initData</var> be that initialization data.</p></li>
- <li>
-<p>Determine whether there is an active <a href="#cdm">CDM</a> by following the steps for the first matching condition from the following list:</p>
- <dl class="switch">
- <dt>If the media element's <code><a href="#dom-keys">keys</a></code> attribute is not null</dt>
- <dd>Let <var title="true">cdm</var> be the <var title="true">cdm</var> loaded in the <a href="#dom-media-keys-constructor"><code>MediaKeys</code> constructor</a>.</dd>
- <dt>Otherwise</dt>
- <dd>Jump to the <i>Need Key</i> step below.</dd>
- </dl>
- </li>
+ <li><p>If <a href="#initialization-data">Initialization Data</a> was encountered and if the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> is <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a>, let <var title="">initData</var> be that initialization data.</p></li>
<li>
-<p>Use <var title="true">cdm</var> to determine whether the key is known:</p>
- <ol>
- <li><p>Let <var title="">key ID</var> be null.</p></li>
- <li><p>If a key ID for the source is known at this time, let <var title="">key ID</var> be that ID.</p></li>
- <li><p>If <var title="">initData</var> is not null and contains a key ID, let <var title="">key ID</var> be that ID.</p></li>
- <li>
-<p>Determine whether the key is already known by following the steps for the first matching condition from the following list:</p>
- <dl class="switch">
- <dt>If <var title="">key ID</var> is not null</dt>
- <dd>
- <p>Determine whether the key is known by following the steps for the first matching condition from the following list:</p>
- <dl class="switch">
- <dt>If there is a key cached for <var title="">key ID</var>
-</dt>
- <dd>Jump to the <i>Continue Normal Flow</i> step below.</dd>
- <dt>Otherwise</dt>
- <dd>Jump to the <i>Need Key</i> step below.</dd>
- </dl>
- </dd>
- <dt>Otherwise</dt>
- <dd>
- <p>Determine whether the key is known by following the steps for the first matching condition from the following list:</p>
- <dl class="switch">
- <dt>If there is a single key cached (with or without a key ID)</dt>
- <dd>Jump to the <i>Continue Normal Flow</i> step below.</dd>
- <dt>Otherwise</dt>
- <dd>Jump to the <i>Need Key</i> step below.</dd>
- </dl>
- </dd>
- </dl>
- </li>
- </ol>
- </li>
- <li>
-<p><i>Need Key</i>:</p>
- <dl class="switch">
- <dt>If the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> is <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a>
-</dt>
- <dd>
-<a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-needkey">needkey</a></code> at the <a href="#media-element">media element</a>.</dd>
- <dt>Otherwise</dt>
- <dd>Abort media element's <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a> and run the steps to report a <code><a href="#dom-media_err_encrypted">MEDIA_ERR_ENCRYPTED</a></code> error.</dd>
- </dl>
+ <p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-needkey">needkey</a></code> at the <a href="#media-element">media element</a>.</p>
<p>The event is of type <code><a href="#dom-mediakeyneededevent">MediaKeyNeededEvent</a></code> and has:</p>
<ul style="list-style-type:none"><li>
+ <code><a href="#dom-contenttype">contentType</a></code> = the MIME type of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> container format<br>
<code><a href="#dom-initdata">initData</a></code> = <var title="">initData</var>
</li></ul>
<p class="non-normative">Firing this event allows the application to begin acquiring the key process before it is needed.</p>
- <p class="non-normative">Note that <code title="dom-media-readyState"><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-readystate">readyState</a></code> is <em>not</em> changed and no algorithms are aborted. This event is merely informative.</p>
+ <p class="non-normative">Note that <code title="dom-media-readyState"><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-readystate">readyState</a></code> is <em>not</em> changed and no algorithms are aborted. This event merely provides information.</p>
+ <p class="non-normative">Note that if the media is not <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a> then the initData will be null. This allows applications that can retrieve initData from an alternative source to continue. Applications with no way to retrieve initData may wish to consider aborting playback in this case.</p>
</li>
<li><p><i>Continue Normal Flow</i>: Continue with the existing media element's <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>.</p></li>
</ol>
- <h3 id="algorithms-enrypted-block">4.2. Encrypted Block Encountered</h3>
+ <h3 id="algorithms-encrypted-block">4.2. Encrypted Block Encountered</h3>
<p>The following steps are run when the <a href="#media-element">media element</a> encounters a block <span class="non-normative">(i.e. frame)</span> of encrypted <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> during the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>:</p>
<ol>
- <li><p>Let <var title="">cdm</var> be null.</p></li>
- <li><p>Let <var title="">block key</var> be null.</p></li>
<li>
-<p>Determine whether there is an active <a href="#cdm">CDM</a> by following the steps for the first matching condition from the following list:</p>
- <dl class="switch">
- <dt>If the media element's <code><a href="#dom-keys">keys</a></code> attribute is not null</dt>
- <dd>Let <var title="true">cdm</var> be the <var title="true">cdm</var> loaded in the <a href="#dom-media-keys-constructor"><code>MediaKeys</code> constructor</a>.</dd>
- <dt>Otherwise</dt>
- <dd>Jump to the <i>Key Presence</i> step below.</dd>
+<p>Follow the steps for the first matching condition from the following list:</p>
+ <dl class="switch">
+ <dt>If the media element's <code><a href="#dom-attrmediakeys">mediaKeys</a></code> attribute is not null:</dt>
+ <dd>Run the following steps:
+ <ol>
+ <li><p>Let <var title="true">cdm</var> be the <var title="true">cdm</var> loaded in the <a href="#dom-mediakeys-constructor"><code>MediaKeys</code> constructor</a>.</p></li>
+ <li>
+<p>If <var title="true">cdm</var> has at least one <code><a href="#dom-mediakeysession">MediaKeySession</a></code> in the <code><a href="#dom-statepending">PENDING</a></code> or <code><a href="#dom-stateready">READY</a></code> state, run the following steps:</p>
+ <p class="non-normative">This check ensures the <var title="true">cdm</var> has finished loading and is a prequisite for a matching key being available.</p>
+ <ol>
+ <li><p>Let <var title="true">block key ID</var> be be the key ID for the current block.</p></li>
+ <li>
+<p>Use <var title="true">cdm</var> to decrypt the block by following the steps for the first matching condition from the following list:</p>
+ <dl class="switch">
+ <dt>If any session has a usable key for <var title="">block key ID</var>
+</dt>
+ <dd>Run the following steps:
+ <ol>
+ <li>
+<p>Let <var title="">block key</var> be the matching key.</p>
+ <p class="non-normative">Note: If multiple sessions contain a <em>usable</em> key for <var title="">block key ID</var>, which session is used is <a href="#key-system">Key System</a>-dependent.</p>
+ </li>
+ <li>
+<p>Use <var title="true">cdm</var> to decrypt the block using <var title="">block key</var> by following the steps for the first matching condition from the following list:</p>
+ <dl class="switch">
+ <dt>If decryption fails</dt>
+ <dd>Abort the media element's <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>, run the steps to report a <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-mediaerror-media_err_decode">MEDIA_ERR_DECODE</a></code> error, and abort these steps.</dd>
+ <dt>Otherwise</dt>
+ <dd>Abort these steps and process the decrypted block as normal. <span class="non-normative">(Decode the block.)</span>
+</dd>
+ </dl>
+ <p class="non-normative">Note: Not all decryption problems (i.e. using the wrong key) will result in a decryption failure. In such cases, no error is fired here but one may be fired during decode.</p>
+ </li>
+ </ol>
+ </dd>
+ <dt>If any session has an unusable key for <var title="">block key ID</var>
+</dt>
+ <dd>Run the following steps:
+ <ol>
+ <li><p>Let <var title="">session</var> be the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object for the session with an unusable key.</p></li>
+ <li>
+<p>Create a new <code><a href="#dom-mediakeyerror">MediaKeyError</a></code> object with the following attributes:</p>
+ <ul style="list-style-type:none"><li>
+ <code><a href="http://www.w3.org/TR/dom/#dom-domerror-name">name</a></code> = the appropriate <a href="#mediakeyerror-names">error name</a><br>
+ <code><a href="#dom-systemcode">systemCode</a></code> = a Key System-specific value, if provided, and 0 otherwise
+ </li></ul>
+ </li>
+ <li><p>Set <var title="">session</var>'s <code><a href="#dom-error">error</a></code> attribute to the error object created in the previous step.</p></li>
+ <li><p>Let the state of <var title="">session</var> be <code><a href="#dom-stateerror">ERROR</a></code>.</p></li>
+ <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-eventerror">error</a></code> at <var title="">session</var>.</p></li>
+ </ol>
+ </dd>
+ <dt><span class="non-normative">Otherwise (there is no key for <var title="true">block key ID</var> in any session)</span></dt>
+ <dd><span class="non-normative">Continue.</span></dd>
+ </dl>
+ </li>
+ </ol>
+ </li>
+ </ol>
+ </dd>
</dl>
</li>
<li>
-<p>Use <var title="true">cdm</var> to select the key:</p>
- <ol>
- <li><p>Let <var title="">block key ID</var> be be the key ID for the current block.</p></li>
- <li><p>If <var title="true">cdm</var> has a key cached for <var title="">block key ID</var>, let <var title="">block key</var> be the matching cached key.</p></li>
- </ol>
- </li>
- <li>
-<p><i>Key Presence</i>: Handle the presence of a key by following the steps for the first matching condition from the following list:</p>
- <dl class="switch">
- <dt>If <var title="">cdm</var> is not null and <var title="">block key</var> is not null.</dt>
- <dd>Use <var title="true">cdm</var> to Decrypt the block using <var title="">block key</var> by following the steps for the first matching condition from the following list:
- <dl class="switch">
- <dt>If decryption fails</dt>
- <dd>Abort media element's <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a> and run the steps to report a <code><a href="#dom-media_err_encrypted">MEDIA_ERR_ENCRYPTED</a></code> error.</dd>
- <dt>Otherwise</dt>
- <dd>Continue.</dd>
- </dl>
- <p class="non-normative">Note: Not all decryption problems (i.e. using the wrong key) will result in a decryption failure. In such cases, no error is fired here but one may be fired during decode.</p>
- </dd>
- <dt>If there is an event handler for <code><a href="#dom-needkey">needkey</a></code>
-</dt>
- <dd>
- <p>Take no action.</p>
- <p class="non-normative">The <a href="#media-element">media element</a> is said to be <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#potentially-playing">potentially playing</a></code>
- unless playback stops because the stream cannot be decrypted, in which case the <a href="#media-element">media element</a> is said to be <a href="#waiting-for-a-key">waiting for a key</a>.
- </p>
- </dd>
- <dt>Otherwise</dt>
- <dd>Abort media element's <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a> and run the steps to report a <code><a href="#dom-media_err_encrypted">MEDIA_ERR_ENCRYPTED</a></code> error.</dd>
- </dl>
+ <p>Abort these steps and wait for a signal to resume playback.</p>
+ <p class="non-normative">There is no usable key for the block.</p>
+ <p class="non-normative">If playback stops because the stream cannot be decrypted when the <a href="#media-element">media element</a> is <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#potentially-playing">potentially playing</a></code>, the media element is said to be <a href="#waiting-for-a-key">waiting for a key</a>.</p>
</li>
</ol>
@@ -984,45 +1047,43 @@
<li class="non-normative">The media element leaves this state when seeking but could re-enter it if the same conditions exist.</li>
</ul>
- <h3 id="algorithms-load">4.3. Addition to Media Element Load Algorithm</h3>
- <p>The following step is added to the existing <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-element-load-algorithm">media element load algorithm</a>:</p>
- <ul>
- <li>
-<p>Clear the <code><a href="#dom-keys">keys</a></code> attribute for this <a href="#media-element">media element</a>.</p>
- <p class="non-normative">This also means the <code><a href="#dom-keys">keys</a></code> attribute will be cleared when the <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#attr-media-src">src</a></code> attribute is set or changed per <a href="http://www.w3.org/TR/html5/embedded-content-0.html#location-of-the-media-resource">Location of the media resource</a></p>
- </li>
- </ul>
-
+ <p>At any point while decrypting content, the user agent may determine that a <code><a href="#dom-mediakeysession">MediaKeySession</a></code> is no longer needed. It should run the <a href="#algorithms-session-close">Session Close</a> algorithm on the session.</p>
- <h2 id="key-release">5. Key Release</h2>
- <p class="non-normative">Note: it is an open issue whether further normative specification of this feature is required. See <a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=17199">Bug 17199</a>.</p>
- <h3 id="key-release-intro">5.1. Introduction</h3>
- <p><i>This section is non-normative.</i></p>
- <p>The above sections provide for delivery of key/license information to a <a href="#cdm">Content Decryption Module</a>.
- This section provides for management of the entire key/license lifecycle, that is, secure proof of key release.
- Use cases for such proof include any service where is it necessary for the service to know, reliably, which granted keys/licenses are still available for use by the user and which have been deleted.
- Examples include a service with restrictions on the number of concurrent streams available to a user or a service where content is available on a rental basis, for use offline.
- </p>
-
- <p>Secure proof of key release must necessarily involve the CDM due to the relative ease with which scripts may be modified.
- The CDM must provide a message asserting, in a CDM-specific form, that a specific key or license has been destroyed.
- Such messages must be cached in the CDM until acknowledgement of their delivery to the service has been received.
- This acknowledgement must also be in the form of a CDM-specific message.
- </p>
-
- <p>The mechanism for secure proof of key release operates outside the scope of any <a href="#media-element">media element</a>.
- This is because proof-of-release messages may be cached in CDMs after the associated media elements have been destroyed.
- Proof-of-key-release messages are subject to the same origin policy: they shall only be delivered to scripts with the same origin as the script which created the media element that provided the key/license.
- </p>
+ <h3 id="algorithms-queue-message">4.3. Queue a "message" Event</h3>
+ <p>The Queue a "message" Event algorithm is run when the CDM needs to queue a message event to a <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.
+ Requests to run this algorithm include a target <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object, a <var title="true">request</var>, and a <var title="true">destinationURL</var>.
+ The following steps are run:</p>
+ <ol>
+ <li><p>Let <var title="true">session</var> be the specified <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.</p></li>
+ <li><p>Let the state of <var title="true">session</var> be <code><a href="#dom-statepending">PENDING</a></code>.</p></li>
+ <li>
+ <p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-eventmessage">message</a></code> at <var title="true">session</var>.</p>
+ <p>The event is of type <code><a href="#dom-mediakeymessageevent">MediaKeyMessageEvent</a></code> and has:</p>
+ <ul style="list-style-type:none"><li>
+ <code><a href="#dom-message">message</a></code> = the specified <var title="true">request</var><br>
+ <code><a href="#dom-destinationurl">destinationURL</a></code> = the specified <var title="true">destinationURL</var>
+ </li></ul>
+ </li>
+ </ol>
+
+ <h3 id="algorithms-session-close">4.4. Session Close</h3>
+ <p>The following steps are run when the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> closes:</p>
- <h2 id="simple-decryption">6. Simple Decryption</h2>
+ <ol>
+ <li><p>Implementations may clear the internal state associated with the <code><a href="#dom-mediakeysession">MediaKeySession</a></code>, including keys and licences, to release resources but are not required to do so.</p></li>
+ <li><p>Let the state of the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> be <code><a href="#dom-stateclosed">CLOSED</a></code>.</p></li>
+ <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-eventclose">close</a></code> at the <code><a href="#dom-mediakeysession">MediaKeySession</a></code> object.</p></li>
+ </ol>
+ <p class="non-normative">Note: Keys in other sessions should be unaffected, even if they have overlapping key IDs.</p>
+
+ <h2 id="simple-decryption">5. Simple Decryption</h2>
<p>All user agents must support the simple decryption capabilities described in this section regardless of whether they support a more advanced <a href="#cdm">CDM</a>.
<span class="non-normative">This ensures that there is a common baseline level of protection that is guaranteed to be supported in all user agents, including those that are entirely open source.
Thus, content providers that need only basic protection can build simple applications that will work on all platforms without needing to work with any content protection providers.</span>
</p>
- <h3 id="simple-decryption-clear-key">6.1. Clear Key</h3>
+ <h3 id="simple-decryption-clear-key">5.1. Clear Key</h3>
<p>The "org.w3.clearkey" <a href="#key-system">Key System</a> indicates a plain-text clear (unencrypted) key will be used to decrypt the source.
No additional client-side content protection is required.
Use of this Key System is described below.
@@ -1045,7 +1106,7 @@
<code><a href="#dom-destinationurl">destinationURL</a></code> = value of the default URL if present in the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> and null otherwise.
</li></ul>
- <p>The <var title="true">key</var> parameter of <code><a href="#dom-update">update()</a></code> should be a JSON Web Key (JWK) representation of the symmetric key to be used for decryption, as defined in the <a href="http://tools.ietf.org/html/draft-jones-jose-json-private-and-symmetric-key">IETF Internet-draft JSON Private and Symmetric Key specification</a>. The JSON string is encoded into the Uint8Array parameter using <a href="http://www.w3.org/TR/html5/infrastructure.html#ascii-compatible-character-encoding">ASCII-compatible character encoding</a>.</p>
+ <p>The <var title="true">response</var> parameter of <code><a href="#dom-update">update()</a></code> should be a JSON Web Key (JWK) representation of the symmetric key to be used for decryption, as defined in the <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-key">IETF Internet-draft JSON Web Key (JWK) specification</a>. The JSON string is encoded into the Uint8Array parameter using <a href="http://www.w3.org/TR/html5/infrastructure.html#ascii-compatible-character-encoding">ASCII-compatible character encoding</a>.</p>
<p>When the JWK 'key type' ("kty") member value is 'octet sequence' ("oct"), the 'key value' ("k") member will be a base64 encoding of the octet sequence containing the symmetric key value.</p>
<p>For example, the following contains a single symmetric key represented as a JWK, designated as being for use with the AES Key Wrap algorithm (line breaks for readability, only).</p>
@@ -1062,46 +1123,107 @@
}</pre>
</div>
- <div class="issue">
-<div class="issue-title"><span>Issue 3</span></div>
-<p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=20965">Bug 20965</a> - EME results in a loss of control over security and privacy.</p>
-</div>
-
- <h2 id="security">7. Security Considerations</h2>
- <p><i>This section is non-normative.</i></p>
-
- <div class="issue"><div class="issue-title"><span>Issue 3</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=22909">Bug 22909</a> - Needs non-normative Security Considerations section.</p></div>
- <p><em>TODO: the task force has agreed that a security considerations section needs to be added but not what the contents should be. See <a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=22909">Bug 22909</a></em></p>
-
- <h2 id="privacy">8. Privacy Considerations</h2>
- <p><i>This section is non-normative.</i></p>
+ <h2 id="security">6. Security Considerations</h2>
+ <div class="nonnormative">
- <div class="issue"><div class="issue-title"><span>Issue 4</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=22910">Bug 22910</a> - Needs non-normative Privacy Consideration section.</p></div>
-
- <h3 id="privacy-fingerprinting">8.1. Fingerprinting</h3>
- <p>Malicious applications may be able to fingerprint users or user agents by detecting or enumerating the list of key systems that are supported.</p>
+ <div class="issue">
+<div class="issue-title"><span>Issue 2</span></div>Note: This section is not final and review is welcome.</div>
- <h3 id="privacy-tracking">8.2. Tracking</h3>
- <p>If user agents permit keys to be re-used between origins, without performing any secondary operations such as key derivation that includes the origin, then it may be possible for two origins to collude
- and track a unique user by recording their ability to access a common key.</p>
+ <p>Key system implementations must consider initialization data, key data and media data as potential attack vectors and must take care to safely parse, decrypt etc. initialization data, key data and media data. User Agents may want to validate data before passing it to the CDM, especially if the CDM does not run in the same (sandboxed) context as the DOM (i.e. rendering). </p>
+ <p>User Agents should treat key data and media data as untrusted content and use appropriate safeguards to mitigate any associated threats.</p>
+ <p>User Agents are responsible for providing users with a secure way to browse the web. Since User Agents may integrate with third party CDM implementations, CDM implementers must provide sufficient information and controls to user agent implementers to enable them to properly asses the security implications of integrating with the Key System.</p>
+ <p>Note: unsandboxed CDMs (or CDMs that use platform features) and UAs that use them must be especially careful in all areas of security, including parsing of key and media data, etc. due to the potential for compromises to provide access to OS/platform features, interact with or run as root, access drivers, kernel, firmware, hardware, etc., all of which may not be written to be robust against hostile software or web-based attacks. Additionally, CDMs may not be updated with security fixes as frequently, especially when part of the OS, platform or hardware.</p>
+
+ </div>
+ <h2 id="privacy">7. Privacy Considerations</h2>
+ <div class="nonnormative">
- <h3 id="privacy-supercookies">8.3. Super-cookies</h3>
- <p>With the exception of ephemeral keys, its often desirable for applications to strongly associate users with keys. These associations may be used to enhance the security of authenticating to the application,
- such as using a key stored in a secure element as a second factor, or may be used by users to assert some identity, such as an e-mail signing identity. As such, these keys often live longer than their counterparts
- such as usernames and passwords, and it may be undesirable or prohibitive for users to revoke these keys. Because of this, keys may exist longer than the lifetime of the browsing context and beyond the
- lifetime of items such as cookies, thus presenting a risk that a user may be tracked even after clearing such data. This is especially true for keys that were pre-provisioned for particular origins and for
- which no user interaction was provided.</p>
+ <div class="issue">
+<div class="issue-title"><span>Issue 3</span></div>Note: This section is not final and review is welcome.</div>
+
+ <p>The presence or use of Key Systems on a user's device raises a number of privacy issues, falling into two categories: (a) user-specific information that may be disclosed by the EME interface itself, or within messages from Key Systems and (b) user-specific information that may be persistently stored on the users device.</p>
+ <p>User Agents should take responsibility for providing users with adequate control over their own privacy. Since User Agents may integrate with third party CDM implementations, CDM implementers must provide sufficient information and controls to user agent implementers to enable them to implement appropriate techniques to ensure users have control over their privacy, including but not limited to the techniques described below.</p>
- <h2 id="containers">9. Container Guidelines</h2>
+ <h3>7.1. Information disclosed by EME and Key Systems</h3>
+ <p>Concerns regarding information disclosed by EME and Key Systems fall into two categories, concerns about non-specific information that may nevertheless contribute to the possibility of fingerprinting a user agent or device and user-specific information that may be used directly for user tracking.</p>
+
+ <h4>7.1.1 Fingerprinting</h4>
+ <p>Malicious applications may be able to fingerprint users or user agents by detecting or enumerating the list of key systems that are supported and related information. If proper origin protections are not provided this could include detection of sites that have been visited and information stored for those sites. In particular, Key Systems should not share key or other data between sites that are not CORS-same-origin.</p>
+
+ <h4>7.1.2 Tracking</h4>
+ <p>User-specific information may be obtained over the EME API in two ways: through detection of stored keys and through Key System messages.</p>
+
+ <p>Key Systems may access or create persistent or semi-persistent identifiers for a device or user of a device. In some cases these identifiers may be bound to a specific device in a secure manner. If these identifiers are present in Key System messages, then devices and/or users may be tracked. If the mitigations below are not applied this could include both tracking of users / devices over time and associating multiple users of a given device. If not mitigated, such tracking may take three forms depending on the design of the Key System:</p>
+ <ul>
+ <li>in all cases, such identifiers are expected to be available to sites and/or servers that fully support the Key System (and thus can interpret Key System messages) enabling tracking by such sites.</li>
+ <li>if identifiers exposed by Key Systems are not origin-specific, then two sites and/or servers that fully support the Key System may collude to track the user</li>
+ <li>if a Key System messages contains information derived from a user identifier in a consistent manner, for example such that a portion of the initial Key System message for a specific content item does not change over time and is dependent on the user identifier, then this information could be used by any application to track the device or user over time.</li>
+ </ul>
+
+ <p>If a Key System permits keys to be stored and to be re-used between origins, then it may be possible for two origins to collude and track a unique user by recording their ability to access a common key.</p>
+ <p>Finally, if any user interface for user control of Key Systems presents data separately from data in HTTP session cookies or persistent storage, then users are likely to modify site authorization or delete data in one and not the others. This would allow sites to use the various features as redundant backup for each other, defeating a user's attempts to protect his privacy.</p>
+ <p>There are a number of techniques that can be used to mitigate these risks of tracking without user consent:</p>
+
+ <dl>
+ <dt>User deletion of persistent identifiers</dt>
+ <dd>User agents could provide users with the ability to clear any persistent identifiers maintained by Key Systems.</dd>
+
+ <dt>Use of (non-reversible) per-origin identifiers</dt>
+ <dd>The user / device identifier exposed by a Key System may be different for each origin, either by allocation of different identifiers for different origins or by use of a non-reversible origin-specific mapping from an origin-independent identifier.</dd>
+
+ <dt>Encryption of user identifiers</dt>
+ <dd>User identifiers in Key System messages could be encrypted, together with a timestamp or nonce, such that the Key System messages are always different. This would prevent the use of Key System messages for tracking except by applications fully supporting the Key System.</dd>
+
+ <dt>Site-specific white-listing of access to each Key System</dt>
+ <dd>User agents could require the user to explicitly authorize access by each site to each Key System. User agents should enable users to revoke this authorization either temporarily or permanently.</dd>
+
+ <dt>Treating Key System persistent identifiers as cookies</dt>
+ <dd>User agents should present the presence of persistent identifiers stored by Key Systems to the user in a way that associates them strongly with HTTP session cookies. This might encourage users to view such identifiers with healthy suspicion.</dd>
+
+ <dt>Shared blacklists</dt>
+ <dd>User agents may allow users to share their Key System domain blacklists. This would allow communities to act together to protect their privacy.</dd>
+
+ <dt>User alerts / prompts</dt>
+ <dd>User Agents could ensure that users are fully informed and / or give explicit consent before identifiers are exposed in messages from Key Systems.</dd>
+
+ <dt>User controls to disable Key Systems or Key System use of identifiers</dt>
+ <dd>User Agents could provide users with a global control of whether a Key System is enabled / disabled and / or whether Key System use of user / device identifiers is enabled or disabled (if supported by the Key System).</dd>
+ </dl>
+
+ <p>While these suggestions prevent trivial use of this feature for user tracking, they do not block it altogether. Within a single domain, a site can continue to track the user during a session, and can then pass all this information to a third party along with any identifying information (names, credit card numbers, addresses) obtained by the site. If a third party cooperates with multiple sites to obtain such information, and if identifiers are not per-origin, then a profile can still be created.</p>
+ <p>It is important to note that identifiers that are non-clearable, non-origin-specific or hardware-bound exceed the tracking impact of existing techniques such as Cookies or session identifiers embedded in URLs.</p>
+ <p>Thus, in addition to the various mitigations described above, if a browser supports a mode of operation intended to preserve user anonymity, then User Agent implementers should carefully consider whether access to Key Systems should be disabled in this mode.</p>
+
+ <h3>7.2. Information stored on user devices</h3>
+ <p>Key Systems may store information on a user's device, or user agents may store information on behalf of Key Systems. Potentially, this could reveal information about a user to another user of the same device, including potentially the origins that have used a particular Key System (i.e. sites visited) or even the content that has been decrypted using a Key System.</p>
+ <p>If information stored by one origin affects the operation of the Key System for another origin, then potentially the sites visited or content viewed by a user on one site may be revealed to another, potentially malicious, site.</p>
+ <p>There are a number of techniques that can be used to mitigate these privacy risk to users:</p>
+
+ <dl>
+ <dt>Origin-specific Key System storage</dt>
+ <dd>User agents may require that some or all of the Key System's persistently stored data is stored in an origin-specific way.</dd>
+
+ <dt>User deletion of Key System storage</dt>
+ <dd>User agents may present the user with a way to delete Key System storage for a specific origin or all origins.</dd>
+
+ <dt>Treating Key System stored data like cookies / Web Storage</dt>
+ <dd>User agents should present the presence of persistent data stored by Key Systems to the user in a way that associates it strongly with HTTP session cookies and/or Web Storage. This might encourage users to view such data with healthy suspicion.</dd>
+
+ <dt>Encryption or obfuscation of Key System stored data</dt>
+ <dd>User agents should treat data stored by Key Systems as potentially sensitive; it is quite possible for user privacy to be compromised by the release of this information. To this end, user agents should ensure that such data is securely stored and when deleting data, it is promptly deleted from the underlying storage.</dd>
+ </dl>
+
+ </div>
+ <h2 id="containers">8. Container Guidelines</h2>
<p>This document describes behavior independent of specific media containers.
The following sections provide container-specific details for implementations that choose to support those containers.
</p>
- <h3 id="webm">9.1 WebM</h3>
+ <h3 id="webm">8.1 WebM</h3>
<div class="nonnormative">
<p>This section defines the stream format and Initialization Data for implementations that choose to support <a href="http://www.webmproject.org/code/specs/container/">WebM</a>.</p>
- <h4 id="webm-stream-format">9.1.1.Stream Format </h4>
+ <h4 id="webm-stream-format">8.1.1.Stream Format </h4>
<p><a href="http://wiki.webmproject.org/encryption/webm-encryption-rfc">Encrypted WebM streams</a> are encrypted at the block level with AES-128 CTR encryption.
The container shall include appropriate values within the <a href="http://matroska.org/technical/specs/index.html#ContentEncryption">ContentEncryption</a> element.
</p>
@@ -1110,12 +1232,12 @@
In the former case, a subset of Tracks in the stream have a <a href="http://matroska.org/technical/specs/index.html#ContentEncryption">ContentEncryption</a> element.
In the latter case, a subset of the blocks within a Track containing a <a href="http://matroska.org/technical/specs/index.html#ContentEncryption">ContentEncryption</a> element are marked as encrypted.</p>
- <h4 id="webm-detect-encrypt">9.1.2. Detecting Encryption</h4>
+ <h4 id="webm-detect-encrypt">8.1.2. Detecting Encryption</h4>
<p>When a WebM <a href="http://matroska.org/technical/specs/index.html#LevelTrack">Track</a> is parsed, the presence of a <a href="http://matroska.org/technical/specs/index.html#ContentEncKeyID">ContentEncKeyID</a> element shall indicate that the stream is potentially encrypted. Each time a new value is encountered in a ContentEncKeyID element, the <a href="#algorithms-encrypted-stream">First Time a Key Reference is Encountered</a> algorithm shall be invoked with the value in that element as <var title="">initData</var>.</p>
- <p><a href="#algorithms-enrypted-block">Encrypted blocks</a> are those marked encrypted by the <a href="http://wiki.webmproject.org/encryption/webm-encryption-rfc#TOC-4.6-Signal-Byte-Format">Signal Byte.</a></p>
+ <p><a href="#algorithms-encrypted-block">Encrypted blocks</a> are those marked encrypted by the <a href="http://wiki.webmproject.org/encryption/webm-encryption-rfc#TOC-4.6-Signal-Byte-Format">Signal Byte.</a></p>
- <h4 id="webm-init-data">9.1.3. Initialization Data and Events</h4>
+ <h4 id="webm-init-data">8.1.3. Initialization Data and Events</h4>
<p><a href="#initialization-data">Initialization Data</a> in <a href="#events">events</a> is always a key ID, which is the <a href="http://matroska.org/technical/specs/index.html#ContentEncKeyID">ContentEncKeyID</a> of the current <a href="http://matroska.org/technical/specs/index.html#LevelTrack">Track</a>.
The current Track is the one being parsed or that contains the block being decrypted.
</p>
@@ -1127,21 +1249,22 @@
<p>An event will be fired for each new key ID (in <a href="http://matroska.org/technical/specs/index.html#ContentEncKeyID">ContentEncKeyID</a>) encountered for which a key is not already known.</p>
</div>
- <h3 id="iso">9.2 ISO Base Media File Format</h3>
+ <h3 id="iso">8.2 ISO Base Media File Format</h3>
<div class="nonnormative">
- <div class="issue"><div class="issue-title"><span>Issue 5</span></div>Note: There is an open issue about how initialization data should be extracted from ISO BMFF content. See <a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=17673">Bug 17673</a>.</div>
+ <div class="issue">
+<div class="issue-title"><span>Issue 4</span></div>Note: There is an open issue about how initialization data should be extracted from ISO BMFF content. See <a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=17673">Bug 17673</a>.</div>
<p>This section defines the stream format and initialization data for ISO Base media File Format (ISOBMFF) content.</p>
- <h4 id="iso-stream-format">9.2.1 Stream format</h4>
+ <h4 id="iso-stream-format">8.2.1 Stream format</h4>
<p>The stream format is dependent upon the protection scheme, as defined in the scheme type box ('schm').</p>
<p>For example, under the common encryption ("cenc") protection scheme, ISOBMFF content is encrypted at the sample level with AES-128 CTR encryption, according to ISO/IEC 23001-7:2012, "Information technology - MPEG system technologies - Part 7: Common encryption in ISO base media file format files". This protection method enables multiple Key Systems to decrypt the same media content.</p>
- <h4 id="iso-detect-encrypt">9.2.2 Detecting Encryption</h4>
+ <h4 id="iso-detect-encrypt">8.2.2 Detecting Encryption</h4>
<p>Protection scheme signaling conforms with ISO/IEC 14496-12. When protection has been applied, the stream type will be transformed to 'encv' for video or 'enca' for audio, with a scheme information box ('sinf') added to the sample entry in the sample description box ('stsd'). The scheme information box ('sinf') will contain a scheme type box ('schm') with a scheme_type field set to the 4CC value of the protection scheme.</p>
<p>Additionally, if the protection scheme is common encryption ("cenc"), the "encrypted block" is a sample. Determining whether a sample is encrypted depends on the corresponding track encryption box ('tenc') and the sample group associated with the sample. In this case the default encryption state of a sample is defined by the IsEncrypted flag in the associated track encryption box ('tenc'). This default state may be modified by the IsEncrypted flag in the Sample Group Description Box ('sgpd'), pointed to by an index in the Sample to Group Box ('sbgp').</p>
<p>For complete information about "cenc" see ISO/IEC 23001-7:2012.</p>
- <h4 id="iso-init-data">9.2.3 Initialization Data and Events</h4>
+ <h4 id="iso-init-data">8.2.3 Initialization Data and Events</h4>
<p>For ISOBMFF the InitData begins with a the protection scheme information box ('sinf'). The 'sinf' includes the scheme type box ('schm'), giving the scheme_type, and the scheme information box ('schi').</p>
<p>If this scheme_type is common encryption ("cenc"), the scheme information box will also contain the track encryption box ('tenc'), giving the defaults for IsEncrypted, IV_size and KID for that track. In addition, one or more protection system specific heder boxes ('pssh') will be concatenated after the 'sinf' box.</p>
<p>In a file encrypted with common encryption, each key is identified by a Key ID and each encrypted sample is associated with the Key ID of the key needed to decrypt it. This association is signaled either through the specification of a default Key ID in the track encryption box ('tenc') or by assigning the sample to a Sample Group, the definition of which specifies a Key ID. Common encryption files may contain a mixture of encrypted and unencrypted samples. Playback of unencrypted samples should not be impeded by unavailability of the keys needed to decrypt other samples in the same file or track.</p>
@@ -1149,7 +1272,7 @@
</div>
- <h2 id="examples">10. Examples</h2>
+ <h2 id="examples">9. Examples</h2>
<p><i>This section and its subsections are non-normative.</i></p>
<p>This section contains example solutions for various use cases using the proposed extensions.
These are not the only solutions to these use cases.
@@ -1157,7 +1280,7 @@
In some cases, such as using synchronous XHR, the examples are simplified to keep the focus on the extensions.
</p>
- <h3 id="example-source-and-key-known" class="exampleheader">10.1. Source and Key Known at Page Load (Clear Key Encryption)</h3>
+ <h3 id="example-source-and-key-known" class="exampleheader">9.1. Source and Key Known at Page Load (Clear Key)</h3>
<p class="exampledescription">In this simple example, the source file and <a href="#simple-decryption-clear-key">clear-text key</a> are hard-coded in the page.</p>
<p class="exampledescription">This example is very simple because it does not care when the key has been added or associating that event with the <code><a href="#dom-update">update()</a></code> call. It also does not handle errors.</p>
@@ -1167,16 +1290,16 @@
function load() {
var video = document.getElementById("video");
- if (!video.<a href="#dom-keys">keys</a>)
+ if (!video.<a href="#dom-attrmediakeys">mediaKeys</a>)
video.<a href="#dom-setmediakeys">setMediaKeys</a>(new <a href="#dom-mediakeys">MediaKeys</a>("org.w3.clearkey"));
if (!video.<a href="#dom-keys">keys</a>)
throw "Could not create MediaKeys";
- var keySession = video.<a href="#dom-keys">keys</a>.<a href="#dom-createsession">createSession</a>();
+ var keySession = video.<a href="#dom-attrmediakeys">mediaKeys</a>.<a href="#dom-createsession">createSession</a>();
if (!keySession)
throw "Could not create key session";
- keySession.addEventListener("<a href="#dom-keymessage">keymessage</a>",handleMessage,false);
+ keySession.addEventListener("<a href="#dom-eventmessage">message</a>", handleMessage, false);
}
function handleMessage(event) {
@@ -1192,11 +1315,11 @@
</body></pre>
</div>
- <h3 id="example-source-known-but-key-not-known" class="exampleheader">10.2. Source Known but Key Not Known at Page Load</h3>
+ <h3 id="example-source-known-but-key-not-known" class="exampleheader">9.2. Source Known but Key Not Known at Page Load</h3>
<p class="exampledescription">In this case, the <a href="#initialization-data">Initialization Data</a> is contained in the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.
If this was not the case, <code>handleKeyNeeded()</code> could obtain and provide it instead of getting it from the event.</p>
- <h4 id="example-clear-key" class="exampleheader">10.2.1. Clear Key Encryption</h4>
+ <h4 id="example-clear-key" class="exampleheader">9.2.1. Clear Key</h4>
<p class="exampledescription">This solution uses the <a href="#simple-decryption-clear-key">Clear Key</a> <a href="#simple-decryption">Simple Decryption</a>.</p>
<p class="exampledescription">As with the previous example, this one is very simple because it does not care when the key has been added or handle errors.</p>
@@ -1205,18 +1328,17 @@
<script>
function handleKeyNeeded(event) {
var video = event.target;
- var initData = event.<a href="#dom-initdata">initData</a>;
- if (!video.<a href="#dom-keys">keys</a>)
+ if (!video.<a href="#dom-attrmediakeys">mediaKeys</a>)
video.<a href="#dom-setmediakeys">setMediaKeys</a>(new <a href="#dom-mediakeys">MediaKeys</a>("org.w3.clearkey"));
- if (!video.<a href="#dom-keys">keys</a>)
+ if (!video.<a href="#dom-attrmediakeys">mediaKeys</a>)
throw "Could not create MediaKeys";
- var keySession = video.<a href="#dom-keys">keys</a>.<a href="#dom-createsession">createSession</a>(mimeType, initData);
+ var keySession = video.<a href="#dom-attrmediakeys">mediaKeys</a>.<a href="#dom-createsession">createSession</a>(event.<a href="#dom-contenttype">contentType</a>, event.<a href="#dom-initdata">initData</a>);
if (!keySession)
throw "Could not create key session";
- keySession.addEventListener("<a href="#dom-keymessage">keymessage</a>",handleMessage,false);
+ keySession.addEventListener("<a href="#dom-eventmessage">message</a>", handleMessage, false);
}
function handleMessage(event) {
@@ -1238,7 +1360,7 @@
<video src="foo.webm" autoplay on<a href="#dom-needkey">needkey</a>="handleKeyNeeded(event)"></video></pre>
</div>
- <h4 id="example-other-cdm" class="exampleheader">10.2.2. Other Content Decryption Module</h4>
+ <h4 id="example-other-cdm" class="exampleheader">9.2.2. Other Key System</h4>
<p class="exampledescription">This solution uses more advanced decryption from a fictitious <a href="#cdm">content decryption module</a> called Some System.</p>
<div class="example">
@@ -1246,18 +1368,17 @@
<script>
function handleKeyNeeded(event) {
var video = event.target;
- var initData = event.<a href="#dom-initdata">initData</a>;
- if (!video.<a href="#dom-keys">keys</a>)
+ if (!video.<a href="#dom-attrmediakeys">mediaKeys</a>)
video.<a href="#dom-setmediakeys">setMediaKeys</a>(new <a href="#dom-mediakeys">MediaKeys</a>("com.example.somesystem.1_0"));
- if (!video.<a href="#dom-keys">keys</a>)
+ if (!video.<a href="#dom-attrmediakeys">mediaKeys</a>)
throw "Could not create MediaKeys";
- var keySession = video.<a href="#dom-keys">keys</a>.<a href="#dom-createsession">createSession</a>(mimeType, initData);
+ var keySession = video.<a href="#dom-attrmediakeys">mediaKeys</a>.<a href="#dom-createsession">createSession</a>(event.<a href="#dom-contenttype">contentType</a>, event.<a href="#dom-initdata">initData</a>);
if (!keySession)
throw "Could not create key session";
- keySession.addEventListener("<a href="#dom-keymessage">keymessage</a>",licenseRequestReady,false);
+ keySession.addEventListener("<a href="#dom-eventmessage">message</a>", licenseRequestReady, false);
}
function licenseRequestReady(event) {
@@ -1281,7 +1402,7 @@
<video src="foo.webm" autoplay on<a href="#dom-needkey">needkey</a>="handleKeyNeeded(event)"></video></pre>
</div>
- <h3 id="examples-selecting-key-system" class="exampleheader">10.3. Selecting a Supported Key System</h3>
+ <h3 id="examples-selecting-key-system" class="exampleheader">9.3. Selecting a Supported Key System</h3>
<p class="exampledescription">Below is an example of detecting supported <a href="#key-system">Key System</a> using the <code><a href="#dom-istypesupported">isTypeSupported()</a></code> and selecting one.
</p>
@@ -1305,20 +1426,19 @@
function handleKeyNeeded(event) {
var video = event.target;
- var initData = event.<a href="#dom-initdata">initData</a>;
- if (!video.<a href="#dom-keys">keys</a>) {
+ if (!video.<a href="#dom-attrmediakeys">mediaKeys</a>) {
selectKeySystem();
video.<a href="#dom-setmediakeys">setMediaKeys</a>(new <a href="#dom-mediakeys">MediaKeys</a>(keySystem));
}
- if (!video.<a href="#dom-keys">keys</a>)
+ if (!video.<a href="#dom-attrmediakeys">mediaKeys</a>)
throw "Could not create MediaKeys";
- var keySession = video.<a href="#dom-keys">keys</a>.<a href="#dom-createsession">createSession</a>(mimeType, initData);
+ var keySession = video.<a href="#dom-attrmediakeys">mediaKeys</a>.<a href="#dom-createsession">createSession</a>(event.<a href="#dom-contenttype">contentType</a>, event.<a href="#dom-initdata">initData</a>);
if (!keySession)
throw "Could not create key session";
- keySession.addEventListener("<a href="#dom-keymessage">keymessage</a>",licenseRequestReady,false);
+ keySession.addEventListener("<a href="#dom-eventmessage">message</a>", licenseRequestReady, false);
}
function licenseRequestReady(event) {
@@ -1342,9 +1462,9 @@
<video src="foo.webm" autoplay on<a href="#dom-needkey">needkey</a>="handleKeyNeeded(event)"></video></pre>
</div>
- <h3 id="example-using-all-events" class="exampleheader">10.4. Using All Events</h3>
+ <h3 id="example-using-all-events" class="exampleheader">9.4. Using All Events</h3>
<p class="exampledescription">This is a more complete example showing all events being used.</p>
- <p class="exampledescription">Note that <code>handleKeyMessage</code> could be called multiple times, including in response to the <code><a href="#dom-update">update()</a></code> call if multiple round trips are required and for any other reason the Key System might need to send a message.</p>
+ <p class="exampledescription">Note that <code>handleMessage()</code> could be called multiple times, including in response to the <code><a href="#dom-update">update()</a></code> call if multiple round trips are required and for any other reason the Key System might need to send a message.</p>
<div class="example">
<pre class="code">
@@ -1365,7 +1485,7 @@
xmlhttp.send(message);
}
- function handleKeyMessage(event) {
+ function handleMessage(event) {
var keySession = event.target;
var message = event.<a href="#dom-message">message</a>;
if (!message)
@@ -1374,33 +1494,32 @@
sendMessage(message, keySession);
}
- function handleKeyReady(event) {
+ function handleReady(event) {
// Do some bookkeeping with event.target.<a href="#dom-sessionid">sessionId</a> if necessary.
}
- function handleKeyError(event) {
- // Report event.target.error.<a href="#dom-code">code</a> and event.target.error.<a href="#dom-systemcode">systemCode</a>,
+ function handleError(event) {
+ // Report event.target.error.name and event.target.error.<a href="#dom-systemcode">systemCode</a>,
// and do some bookkeeping with event.target.<a href="#dom-sessionid">sessionId</a> if necessary.
}
function handleKeyNeeded(event) {
var video = event.target;
- var initData = event.<a href="#dom-initdata">initData</a>;
- if (!video.<a href="#dom-keys">keys</a>) {
+ if (!video.<a href="#dom-attrmediakeys">mediaKeys</a>) {
selectKeySystem(); // See previous example for implementation.
video.<a href="#dom-setmediakeys">setMediaKeys</a>(new <a href="#dom-mediakeys">MediaKeys</a>(keySystem));
}
- if (!video.<a href="#dom-keys">keys</a>)
+ if (!video.<a href="#dom-attrmediakeys">mediaKeys</a>)
throw "Could not create MediaKeys";
- var keySession = video.<a href="#dom-keys">keys</a>.<a href="#dom-createsession">createSession</a>(mimeType, initData);
+ var keySession = video.<a href="#dom-attrmediakeys">mediaKeys</a>.<a href="#dom-createsession">createSession</a>(event.<a href="#dom-contenttype">contentType</a>, event.<a href="#dom-initdata">initData</a>);
if (!keySession)
throw "Could not create key session";
- keySession.addEventListener("<a href="#dom-keymessage">keymessage</a>",handleKeyMessage,false);
- keySession.addEventListener("<a href="#dom-keyready">keyready</a>",handleKeyReady,false);
- keySession.addEventListener("<a href="#dom-keyerror">keyerror</a>",handleKeyError,false);
+ keySession.addEventListener("<a href="#dom-eventmessage">message</a>", handleMessage, false);
+ keySession.addEventListener("<a href="#dom-eventready">ready</a>", handleReady, false);
+ keySession.addEventListener("<a href="#dom-eventerror">error</a>", handleError, false);
}
</script>
@@ -1408,7 +1527,7 @@
</div>
- <h2 id="revision-history">11. Revision History</h2>
+ <h2 id="revision-history">10. Revision History</h2>
<table>
<thead>
<tr>
@@ -1434,15 +1553,15 @@
<td>Converted to the object-oriented API.</td>
</tr>
<tr>
- <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/eme-v0.1b/encrypted-media/encrypted-media.html">0.1b</a></td>
+ <td><a href="http://dvcs.w3.org/hg/html-media/raw-file/eme-v0.1b/encrypted-media/encrypted-media.html">0.1b</a></td>
<td>Last non-object-oriented revision.</td>
</tr>
<tr>
- <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/eme-v0.1a/encrypted-media/encrypted-media.html">0.1a</a></td>
+ <td><a href="http://dvcs.w3.org/hg/html-media/raw-file/eme-v0.1a/encrypted-media/encrypted-media.html">0.1a</a></td>
<td>Corrects minor mistakes in 0.1.</td>
</tr>
<tr>
- <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/eme-v0.1/encrypted-media/encrypted-media.html">0.1</a></td>
+ <td><a href="http://dvcs.w3.org/hg/html-media/raw-file/eme-v0.1/encrypted-media/encrypted-media.html">0.1</a></td>
<td>Initial Proposal</td>
</tr>
</tbody>