From f4eda80723bcfa9c6955f7c44170a98e4b5be173 Mon Sep 17 00:00:00 2001 From: Chris Needham Date: Fri, 26 Apr 2024 20:35:01 +0100 Subject: [PATCH] Update to use the latest ReSpec template * Use latest ReSpec script * Move contributor names from script to the document * Add myself to contributor list * Remove custom JavaScript * Remove unnecessary section IDs * Use ReSpec syntax for definitions and references to defined terms * Remove parameter tables that duplicate the WebIDL * Remove constructors sections, which otherwise would now have been empty * Use capital MUST consistently * Add GitHub Actions script to tidy the source document --- .github/workflows/tidy.yml | 21 + W3CTRMANIFEST | 1 - encrypted-media-respec.html | 2932 ++++++++++++------------ encrypted-media.js | 691 ------ format-registry/stream/mp4-respec.html | 1 - tidyconfig.txt | 7 + 6 files changed, 1504 insertions(+), 2149 deletions(-) create mode 100644 .github/workflows/tidy.yml delete mode 100644 encrypted-media.js create mode 100644 tidyconfig.txt diff --git a/.github/workflows/tidy.yml b/.github/workflows/tidy.yml new file mode 100644 index 00000000..f81bf4d2 --- /dev/null +++ b/.github/workflows/tidy.yml @@ -0,0 +1,21 @@ +name: Tidy document +on: + workflow_dispatch: {} + push: + branches: + - main + +jobs: + tidy: + name: Tidy up + runs-on: macos-latest + steps: + - uses: actions/checkout@v4 + - run: brew install tidy-html5 + - run: tidy -config tidyconfig.txt -o encrypted-media-respec.html encrypted-media-respec.html + - uses: peter-evans/create-pull-request@v6 + with: + title: "Tidied up document using tidy-html5" + commit-message: "chore: tidy up index.html" + branch: html-tidy + diff --git a/W3CTRMANIFEST b/W3CTRMANIFEST index ee7a957b..e2c53ba8 100644 --- a/W3CTRMANIFEST +++ b/W3CTRMANIFEST @@ -1,4 +1,3 @@ encrypted-media-respec.html?specStatus=WD;shortName=encrypted-media;useExperimentalStyles=false respec stack_overview.svg eme.css -encrypted-media.js diff --git a/encrypted-media-respec.html b/encrypted-media-respec.html index 6c44e989..a534e3d1 100644 --- a/encrypted-media-respec.html +++ b/encrypted-media-respec.html @@ -3,33 +3,7 @@ Encrypted Media Extensions - - - - + - - - - - +
-

This specification extends [[HTML]] providing APIs to control playback of encrypted content.

+

This specification extends {{HTMLMediaElement}} [[HTML]] providing APIs to control playback of encrypted content.

The API supports use cases ranging from simple clear key decryption to high value video (given an appropriate user agent implementation). License/key exchange is controlled by the application, facilitating the development of robust playback applications supporting a range of content decryption and protection technologies.

This specification does not define a content protection or Digital Rights Management system. Rather, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems. Implementation of Digital Rights Management is not required for compliance with this specification: only the - Clear Key system is required to be implemented as a common baseline.

+ [=Clear Key=] system is required to be implemented as a common baseline.

The common API supports a simple set of content encryption capabilities, leaving application functions such as authentication and authorization to page authors. This is achieved by requiring content protection system-specific messaging to be mediated by the page rather than assuming out-of-band communication between the encryption system and a license or other server.

@@ -177,7 +82,7 @@
-
+

Introduction

This specification enables script to select content protection mechanisms, control license/key exchange, and @@ -187,12 +92,12 @@

Introduction

Supported content is encrypted per container-specific "common encryption" specifications, enabling use across key systems. - Supported content has an unencrypted container, enabling metadata to be provided to the application and maintaining compatibility with other features. + Supported content has an unencrypted container, enabling metadata to be provided to the application and maintaining compatibility with other {{HTMLMediaElement}} features.

Implementers should pay attention to the mitigations for the security and privacy threats and concerns described in this specification. - In particular, the specification requirements for security and privacy cannot be met without knowledge of the security and privacy properties of the and its implementation(s). - contains security and privacy provisions related to the integration and use of underlying implementations. + In particular, the specification requirements for security and privacy cannot be met without knowledge of the security and privacy properties of the [=Key System=] and its implementation(s). + contains security and privacy provisions related to the integration and use of underlying [=Key System=] implementations. focuses on external threats, such as input data or network attacks. focuses on the handling of user-specific information and providing users with adequate control over their own privacy.

@@ -203,33 +108,33 @@

Introduction

A generic stack implemented using the API is shown below. This diagram shows an example flow; other combinations of API calls and events are possible.

- A generic stack implemented using the proposed APIs + A generic stack implemented using the proposed APIs
-
+

Definitions

-
Content Decryption Module (CDM)
+
Content Decryption Module (CDM)
-

Content Decryption Module (CDM) is the client component that provides the functionality, including decryption, for one or more .

+

Content Decryption Module (CDM) is the client component that provides the functionality, including decryption, for one or more [=Key Systems=].

Implementations may or may not separate the implementations of CDMs or treat them as separate from the user agent. This is transparent to the API and application.

-
Key System
+
Key System

A Key System is a generic term for a decryption mechanism and/or content protection provider. Key System strings provide unique identification of a Key System. - They are used by the user agent to select a and identify the source of a key-related event. - User agents MUST support the Common Key Systems. - User agents MAY also provide additional CDMs with corresponding Key System strings. + They are used by the user agent to select a [=CDM=] and identify the source of a key-related event. + User agents MUST support the [=Common Key Systems=]. + User agents MAY also provide additional [=CDMs=] with corresponding Key System strings.

A Key System string is always a reverse domain name. - Key System strings are compared using case-sensitive matching. It is RECOMMENDED that CDMs use simple lower-case ASCII key system strings.

+ Key System strings are compared using case-sensitive matching. It is RECOMMENDED that [=CDMs=] use simple lower-case ASCII key system strings.

For example, "com.example.somesystem".

@@ -239,41 +144,41 @@

Definitions

-
Key Session
+
Key Session
-

A Key Session, or simply Session, provides a context for message exchange with the as a result of which key(s) are made available to the CDM. - Sessions are embodied as MediaKeySession objects. - Each Key session is associated with a single instance of provided in the call. +

A Key Session, or simply Session, provides a context for message exchange with the [=CDM=] as a result of which key(s) are made available to the [=CDM=]. + Sessions are embodied as {{MediaKeySession}} objects. + Each Key session is associated with a single instance of [=Initialization Data=] provided in the {{MediaKeySession/generateRequest()}} call.

-

Each Key Session is associated with a single MediaKeys object, and only media element(s) associated with that MediaKeys object may access key(s) associated with the session. - Other MediaKeys objects, CDM instances, and media elements MUST NOT access the key session or use its key(s). - Key sessions and the keys they contain are no longer once the session has been closed, including when the MediaKeySession object is destroyed. +

Each Key Session is associated with a single {{MediaKeys}} object, and only media element(s) associated with that {{MediaKeys}} object may access key(s) associated with the session. + Other {{MediaKeys}} objects, [=CDM=] instances, and media elements MUST NOT access the key session or use its key(s). + Key sessions and the keys they contain are no longer [=usable for decryption=] once the session has been closed, including when the {{MediaKeySession}} object is destroyed.

All license(s) and key(s) associated with a Key Session which have not been explicitly stored MUST be destroyed when the Key Session is closed.

-

Key IDs MUST be unique within a session.

+

[=Key IDs=] MUST be unique within a session.

-
Session ID
+
Session ID
-

A Session ID is a unique string identifier generated by the that can be used by the application to identify MediaKeySession objects.

+

A Session ID is a unique string identifier generated by the [=CDM=] that can be used by the application to identify {{MediaKeySession}} objects.

-

A new Session ID is generated each time the user agent and CDM successfully create a new session.

+

A new Session ID is generated each time the user agent and [=CDM=] successfully create a new session.

Each Session ID SHALL be unique within the browsing context in which it was created. - For session types for which the algorithm returns true, Session IDs MUST be unique within the over time, including across browsing sessions. + For session types for which the [=Is persistent session type?=] algorithm returns true, Session IDs MUST be unique within the [=origin=] over time, including across browsing sessions.

The underlying content protection protocol does not necessarily need to support Session IDs.

-
Key
+
Key
-

Unless otherwise stated, key refers to a decryption key that can be used to decrypt blocks within . - Each such key is uniquely identified by a . - A key is associated with the session used to provide it to the . (The same key may be present in multiple sessions.) - Such keys MUST only be provided to the CDM via an call. (They may later be loaded by as part of the stored session data.) +

Unless otherwise stated, key refers to a decryption key that can be used to decrypt blocks within [=HTMLMediaElement/media data=]. + Each such key is uniquely identified by a [=key ID=]. + A key is associated with the [=key session|session=] used to provide it to the [=CDM=]. (The same key may be present in multiple sessions.) + Such keys MUST only be provided to the [=CDM=] via an {{MediaKeySession/update()}} call. (They may later be loaded by {{MediaKeySession/load()}} as part of the stored session data.)

Authors SHOULD encrypt each set of stream(s) that requires enforcement of a meaningfully different policy with a distinct key (and key ID). @@ -283,79 +188,79 @@

Definitions

-
Usable For Decryption
+
Usable For Decryption
-

A key is considered usable for decryption if the CDM is certain the key is currently usable to decrypt one or more blocks of .

+

A key is considered usable for decryption if the [=CDM=] is certain the key is currently usable to decrypt one or more blocks of [=HTMLMediaElement/media data=].

For example, a key is not usable for decryption if its license has expired. Even if its license has not expired, a key is not usable for decryption if other conditions (e.g., output protection) for its use are not currently satisfied.

-
Key ID
+
Key ID
-

A key is associated with a key ID that is a sequence of octets and which uniquely identifies the key. - The container specifies the ID of the key that can decrypt a block or set of blocks within the . - MAY contain key ID(s) to identify the keys that are needed to decrypt the media data. - However, there is no requirement that Initialization Data contain any or all key IDs used in the or . - Licenses provided to the associate each key with a key ID so the CDM can select the appropriate key when decrypting an encrypted block of media data. +

A [=key=] is associated with a key ID that is a sequence of octets and which uniquely identifies the key. + The container specifies the ID of the key that can decrypt a block or set of blocks within the [=HTMLMediaElement/media data=]. + [=Initialization Data=] MAY contain key ID(s) to identify the keys that are needed to decrypt the media data. + However, there is no requirement that Initialization Data contain any or all key IDs used in the [=HTMLMediaElement/media data=] or media resource. + [=Licenses=] provided to the [=CDM=] associate each key with a key ID so the [=CDM=] can select the appropriate key when decrypting an encrypted block of media data.

-
Known Key
+
Known Key
-

A key is considered to be known to a session if the 's implementation of the session contains any information - specifically the - about it, regardless of whether the actual key is usable or its value is known. - Known keys are exposed via the attribute. +

A key is considered to be known to a session if the [=CDM=]'s implementation of the session contains any information - specifically the [=key ID=] - about it, regardless of whether the actual [=key=] is usable or its value is known. + Known keys are exposed via the {{MediaKeySession/keyStatuses}} attribute.

-

Keys are considered known even after they become unusable, such as due to expiration or if they are removed but a is available. +

Keys are considered known even after they become unusable, such as due to [=expiration=] or if they are removed but a [=record of license destruction=] is available. Keys only become unknown when they are explicitly removed from a session and any license release message is acknowledged.

-

For example, a key could become unknown if an call provides a new license that does not include the key and includes instructions to replace the license(s) that previously contained the key.

+

For example, a key could become unknown if an {{MediaKeySession/update()}} call provides a new license that does not include the key and includes instructions to replace the license(s) that previously contained the key.

-
License
+
License
-

A license is key system-specific state information that includes one or more key(s) - each associated with a - and potentially other information about key usage.

+

A license is key system-specific state information that includes one or more [=key(s)=] - each associated with a [=key ID=] - and potentially other information about key usage.

-
Initialization Data
+
Initialization Data

- usually require a block of initialization data containing information about the stream to be decrypted before they can construct a license request message. + [=Key Systems=] usually require a block of initialization data containing information about the stream to be decrypted before they can construct a license request message. This block could be a simple key or content ID or a more complex structure containing such information. - It SHOULD always allow unique identification of the key(s) needed to decrypt the content. - This initialization information MAY be obtained in some application-specific way or provided with the . + It SHOULD always allow unique identification of the [=key(s)=] needed to decrypt the content. + This initialization information MAY be obtained in some application-specific way or provided with the [=HTMLMediaElement/media data=].

- Initialization Data is a generic term for container-specific data that is used by a to generate a license request. + Initialization Data is a generic term for container-specific data that is used by a [=CDM=] to generate a license request.

The format of the initialization data depends upon the type of container, and containers MAY support more than one format - of initialization data. The Initialization Data Type is a string that indicates the + of initialization data. The Initialization Data Type is a string that indicates the format of the accompanying Initialization Data. Initialization Data Type strings are always matched case-sensitively. It is RECOMMENDED that Initialization Data Type strings are lower-case ASCII strings.

The [[[EME-INITDATA-REGISTRY]]] [[EME-INITDATA-REGISTRY]] - provides the mapping from string to the specification for each format. + provides the mapping from [=Initialization Data Type=] string to the specification for each format.

- When the user agent encounters Initialization Data in the , it provides that Initialization Data to the application in the attribute of the event. + When the user agent encounters Initialization Data in the [=HTMLMediaElement/media data=], it provides that Initialization Data to the application in the {{MediaEncryptedEvent/initData}} attribute of the {{encrypted}} event. The user agent MUST NOT store the Initialization Data or use its content at the time it is encountered. - The application provides Initialization Data to the CDM via . - The user agent MUST NOT provide Initialization Data to the CDM by other means. + The application provides [=Initialization Data=] to the [=CDM=] via {{MediaKeySession/generateRequest()}}. + The user agent MUST NOT provide [=Initialization Data=] to the [=CDM=] by other means.

-

Initialization Data MUST be a fixed value for a given set of stream(s) or . - It MUST only contain information related to the keys required to play a given set of stream(s) or . +

Initialization Data MUST be a fixed value for a given set of stream(s) or [=HTMLMediaElement/media data=]. + It MUST only contain information related to the keys required to play a given set of stream(s) or [=HTMLMediaElement/media data=]. It MUST NOT contain application data, client-specific data, user-specific data, or executable code.

Initialization Data SHOULD NOT contain Key System-specific data or values. - Implementations MUST support the common formats defined in [[EME-INITDATA-REGISTRY]] for each they support. + Implementations MUST support the common formats defined in [[EME-INITDATA-REGISTRY]] for each [=Initialization Data Type=] they support.

Use of proprietary formats/contents is discouraged, and supporting or using only proprietary formats is strongly discouraged. @@ -363,32 +268,32 @@

Definitions

-
Associable Values
+
Associable Value

- Two or more identifiers or other values are said to be associable if they are identical or it is possible - with a reasonable amount of time and effort - to correlate or associate them. - Otherwise, the values are non-associable. + Two or more identifiers or other values are said to be associable if they are identical or it is possible - with a reasonable amount of time and effort - to correlate or associate them. + Otherwise, the values are non-associable.

-

For example, values created in the following ways are :

+

For example, values created in the following ways are [=associable=]:

  • Using a trivially-reversible hash function.

  • Sharing a prefix or other subset

  • Replacing random value N with N+10

  • XORing the origin with a fixed value (because it is trivially reversible)

-

In contrast, two values that are completely unrelated or cryptographically distinct, such as via a cryptographically strong non-reversible hash function, are .

+

In contrast, two values that are completely unrelated or cryptographically distinct, such as via a cryptographically strong non-reversible hash function, are [=non-associable=]

-

Two or more identifiers or other values are said to be associable by an entity if it is possible - with a reasonable amount of time and effort - for the referenced entity or set of entities to correlate or associate them without participation of additional entity(ies). - Otherwise, the values are non-associable by an entity. +

Two or more identifiers or other values are said to be associable by an entity if it is possible - with a reasonable amount of time and effort - for the referenced entity or set of entities to correlate or associate them without participation of additional entity(ies). + Otherwise, the values are non-associable by an entity.

-

Two or more identifiers or other values are said to be non-associable by the application if they are non-associable by an entity - where the entity is set that includes the application, all other applications, and other entities such as servers that they use or with which they communicate. - Otherwise, the values would be considered associable by the application, which is forbidden. +

Two or more identifiers or other values are said to be non-associable by the application if they are [=non-associable by an entity=] + where the entity is the set that includes the application, all other applications, and other entities such as servers that they use or with which they communicate. + Otherwise, the values would be considered associable by the application, which is forbidden.

-
Distinctive Value
+
Distinctive Value

A Distinctive Value is a value, piece of data, implication of the possession of a piece of data, or an observable behavior or timing that is not shared across a large population of users or client devices. @@ -397,11 +302,11 @@

Definitions

Examples of Distinctive Values include but are not limited to:

    -

    • -

    • +

  • [=Distinctive Identifiers=]

    • +

  • [=Distinctive Permanent Identifiers=]

  • Other identifiers

    • -

  • Session IDs

    • -

  • Licenses

    • +

  • [=Session IDs=]

    • +

  • [=Licenses=]

  • Other session data

@@ -410,24 +315,24 @@

Definitions

-
Permanent Identifiers
+
Permanent Identifier

- A Permanent Identifier is a value, piece of data, implication of the possession of a piece of data, or an observable behavior or timing that is indelible in some way or otherwise non-trivial for the user to remove, reset, or change. - This, includes but is not limited to: + A Permanent Identifier is a value, piece of data, implication of the possession of a piece of data, or an observable behavior or timing that is indelible in some way or otherwise non-trivial for the user to remove, reset, or change. + This includes but is not limited to:

  • A hardware or hardware-based identifier

  • A value provisioned in the hardware device in the factory

  • A value associated with or derived from the operating system installation instance

  • A value associated with or derived from the user agent installation instance

    • -

  • A value associated with or derived from the or other software component

    • +

  • A value associated with or derived from the [=CDM=] or other software component

  • A value in a configuration file or similar semi-permanent data, even if generated on the client

  • Client or other user account values

- A Distinctive Permanent Identifier is a Permanent Identifier that is distinctive. + A Distinctive Permanent Identifier is a [=Permanent Identifier=] that is [=distinctive=].

When exposed outside the client, Distinctive Permanent Identifiers and values derived from or otherwise related to them MUST be encrypted. @@ -437,26 +342,26 @@

Definitions

For example, a Distinctive Permanent Identifier shared among a small number of users could still be distinctive.

- A Distinctive Permanent Identifier is not a because it is not derived or generated (within the scope of this specification). + A Distinctive Permanent Identifier is not a [=Distinctive Identifier=] because it is not derived or generated (within the scope of this specification).

- controls whether Distinctive Permanent Identifiers may be used. - Specifically, Distinctive Permanent Identifiers may only be used when the value of the member of the MediaKeySystemAccess used to create the MediaKeys object is . + {{MediaKeySystemConfiguration/distinctiveIdentifier}} controls whether Distinctive Permanent Identifiers may be used. + Specifically, Distinctive Permanent Identifiers may only be used when the value of the {{MediaKeySystemConfiguration/distinctiveIdentifier}} member of the {{MediaKeySystemAccess}} used to create the {{MediaKeys}} object is {{MediaKeysRequirement/"required"}}.

-
Distinctive Identifier
+
Distinctive Identifier

A Distinctive Identifier is a value, including in opaque or encrypted form, for which it is possible for any entity external to the client to correlate or associate values beyond what a user may expect on the web platform (e.g., cookies and other site data). - For example, values that are associable by an entity other than the application across - a) origins, - b) browsing profiles, + For example, values that are [=associable by an entity|associable by an entity other than the application=] across + a) [=origins=], + b) [=browsing profiles=], or c) browsing sessions even after the user has attempted to protect his or her privacy by clearing browsing data or values for which it is not easy for a user to break such association. - In particular, a value is a Distinctive Identifier if it is possible for a central server, such as an individualization server, to associate values across origins, such as because the individualization requests contained a common value, or because values provided in individualization requests are associable by such server even after attempts to clear browsing data. - Possible causes of this include use of in the individualization process. + In particular, a value is a Distinctive Identifier if it is possible for a [=associable by an entity|central server, such as an individualization server, to associate=] values across origins, such as because the [=individualization=] requests contained a common value, or because values provided in individualization requests are [=associable by an entity|associable by such a server=] even after attempts to clear browsing data. + Possible causes of this include use of [=Distinctive Permanent Identifier(s)=] in the individualization process.

Distinctive Identifiers exposed to the application, even in encrypted form, MUST adhere to the identifier requirements, @@ -464,30 +369,30 @@

Definitions

While the instantiation or use of a Distinctive Identifier is triggered by the application's use of the APIs defined in this specification, the identifier need not be provided to the application to trigger conditions related to Distinctive Identifiers. - (The MUST NOT ever be provided to the application, even in opaque or encrypted form.) + (The [=Distinctive Permanent Identifier(s)=] MUST NOT ever be provided to the application, even in opaque or encrypted form.)

- controls whether Distinctive Identifiers may be used. - Specifically, Distinctive Identifiers may only be used when the value of the member of the MediaKeySystemAccess used to create the MediaKeys object is . + {{MediaKeySystemConfiguration/distinctiveIdentifier}} controls whether Distinctive Identifiers may be used. + Specifically, Distinctive Identifiers may only be used when the value of the {{MediaKeySystemConfiguration/distinctiveIdentifier}} member of the {{MediaKeySystemAccess}} used to create the {{MediaKeys}} object is {{MediaKeysRequirement/"required"}}.

A Distinctive Identifier is a value, piece of data, implication of the possession of a piece of data, or an observable behavior or timing for which all of the following criteria hold:

  • -

    It is distinctive.

    +

    It is [=distinctive=].

    While a Distinctive Identifier is typically unique to a user or client device, an identifier does not need to be strictly unique to be distinctive. For example, an identifier shared among a small number of users could still be distinctive.

  • It, information about it, or values derived from or otherwise related to it are exposed, even in encrypted form, outside the client. - This includes but is not limited to providing it to the application and/or license, individualization, or other server. + This includes but is not limited to providing it to the application and/or license, [=individualization=], or other server.

  • It has one or more the following properties:

      -

    • It is derived from one or more .

      • -

    • The generation, individualization, provisioning or other process that produced the value involved, used, provided, derived from, or similarly involved one or more or another Distinctive Identifier.

      • +

    • It is derived from one or more [=Distinctive Permanent Identifier(s)=].

      • +

    • The generation, [=individualization=], provisioning or other process that produced the value involved, used, provided, derived from, or similarly involved one or more [=Distinctive Permanent Identifier(s)=] or another Distinctive Identifier.

    • It is clearable but not along with cookies and other site data.

      For example, via some mechanism external to the user agent, such as an OS-level mechanism.

      @@ -496,57 +401,57 @@

      Definitions

      Other properties of concern that are normatively prohibited for values exposed to the application include:

      Examples of such normatively prohibited values include but is not limited to:

      • A single hardware-based value used for all origins.

      • A single random based value used for all origins.

        • -

      • A single value obtained from an individualization process that is used for all origins.

        • +

      • A single value obtained from an [=individualization=] process that is used for all origins.

      • Values that include all or part of any of the above values.

      • A single value that is used for multiple but not all origins.

        • -

      • A single value that is used for all origins on a domain. (Identifiers must be per-.)

        • +

      • A single value that is used for all origins on a domain. (Identifiers must be per-[=origin=].)

      • A pre-provisioned origin-specific value.

        • -

      • Values generated by trivially-reversible means, which are thus associable by the application, regardless of whether generated on the client or involving an a individualization process. For example, XORing or otherwise integrating (part of) the origin with a fixed value.

        • +

      • Values generated by trivially-reversible means, which are thus [=associable by the application=], regardless of whether generated on the client or involving an [=individualization=] process. For example, XORing or otherwise integrating (part of) the origin with a fixed value.

    - While Distinctive Identifier are usually associable by the entity that generated them they MUST be . - In other words, such correlation or association is only possible by the entity, such as an individualization server, that originally generated the Distinctive Identifier values. - Entities with access to the MUST NOT expose this capability to applications, as this would make resulting Distinctive Identifiers associable by the application, and SHOULD take care to avoid exposing such correlation to other entities or third parties. + While Distinctive Identifier are usually [=associable by an entity|associable by the entity that generated them=] they MUST be [=non-associable by applications=]. + In other words, such correlation or association is only possible by the entity, such as an [=individualization=] server, that originally generated the Distinctive Identifier values. + Entities with access to the [=Distinctive Permanent Identifier(s)=] MUST NOT expose this capability to applications, as this would make resulting Distinctive Identifiers [=associable by the application=], and SHOULD take care to avoid exposing such correlation to other entities or third parties.

    Examples of Distinctive Identifiers include but are not limited to:

      -

    • A series of bytes that is included in key requests, different from the series of bytes included by other client devices, and based on or was acquired directly or indirectly using a .

      • -

    • A public key included in key requests that is different from the public keys included in the requests by other client devices and is based on or was acquired directly or indirectly using a .

      • -

    • Demonstration of possession of a private key (e.g., by signing some data) that other client devices do not have and is based on or was acquired directly or indirectly using a .

      • +

    • A series of bytes that is included in key requests, different from the series of bytes included by other client devices, and based on or was acquired directly or indirectly using a [=Distinctive Permanent Identifier=].

      • +

    • A public key included in key requests that is different from the public keys included in the requests by other client devices and is based on or was acquired directly or indirectly using a [=Distinctive Permanent Identifier=].

      • +

    • Demonstration of possession of a private key (e.g., by signing some data) that other client devices do not have and is based on or was acquired directly or indirectly using a [=Distinctive Permanent Identifier=].

    • An identifier for such a key.

    • Such a value used to derive another value that is exposed even though the first value is not directly exposed.

    • A value derived from another Distinctive Identifier.

      • -

    • A random value that was reported to a (e.g., individualization) server along with a or provided by such a server after providing a .

      • +

    • A random value that was reported to a (e.g., [=individualization=]) server along with a [=Distinctive Permanent Identifier=] or provided by such a server after providing a [=Distinctive Permanent Identifier=].

    • A value derived from a unique value provisioned in the hardware device in the factory.

    • A value derived from a unique hardware value (e.g., MAC address or serial number) or software value (e.g., operating system installation instance or operating system user account name) in the hardware device in the factory.

      • -

    • A value derived from a unique value embedded in the CDM binary or other file used by the CDM.

      • +

    • A value derived from a unique value embedded in the [=CDM=] binary or other file used by the [=CDM=].

    Examples of things that are not Distinctive Identifiers:

      -

    • A public key shared among all copies of a given CDM version if the installed base is large.

      • +

    • A public key shared among all copies of a given [=CDM=] version if the installed base is large.

    • A nonce or ephemeral key that is unique but used in only one session.

      • -

    • A value that is not exposed, even in derived or similar ways, outside the client, including via individualization or similar.

      • -

    • Device-unique keys used in attestations between, for example, the video pipeline and the CDM when the CDM does not let these attestations further flow to the application and instead makes a new attestation on its own using a key that does not constitute a Distinctive Identifier.

      • +

    • A value that is not exposed, even in derived or similar ways, outside the client, including via [=individualization=] or similar.

      • +

    • Device-unique keys used in attestations between, for example, the video pipeline and the [=CDM=] when the [=CDM=] does not let these attestations further flow to the application and instead makes a new attestation on its own using a key that does not constitute a Distinctive Identifier.

    • -

      A value that is fully cleared/clearable along with browsing data, such as cookies, after which it will be replaced by a value that is (not just ), even by a central server such as an individualization server, AND one or more of the following:

      +

      A value that is fully cleared/clearable along with browsing data, such as cookies, after which it will be replaced by a value that is [=non-associable=]] (not just [=non-associable by applications=]), even by a central server such as an [=individualization=] server, AND one or more of the following:

        -

      • No or Distinctive Identifier was involved in the generation of the value.

        • +

      • No [=Distinctive Permanent Identifier=] or Distinctive Identifier was involved in the generation of the value.

      • It is a random value generated without inputs from the system.

      • It is a value provided by a server without the use of or knowledge of another Distinctive Identifier.

      @@ -555,46 +460,46 @@

      Definitions

-
Use of Distinctive Identifiers and Distinctive Permanent Identifiers
+
Use of Distinctive Identifiers and Distinctive Permanent Identifiers

- An implementation, configuration, instance, or object uses Distinctive Identifier(s) if, at any time during its lifetime or the lifetime of related such entities, - it exposes, even in encrypted form, one or more , information about them, or values derived from or otherwise related to them outside the client. - This includes but is not limited to providing such a value to the application and/or license, individualization, or other server. + An implementation, configuration, instance, or object uses Distinctive Identifier(s) if, at any time during its lifetime or the lifetime of related such entities, + it exposes, even in encrypted form, one or more [=Distinctive Identifier(s)=], information about them, or values derived from or otherwise related to them outside the client. + This includes but is not limited to providing such a value to the application and/or license, [=individualization=], or other server.

- An implementation, configuration, instance, or object uses Distinctive Permanent Identifier(s) if, at any time during its lifetime or the lifetime of related such entities, - it exposes, even in encrypted form, one or more , information about them, or values derived from or otherwise related to them outside the client. - This includes but is not limited to providing such a value to an individualization server. + An implementation, configuration, instance, or object uses Distinctive Permanent Identifier(s) if, at any time during its lifetime or the lifetime of related such entities, + it exposes, even in encrypted form, one or more [=Distinctive Permanent Identifier(s)=], information about them, or values derived from or otherwise related to them outside the client. + This includes but is not limited to providing such a value to an [=individualization=] server. Such values MUST NOT be provided to the application.

- An implementation, configuration, instance, or object uses Distinctive Identifier(s) or Distinctive Permanent Identifier(s) if it - uses Distinctive Identifier(s) and/or uses Distinctive Permanent Identifier(s). + An implementation, configuration, instance, or object uses Distinctive Identifier(s) or Distinctive Permanent Identifier(s) if it + [=uses Distinctive Identifier(s)=] and/or [=uses Distinctive Permanent Identifier(s)=].

- controls whether and may be used. - Specifically, such identifiers may only be used when the value of the member of the MediaKeySystemAccess used to create the MediaKeys object is . + {{MediaKeySystemConfiguration/distinctiveIdentifier}} controls whether [=Distinctive Identifiers=] and [=Distinctive Permanent Identifiers=] may be used. + Specifically, such identifiers may only be used when the value of the {{MediaKeySystemConfiguration/distinctiveIdentifier}} member of the {{MediaKeySystemAccess}} used to create the {{MediaKeys}} object is {{MediaKeysRequirement/"required"}}.

-
Cross Origin Limitations
+
Cross Origin Limitations
-

During playback, embedded media data is exposed to script in the embedding . - In order for the API to provide in the event, MUST be with the embedding page. - If is cross-origin with the embedding document, authors SHOULD use the attribute - on the and CORS headers on the response to make it . +

During playback, embedded media data is exposed to script in the embedding [=origin=]. + In order for the API to provide [=Initialization Data=] in the {{encrypted}} event, [=HTMLMediaElement/media data=] MUST be [=CORS-same-origin=] with the embedding page. + If [=HTMLMediaElement/media data=] is cross-origin with the embedding document, authors SHOULD use the {{HTMLMediaElement/crossOrigin}} attribute + on the {{HTMLMediaElement}} and CORS headers on the [=HTMLMediaElement/media data=] response to make it [=CORS-same-origin=].

-
Mixed Content Limitations
+
Mixed Content Limitations
-

During playback, embedded media data is exposed to script in the embedding . - In order for the API to provide in the event, MUST NOT be Mixed Content [[MIXED-CONTENT]]. +

During playback, embedded media data is exposed to script in the embedding [=origin=]. + In order for the API to provide [=Initialization Data=] in the {{encrypted}} event, [=HTMLMediaElement/media data=] MUST NOT be [=Mixed Content=] [[MIXED-CONTENT]].

-
Time
+
Time

Time MUST be equivalent to that represented in ECMAScript Time Values and Time Range [[ECMA-262]].

@@ -605,14 +510,14 @@

Definitions

-
Expiration Time
+
Expiration Time

- The time after which key(s) will no longer be . + The [=time=] after which key(s) will no longer be [=usable for decryption=].

-
Browsing Profile
+
Browsing Profile

A User Agent on a given machine may support execution in a variety of different contexts or modes or temporary states that are expected to behave independently @@ -624,10 +529,10 @@

Definitions

multiple independent profiles for a single account.

-
Valid Media MIME Type
+
Valid Media MIME Type

- A valid media MIME type is a media MIME type that is also a [[HTML]]. + A valid media MIME type is a media MIME type that is also a [=valid MIME type string=] [[mimesniff]]. When a MIME type includes parameters, such as `"codecs"` [[RFC6381]], such parameters MUST also be valid per the relevant specification.

@@ -639,7 +544,7 @@

Definitions

Obtaining Access to Key Systems

-

This section defines the mechanism for obtaining access to a key system. +

This section defines the mechanism for obtaining access to a [=Key System=]. The inclusion of capabilities in the request also enables feature detection.

The steps of an algorithm are always aborted when rejecting a promise.

@@ -647,31 +552,39 @@

Obtaining Access to Key Systems

Permissions Policy Integration

- is a policy-controlled feature - identified by the string encrypted-media. Its default allowlist is 'self' + {{Navigator/requestMediaKeySystemAccess()}} is a [=policy-controlled feature=] + identified by the string encrypted-media. Its + [=policy-controlled feature/default allowlist=] is 'self' [[!PERMISSIONS-POLICY]].

-
+

Navigator Extension: requestMediaKeySystemAccess()

- 
[Exposed=Window]
-partial interface Navigator {
-    [SecureContext] Promise<MediaKeySystemAccess> requestMediaKeySystemAccess (DOMString keySystem, sequence<MediaKeySystemConfiguration> supportedConfigurations);
-};

Methods

requestMediaKeySystemAccess
+ 
+          [Exposed=Window]
+          partial interface Navigator {
+            [SecureContext] Promise<MediaKeySystemAccess> requestMediaKeySystemAccess (
+                DOMString keySystem,
+                sequence<MediaKeySystemConfiguration> supportedConfigurations);
+          };
+
+
+

Methods

+
+
requestMediaKeySystemAccess()
+

Calling this method may have user-visible effects, including requests for user consent. - This method should only be called when the author intends to create and use a MediaKeys object with the provided configuration. + This method should only be called when the author intends to create and use a {{MediaKeys}} object with the provided configuration.

-

Requests access to the specified . +

Requests access to the specified [=Key System=]. When supportedConfigurations is specified, the configuration specified by at least one of its elements must be supported. - The resulting MediaKeySystemAccess will correspond to the first such element. + The resulting {{MediaKeySystemAccess}} will correspond to the first such element.

Any permission checks or user interaction, such as a prompt for consent, MUST be performed before resolving the promise.

If the keySystem is not supported or not allowed (in at least one of the supportedConfigurations, if specified), the promise is rejected. - Otherwise, it is resolved with a new MediaKeySystemAccess object. + Otherwise, it is resolved with a new {{MediaKeySystemAccess}} object.

This method is only exposed to [=secure contexts=] as indicated by the [SecureContext] IDL attribute.

@@ -680,36 +593,33 @@

Navigator Extension: requestMediaKeySystemAccess()

- +

When this method is invoked, the user agent MUST run the following steps:

    -

  1. If this's - relevant global object's - associated Document - is not allowed to use the encrypted-media feature, then throw a "SecurityError" DOMException and abort these steps.

    2. - -

  2. If keySystem is the empty string, return a promise rejected with a newly created .

    3. -

  3. If supportedConfigurations is empty, return a promise rejected with a newly created .

    4. -

  4. Let document be the calling context's .

    5. -

  5. Let origin be the of document.

    6. +

  6. If [=this=]'s [=relevant global object=]'s [=associated Document=] + is not allowed to use the encrypted-media feature, then throw a "{{SecurityError}}" + {{DOMException}} and abort these steps.

    7. + +

  7. If keySystem is the empty string, return a promise rejected with a newly created {{TypeError}}.

    8. +

  8. If supportedConfigurations is empty, return a promise rejected with a newly created {{TypeError}}.

    9. +

  9. Let document be the calling context's [=Document=].

    10. +

  10. Let origin be the [=origin=] of document.

  11. Let promise be a new promise.

  12. Run the following steps in parallel:

      -

    1. If keySystem is not one of the supported by the user agent, reject promise with a . String comparison is case-sensitive.

      2. +

    2. If keySystem is not one of the [=Key Systems=] supported by the user agent, reject promise with a {{NotSupportedError}}. String comparison is case-sensitive.

    3. Let implementation be the implementation of keySystem.

    4. For each value in supportedConfigurations:

      1. Let candidate configuration be the value.

        2. -

      2. Let supported configuration be the result of executing the algorithm on implementation, candidate configuration, and origin.

        3. +

      3. Let supported configuration be the result of executing the [=Get Supported Configuration=] algorithm on implementation, candidate configuration, and origin.

      4. If supported configuration is not NotSupported, run the following steps:

        1. -

          Let access be a new MediaKeySystemAccess object, and initialize it as follows:

          +

          Let access be a new {{MediaKeySystemAccess}} object, and initialize it as follows:

            -

          1. Set the attribute to keySystem.

            2. +

          2. Set the {{MediaKeySystemAccess/keySystem}} attribute to keySystem.

          3. Let the configuration value be supported configuration.

          4. Let the cdm implementation value be implementation.

          @@ -719,26 +629,23 @@

          Navigator Extension: requestMediaKeySystemAccess()

        5. -

      5. Reject promise with a .

        +

      6. Reject promise with a {{NotSupportedError}}.

        keySystem was not supported/allowed or none of the configurations in supportedConfigurations were supported/allowed.

    5. Return promise.

    -
    ParameterTypeNullableOptionalDescription
    keySystemDOMString - The for which access is being requested. -
    supportedConfigurationssequence<MediaKeySystemConfiguration> - A sequence of MediaKeySystemConfiguration configurations to try in order. - The first element with a satisfiable configuration will be used. -
    Return type: Promise<MediaKeySystemAccess>
+
+
+

Algorithms

-
Get Supported Configuration
-

Given a implementation implementation, MediaKeySystemConfiguration candidate configuration, and origin, this algorithm returns a supported configuration or NotSupported as appropriate.

+
Get Supported Configuration
+

Given a [=Key Systems=] implementation implementation, {{MediaKeySystemConfiguration}} candidate configuration, and origin, this algorithm returns a supported configuration or NotSupported as appropriate.

Unrecognized dictionary members in candidate configuration are ignored per [[WEBIDL]] and will never reach this algorithm. Thus, they cannot be considered as part of the configuration.

@@ -750,11 +657,11 @@
Get Supported Configuration

Supported configurations, including supported audio and video codecs, may depend on availability of optional capabilities such as - and persistent state. The following algorithm iteratively tries to find a configuration + [=Distinctive Identifier(s)=] and persistent state. The following algorithm iteratively tries to find a configuration that is both supported and has user consent (or does not need consent).

- User Agents should reuse earlier consent responses, when appropriate, at least for the duration of the + User Agents should reuse earlier consent responses, when appropriate, at least for the duration of the {{Navigator/requestMediaKeySystemAccess()}} algorithm in order to avoid repeated requests to the user for similar configurations.

@@ -777,7 +684,7 @@

Get Supported Configuration

  • Let supported configuration and, if provided, restrictions be the result of executing the - algorithm + [=Get Supported Configuration and Consent=] algorithm with implementation, candidate configuration, restrictions and origin.

    • @@ -789,23 +696,23 @@
    Get Supported Configuration
    -
    Get Supported Configuration and Consent
    -

    Given a implementation implementation, MediaKeySystemConfiguration candidate configuration, +

    Get Supported Configuration and Consent
    +

    Given a [=Key Systems=] implementation implementation, {{MediaKeySystemConfiguration}} candidate configuration, restrictions and origin, this algorithm returns a supported configuration, NotSupported, or ConsentDenied as appropriate and, in the ConsentDenied case, restrictions.

      -

    1. Let accumulated configuration be a new MediaKeySystemConfiguration dictionary.

      2. +

    2. Let accumulated configuration be a new {{MediaKeySystemConfiguration}} dictionary.

    3. - Set the member of accumulated configuration to equal the member of candidate configuration. + Set the {{MediaKeySystemConfiguration/label}} member of accumulated configuration to equal the {{MediaKeySystemConfiguration/label}} member of candidate configuration.

      4. -

    4. If the member of candidate configuration is non-empty, run the following steps:

      +

    5. If the {{MediaKeySystemConfiguration/initDataTypes}} member of candidate configuration is non-empty, run the following steps:

        -

      1. Let supported types be an empty sequence of DOMStrings.

        2. -

      2. For each value in candidate configuration's member:

        +

      3. Let supported types be an empty sequence of {{DOMString}}s.

        4. +

      4. For each value in candidate configuration's {{MediaKeySystemConfiguration/initDataTypes}} member:

        1. Let initDataType be the value.

        2. @@ -821,7 +728,7 @@
          Get Supported Configuration and Consent

      5. If supported types is empty, return NotSupported.

        6. -

      6. Set the member of accumulated configuration to supported types.

        7. +

      7. Set the {{MediaKeySystemConfiguration/initDataTypes}} member of accumulated configuration to supported types.

      6. @@ -835,32 +742,32 @@
      Get Supported Configuration and Consent
      -->

    6. - Let distinctive identifier requirement be the value of candidate configuration's member. + Let distinctive identifier requirement be the value of candidate configuration's {{MediaKeySystemConfiguration/distinctiveIdentifier}} member.

    7. - If distinctive identifier requirement is and - are not allowed according to restrictions, set distinctive identifier requirement - to . + If distinctive identifier requirement is {{MediaKeysRequirement/"optional"}} and + [=Distinctive Identifiers=] are not allowed according to restrictions, set distinctive identifier requirement + to {{MediaKeysRequirement/"not-allowed"}}.

    8. Follow the steps for distinctive identifier requirement from the following list:

      -
      +
      {{MediaKeysRequirement/"required"}}
      -

      If the implementation does not support use of Distinctive Identifier(s) in combination with accumulated configuration and restrictions, return NotSupported.

      +

      If the implementation does not support [=use of Distinctive Identifier(s)=] in combination with accumulated configuration and restrictions, return NotSupported.

      -
      +
      {{MediaKeysRequirement/"optional"}}

      Continue with the following steps.

      -
      +
      {{MediaKeysRequirement/"not-allowed"}}
      -

      If the implementation requires use Distinctive Identifier(s) or Distinctive Permanent Identifier(s) in combination with accumulated configuration and restrictions, return NotSupported.

      +

      If the implementation requires [=use of Distinctive Identifier(s) or Distinctive Permanent Identifier(s)=] in combination with accumulated configuration and restrictions, return NotSupported.

      @@ -880,33 +787,33 @@
      Get Supported Configuration and Consent

    9. - Set the member of accumulated configuration to equal distinctive identifier requirement. + Set the {{MediaKeySystemConfiguration/distinctiveIdentifier}} member of accumulated configuration to equal distinctive identifier requirement.

    10. - Let persistent state requirement be equal to the value of candidate configuration's member. + Let persistent state requirement be equal to the value of candidate configuration's {{MediaKeySystemConfiguration/persistentState}} member.

    11. - If persistent state requirement is and persisting state is not allowed according to - restrictions, set persistent state requirement to . + If persistent state requirement is {{MediaKeysRequirement/"optional"}} and persisting state is not allowed according to + restrictions, set persistent state requirement to {{MediaKeysRequirement/"not-allowed"}}.

    12. Follow the steps for persistent state requirement from the following list:

      -
      +
      {{MediaKeysRequirement/"required"}}

      If the implementation does not support persisting state in combination with accumulated configuration and restrictions, return NotSupported.

      -
      +
      {{MediaKeysRequirement/"optional"}}

      Continue with the following steps.

      -
      +
      {{MediaKeysRequirement/"not-allowed"}}

      If the implementation requires persisting state in combination with accumulated configuration and restrictions, return NotSupported.

      @@ -914,18 +821,18 @@
      Get Supported Configuration and Consent

    13. - Set the member of accumulated configuration to equal the value of persistent state requirement. + Set the {{MediaKeySystemConfiguration/persistentState}} member of accumulated configuration to equal the value of persistent state requirement.

    14. Follow the steps for the first matching condition from the following list:

      -
      If the member is [[WEBIDL]] in candidate configuration
      +
      If the {{MediaKeySystemConfiguration/sessionTypes}} member is [=map/exist|present=] [[Infra]] in candidate configuration
      -

      Let session types be candidate configuration's member.

      +

      Let session types be candidate configuration's {{MediaKeySystemConfiguration/sessionTypes}} member.

      Otherwise
      -

      Let session types be [ ].

      +

      Let session types be [ {{MediaKeySessionType/"temporary"}} ].

      15. @@ -934,77 +841,77 @@
      Get Supported Configuration and Consent

    15. Let session type be the value.

    16. - If accumulated configuration's value is and the algorithm returns true for session type return NotSupported. + If accumulated configuration's {{MediaKeySystemConfiguration/persistentState}} value is {{MediaKeysRequirement/"not-allowed"}} and the [=Is persistent session type?=] algorithm returns true for session type return NotSupported.

    17. If the implementation does not support session type in combination with accumulated configuration and restrictions for other reasons, return NotSupported.

      18. -

    18. If accumulated configuration's value is and the result of running the algorithm on session type is true, change accumulated configuration's value to .

      19. +

    19. If accumulated configuration's {{MediaKeySystemConfiguration/persistentState}} value is {{MediaKeysRequirement/"optional"}} and the result of running the [=Is persistent session type?=] algorithm on session type is true, change accumulated configuration's {{MediaKeySystemConfiguration/persistentState}} value to {{MediaKeysRequirement/"required"}}.

    -

  • Set the member of accumulated configuration to session types.

    • +

  • Set the {{MediaKeySystemConfiguration/sessionTypes}} member of accumulated configuration to session types.

  • - If the and members in candidate configuration + If the {{MediaKeySystemConfiguration/videoCapabilities}} and {{MediaKeySystemConfiguration/audioCapabilities}} members in candidate configuration are both empty, return NotSupported.

  • -
    If the member in candidate configuration is non-empty:
    +
    If the {{MediaKeySystemConfiguration/videoCapabilities}} member in candidate configuration is non-empty:
      -

    1. Let video capabilities be the result of executing the algorithm on Video, candidate configuration's member, accumulated configuration, and restrictions.

      2. +

    2. Let video capabilities be the result of executing the [=Get Supported Capabilities for Audio\/Video Type=] algorithm on Video, candidate configuration's {{MediaKeySystemConfiguration/videoCapabilities}} member, accumulated configuration, and restrictions.

    3. If video capabilities is null, return NotSupported.

      4. -

    4. Set the member of accumulated configuration to video capabilities.

      5. +

    5. Set the {{MediaKeySystemConfiguration/videoCapabilities}} member of accumulated configuration to video capabilities.

    Otherwise:
    -

    Set the member of accumulated configuration to an empty sequence.

    +

    Set the {{MediaKeySystemConfiguration/videoCapabilities}} member of accumulated configuration to an empty sequence.

  • -
    If the member in candidate configuration is non-empty:
    +
    If the {{MediaKeySystemConfiguration/audioCapabilities}} member in candidate configuration is non-empty:
      -

    1. Let audio capabilities be the result of executing the algorithm on Audio, candidate configuration's member, accumulated configuration, and restrictions.

      2. +

    2. Let audio capabilities be the result of executing the [=Get Supported Capabilities for Audio\/Video Type=] algorithm on Audio, candidate configuration's {{MediaKeySystemConfiguration/audioCapabilities}} member, accumulated configuration, and restrictions.

    3. If audio capabilities is null, return NotSupported.

      4. -

    4. Set the member of accumulated configuration to audio capabilities.

      5. +

    5. Set the {{MediaKeySystemConfiguration/audioCapabilities}} member of accumulated configuration to audio capabilities.

    Otherwise:
    -

    Set the member of accumulated configuration to an empty sequence.

    +

    Set the {{MediaKeySystemConfiguration/audioCapabilities}} member of accumulated configuration to an empty sequence.

    • -

  • If accumulated configuration's value is , follow the steps for the first matching condition from the following list:

    +

  • If accumulated configuration's {{MediaKeySystemConfiguration/distinctiveIdentifier}} value is {{MediaKeysRequirement/"optional"}}, follow the steps for the first matching condition from the following list:

    -
    If the implementation requires use Distinctive Identifier(s) or Distinctive Permanent Identifier(s) for any of the combinations in accumulated configuration
    +
    If the implementation requires [=use of Distinctive Identifier(s) or Distinctive Permanent Identifier(s)=] for any of the combinations in accumulated configuration:
    -

    Change accumulated configuration's value to .

    +

    Change accumulated configuration's {{MediaKeySystemConfiguration/distinctiveIdentifier}} value to {{MediaKeysRequirement/"required"}}.

    Otherwise
    -

    Change accumulated configuration's value to .

    +

    Change accumulated configuration's {{MediaKeySystemConfiguration/distinctiveIdentifier}} value to {{MediaKeysRequirement/"not-allowed"}}.

    • -

  • If accumulated configuration's value is , follow the steps for the first matching condition from the following list:

    +

  • If accumulated configuration's {{MediaKeySystemConfiguration/persistentState}} value is {{MediaKeysRequirement/"optional"}}, follow the steps for the first matching condition from the following list:

    If the implementation requires persisting state for any of the combinations in accumulated configuration
    -

    Change accumulated configuration's value to .

    +

    Change accumulated configuration's {{MediaKeySystemConfiguration/persistentState}} value to {{MediaKeysRequirement/"required"}}.

    Otherwise
    -

    Change accumulated configuration's value to .

    +

    Change accumulated configuration's {{MediaKeySystemConfiguration/persistentState}} value to {{MediaKeysRequirement/"not-allowed"}}.

    • @@ -1015,8 +922,8 @@
    Get Supported Configuration and Consent

  • - If accumulated configuration's value is and - the associated with accumulated configuration are not unique per origin and profile and + If accumulated configuration's {{MediaKeySystemConfiguration/distinctiveIdentifier}} value is {{MediaKeysRequirement/"required"}} and + the [=Distinctive Identifier(s)=] associated with accumulated configuration are not unique per origin and profile and clearable:

      @@ -1038,7 +945,7 @@
      Get Supported Configuration and Consent

    1. - Let consent status and updated restrictions be the result of running the algorithm on accumulated configuration, restrictions and origin and follow the steps for the value of consent status from the following list: + Let consent status and updated restrictions be the result of running the [=Get Consent Status=] algorithm on accumulated configuration, restrictions and origin and follow the steps for the value of consent status from the following list:

      @@ -1051,8 +958,8 @@
      Get Supported Configuration and Consent

      Inform the user that accumulated configuration is in use in the origin including, specifically, the information - that and/or as appropriate will be used if the - member of accumulated configuration is . Continue to the next step. + that [=Distinctive Identifier(s)=] and/or [=Distinctive Permanent Identifier(s)=] as appropriate will be used if the {{MediaKeySystemConfiguration/distinctiveIdentifier}} + member of accumulated configuration is {{MediaKeysRequirement/"required"}}. Continue to the next step.

      Allowed:
      @@ -1069,18 +976,18 @@
      Get Supported Configuration and Consent
    • -
    Get Supported Capabilities for Audio/Video Type
    -

    Given an audio/video type, MediaKeySystemMediaCapability sequence requested media capabilities, MediaKeySystemConfiguration accumulated configuration, and restrictions, this algorithm returns a sequence of supported MediaKeySystemMediaCapability values for this audio/video type or null as appropriate.

    +
    Get Supported Capabilities for Audio/Video Type
    +

    Given an audio/video type, {{MediaKeySystemMediaCapability}} sequence requested media capabilities, {{MediaKeySystemConfiguration}} accumulated configuration, and restrictions, this algorithm returns a sequence of supported {{MediaKeySystemMediaCapability}} values for this audio/video type or null as appropriate.

    1. Let local accumulated configuration be a local copy of accumulated configuration.

      2. -

    2. Let supported media capabilities be an empty sequence of MediaKeySystemMediaCapability dictionaries.

      3. +

    3. Let supported media capabilities be an empty sequence of {{MediaKeySystemMediaCapability}} dictionaries.

    4. For each requested media capability in requested media capabilities:

        -

      1. Let content type be requested media capability's member.

        2. -

      2. Let encryption scheme be requested media capability’s member.

        3. -

      3. Let robustness be requested media capability's member.

        4. +

      4. Let content type be requested media capability's {{MediaKeySystemMediaCapability/contentType}} member.

        5. +

      5. Let encryption scheme be requested media capability’s {{MediaKeySystemMediaCapability/encryptionScheme}} member.

        6. +

      6. Let robustness be requested media capability's {{MediaKeySystemMediaCapability/robustness}} member.

      7. If content type is the empty string, return null.

        8. -

      8. If content type is not a or is unrecognized, continue to the next iteration.

        9. +

      9. If content type is not a [=valid media MIME type=] or is unrecognized, continue to the next iteration.

      10. Let container be the container type specified by content type.

      11. If the user agent does not support container, continue to the next iteration. The case-sensitivity of string comparisons is determined by the appropriate RFC.

        Per RFC 6838 [[RFC6838]], "Both top-level type and subtype names are case-insensitive."

        @@ -1114,7 +1021,7 @@
        Get Supported Capabilities for Audio/Video Type

      12. If encryption scheme is non-null and is not recognized or not supported by implementation, continue to the next iteration.

      13. If robustness is not the empty string and contains an unrecognized value or a value not supported by implementation, continue to the next iteration. String comparison is case-sensitive.

        14. -

      14. If the user agent and implementation definitely support playback of encrypted for the combination of container, media types, encryption scheme, robustness and local accumulated configuration in combination with restrictions:

        +

      15. If the user agent and implementation definitely support playback of encrypted [=HTMLMediaElement/media data=] for the combination of container, media types, encryption scheme, robustness and local accumulated configuration in combination with restrictions:

        requested media capability (content type and robustness) must be supported when used together with all previously added requested media capabilities.

        1. @@ -1131,13 +1038,13 @@
          Get Supported Capabilities for Audio/Video Type
          If audio/video type is Video:

          - Add requested media capability to the member of local accumulated configuration. + Add requested media capability to the {{MediaKeySystemConfiguration/videoCapabilities}} member of local accumulated configuration.

          If audio/video type is Audio:

          - Add requested media capability to the member of local accumulated configuration. + Add requested media capability to the {{MediaKeySystemConfiguration/audioCapabilities}} member of local accumulated configuration.

    @@ -1151,14 +1058,14 @@
    Get Supported Capabilities for Audio/Video Type

  • If supported media capabilities is empty, return null.

    -

    None of the MediaKeySystemMediaCapability elements in requested media capabilities is supported in combination with accumulated configuration.

    +

    None of the {{MediaKeySystemMediaCapability}} elements in requested media capabilities is supported in combination with accumulated configuration.

  • Return supported media capabilities.

    • -
    Get Consent Status
    +
    Get Consent Status

    Given an accumulated configuration, restrictions and origin, this algorithm returns the consent status for accumulated configuration and origin as one of ConsentDenied, InformUser or Allowed, @@ -1166,13 +1073,13 @@

    Get Consent Status

    - Consent status for accumulated configuration depends at least on the value of the member of + Consent status for accumulated configuration depends at least on the value of the {{MediaKeySystemConfiguration/distinctiveIdentifier}} member of accumulated configuration.

    - Previous consent for accumulated configuration with - set to does not imply consent for the same configuration with - set to or . + Previous consent for accumulated configuration with {{MediaKeySystemConfiguration/distinctiveIdentifier}} + set to {{MediaKeysRequirement/"not-allowed"}} does not imply consent for the same configuration with {{MediaKeySystemConfiguration/distinctiveIdentifier}} + set to {{MediaKeysRequirement/"optional"}} or {{MediaKeysRequirement/"required"}}.

      @@ -1201,11 +1108,11 @@
      Get Consent Status

      • - The member of accumulated configuration is not - and the combination of the User Agent, implementation + The {{MediaKeySystemConfiguration/distinctiveIdentifier}} member of accumulated configuration is not + {{MediaKeysRequirement/"not-allowed"}} and the combination of the User Agent, implementation and accumulated configuration does not follow all the recommendations of Allow Persistent Data to Be Cleared with respect to - . + [=Distinctive Identifier(s)=].

      • @@ -1213,7 +1120,7 @@
        Get Consent Status
        The user agent requires explicit user consent for the accumulated configuration for other reasons.

        - Another reason for requiring explicit user consent may be due to the security properties of the CDM implementation. + Another reason for requiring explicit user consent may be due to the security properties of the [=CDM=] implementation.

      @@ -1224,11 +1131,10 @@
      Get Consent Status
      Request user consent to use accumulated configuration in the origin and wait for the user response.

      - The consent MUST include consent to use a and/or as appropriate if - accumulated configuration's member is . + The consent MUST include consent to use a [=Distinctive Identifier(s)=] and/or [=Distinctive Permanent Identifier(s)=] as appropriate if + accumulated configuration's {{MediaKeySystemConfiguration/distinctiveIdentifier}} member is {{MediaKeysRequirement/"required"}}.

      -

      User consent to use accumulated configuration is specific to the origin and may be limited to configurations sharing certain properties with accumulated configuration.

      @@ -1245,8 +1151,8 @@
      Get Consent Status

    1. - If the member of accumulated configuration is not - , return InformUser. + If the {{MediaKeySystemConfiguration/distinctiveIdentifier}} member of accumulated configuration is not + {{MediaKeysRequirement/"not-allowed"}}, return InformUser.

    2. @@ -1262,113 +1168,123 @@
      Get Consent Status
    -
    -

    MediaKeySystemConfiguration dictionary

    +
    +

    MediaKeySystemConfiguration dictionary

    - 
    enum MediaKeysRequirement {
-    "required",
-    "optional",
-    "not-allowed"
-};
    + 
    +          enum MediaKeysRequirement {
+            "required",
+            "optional",
+            "not-allowed"
+          };
+

    The MediaKeysRequirement enumeration is defined as follows:

    - - - - - + + + - - + + @@ -3007,19 +2991,19 @@

    Algorithms

    Media Data May Contain Encrypted Blocks

    - The Media Data May Contain Encrypted Blocks algorithm pauses playback if the user agent requires specification of a MediaKeys object before playing the media data. - Requests to run this algorithm include a target object. + The Media Data May Contain Encrypted Blocks algorithm pauses playback if the user agent requires specification of a {{MediaKeys}} object before playing the media data. + Requests to run this algorithm include a target {{HTMLMediaElement}} object.

    The following steps are run:

      -

    1. Let the media element be the specified object.

      2. +

    2. Let the media element be the specified {{HTMLMediaElement}} object.

    3. -

      If the media element's attribute is null and the implementation requires specification of a MediaKeys object before decoding potentially-encrypted , run the following steps:

      -

      These steps may be reached when the application provides before calling to provide a MediaKeys object. - Selecting a may affect the pipeline and/or decoders used, so some implementations may delay playback of media data that may contain encrypted blocks until a CDM is specified by passing a MediaKeys object to . +

      If the media element's {{HTMLMediaElement/mediaKeys}} attribute is null and the implementation requires specification of a {{MediaKeys}} object before decoding potentially-encrypted [=HTMLMediaElement/media data=], run the following steps:

      +

      These steps may be reached when the application provides [=HTMLMediaElement/media data=] before calling {{HTMLMediaElement/setMediaKeys()}} to provide a {{MediaKeys}} object. + Selecting a [=CDM=] may affect the pipeline and/or decoders used, so some implementations may delay playback of media data that may contain encrypted blocks until a [=CDM=] is specified by passing a {{MediaKeys}} object to {{HTMLMediaElement/setMediaKeys()}}.

        -

      1. Run the algorithm on the media element.

        2. +

      2. Run the [=Wait for Key=] algorithm on the media element.

      3. Wait for a signal to resume playback.

      4. @@ -3029,31 +3013,31 @@

      Media Data May Contain Encrypted Blocks

      Initialization Data Encountered

      - The Initialization Data Encountered algorithm queues an event for encountered in the . - Requests to run this algorithm include a target object. + The Initialization Data Encountered algorithm queues an {{encrypted}} event for [=Initialization Data=] encountered in the [=HTMLMediaElement/media data=]. + Requests to run this algorithm include a target {{HTMLMediaElement}} object.

      The following steps are run:

        -

      1. Let the media element be the specified object.

        2. +

      2. Let the media element be the specified {{HTMLMediaElement}} object.

      3. Let initDataType be the empty string.

      4. Let initData be null.

      5. -

        If the is and not mixed content, run the following steps:

        +

        If the [=HTMLMediaElement/media data=] is [=CORS-same-origin=] and not [=mixed content limitations|mixed content=], run the following steps:

          -

        1. Let initDataType be the string representing the of the Initialization Data.

          2. +

        2. Let initDataType be the string representing the [=Initialization Data Type=] of the Initialization Data.

        3. Let initData be the Initialization Data.

        While the media element may allow loading of "Upgradeable Content" [[MIXED-CONTENT]], the user agent MUST NOT expose Initialization Data from such media data to the application.

      6. -

        to create an event named that does not bubble and is not cancellable using the MediaEncryptedEvent interface with its type attribute set to encrypted and its isTrusted attribute initialized to true, and dispatch it at the media element.

        +

        [=Queue a task=] to create an event named {{encrypted}} that does not bubble and is not cancellable using the MediaEncryptedEvent interface with its type attribute set to encrypted and its isTrusted attribute initialized to true, and dispatch it at the media element.

        The event interface MediaEncryptedEvent has:

        • - = initDataType

          - = initData + {{MediaEncryptedEvent/initDataType}} = initDataType

          + {{MediaEncryptedEvent/initData}} = initData
        -

        is not changed and no algorithms are aborted. This event merely provides information.

        -

        The attribute will be null if the media data is not or is mixed content. +

        {{HTMLMediaElement/readyState}} is not changed and no algorithms are aborted. This event merely provides information.

        +

        The {{MediaEncryptedEvent/initData}} attribute will be null if the media data is not [=CORS-same-origin=] or is [=mixed content limitations|mixed content=]. Applications may retrieve the Initialization Data from an alternate source.

        7. @@ -3064,11 +3048,11 @@

        Initialization Data Encountered

        Encrypted Block Encountered

        The Encrypted Block Encountered algorithm queues a block of encrypted media data for decryption and attempts to decrypt if possible. - Requests to run this algorithm include a target object. + Requests to run this algorithm include a target {{HTMLMediaElement}} object.

        The following steps are run:

          -

        1. Let the media element be the specified object.

          2. +

        2. Let the media element be the specified {{HTMLMediaElement}} object.

        3. Let block be the block of encrypted media data.

          4. @@ -3076,41 +3060,41 @@

          Encrypted Block Encountered

          Add block to the end of the media element's encrypted block queue.

        4. -

          If the media element's decryption blocked waiting for key value is false, run the algorithm.

          +

          If the media element's decryption blocked waiting for key value is false, run the [=Attempt to Decrypt=] algorithm.

      -

      Attempt to Decrypt

      +

      Attempt to Decrypt

      The Attempt to Decrypt algorithm attempts to decrypt media data that is queued for decryption. - Requests to run this algorithm include a target object. + Requests to run this algorithm include a target {{HTMLMediaElement}} object.

      The following steps are run:

        -

      1. Let the media element be the specified object.

        2. +

      2. Let the media element be the specified {{HTMLMediaElement}} object.

      3. If the media element's encrypted block queue is empty, abort these steps.

        4. -

      4. If the media element's attribute is not null, run the following steps:

        +

      5. If the media element's {{HTMLMediaElement/mediaKeys}} attribute is not null, run the following steps:

          -

        1. Let media keys be the MediaKeys object referenced by that attribute.

          2. -

        2. Let cdm be the CDM instance represented by media keys's cdm instance value.

          3. +

        3. Let media keys be the {{MediaKeys}} object referenced by that attribute.

          4. +

        4. Let cdm be the [=CDM=] instance represented by media keys's cdm instance value.

        5. If cdm is no longer usable for any reason, run the following steps:

          -

          These steps are intended to be run on unrecoverable failures of the CDM.

          +

          These steps are intended to be run on unrecoverable failures of the [=CDM=].

          1. -

            Run the steps of the .

            +

            Run the media data is corrupted steps of the [=resource fetch algorithm=].

          2. -

            Run the algorithm on media keys.

            +

            Run the [=CDM Unavailable=] algorithm on media keys.

          3. Abort these steps.

          6. -

        6. If there is at least one MediaKeySession created by the media keys that is not , run the following steps:

          +

        7. If there is at least one {{MediaKeySession}} created by the media keys that is not [=media key session/closed=], run the following steps:

          This check ensures the cdm has finished loading and is a prerequisite for a matching key being available.

          1. Let block be the first entry in the media element's encrypted block queue.

            2. @@ -3121,11 +3105,11 @@

            Attempt to Decrypt

            1. Let available keys be the union of keys in sessions that were created by the media keys.

            2. Let block key be null.

              3. -

            3. If any of the available keys corresponds to the block key ID and is , let session be a - MediaKeySession object containing that key and let block key be that key.

              -

              If multiple sessions contain a key that is for the block key ID, which session and key to use is -dependent.

              +

            4. If any of the available keys corresponds to the block key ID and is [=usable for decryption=], let session be a + {{MediaKeySession}} object containing that key and let block key be that key.

              +

              If multiple sessions contain a key that is [=usable for decryption=] for the block key ID, which session and key to use is [=Key System=]-dependent.

              5. -

            5. If the status of any of the available keys changed as the result of running the preceding step, to run the algorithm on each affected session, providing all key ID(s) in the session along with the appropriate MediaKeyStatus value(s) for each.

              6. +

            6. If the status of any of the available keys changed as the result of running the preceding step, [=queue a task=] to run the [=Update Key Statuses=] algorithm on each affected session, providing all [=key ID=](s) in the session along with the appropriate {{MediaKeyStatus}} value(s) for each.

            7. If block key is not null, run the following steps:

              1. Use the cdm to decrypt block using block key.

                2. @@ -3135,10 +3119,10 @@

                Attempt to Decrypt

                1. -

                  Run the steps of the .

                  +

                  Run the media data is corrupted steps of the [=resource fetch algorithm=].

                2. -

                  If cdm is no longer usable for any reason then run the algorithm on media keys.

                  +

                  If cdm is no longer usable for any reason then run the [=CDM Unavailable=] algorithm on media keys.

                3. Abort these steps.

                  @@ -3170,15 +3154,16 @@

                  Attempt to Decrypt

                4. Set the media element's decryption blocked waiting for key value to true.

                  -

                  This step is reached when there is no key that is for block.

                  +

                  This step is reached when there is no key that is [=usable for decryption=] for block.

                  -

                  Once the user agent has rendered the blocks preceding the block that cannot be decrypted (as much as it can, such as, all complete video frames), it will run the algorithm.

                  +

                  Once the user agent has rendered the blocks preceding the block that cannot be decrypted (as much as it can, such as, all complete video frames), it will run the [=Wait for Key=] algorithm.

                  That algorithm is not run directly here in order to allow implementations to decrypt and decode media data ahead of the ahead of the current playback position without affecting the visible behavior.

                  +
                -

                For frame-based encryption, this may be implemented as follows when the media element attempts to decode a frame as part of the :

                +

                For frame-based encryption, this may be implemented as follows when the media element attempts to decode a frame as part of the [=resource fetch algorithm=]:

                1. Let encrypted be false.

                2. Detect whether the frame is encrypted.

                  @@ -3196,74 +3181,74 @@

                  Attempt to Decrypt

      -

      Wait for Key

      +

      Wait for Key

      - The Wait for Key algorithm queues a event and updates . - It should only be called when the object is and its is equal to or greater. - Requests to run this algorithm include a target object. + The Wait for Key algorithm queues a {{waitingforkey}} event and updates {{HTMLMediaElement/readyState}}. + It should only be called when the {{HTMLMediaElement}} object is [=media element/potentially playing=] and its {{HTMLMediaElement/readyState}} is equal to {{HTMLMediaElement/HAVE_FUTURE_DATA}} or greater. + Requests to run this algorithm include a target {{HTMLMediaElement}} object.

      The following steps are run:

        -

      1. Let the media element be the specified object.

        2. +

      2. Let the media element be the specified {{HTMLMediaElement}} object.

      3. If the media element's playback blocked waiting for key value is true, abort these steps.

      4. Set the media element's playback blocked waiting for key value to true.

        -

        As a result of the above step, the media element will become a if it wasn't already. In that case, the media element will stop playback.

        +

        As a result of the above step, the media element will become a blocked media element if it wasn't already. In that case, the media element will stop playback.

      5. Follow the steps for the first matching condition from the following list:

        -
        If data for the immediate is available
        +
        If data for the immediate current playback position is available
        -

        Set the of media element to .

        +

        Set the {{HTMLMediaElement/readyState}} of media element to {{HTMLMediaElement/HAVE_CURRENT_DATA}}.

        Otherwise
        -

        Set the of media element to .

        +

        Set the {{HTMLMediaElement/readyState}} of media element to {{HTMLMediaElement/HAVE_METADATA}}.

        - In other words, if the video frame and audio data for the have been decoded because they were unencrypted and/or successfully decrypted, set to . - Otherwise, including if this was previously the case but the data is no longer available, set to . + In other words, if the video frame and audio data for the current playback position have been decoded because they were unencrypted and/or successfully decrypted, set {{HTMLMediaElement/readyState}} to {{HTMLMediaElement/HAVE_CURRENT_DATA}}. + Otherwise, including if this was previously the case but the data is no longer available, set {{HTMLMediaElement/readyState}} to {{HTMLMediaElement/HAVE_METADATA}}.

        6. -

      6. at the media element.

        7. +

      7. [=Queue a task=] to [=fire an event=] named {{waitingforkey}} at the media element.

      8. Suspend playback.

      -

      Attempt to Resume Playback If Necessary

      +

      Attempt to Resume Playback If Necessary

      - The Attempt to Resume Playback If Necessary algorithm resumes playback if the media element is blocked waiting for a key and necessary key is currently - Requests to run this algorithm include a target object. + The Attempt to Resume Playback If Necessary algorithm resumes playback if the media element is blocked waiting for a key and necessary key is currently [=usable for decryption=] + Requests to run this algorithm include a target {{HTMLMediaElement}} object.

      The following steps are run:

        -

      1. Let the media element be the specified object.

        2. +

      2. Let the media element be the specified {{HTMLMediaElement}} object.

      3. If the media element's playback blocked waiting for key is false, abort these steps.

        4. -

      4. Run the algorithm on the media element.

        5. -

      5. If the user agent can advance the in the :

        +

      6. Run the [=Attempt to Decrypt=] algorithm on the media element.

        7. +

      7. If the user agent can advance the current playback position in the direction of playback:

        1. Set the media element's decryption blocked waiting for key value to false.

        2. Set the media element's playback blocked waiting for key value to false.

          -

          As a result of the above step, the media element may no longer be a and thus playback may resume.

          +

          As a result of the above step, the media element may no longer be a blocked media element and thus playback may resume.

        3. - Set the media element's value to , or - as appropriate. + Set the media element's {{HTMLMediaElement/readyState}} value to {{HTMLMediaElement/HAVE_CURRENT_DATA}}, {{HTMLMediaElement/HAVE_FUTURE_DATA}} or + {{HTMLMediaElement/HAVE_ENOUGH_DATA}} as appropriate.

          - States beyond and the event do not + States beyond {{HTMLMediaElement/HAVE_CURRENT_DATA}} and the [=HTMLMediaElement/canplaythrough=] event do not (or are unlikely to) consider key availability beyond the current key.

          - The change in ready state may also cause HTMLMediaElement events to be fired as described here. + The change in ready state may also cause {{HTMLMediaElement}} events to be fired as described here.

          4. @@ -3275,7 +3260,7 @@

          Attempt to Resume Playback If Necessary

          Media Element Restrictions

          -

          Media data processed by a CDM MAY be unavailable through web platform APIs in the usual way (for example using the CanvasRenderingContext2D drawImage() method and the AudioContext MediaElementAudioSourceNode). +

          Media data processed by a [=CDM=] MAY be unavailable through web platform APIs in the usual way (for example using the {{CanvasRenderingContext2D}} {{CanvasDrawImage/drawImage()}} method and the {{AudioContext}} {{MediaElementAudioSourceNode}}). This specification does not define conditions for such non-availability of media data, however, if media data is not available to through such APIs then they MAY behave as if no media data was present at all.

          Where media rendering is not performed by the UA, for example in the case of a hardware-based media pipeline, the full set of HTML rendering capabilities, for example CSS Transforms, MAY be unavailable. One likely restriction is that video media MAY be constrained to appear only in rectangular regions with sides parallel to the edges of the window and with normal orientation.

          @@ -3286,15 +3271,15 @@

          Media Element Restrictions

          Implementation Requirements

          - This section defines implementation requirements - for both user agents and , including the and server(s) - that may not be explicitly addressed in the algorithms. - The requirements here and throughout the spec apply to all implementations, regardless of whether the CDM is separate from or a part of the user agent. + This section defines implementation requirements - for both user agents and [=Key Systems=], including the [=CDM=] and server(s) - that may not be explicitly addressed in the algorithms. + The requirements here and throughout the spec apply to all implementations, regardless of whether the [=CDM=] is separate from or a part of the user agent.

          CDM Constraints

          - User agent implementers MUST ensure that CDMs do not access any information, storage or system capabilities that are not reasonably required for playback of protected media using the features of this specification. - Specifically, the CDM SHALL NOT: + User agent implementers MUST ensure that [=CDMs=] do not access any information, storage or system capabilities that are not reasonably required for playback of protected media using the features of this specification. + Specifically, the [=CDM=] SHALL NOT:

          • @@ -3309,7 +3294,7 @@

            CDM Constraints

          • - Access user data other than CDM state and persistent data. + Access user data other than [=CDM=] state and persistent data.

          • @@ -3319,18 +3304,18 @@

            CDM Constraints

          - User Agent implementers may use various techniques to meet the above requirements. For example, a User Agent implementer also implementing their own CDM may include the above as design requirements for that component. - A User Agent implementer making use of a third party CDM may ensure that it executes in a constrained environment (e.g., "sandbox") without access to the prohibited information and components. + User Agent implementers may use various techniques to meet the above requirements. For example, a User Agent implementer also implementing their own [=CDM=] may include the above as design requirements for that component. + A User Agent implementer making use of a third party [=CDM=] may ensure that it executes in a constrained environment (e.g., "sandbox") without access to the prohibited information and components.

          Messages and Communication

          - All messages and communication to and from the CDM, such as between the CDM and a license server, MUST be passed through the user agent. - The CDM MUST NOT make direct out-of band network requests. + All messages and communication to and from the [=CDM=], such as between the [=CDM=] and a license server, MUST be passed through the user agent. + The [=CDM=] MUST NOT make direct out-of band network requests. All messages and communication other than those described in Direct Individualization MUST be passed through the application via the APIs defined in this specification. - Specifically, all communication that contains application-, -, or content-specific information or is sent to a URL specified by the application or based on its origin, MUST pass through the APIs. + Specifically, all communication that contains application-, [=origin=]-, or content-specific information or is sent to a URL specified by the application or based on its origin, MUST pass through the APIs. This includes all license exchange messages.

          @@ -3338,15 +3323,15 @@

          Messages and Communication

          Persistent Data

          - Persistent Data includes all data stored by the CDM, or by the User Agent on behalf of the CDM, that exists after the destruction of the MediaKeys object. Specifically, it includes any identifiers (including ), licenses, keys, key IDs, or stored by the CDM or by the User Agent on behalf of the CDM. + Persistent Data includes all data stored by the [=CDM=], or by the User Agent on behalf of the [=CDM=], that exists after the destruction of the {{MediaKeys}} object. Specifically, it includes any identifiers (including [=Distinctive Identifier(s)=]), licenses, keys, key IDs, or [=records of license destruction=] stored by the [=CDM=] or by the User Agent on behalf of the [=CDM=].

          -

          Use origin-specific and browsing profile-specific Key System storage

          -

          Persistent Data that might impact messages or behavior in an application- or license server-visible way MUST be stored in an -specific and -specific way and MUST NOT leak to or from private browsing sessions. - Specifically but not exhaustively, session data, licenses, keys and per-origin identifiers MUST be stored per- and per-. +

          Use origin-specific and browsing profile-specific [=Key System=] storage

          +

          Persistent Data that might impact messages or behavior in an application- or license server-visible way MUST be stored in an [=origin=]-specific and [=browsing profile=]-specific way and MUST NOT leak to or from private browsing sessions. + Specifically but not exhaustively, session data, licenses, keys and per-origin identifiers MUST be stored per-[=origin=] and per-[=browsing profile=].

          - See . + See Session Storage and Persistence.

          @@ -3387,12 +3372,14 @@

          Allow Persistent Data to Be Cleared

        4. - Allow users to clear Persistent Data on a per- and per- basis, particularly as part of a "Forget about this site" feature that forgets cookies [[COOKIES]], databases, etc. associated with a particular site. + Allow users to clear Persistent Data on a per-[=origin=] and per-[=browsing profile=] basis, particularly as part of a "Forget about this site" feature that forgets cookies [[COOKIES]], databases, etc. associated with a particular site.

        5. Ensure that operations which clear Persistent Data are sufficiently atomic to prevent a "cookie resurrection" type of recorrelation of a new identifier with the old by relying on another type of locally stored data that did not get cleared at the same time. See incomplete clearing of data. +

          +

        6. Present these interfaces in a way that helps users to understand the possibility of incomplete clearing of data and enables them to delete data associated with all features that persist data, including cookies [[COOKIES]] and web storage, simultaneously. @@ -3400,12 +3387,12 @@

          Allow Persistent Data to Be Cleared

        7. - Present the interfaces for disabling and re-enabling a Key System in a way that helps users to understand the possibility of incomplete clearing of data and enables them to delete all such data in all persistent storage features simultaneously. + Present the interfaces for disabling and re-enabling a [=Key System=] in a way that helps users to understand the possibility of incomplete clearing of data and enables them to delete all such data in all persistent storage features simultaneously.

        8. - Allow users to specifically delete Persistent Data, by and/or for all origins. + Allow users to specifically delete Persistent Data, by [=origin=] and/or for all origins.

          9. @@ -3420,7 +3407,7 @@

          Encrypt or obfuscate Persistent Data

          Values Exposed to the Application

          -

          Values exposed to or inferable by, such as via its use by the CDM, the application could be used to identify the client or user, regardless of whether they are designed to be identifiers. +

          Values exposed to or inferable by, such as via its use by the [=CDM=], the application could be used to identify the client or user, regardless of whether they are designed to be identifiers. This section defines requirements for avoiding or at least mitigating such concerns. There are additional requirements for Identifiers.

          @@ -3429,13 +3416,13 @@

          Values Exposed to the Application

          Use Per-Origin Per-Profile Values

          - All distinctive values exposed to or inferable by the application MUST be unique per and . - That is, the value(s) used for one using the APIs defined in this specification MUST be different from those used for any other origin using the APIs, - and value(s) used in one MUST be different from those used for any other profile, regardless of origin. + All [=Distinctive Values=] exposed to or inferable by the application MUST be unique per [=origin=] and [=browsing profile=]. + That is, the value(s) used for one [=origin=] using the APIs defined in this specification MUST be different from those used for any other origin using the APIs, + and value(s) used in one [=browsing profile=] MUST be different from those used for any other profile, regardless of origin. Such values MUST NOT leak to or from private browsing sessions.

          - Values across origins and profiles MUST be non-associable by applications, meaning it MUST NOT be possible to correlate values from multiple origins or profiles, such as to determine that they came from the same client or user. + Values across origins and profiles MUST be [=non-associable by applications=], meaning it MUST NOT be possible to correlate values from multiple origins or profiles, such as to determine that they came from the same client or user. Specifically, implementations that derive per-origin values from an origin-independent and/or profile-independent value, MUST do so in a way that ensures the above non-associability property, such as by using derivation functions with appropriate non-reversible properties.

          @@ -3449,14 +3436,14 @@

          Allow Values to Be Cleared

          such that the values are no longer retrievable, observable, or inferable both outside, such as via the APIs defined in this specification, and on the client device.

          - Once cleared, new value(s) MUST be generated when values are subsequently needed. + Once cleared, new [=non-associable by applications=] value(s) MUST be generated when values are subsequently needed.

          Identifiers

          -

          The use of identifiers, especially Distinctive Identifier(s) or Distinctive Permanent Identifier(s), by implementations presents a privacy concern. +

          The use of identifiers, especially [=uses Distinctive Identifier(s) or Distinctive Permanent Identifier(s)|Distinctive Identifier(s) or Distinctive Permanent Identifier(s)=], by implementations presents a privacy concern. This section defines requirements for avoiding or at least mitigating such concerns. The requirements for Values Exposed to the Application also apply to identifiers exposed to the application.

          @@ -3466,7 +3453,7 @@

          Identifiers

        9. Limit or Avoid use of Distinctive Identifiers and Permanent Identifiers.

        10. - All identifers except Permanent Identifiers MUST be unique per origin and profile, non-associable, and clearable. + All identifers except [=Permanent Identifiers=] MUST be unique per origin and profile, non-associable, and clearable.

        11. @@ -3474,12 +3461,12 @@

          Identifiers

          All identifers SHOULD be encrypted when exposed outside the client.

          12. -

        12. MUST be encrypted when exposed outside the client, unique per origin and profile, and clearable.

          13. -

        13. MUST be encrypted when exposed outside the client and MUST NOT be exposed to the application.

          14. +

        14. [=Distinctive Identifiers=] MUST be encrypted when exposed outside the client, unique per origin and profile, and clearable.

          15. +

        15. [=Distinctive Permanent Identifiers=] MUST be encrypted when exposed outside the client and MUST NOT be exposed to the application.

        16. - All potential identifiers or distinctive values not covered above that are generated as a result of use of the APIs defined in this specification MUST be unique per origin and profile and clearable. - This includes but is not limited to random identifiers, session data, and other CDM data. + All potential identifiers or [=Distinctive Values=] not covered above that are generated as a result of use of the APIs defined in this specification MUST be unique per origin and profile and clearable. + This includes but is not limited to random identifiers, session data, and other [=CDM=] data.

          17. @@ -3489,22 +3476,22 @@

          Identifiers

          Limit or Avoid use of Distinctive Identifiers and Permanent Identifiers

          • -

            Implementations SHOULD avoid use of Distinctive Identifier(s) or Distinctive Permanent Identifier(s).

            +

            Implementations SHOULD avoid [=use of Distinctive Identifier(s) or Distinctive Permanent Identifier(s)=].

            For example, use identifiers or other values that apply to a group of clients or devices rather than individual clients.

          • -

            Implementations SHOULD only use Distinctive Identifier(s) or Distinctive Permanent Identifier(s) when necessary to enforce the policies related to the specific CDM instance and session.

            -

            For example, and sessions may have different requirements.

            +

            Implementations SHOULD only [=use Distinctive Identifier(s) or Distinctive Permanent Identifier(s)=] when necessary to enforce the policies related to the specific [=CDM=] instance and session.

            +

            For example, {{MediaKeySessionType/"temporary"}} and {{MediaKeySessionType/"persistent-license"}} sessions may have different requirements.

          • - Implementations that use Distinctive Identifier(s) or Distinctive Permanent Identifier(s) SHOULD support the option to not use them. + Implementations that [=use Distinctive Identifier(s) or Distinctive Permanent Identifier(s)=] SHOULD support the option to not use them. Implementations with such support SHOULD expose the ability for the user to select this option.

            - When supported, applications can select for this mode using = . - Selecting such an option may affect the results of the call and/or the license requests that are generated from subsequently generated sessions. + When supported, applications can select for this mode using {{MediaKeySystemConfiguration/distinctiveIdentifier}} = {{MediaKeysRequirement/"not-allowed"}}. + Selecting such an option may affect the results of the {{Navigator/requestMediaKeySystemAccess()}} call and/or the license requests that are generated from subsequently generated sessions.

            Providing the user access to select or choose this implementation capability may allow the user to access content while maintaining a higher degree of privacy. @@ -3517,32 +3504,32 @@

            Limit or Avoid use of Distinctive Identifiers and Permanent Identifiers

            Encrypt Identifiers

            - and MUST be encrypted at the message exchange level when exposed outside the client. + [=Distinctive Identifiers=] and [=Distinctive Permanent Identifiers=] MUST be encrypted at the message exchange level when exposed outside the client. All other identifiers SHOULD be encrypted at the message exchange level when exposed outside the client. - The encryption MUST ensure that any two instances of the identifier ciphertext are associable only by an entity in possession of the decryption key. + The encryption MUST ensure that any two instances of the identifier ciphertext are [=associable by an entity|associable=] only by an entity in possession of the decryption key.

            Identifiers may be exposed in the following ways:

              -

            • To the application via a event.

              • -

            • In a message from a server, such as one that is passed to .

              • -

            • As part of individualization.

              • +

            • To the application via a {{message}} event.

              • +

            • In a message from a server, such as one that is passed to {{MediaKeySession/update()}}.

              • +

            • As part of [=individualization=].

            - The MUST verify that the encryption key belongs to a valid server for its Key System. + The [=CDM=] MUST verify that the encryption key belongs to a valid server for its [=Key System=]. For identifers exposed to the application, this MAY be implemented using a server certificate.

            -

            The server MUST NOT expose a to any entity other than the CDM that sent it.

            -

            Specifically, it should not be provided to the application or included unencrypted in messages to the CDM. - This can be accomplished by encrypting the identifier or message with the identifier or such that it is only decryptable by that specific CDM. +

            The server MUST NOT expose a [=Distinctive Identifier=] to any entity other than the [=CDM=] that sent it.

            +

            Specifically, it should not be provided to the application or included unencrypted in messages to the [=CDM=]. + This can be accomplished by encrypting the identifier or message with the identifier or such that it is only decryptable by that specific [=CDM=].

            Among other things, this means that:

            • Every signature made with device-specific or user-specific keys MUST be different, even given the same plaintext.

              • -

            • Identifiers, keys, or certificates relating to device-specific or user-specific keys MUST be encrypted for the license or individualization server.

              • -

            • Messages from the license server to the CDM MUST NOT expose recipient-unique identifiers, such as the ID of the intended decryption key, on the outside of the encryption envelope.

              • +

            • Identifiers, keys, or certificates relating to device-specific or user-specific keys MUST be encrypted for the license or [=individualization=] server.

              • +

            • Messages from the license server to the [=CDM=] MUST NOT expose recipient-unique identifiers, such as the ID of the intended decryption key, on the outside of the encryption envelope.

            @@ -3550,19 +3537,19 @@

            Encrypt Identifiers

            Use Per-Origin Per-Profile Identifiers

            - All identifiers except MUST be unique per and . + All identifiers except [=Distinctive Permanent Identifiers=] MUST be unique per [=origin=] and [=browsing profile=]. See .

            -

            This includes but is not limited to .

            -

            MUST NOT be exposed to the application or origin.

            +

            This includes but is not limited to [=Distinctive Identifiers=].

            +

            [=Distinctive Permanent Identifiers=] MUST NOT be exposed to the application or origin.

            Use Non-Associable Identifiers

            - All identifiers, including , exposed by the implementation to applications, even in encrypted form, MUST be non-associable by application(s) across origins, browsing profiles, and clearing of identifiers. + All identifiers, including [=Distinctive Identifiers=], exposed by the implementation to applications, even in encrypted form, MUST be [=non-associable by application=](s) across [=origins=], [=browsing profiles=], and clearing of identifiers.

            For all such identifiers, it MUST NOT be possible for one or more applications, including related license or other servers to achieve such correlation or association. @@ -3573,85 +3560,85 @@

            Use Non-Associable Identifiers

            Allow Identifiers to Be Cleared

            As a consequence of the requirements in Allow Persistent Data to Be Cleared, - all potential identifiers or distinctive values except MUST be clearable + all potential identifiers or [=Distinctive Values=] except [=Distinctive Permanent Identifiers=] MUST be clearable such that the values are no longer retrievable, observable, or inferable both outside, such as via the APIs defined in this specification, and on the client device.

            - Implementations that use Distinctive Identifier(s) MUST allow the user to clear the . - Implementations that use Distinctive Permanent Identifier(s) MUST allow the user to clear values associated with the . + Implementations that [=use Distinctive Identifier(s)=] MUST allow the user to clear the [=Distinctive Identifier(s)=]. + Implementations that [=use Distinctive Permanent Identifier(s)=] MUST allow the user to clear values associated with the [=Distinctive Permanent Identifier(s)=].

            - Once cleared, new value(s) MUST be generated when values, such as , are subsequently needed. + Once cleared, new [=non-associable by applications=] value(s) MUST be generated when values, such as [=Distinctive Identifiers=], are subsequently needed.

          -
          -

          Individualization

          +
          +

          Individualization

          - Identifiers, especially , are sometimes generated or obtained via a process called individualization or provisioning. - The resulting identifier(s) MUST be and use of them MUST only be exposed to a single origin from a single profile. + Identifiers, especially [=Distinctive Identifiers=], are sometimes generated or obtained via a process called individualization or provisioning. + The resulting identifier(s) MUST be [=non-associable by applications=] and [=use of Distinctive Identifier(s)|use of them=] MUST only be exposed to a single origin from a single profile. This process MAY be performed multiple times, such as after identifier(s) are cleared.

          -

          This process MUST be performed either directly by the user agent or through the application. +

          This process MUST be performed either [=direct individualization|directly by the user agent=] or [=app-assisted individualization|through the application=]. The mechanisms, flow, and restrictions for the two types of individualization are different, as described in the following sections. - Which method is used depends on the CDM implementation and application of the requirements of this specification, especially those below. + Which method is used depends on the [=CDM=] implementation and application of the requirements of this specification, especially those below.

          - controls whether and may be used, including for individualization. - Specifically, such identifiers may only be used when the value of the member of the MediaKeySystemAccess used to create the MediaKeys object is . + {{MediaKeySystemConfiguration/distinctiveIdentifier}} controls whether [=Distinctive Identifiers=] and [=Distinctive Permanent Identifiers=] may be [=use Distinctive Identifier(s) or Distinctive Permanent Identifier(s)|used=], including for individualization. + Specifically, such identifiers may only be [=use Distinctive Identifier(s) or Distinctive Permanent Identifier(s)|used=] when the value of the {{MediaKeySystemConfiguration/distinctiveIdentifier}} member of the {{MediaKeySystemAccess}} used to create the {{MediaKeys}} object is {{MediaKeysRequirement/"required"}}.

          -
          -
          Direct Individualization
          +
          +
          Direct Individualization

          - Direct Individualization is performed between the and an origin- and application-independent server. - Although the server is origin-independent, the result of the individualization enables the CDM to provide origin-specific identifiers per the other + Direct Individualization is performed between the [=CDM=] and an origin- and application-independent server. + Although the server is origin-independent, the result of the individualization enables the [=CDM=] to provide origin-specific identifiers per the other requirements of this specification. The process MUST be performed by the user agent and MUST NOT use the APIs defined in this specification.

          -

          For example, such a process may initialize a client device and/or obtain a per-origin clearable identifier for a single browsing profile by communicating with a pre-determined server hosted by the user agent or CDM vendor, possibly using Distinctive Permanent Identifier(s) or other Permanent Identifier(s) from the client device. +

          For example, such a process may initialize a client device and/or obtain a per-origin clearable identifier for a single browsing profile by communicating with a pre-determined server hosted by the user agent or CDM vendor, possibly [=using Distinctive Permanent Identifier(s)=] or other [=Permanent Identifier(s)=] from the client device.

          For such individualization, all message exchanges:

          • MUST be handled by the user agent and performed by the user agent via the user agent's network stack.

            • -

          • MUST NOT be performed directly by the CDM.

            • +

          • MUST NOT be performed directly by the [=CDM=].

          • MUST NOT be passed to or through the application via the APIs defined in this specification.

          • MUST be sent to a URL selected independently of any origin and application.

            • -

          • MUST encrypt all and .

            • +

          • MUST encrypt all [=Distinctive Identifiers=] and [=Distinctive Permanent Identifiers=].

          • MUST use TLS.

          - Implementations MUST NOT expose, even in encrypted form, origin(s), origin- or application-specific information, or values that are with origin(s) to centralized servers since this could create a central record of all origins visited by a user or device. + Implementations MUST NOT expose, even in encrypted form, [=origin=](s), origin- or application-specific information, or values that are [=associable=] with origin(s) to centralized servers since this could create a central record of all origins visited by a user or device.

          -
          -
          App-Assisted Individualization
          -

          App-Assisted Individualization is performed between the and the application, including an application-selected server, and results in a per-origin identifier. +

          +
          App-Assisted Individualization
          +

          App-Assisted Individualization is performed between the [=CDM=] and the application, including an application-selected server, and results in a per-origin identifier. The process MUST be performed via the APIs defined in this specification and MUST NOT involve other methods of communication. - As with all other uses of the APIs, the process MAY use one or more Distinctive Identifier(s), but it MUST NOT use Distinctive Permanent Identifier(s) or non-origin-specific values, even in encrypted form. - If the process use one or more Distinctive Identifier(s), the resulting identifier is by definition also a . + As with all other uses of the APIs, the process MAY [=use Distinctive Identifier(s)|use one or more Distinctive Identifier(s)=], but it MUST NOT [=use Distinctive Permanent Identifier(s)=] or non-origin-specific values, even in encrypted form. + If the process [=uses Distinctive Identifier(s)|uses one or more Distinctive Identifier(s)=], the resulting identifier is by definition also a [=Distinctive Identifier=].

          For such individualization, all message exchanges:

          • MUST be passed to or through the application via the APIs defined in this specification.

            • -

          • SHALL use the message type for all related events.

            • +

          • SHALL use the message type {{MediaKeyMessageType/"individualization-request"}} for all related {{message}} events.

          • MUST NOT be performed by the user agent.

            • -

          • MUST NOT be performed directly by the CDM.

            • -

          • MUST NOT contain or otherwise use Distinctive Permanent Identifier(s).

            • +

          • MUST NOT be performed directly by the [=CDM=].

            • +

          • MUST NOT contain or otherwise [=use Distinctive Permanent Identifier(s)=].

          • MUST NOT contain non-origin-specific per-client information

          • MUST adhere to the identifier requirements.

            This includes only using values that are unique per origin and profile and clearable and encrypting them as required.

            • -

          • MUST NOT provide executable code to the CDM.

            • +

          • MUST NOT provide executable code to the [=CDM=].

          - When values, including , are used in the process, - implementations MUST NOT expose, even in encrypted form, origin(s)-, origin- or application-specific information, or values that are with origin(s) to centralized servers since this could create a central record of all origins visited by a user or device. + When [=associable=] values, including [=Distinctive Identifier(s)=], are [=uses Distinctive Identifier(s)|used=] in the process, + implementations MUST NOT expose, even in encrypted form, [=origin=](s)-, origin- or application-specific information, or values that are [=associable=] with origin(s) to centralized servers since this could create a central record of all origins visited by a user or device.

          -

          With appropriate precautions, such individualization can provide better privacy than Direct Individualization, though not as good as models that do not use Distinctive Identifier(s). +

          With appropriate precautions, such individualization can provide better privacy than [=Direct Individualization=], though not as good as models that do not [=use Distinctive Identifier(s)=]. To preserve the benefits of such a design and to avoid introducing other privacy concerns, such implementations and the applications that support them SHOULD avoid deferring or forwarding individualization messages to a central server or other server not controlled by the application author.

          @@ -3660,11 +3647,11 @@
          App-Assisted Individualization

          Support Multiple Keys

          -

          Implementations MUST support multiple keys in each MediaKeySession object.

          +

          Implementations MUST support multiple keys in each {{MediaKeySession}} object.

          The mechanics of how multiple keys are supported is an implementation detail, but it MUST be transparent to the application and the APIs defined in this specification.

          Implementations MUST support seamless switching between keys during playback. - This includes both keys in the same MediaKeySession and keys in separate MediaKeySession objects. + This includes both keys in the same {{MediaKeySession}} and keys in separate {{MediaKeySession}} objects.

          @@ -3672,36 +3659,36 @@

          Support Multiple Keys

          Initialization Data Type Support

          Licenses Generated are Independent of Content Type

          -

          Implementations SHOULD allow licenses generated with any they support to be used with any content type.

          -

          Otherwise, the algorithm might, for example, reject a MediaKeySystemConfiguration because one of the is not supported with one of the .

          +

          Implementations SHOULD allow licenses generated with any [=Initialization Data Type=] they support to be used with any content type.

          +

          Otherwise, the {{Navigator/requestMediaKeySystemAccess()}} algorithm might, for example, reject a {{MediaKeySystemConfiguration}} because one of the {{MediaKeySystemConfiguration/initDataTypes}} is not supported with one of the {{MediaKeySystemConfiguration/videoCapabilities}}.

          Support Extraction From Media Data

          -

          For any supported that may appear in a supported container, the user agents MUST support extracting that type of from each such supported container.

          -

          In other words, indicating support for an implies both CDM support for generating license requests and, for container-specific types, user agent support for extracting it from the container. - This does not mean that implementations must be able to parse any supported from any supported content type. +

          For any supported [=Initialization Data Type=] that may appear in a supported container, the user agents MUST support extracting that type of [=Initialization Data=] from each such supported container.

          +

          In other words, indicating support for an [=Initialization Data Type=] implies both [=CDM=] support for generating license requests and, for container-specific types, user agent support for extracting it from the container. + This does not mean that implementations must be able to parse any supported [=Initialization Data=] from any supported content type.

          Supported Media

          -

          This section defines properties of content () supported by implementations of this specification.

          +

          This section defines properties of content (media resource) supported by implementations of this specification.

          Unencrypted Container

          The media container MUST NOT be encrypted. This specification relies on the user agent's ability to parse the media container without having to decrypt any of the media data. - This includes the and algorithms as well as supporting standard [[HTML]] functionality, such as . + This includes the [=Encrypted Block Encountered=] and [=Initialization Data Encountered=] algorithms as well as supporting standard {{HTMLMediaElement}} [[HTML]] functionality, such as seeking.

          Interoperably Encrypted

          - Media resources, including all tracks, MUST be encrypted and packaged per a container-specific "common encryption" specification that allows the content to be decrypted in a fully specified and compatible way when a key or keys are provided. + Media resources, including all tracks, MUST be encrypted and packaged per a container-specific "common encryption" specification that allows the content to be decrypted in a fully specified and compatible way when a key or keys are provided.

          The [[[EME-STREAM-REGISTRY]]] [[EME-STREAM-REGISTRY]] provides references to such stream formats. @@ -3718,8 +3705,8 @@

          Unencrypted In-band Support Content

          Thus, encrypting such tracks would prevent them from being widely available for use with accessibility features in user agent implementations.

          - To ensure accessibility information is available in usable form, for implementations that choose to support encrypted in-band support content: a) the CDM MUST provide the decrypted data to the user agent and - b) the user agent MUST process it in the same way as equivalent unencrypted support content. For example, to be exposed as [[HTML]]. + To ensure accessibility information is available in usable form, for implementations that choose to support encrypted in-band support content: a) the [=CDM=] MUST provide the decrypted data to the user agent and + b) the user agent MUST process it in the same way as equivalent unencrypted support content. For example, to be exposed as timed text tracks [[HTML]].

          @@ -3727,52 +3714,52 @@

          Unencrypted In-band Support Content

          -

          Common Key Systems

          -

          All user agents MUST support the common key systems described in this section.

          +

          Common Key Systems

          +

          All user agents MUST support the common [=Key Systems=] described in this section.

          This ensures that there is a common baseline level of functionality that is guaranteed to be supported in all user agents, including those that are entirely open source. Thus, content providers that need only basic decryption can build simple applications that will work on all platforms without needing to work with any content protection providers.

          -

          Clear Key

          -

          The "org.w3.clearkey" uses plain-text clear (unencrypted) key(s) to decrypt the source. +

          Clear Key

          +

          The "org.w3.clearkey" [=Key System=] uses plain-text clear (unencrypted) key(s) to decrypt the source. No additional client-side content protection is required. - This Key System is described below. + This [=Key System=] is described below.

          Capabilities

          -

          The following describe how Clear Key supports key system-specific capabilities:

          +

          The following describe how [=Clear Key=] supports [=Key System=]-specific capabilities:

          • -

            MediaKeySystemConfiguration:

            +

            {{MediaKeySystemConfiguration}}:

              -

            1. : Implementations MUST support the scheme, and MAY support other schemes.

              2. -

            2. : Only the empty string is supported.

              3. -

            3. : is not supported.

              4. -

            4. : Not unless the application intends to create non- sessions, if supported.

              5. +

            5. {{MediaKeySystemMediaCapability/encryptionScheme}}: Implementations MUST support the [="cenc"=] scheme, and MAY support other schemes.

              6. +

            6. {{MediaKeySystemMediaCapability/robustness}}: Only the empty string is supported.

              7. +

            7. {{MediaKeySystemConfiguration/distinctiveIdentifier}}: {{MediaKeysRequirement/"required"}} is not supported.

              8. +

            8. {{MediaKeySystemConfiguration/persistentState}}: Not {{MediaKeysRequirement/"required"}} unless the application intends to create non-{{MediaKeySessionType/"temporary"}} sessions, if supported.

            • -

          • The MediaKeySessionType: Implementations MAY support this type.

            • -

          • The method: Not supported.

            • -

          • The method: Implementations MAY support associating the MediaKeys object with more than one .

            • +

          • The {{MediaKeySessionType/"persistent-license"}} {{MediaKeySessionType}}: Implementations MAY support this type.

            • +

          • The {{MediaKeys/setServerCertificate()}} method: Not supported.

            • +

          • The {{HTMLMediaElement/setMediaKeys()}} method: Implementations MAY support associating the {{MediaKeys}} object with more than one {{HTMLMediaElement}}.

          Behavior

          -

          The following describe how Clear Key implements key system-specific behaviors:

          +

          The following describe how [=Clear Key=] implements [=Key System=]-specific behaviors:

    Enumeration description
    required + + + + +
    Enumeration description
    required
    -
    When used in a call to
    +
    When used in a call to {{Navigator/requestMediaKeySystemAccess()}}
    The returned object MUST support this feature.
    -
    When returned by a MediaKeySystemAccess object
    -
    CDM instances created by the object MAY use this feature.
    +
    When returned by a {{MediaKeySystemAccess}} object
    +
    [=CDM=] instances created by the object MAY use this feature.
    -
    optional +
    optional
    -
    When used in a call to
    +
    When used in a call to {{Navigator/requestMediaKeySystemAccess()}}
    The returned object MAY support and use this feature.
    -
    When returned by a MediaKeySystemAccess object
    +
    When returned by a {{MediaKeySystemAccess}} object
    This value cannot and MUST NOT be present in such an object.
    -
    not-allowed +
    not-allowed
    -
    When used in a call to
    +
    When used in a call to {{Navigator/requestMediaKeySystemAccess()}}
    The returned object MUST function without using this feature and MUST NOT use it at any time.
    -
    When returned by a MediaKeySystemAccess object
    -
    CDM instances created by the object MUST NOT use this feature.
    +
    When returned by a {{MediaKeySystemAccess}} object
    +
    [=CDM=] instances created by the object MUST NOT use this feature.
    - 
    dictionary MediaKeySystemConfiguration {
-             DOMString                               label = "";
-             sequence<DOMString>                     initDataTypes = [];
-             sequence<MediaKeySystemMediaCapability> audioCapabilities = [];
-             sequence<MediaKeySystemMediaCapability> videoCapabilities = [];
-             MediaKeysRequirement                    distinctiveIdentifier = "optional";
-             MediaKeysRequirement                    persistentState = "optional";
-             sequence<DOMString>                     sessionTypes;
-};
    + 
    +          dictionary MediaKeySystemConfiguration {
+            DOMString                               label = "";
+            sequence<DOMString>                     initDataTypes = [];
+            sequence<MediaKeySystemMediaCapability> audioCapabilities = [];
+            sequence<MediaKeySystemMediaCapability> videoCapabilities = [];
+            MediaKeysRequirement                    distinctiveIdentifier = "optional";
+            MediaKeysRequirement                    persistentState = "optional";
+            sequence<DOMString>                     sessionTypes;
+          };
+

    - The dictionary MediaKeySystemConfiguration contains the following members: + The dictionary {{MediaKeySystemConfiguration}} contains the following members:

    -
    label of type {{DOMString}}, defaulting to ""
    - An optional label that will be preserved in the MediaKeySystemConfiguration returned from the method of MediaKeySystemAccess. -
    initDataTypes of type sequence<{{DOMString}}>, defaulting to []
    - A list of supported names. - The capability of this object is considered supported if the list is empty or contains one or more values that are supported with all other members (as determined by the algorithm). +
    label of type {{DOMString}}, defaulting to ""
    + An optional label that will be preserved in the {{MediaKeySystemConfiguration}} returned from the {{MediaKeySystemAccess/getConfiguration()}} method of {{MediaKeySystemAccess}}. +
    initDataTypes of type sequence<{{DOMString}}>, defaulting to []
    + A list of supported [=Initialization Data Type=] names. + The [=Initialization Data Type=] capability of this object is considered supported if the list is empty or contains one or more values that are supported with all other members (as determined by the algorithm). Values in the sequence MUST not be the empty string. -
    audioCapabilities of type sequence<MediaKeySystemMediaCapability>, defaulting to []
    +
    audioCapabilities of type sequence<{{MediaKeySystemMediaCapability}}>, defaulting to []
    A list of supported audio type and capability pairs. The audio capability of this object is considered supported if the list is empty or contains one or more values that are supported with all other members (as determined by the algorithm). When there is a conflict between values, the earlier value will be selected. An empty list indicates that no audio capabilities are supported. - In this case, the element must not be empty. -
    videoCapabilities of type sequence<MediaKeySystemMediaCapability>, defaulting to []
    + In this case, the {{MediaKeySystemConfiguration/videoCapabilities}} element must not be empty. +
    videoCapabilities of type sequence<{{MediaKeySystemMediaCapability}}>, defaulting to []
    A list of supported video type and capability pairs. The video capability of this object is considered supported if the list is empty or contains one or more values that are supported with all other members (as determined by the algorithm). When there is a conflict between values, the earlier value will be selected. An empty list indicates that no video capabilities are supported. - In this case, the element must not be empty. -
    distinctiveIdentifier of type MediaKeysRequirement, defaulting to "optional"
    - Whether use of a is required. -

    When this member is , the implementation MUST NOT use Distinctive Identifier(s) or Distinctive Permanent Identifier(s) for any operations associated with any object created from this configuration. + In this case, the {{MediaKeySystemConfiguration/audioCapabilities}} element must not be empty. +

    distinctiveIdentifier of type {{MediaKeysRequirement}}, defaulting to "optional"
    + Whether use of a [=Distinctive Identifier(s)=] is required. +

    When this member is {{MediaKeysRequirement/"not-allowed"}}, the implementation MUST NOT [=use Distinctive Identifier(s) or Distinctive Permanent Identifier(s)=] for any operations associated with any object created from this configuration.

    -
    persistentState of type MediaKeysRequirement, defaulting to "optional"
    +
    persistentState of type {{MediaKeysRequirement}}, defaulting to "optional"
    Whether the ability to persist state is required. This includes session data and any other type of state. -

    The CDM MUST NOT persist any state related to the application or of this object's when this member is .

    -

    For the purposes of this member, persistent state does not include persistent unique identifiers () controlled by the implementation. independently reflects this requirement.

    -

    Only sessions may be created when persistent state is not supported.

    -

    For sessions, the need and ability to store state is implementation-specific and may vary by feature used.

    -

    Applications intending to create non- sessions, should set this member to when calling .

    -
    sessionTypes of type sequence<{{DOMString}}>
    - A list of MediaKeySessionTypes that must be supported. All values must be supported. -

    If this member is [[WEBIDL]] when the dictionary is passed to , the dictionary will be treated as if this member is set to [ ].

    +

    The [=CDM=] MUST NOT persist any state related to the application or [=origin=] of this object's [=Document=] when this member is {{MediaKeysRequirement/"not-allowed"}}.

    +

    For the purposes of this member, persistent state does not include persistent unique identifiers ([=Distinctive Identifiers=]) controlled by the [=Key System=] implementation. {{MediaKeySystemConfiguration/distinctiveIdentifier}} independently reflects this requirement.

    +

    Only {{MediaKeySessionType/"temporary"}} sessions may be created when persistent state is not supported.

    +

    For {{MediaKeySessionType/"temporary"}} sessions, the need and ability to store state is [=Key System=] implementation-specific and may vary by feature used.

    +

    Applications intending to create non-{{MediaKeySessionType/"temporary"}} sessions, should set this member to {{MediaKeysRequirement/"required"}} when calling {{Navigator/requestMediaKeySystemAccess()}}.

    +
    sessionTypes of type sequence<{{DOMString}}>
    + A list of {{MediaKeySessionType}}s that must be supported. All values must be supported. +

    If this member is [=map/exist|not present=] [[Infra]] when the dictionary is passed to {{Navigator/requestMediaKeySystemAccess()}}, the dictionary will be treated as if this member is set to [ {{MediaKeySessionType/"temporary"}} ].

    Implementations SHOULD NOT add members to this dictionary. - Should member(s) be added, they MUST be of type MediaKeysRequirement, and it is RECOMMENDED that they have default values of to support the widest range of application and client combinations. + Should member(s) be added, they MUST be of type {{MediaKeysRequirement}}, and it is RECOMMENDED that they have default values of {{MediaKeysRequirement/"optional"}} to support the widest range of application and client combinations.

    -

    Dictionary members not recognized by a user agent implementation are ignored per [[WEBIDL]] and will not be considered in the algorithm. +

    Dictionary members not recognized by a user agent implementation are ignored per [[WEBIDL]] and will not be considered in the {{Navigator/requestMediaKeySystemAccess()}} algorithm. Should an application use non-standard dictionary member(s), it MUST NOT rely on user agent implementations rejecting a configuration that includes such dictionary members.

    -

    This dictionary MUST NOT be used to pass state or data to the CDM.

    +

    This dictionary MUST NOT be used to pass state or data to the [=CDM=].

    MediaKeySystemMediaCapability dictionary

    - 
    dictionary MediaKeySystemMediaCapability {
-             DOMString contentType = "";
-             DOMString? encryptionScheme = null;
-             DOMString robustness = "";
-          };
    + 
    +            dictionary MediaKeySystemMediaCapability {
+              DOMString contentType = "";
+              DOMString? encryptionScheme = null;
+              DOMString robustness = "";
+            };
+

    Dictionary MediaKeySystemMediaCapability Members

    -
    -
    contentType of type {{DOMString}}, defaulting to ""
    +
    +
    contentType of type {{DOMString}}, defaulting to ""

    - The type of the . - Its value must be a . + The type of the media resource. + Its value must be a [=valid media MIME type=]. The empty string is invalid.

    -
    encryptionScheme of type {{DOMString}}, defaulting to null
    +
    encryptionScheme of type {{DOMString}}, defaulting to null

    The encryption scheme associated with the content type. @@ -1397,26 +1313,26 @@

    Dictionary MediaKeySystemMediaCapability Members

    Well-known values for encryptionScheme are: +

      -
    • cenc: +
    • cenc: The "cenc" mode, defined in [[CENC]], section 4.2a. AES-CTR mode full sample and video NAL subsample encryption.
      • -
    • cbcs: +
    • cbcs: The "cbcs" mode, defined in [[CENC]], section 4.2d. AES-CBC mode partial video NAL pattern encryption. For video, the spec allows various encryption patterns.
      • -
    • cbcs-1-9: - The same as mode, but with a +
    • cbcs-1-9: + The same as [="cbcs"=] mode, but with a specific encrypt:skip pattern of 1:9 for video, as recommended in [[CENC]], section 10.4.2.
    -

    -
    robustness of type {{DOMString}}, defaulting to ""
    +
    robustness of type {{DOMString}}, defaulting to ""

    The robustness level associated with the content type. @@ -1424,8 +1340,8 @@

    Dictionary MediaKeySystemMediaCapability Members

    - Implementations MUST configure the CDM to support at least the robustness levels specified in the configuration of the MediaKeySystemAccess object used to create the MediaKeys object. - Exact configuration of the CDM is implementation-specific, and implementations MAY configure the CDM to use the highest robustness level in the configuration even if a higher robustness level is available. + Implementations MUST configure the [=CDM=] to support at least the robustness levels specified in the configuration of the {{MediaKeySystemAccess}} object used to create the {{MediaKeys}} object. + Exact configuration of the [=CDM=] is implementation-specific, and implementations MAY configure the [=CDM=] to use the highest robustness level in the configuration even if a higher robustness level is available. If only the empty string is specified, implementations MAY be configured to use the lowest robustness level the implementation supports.

    @@ -1436,7 +1352,7 @@

    Dictionary MediaKeySystemMediaCapability Members

    -

    In order for the capability represented by this object to be considered supported, MUST NOT be the empty string and its entire value, including all codecs, MUST be supported with .

    +

    In order for the capability represented by this object to be considered supported, {{MediaKeySystemMediaCapability/contentType}} MUST NOT be the empty string and its entire value, including all codecs, MUST be supported with {{MediaKeySystemMediaCapability/robustness}}.

    If any of a set of codecs is acceptable, use a separate instances of this dictionary for each codec.

    @@ -1444,23 +1360,35 @@

    Dictionary MediaKeySystemMediaCapability Members

    MediaKeySystemAccess Interface

    -

    The MediaKeySystemAccess object provides access to a .

    - - 
    [Exposed=Window, SecureContext] interface MediaKeySystemAccess {
-    readonly        attribute DOMString keySystem;
-    MediaKeySystemConfiguration getConfiguration ();
-    Promise<MediaKeys>          createMediaKeys ();
-};

    Attributes

    keySystem of type {{DOMString}}, readonly
    - Identifies the being used. -

    Methods

    getConfiguration
    -

    Returns the supported combination of configuration options selected by the algorithm. -

    -

    The returned object is a non-strict subset (plus any implied defaults) of the first satisfiable MediaKeySystemConfiguration configuration passed to the call that returned the promise that was resolved with this object. - It does not contain values capabilities not specified in that single configuration (other than implied defaults) and thus may not reflect all capabilities of the implementation. +

    The {{MediaKeySystemAccess}} object provides access to a [=Key System=].

    + + 
    +        [Exposed=Window, SecureContext] interface MediaKeySystemAccess {
+          readonly attribute DOMString keySystem;
+          MediaKeySystemConfiguration  getConfiguration ();
+          Promise<MediaKeys>           createMediaKeys ();
+        };
+
    +
    +

    Attributes

    +
    +
    keySystem of type {{DOMString}}, readonly
    +
    Identifies the [=Key System=] being used.
    +
    +
    +
    +

    Methods

    +
    +
    getConfiguration()
    +
    +

    Returns the supported combination of configuration options selected by the {{Navigator/requestMediaKeySystemAccess()}} algorithm. +

    +

    The returned object is a non-strict subset (plus any implied defaults) of the first satisfiable {{MediaKeySystemConfiguration}} configuration passed to the {{Navigator/requestMediaKeySystemAccess()}} call that returned the promise that was resolved with this object. + It does not contain values capabilities not specified in that single configuration (other than implied defaults) and thus may not reflect all capabilities of the [=Key System=] implementation. All values in the configuration may be used in any combination. - Members of type MediaKeysRequirement reflect whether the capability is required for any combination. They will not have the value . + Members of type {{MediaKeysRequirement}} reflect whether the capability is required for any combination. They will not have the value {{MediaKeysRequirement/"optional"}}.

    - +

    When this method is invoked, the user agent MUST run the following steps:

    1. @@ -1470,13 +1398,15 @@

      MediaKeySystemAccess Interface

      This results in a new object being created and initialized from configuration each time this method is called.

      - If was not given by the application, the accumulated configuration MUST still contain a field with a value of null, so that polyfills can detect the user agent's support for the field without specifying specific values. + If {{MediaKeySystemMediaCapability/encryptionScheme}} was not given by the application, the accumulated configuration MUST still contain an {{MediaKeySystemMediaCapability/encryptionScheme}} field with a value of null, so that polyfills can detect the user agent's support for the field without specifying specific values.

    -
    No parameters.
    Return type: MediaKeySystemConfiguration
    createMediaKeys
    -

    Creates a new MediaKeys object for keySystem.

    - +
    +
    createMediaKeys()
    +
    +

    Creates a new {{MediaKeys}} object for keySystem.

    +

    When this method is invoked, the user agent MUST run the following steps:

    1. Let promise be a new promise.

    2. Run the following steps in parallel:

      @@ -1484,27 +1414,27 @@

      MediaKeySystemAccess Interface

    3. Let configuration be the value of this object's configuration value.

    4. - Let use distinctive identifier be true if the value of configuration's - member is and false otherwise. + Let use distinctive identifier be true if the value of configuration's {{MediaKeySystemConfiguration/distinctiveIdentifier}} + member is {{MediaKeysRequirement/"required"}} and false otherwise.

    5. - Let persistent state allowed be true if the value of configuration's - member is and false otherwise. -

      + Let persistent state allowed be true if the value of configuration's {{MediaKeySystemConfiguration/persistentState}} + member is {{MediaKeysRequirement/"required"}} and false otherwise. +

      6. -

    6. Load and initialize the implementation represented by this object's cdm implementation value if necessary.

      7. -

    7. Let instance be a new instance of the implementation represented by this object's cdm implementation value.

      8. -

    8. Initialize instance to enable, disable and/or select features using configuration.

      9. -

    9. If use distinctive identifier is false, prevent instance from using Distinctive Identifier(s) and Distinctive Permanent Identifier(s).

      10. -

    10. If persistent state allowed is false, prevent instance from persisting any state related to the application or of this object's .

      11. -

    11. If any of the preceding steps failed, reject promise with .

      12. -

    12. Let media keys be a new MediaKeys object, and initialize it as follows:

      +

    13. Load and initialize the [=Key System=] implementation represented by this object's cdm implementation value if necessary.

      14. +

    14. Let instance be a new instance of the [=Key System=] implementation represented by this object's cdm implementation value.

      15. +

    15. Initialize instance to enable, disable and/or select [=Key System=] features using configuration.

      16. +

    16. If use distinctive identifier is false, prevent instance from [=uses Distinctive Identifier(s) or Distinctive Permanent Identifier(s)|using Distinctive Identifier(s) and Distinctive Permanent Identifier(s)=].

      17. +

    17. If persistent state allowed is false, prevent instance from persisting any state related to the application or [=origin=] of this object's [=Document=].

      18. +

    18. If any of the preceding steps failed, reject promise with a new {{DOMException}} whose name is the appropriate error name.

      19. +

    19. Let media keys be a new {{MediaKeys}} object, and initialize it as follows:

      1. Let the use distinctive identifier value be use distinctive identifier.

      2. Let the persistent state allowed value be persistent state allowed.

        3. -

      3. Let the supported session types value be be the value of configuration's member.

        4. +

      4. Let the supported session types value be be the value of configuration's {{MediaKeySystemConfiguration/sessionTypes}} member.

      5. Let the cdm implementation value be this object's cdm implementation value.

      6. Let the cdm instance value be instance.

      @@ -1514,28 +1444,31 @@

      MediaKeySystemAccess Interface

    20. Return promise.

    -
    No parameters.
    Return type: Promise<MediaKeys>
    +
    +
    +
    -

    MediaKeys Interface

    -

    The MediaKeys object represents a set of keys that an associated HTMLMediaElement can use for decryption of during playback. - It also represents a instance. +

    The {{MediaKeys}} object represents a set of keys that an associated {{HTMLMediaElement}} can use for decryption of [=HTMLMediaElement/media data=] during playback. + It also represents a [=CDM=] instance.

    -

    A MediaKeys object may be destroyed by the user agent when it is no longer accessible

    +

    A {{MediaKeys}} object may be destroyed by the user agent when it is no longer accessible

    For example, when there are no script references and no attached media element.

    For methods that return a promise, all errors are reported asynchronously by rejecting the returned Promise. This includes [[WEBIDL]] type mapping errors.

    The steps of an algorithm are always aborted when rejecting a promise.

    - 
    enum MediaKeySessionType {
-    "temporary",
-    "persistent-license"
-};
    + 
    +        enum MediaKeySessionType {
+          "temporary",
+          "persistent-license"
+        };
+

    The MediaKeySessionType enumeration is defined as follows:

    - +
    - -
    Enumeration description
    temporary +
    temporary

    A session for which the license, key(s) and record of or data related to the session are not persisted.

    @@ -1544,28 +1477,28 @@

    MediaKeys Interface

    Support for this session type is REQUIRED.

    persistent-license +
    persistent-license

    A session for which the license (and potentially other data related to the session) will be persisted. - A SHALL be persisted when the license and key(s) it contains are destroyed. - The record of license destruction is a -specific attestation that the license and key(s) it contains are no longer usable by the client. + A [=record of license destruction=] SHALL be persisted when the license and key(s) it contains are destroyed. + The record of license destruction is a [=Key System=]-specific attestation that the license and key(s) it contains are no longer usable by the client. Support for this session type is OPTIONAL.

    - Sessions of this type can only be created if the configuration associated with the MediaKeySystemAccess object that created this object has a value of . - The session MUST be loadable via its once is called successfully. - A of type containing the will be generated when is called until the record is acknowledged by a response passed to . + Sessions of this type can only be created if the configuration associated with the {{MediaKeySystemAccess}} object that created this object has a {{MediaKeySystemConfiguration/persistentState}} value of {{MediaKeysRequirement/"required"}}. + The session MUST be loadable via its [=Session ID=] once {{MediaKeySession/update()}} is called successfully. + A {{message}} of type {{MediaKeyMessageType/"license-release"}} containing the [=record of license destruction=] will be generated when {{MediaKeySession/remove()}} is called until the record is acknowledged by a response passed to {{MediaKeySession/update()}}.

    The application is responsible for ensuring that data persisted for such sessions is removed when the application no longer needs it. - See . + See Session Storage and Persistence. 

             [Exposed=Window, SecureContext] interface MediaKeys {
-            MediaKeySession  createSession (optional MediaKeySessionType sessionType = "temporary");
+            MediaKeySession createSession (optional MediaKeySessionType sessionType = "temporary");
             Promise<MediaKeyStatus> getStatusForPolicy (optional MediaKeysPolicy policy = {});
             Promise<boolean> setServerCertificate (BufferSource serverCertificate);
         };
@@ -1573,27 +1506,31 @@ 
    MediaKeys Interface
    
 
         
    
           
    Methods
    
-          
    
-            
    createSession
    
-          
    Returns a new MediaKeySession object.
    
-
+          
    
+          
    createSession()
    
+          
    
+          
    Returns a new {{MediaKeySession}} object.
    
+          
    The sessionType parameter affects the behavior of the returned object.
    
+          
    When this method is invoked, the user agent MUST run the following steps:
    
           
      
-            
    1. If this object's supported session types value does not contain sessionType,  [[WEBIDL]] a .
      
-              
      sessionType values for which the  algorithm returns true will fail if this object's persistent state allowed value is false.
      
+            
    2. If this object's supported session types value does not contain sessionType, [=exception/throw=]
+ [[WEBIDL]] a {{NotSupportedError}}.
      
+              
      sessionType values for which the [=Is persistent session type?=] algorithm returns true will fail if this object's persistent state allowed value is false.
      
             
      3. 
-            
    3. If the implementation does not support MediaKeySession operations in the current state,  [[WEBIDL]] an .
      
-              
      Some implementations are unable to execute MediaKeySession algorithms until this MediaKeys object is associated with a media element using .
+            
    4. If the implementation does not support {{MediaKeySession}} operations in the current state, [=exception/throw=]
+ [[WEBIDL]] an {{InvalidStateError}}.
      
+              
      Some implementations are unable to execute {{MediaKeySession}} algorithms until this {{MediaKeys}} object is associated with a media element using {{HTMLMediaElement/setMediaKeys()}}.
               This step enables applications to detect this uncommon behavior before attempting to perform such operations.
               
      
             
      5. 
-            
    5. Let session be a new MediaKeySession object, and initialize it as follows:
      
+            
    6. Let session be a new {{MediaKeySession}} object, and initialize it as follows:
      
               
        
-                
      1. Let the  attribute be the empty string.
        2. 
-                
      2. Let the  attribute be NaN.
        3. 
-                
      3. Let the  attribute be a new promise.
        4. 
-                
      4. Let key status be a new empty MediaKeyStatusMap object, and initialize it as follows:
        
+                
      5. Let the {{MediaKeySession/sessionId}} attribute be the empty string.
        6. 
+                
      6. Let the {{MediaKeySession/expiration}} attribute be NaN.
        7. 
+                
      7. Let the {{MediaKeySession/closed}} attribute be a new promise.
        8. 
+                
      8. Let key status be a new empty {{MediaKeyStatusMap}} object, and initialize it as follows:
        
                   
          
-                    
        1. Let the  attribute be 0.
          2. 
+                    
        2. Let the {{MediaKeyStatusMap/size}} attribute be 0.
          3. 
                   
        
                 
        9. 
                 
      9. Let the session type value be sessionType.
        10. 
@@ -1607,66 +1544,18 @@ 
        Methods
        
             
             
      10. Return session.
        11. 
           
      
-        
      ParameterTypeNullableOptionalDescription
      sessionTypeMediaKeySessionType = "temporary"
-              The type of session to create. The session type affects the behavior of the returned object.
-            
      Return type: MediaKeySession
    
-            
    getStatusForPolicy
    
+          
    
+            
    getStatusForPolicy()
    
             
    
-              
    Returns the MediaKeyStatus for a given MediaKeysPolicy.
    
-
-              
      
-                
    1. If policy has no  members, return a promise rejected with a newly created .
      2. 
-                
    2. Let promise be a new promise.
      
-                  
        
-                    
      1. For each member of policy, run the following steps:
        
-                      
          
-                        
        1. If the CDM cannot determine the MediaKeyStatus for member, then reject promise with  and abort these steps.
          2. 
-                      
        
-                    
        2. 
-                    
      2. For each member of policy, run the following steps:
        
-                      
          
-                        
        1. If the CDM would block presentation of decrypted media data for member, then resolve promise with .
          2. 
-                      
        
-                    
        3. 
-                    
      3. Resolve promise with .
        4. 
-                  
      
-                
      3. 
-                
    3. Return promise.
      4. 
-              
    
-              
-                
-                  
-                    
-                    
-                    
-                    
-                    
-                  
-                  
-                    
-                    
-                    
-                    
-                    
-                  
-                
-              
    ParameterTypeNullableOptionalDescription
    policy
-                      MediaKeysPolicy
-                    
-                      
-                    
-                      
-                    A set of policy requirements
    
-              
    Return type: Promise<MediaKeyStatus>
    
-
+              
    Returns the {{MediaKeyStatus}} for a given {{MediaKeysPolicy}}.
    
               
    
                 
                       dictionary MediaKeysPolicy {
                       HDCPVersion minHdcpVersion;
                   };
                 
    
-                
    The MediaKeysPolicy dictionary is an object consisting of only optional properties. Each property represents a
-                  policy requirement. A policy is said to be fulfilled if the CDM would allow presentation of decrypted
+                
    The {{MediaKeysPolicy}} dictionary is an object consisting of only optional properties. Each property represents a
+                  policy requirement. A policy is said to be fulfilled if the [=CDM=] would allow presentation of decrypted
                   media data based on all of the requirements.
    
               
    
               
    
@@ -1683,48 +1572,64 @@ 
    Methods
    
                       "2.3",
                   };
    -

    The HDCP Policy is represented by minHdcpVersion. When set, the policy requirement will be fulfilled if the system - supports minHdcpVersion on the current display.

    -

    The determination of HDCP status should be done in the same way that the CDM would enforce such a +

    The HDCP Policy is represented by {{MediaKeysPolicy/minHdcpVersion}}. When set, the policy requirement will be fulfilled if the system + supports {{MediaKeysPolicy/minHdcpVersion}} on the current display.

    +

    The determination of HDCP status should be done in the same way that the [=CDM=] would enforce such a restriction during playback. In this way, application developers can get a reasonable hint to allow them to optimize what content they fetch to start playback.

    -
    - -
    setServerCertificate
    +

    When this method is invoked, the user agent MUST run the following steps:

    +
      +
    1. If policy has no [=map/exist|present=] [=dictionary members=], return a promise rejected with a newly created {{TypeError}}.
      2. +

    2. Let promise be a new promise.

      +
        +

      1. For each [=dictionary member=] of policy, run the following steps:

        +
          +

        1. If the [=CDM=] cannot determine the {{MediaKeyStatus}} for the [=dictionary member=], then reject promise with {{NotSupportedError}} and abort these steps.

          2. +
        +
        2. +

      2. For each [=dictionary member=] of policy, run the following steps:

        +
          +

        1. If the [=CDM=] would block presentation of decrypted media data for the [=dictionary member=], then resolve promise with {{MediaKeyStatus/"output-restricted"}}.

          2. +
        +
        3. +

      3. Resolve promise with {{MediaKeyStatus/"usable"}}.

        4. +
      +
      3. +

    3. Return promise.

      4. +
    +
    +
    setServerCertificate()
    +

    Provides a server certificate to be used to encrypt messages to the license server.

    -

    Key Systems that use such certificates MUST also support requesting the certificate from the server via the algorithm.

    -

    This method allows an application to proactively provide a server certificate to implementations that support it to avoid the additional round trip should the CDM request it. +

    [=Key Systems=] that use such certificates MUST also support requesting the certificate from the server via the [=Queue a "message" Event=] algorithm.

    +

    This method allows an application to proactively provide a server certificate to implementations that support it to avoid the additional round trip should the [=CDM=] request it. It is intended as an optimization, and applications are not required to use it.

    - +

    The server certificate contents are [=Key System=]-specific. It MUST NOT contain executable code.

    +

    When this method is invoked, the user agent MUST run the following steps:

      -

    1. If the implementation represented by this object's cdm implementation value does not support server certificates, return a promise resolved with false.

      2. -

    2. If serverCertificate is an empty array, return a promise rejected with a new a newly created .

      3. +

    3. If the [=Key System=] implementation represented by this object's cdm implementation value does not support server certificates, return a promise resolved with false.

      4. +

    4. If serverCertificate is an empty array, return a promise rejected with a new a newly created {{TypeError}}.

    5. Let certificate be a copy of the contents of the serverCertificate parameter.

    6. Let promise be a new promise.

    7. Run the following steps in parallel:

      1. Let sanitized certificate be a validated and/or sanitized version of certificate.

        -

        The user agent should thoroughly validate the certificate before passing it to the CDM. +

        The user agent should thoroughly validate the certificate before passing it to the [=CDM=]. This may include verifying values are within reasonable limits, stripping irrelevant data or fields, pre-parsing it, sanitizing it, and/or generating a fully sanitized version. The user agent should check that the length and values of fields are reasonable. Unknown fields should be rejected or removed.

      2. Use this object's cdm instance to process sanitized certificate.

        3. -

      3. If the preceding step failed, reject promise with .

        4. +

      4. If the preceding step failed, reject promise with a new {{DOMException}} whose name is the appropriate error name.

      5. Resolve promise with true.

    8. Return promise.

    -
    ParameterTypeNullableOptionalDescription
    serverCertificateBufferSource - The server certificate. - The contents are -specific. - It MUST NOT contain executable code. -
    Return type: Promise<boolean>
    @@ -1732,18 +1637,18 @@

    Methods

    Algorithms

    -

    Is persistent session type?

    +

    Is persistent session type?

    The Is persistent session type? algorithm is run to determine whether the specified session type supports persistence of any kind. - Requests to run this algorithm include a MediaKeySessionType value. + Requests to run this algorithm include a {{MediaKeySessionType}} value.

    The following steps are run:

      -

    1. Let the session type be the specified MediaKeySessionType value.

      2. +

    2. Let the session type be the specified {{MediaKeySessionType}} value.

    3. Follow the steps for the value of session type from the following list:

      -
      +
      {{MediaKeySessionType/"temporary"}}
      Return false.
      -
      +
      {{MediaKeySessionType/"persistent-license"}}
      Return true.
      4. @@ -1751,34 +1656,34 @@

      Is persistent session type?

    -

    CDM Unavailable

    +

    CDM Unavailable

    - The CDM unavailable algorithm is run to close all MediaKeySession objects associated with a MediaKeys object, media keys - when the CDM instance becomes unavailable. + The CDM unavailable algorithm is run to close all {{MediaKeySession}} objects associated with a {{MediaKeys}} object, media keys + when the [=CDM=] instance becomes unavailable.

    The following step is run:

    1. -

      For each MediaKeySession created by the media keys that is not , to run the algorithm on the session with reason .

      +

      For each {{MediaKeySession}} created by the media keys that is not [=media key session/closed=], [=queue a task=] to run the [=Session Closed=] algorithm on the session with reason {{MediaKeyStatus/"internal-error"}}.

    -

    Storage and Persistence

    +

    Storage and Persistence

    This section describes general requirements related to storage and persistence.

    - If a MediaKeys object's persistent state allowed value is false then the object's cdm instance + If a {{MediaKeys}} object's persistent state allowed value is false then the object's cdm instance SHALL NOT persist state or access previously persisted state as a result of operations on this object or any sessions that it creates.

    - If a MediaKeys object's persistent state allowed value is true then the object's cdm instance + If a {{MediaKeys}} object's persistent state allowed value is true then the object's cdm instance MAY persist state or access previously persisted state as a result of operations on this object or any sessions that it creates.

    -

    Persisted data MUST always be stored such that only the of this object's can access it. - In addition, the data MUST only be accessible by the current ; other browsing profiles, user agents, and applications MUST NOT be able to access the stored data. +

    Persisted data MUST always be stored such that only the [=origin=] of this object's [=Document=] can access it. + In addition, the data MUST only be accessible by the current [=browsing profile=]; other browsing profiles, user agents, and applications MUST NOT be able to access the stored data. See Information Stored on User Devices.

    @@ -1790,65 +1695,72 @@

    Storage and Persistence

    MediaKeySession Interface

    -

    The MediaKeySession object represents a key session.

    +

    The {{MediaKeySession}} object represents a [=key session=].

    - A MediaKeySession object is closed if and only if the object's attribute has been resolved. + A {{MediaKeySession}} object is closed if and only if the object's {{MediaKeySession/closed}} attribute has been resolved.

    - The User Agent SHALL execute the algorithm continuously for each MediaKeySession object - that is not . - The algorithm MUST be run in parallel to the main event loop but not in parallel to other procedures defined + The User Agent SHALL execute the [=Monitor for CDM State Changes=] algorithm continuously for each {{MediaKeySession}} object + that is not [=media key session/closed=]. + The [=Monitor for CDM State Changes=] algorithm MUST be run in parallel to the main event loop but not in parallel to other procedures defined in this specification that are also defined to be run in parallel.

    - A MediaKeySession object SHALL NOT be destroyed and SHALL continue to receive events if it is - not and the MediaKeys object that created it remains accessible. - Otherwise, a MediaKeySession object that is no longer accessible SHALL NOT receive further + A {{MediaKeySession}} object SHALL NOT be destroyed and SHALL continue to receive events if it is + not [=media key session/closed=] and the {{MediaKeys}} object that created it remains accessible. + Otherwise, a {{MediaKeySession}} object that is no longer accessible SHALL NOT receive further events and MAY be destroyed.

    - The above rule implies that the CDM instance must not be destroyed until all MediaKeys - objects and all MediaKeySession objects associated with the CDM instance are destroyed. + The above rule implies that the [=CDM=] instance must not be destroyed until all {{MediaKeys}} + objects and all {{MediaKeySession}} objects associated with the [=CDM=] instance are destroyed.

    - If a MediaKeySession object is not when it becomes inaccessible to the page, the CDM SHALL close the key session associated with the object. + If a {{MediaKeySession}} object is not [=media key session/closed=] when it becomes inaccessible to the page, the [=CDM=] SHALL close the [=key session=] associated with the object.

    Closing the key session results in the destruction of any license(s) and key(s) that have not been explicitly stored.

    Exactly when the key session is closed is an implementation detail, and applications SHOULD NOT rely on specific timing. - Applications that want to ensure a session is closed before taking some other action SHOULD call and wait for the returned promise to be resolved. + Applications that want to ensure a session is closed before taking some other action SHOULD call {{MediaKeySession/close()}} and wait for the returned promise to be resolved.

    For methods that return a promise, all errors are reported asynchronously by rejecting the returned Promise. This includes [[WEBIDL]] type mapping errors.

    The following steps of an algorithm are always aborted when rejecting a promise.

    -
    enum MediaKeySessionClosedReason {
-    "internal-error",
-    "closed-by-application",
-    "release-acknowledged",
-    "hardware-context-reset",
-    "resource-evicted"
-};
    + 
    +        enum MediaKeySessionClosedReason {
+          "internal-error",
+          "closed-by-application",
+          "release-acknowledged",
+          "hardware-context-reset",
+          "resource-evicted"
+        };
+

    The MediaKeySessionClosedReason enumeration is defined as follows:

    - - + - + - - + - - + @@ -2766,26 +2727,26 @@

    Exceptions

    Session Storage and Persistence

    This section provides an overview of session storage and persistence that complements the algorithms.

    -

    The following requirements apply in addition to those in .

    -

    If the result of running the algorithm on this object's session type is false, the user agent and CDM MUST NOT persist a record of or data related to the session at any point. - This includes license(s), key(s), , and the . +

    The following requirements apply in addition to those in [=Storage and Persistence=].

    +

    If the result of running the [=Is persistent session type?=] algorithm on this object's session type is false, the user agent and [=CDM=] MUST NOT persist a record of or data related to the session at any point. + This includes license(s), key(s), [=record(s) of license destruction=], and the [=Session ID=].

    -

    The remainder of this section applies to session types for which the algorithm returns true.

    -

    The CDM SHOULD NOT store session data, including the Session ID, until is called the first time. - Specifically, the CDM SHOULD NOT store session data during the algorithm. +

    The remainder of this section applies to session types for which the [=Is persistent session type?=] algorithm returns true.

    +

    The [=CDM=] SHOULD NOT store session data, including the Session ID, until {{MediaKeySession/update()}} is called the first time. + Specifically, the [=CDM=] SHOULD NOT store session data during the {{MediaKeySession/generateRequest()}} algorithm. This ensures that the application is aware of the session and knows it needs to eventually remove it.

    -

    All data associated with a session MUST be cleared when the session is cleared, such as in when processing a acknowledgement. +

    All data associated with a session MUST be cleared when the session is cleared, such as in {{MediaKeySession/update()}} when processing a [=record of license destruction=] acknowledgement. See Persistent Data.

    -

    The CDM MUST ensure that data for a given session is only present in one MediaKeySession object that is not - in any . - In other words, MUST fail when there is already a MediaKeySession representing the session specified by the sessionId parameter, either because the object that created it via is still active or it has been loaded into another object via . - A session MAY only be loaded again if all objects that have ever represented it are . +

    The [=CDM=] MUST ensure that data for a given session is only present in one {{MediaKeySession}} object that is not + [=media key session/closed=] in any [=Document=]. + In other words, {{MediaKeySession/load()}} MUST fail when there is already a {{MediaKeySession}} representing the session specified by the sessionId parameter, either because the object that created it via {{MediaKeySession/generateRequest()}} is still active or it has been loaded into another object via {{MediaKeySession/load()}}. + A session MAY only be loaded again if all objects that have ever represented it are [=media key session/closed=].

    -

    An application that creates a session using a type for which the algorithm returns true SHOULD - later remove the stored data by first initiating the removal process using and then ensuring that the removal process, which may involve - message exchange(s), successfully completes. The CDM MAY also remove sessions as appropriate, but applications SHOULD NOT rely on this. +

    An application that creates a session using a type for which the [=Is persistent session type?=] algorithm returns true SHOULD + later remove the stored data by first initiating the removal process using {{MediaKeySession/remove()}} and then ensuring that the removal process, which may involve + message exchange(s), successfully completes. The [=CDM=] MAY also remove sessions as appropriate, but applications SHOULD NOT rely on this.

    See and for additional considerations when supporting persistent storage.

    @@ -2796,14 +2757,14 @@

    HTMLMediaElement Extensions

    -

    This section specifies additions to and modifications of the [[HTML]] when the Encrypted Media Extensions are supported.

    -

    The following internal values are added to the :

    +

    This section specifies additions to and modifications of the {{HTMLMediaElement}} [[HTML]] when the Encrypted Media Extensions are supported.

    +

    The following internal values are added to the {{HTMLMediaElement}}:

    • -

      attaching media keys, which SHALL have a boolean value, and

      +

      attaching media keys, which SHALL have a boolean value.

    • -

      encrypted block queue, which SHALL be a queue of encrypted blocks awaiting decryption, and

      +

      encrypted block queue, which SHALL be a queue of encrypted blocks awaiting decryption.

    • decryption blocked waiting for key, which SHALL have a boolean value.

      @@ -2812,46 +2773,46 @@

      HTMLMediaElement Extensions

      playback blocked waiting for key, which SHALL have a boolean value.

    -

    The following modifications are made to the behaviour of the :

    +

    The following modifications are made to the behaviour of the {{HTMLMediaElement}}:

    • -

      When a is created, its attaching media keys value SHALL be initialized to false, its encrypted block queue value SHALL be empty, its decryption blocked waiting for key value SHALL be initialized to false, and its playback blocked waiting for key value SHALL be initialized to false.

      +

      When a {{HTMLMediaElement}} is created, its attaching media keys value SHALL be initialized to false, its encrypted block queue value SHALL be empty, its decryption blocked waiting for key value SHALL be initialized to false, and its playback blocked waiting for key value SHALL be initialized to false.

    • -

      When the is changed other than advancing in the as part of normal playback, the encrypted block queue value SHALL be empty, the decryption blocked waiting for key value SHALL be initialized to false, and the playback blocked waiting for key value SHALL be set to false.

      +

      When the current playback position is changed other than advancing in the direction of playback as part of normal playback, the encrypted block queue value SHALL be empty, the decryption blocked waiting for key value SHALL be initialized to false, and the playback blocked waiting for key value SHALL be set to false.

      - In other words, these values should be reset when, for example, or . + In other words, these values should be reset when, for example, loading the media resource or seeking.

    • -

      In addition to the criteria specified in [[HTML]], an SHALL be considered a if its playback blocked waiting for key value is true.

      +

      In addition to the criteria specified in [[HTML]], an {{HTMLMediaElement}} SHALL be considered a blocked media element if its playback blocked waiting for key value is true.

    • -

      When the user agent is ready to begin playback and has encountered an indication that the may contain encrypted blocks during the , the user agent SHALL run the Media Data May Contain Encrypted Blocks algorithm.

      +

      When the user agent is ready to begin playback and has encountered an indication that the [=HTMLMediaElement/media data=] may contain encrypted blocks during the [=resource fetch algorithm=], the user agent SHALL run the Media Data May Contain Encrypted Blocks algorithm.

      - For some container formats, such indication is separate from . + For some container formats, such indication is separate from [=Initialization Data=].

      - The algorithm is to be run after parsing the relevant container data, including running the algorithm, but before decoding starts. + The algorithm is to be run after parsing the relevant container data, including running the [=Initialization Data Encountered=] algorithm, but before decoding starts.

    • -

      When the user agent encounters in the during the , the user agent SHALL run the algorithm.

      +

      When the user agent encounters [=Initialization Data=] in the [=HTMLMediaElement/media data=] during the [=resource fetch algorithm=], the user agent SHALL run the [=Initialization Data Encountered=] algorithm.

      - Some container formats may support encrypted media data that does not contain and thus support media data that does not trigger this algorithm. + Some container formats may support encrypted media data that does not contain [=Initialization Data=] and thus support media data that does not trigger this algorithm.

    • -

      For each block of encrypted encountered during the , the user agent SHALL run the algorithm in the order the encrypted blocks were encountered.

      +

      For each block of encrypted [=HTMLMediaElement/media data=] encountered during the [=resource fetch algorithm=], the user agent SHALL run the [=Encrypted Block Encountered=] algorithm in the order the encrypted blocks were encountered.

      The above step provides flexibility for user agent implementations to perform decryption at any time after an encrypted block is encountered before it is needed for playback.

    • -

      When one of the following occurs while the decryption blocked waiting for key value is true, the user agent SHALL run the algorithm.

      +

      When one of the following occurs while the decryption blocked waiting for key value is true, the user agent SHALL run the [=Wait for Key=] algorithm.

      • @@ -2863,27 +2824,38 @@

      HTMLMediaElement Extensions

      For methods that return a promise, all errors are reported asynchronously by rejecting the returned Promise. This includes [[WEBIDL]] type mapping errors.

      The steps of an algorithm are always aborted when rejecting a promise.

      - 
      [Exposed=Window] partial interface HTMLMediaElement {
-    [SecureContext] readonly        attribute MediaKeys?   mediaKeys;
-                                    attribute EventHandler onencrypted;
-                                    attribute EventHandler onwaitingforkey;
-    [SecureContext] Promise<undefined> setMediaKeys (MediaKeys? mediaKeys);
-};
-

      Attributes

      mediaKeys of type MediaKeys, readonly , nullable
      -

      The MediaKeys being used when decrypting encrypted for this media element.

      -
      onencrypted of type {{EventHandler}}
      -

      Event handler for the event. It MUST be supported by all HTMLMediaElements as both a content attribute and an IDL attribute.

      -
      onwaitingforkey of type {{EventHandler}}
      -

      Event handler for the event. It MUST be supported by all HTMLMediaElements as both a content attribute and an IDL attribute.

      -

      Methods

      setMediaKeys
      -

      Provides the MediaKeys to use when decrypting media data during playback.

      - -

      Support for clearing or replacing the associated MediaKeys object during playback is a quality of implementation issue. In many cases it will result in a bad user experience or rejected promise.

      + 
      +        [Exposed=Window] partial interface HTMLMediaElement {
+          [SecureContext] readonly        attribute MediaKeys?   mediaKeys;
+                                          attribute EventHandler onencrypted;
+                                          attribute EventHandler onwaitingforkey;
+          [SecureContext] Promise<undefined> setMediaKeys (MediaKeys? mediaKeys);
+        };
+
      +
      +

      Attributes

      +
      +
      mediaKeys of type {{MediaKeys}}, readonly, nullable
      +

      The {{MediaKeys}} being used when decrypting encrypted [=HTMLMediaElement/media data=] for this media element.

      +
      onencrypted of type {{EventHandler}}
      +

      Event handler for the {{encrypted}} event. It MUST be supported by all {{HTMLMediaElement}}s as both a content attribute and an IDL attribute.

      +
      onwaitingforkey of type {{EventHandler}}
      +

      Event handler for the {{waitingforkey}} event. It MUST be supported by all {{HTMLMediaElement}}s as both a content attribute and an IDL attribute.

      +
      +
      +
      +

      Methods

      +
      +
      setMediaKeys()
      +
      +

      Provides the {{MediaKeys}} to use when decrypting media data during playback.

      +

      Support for clearing or replacing the associated {{MediaKeys}} object during playback is a quality of implementation issue. In many cases it will result in a bad user experience or rejected promise.

      +

      When this method is invoked, the user agent MUST run the following steps:

        -

      1. If this object's attaching media keys value is true, return a promise rejected with an .

        2. -

      2. If mediaKeys and the attribute are the same object, return a resolved promise.

        3. +

      3. If this object's attaching media keys value is true, return a promise rejected with an {{InvalidStateError}}.

        4. +

      4. If mediaKeys and the {{HTMLMediaElement/mediaKeys}} attribute are the same object, return a resolved promise.

      5. Let this object's attaching media keys value be true.

      6. Let promise be a new promise.

      7. Run the following steps in parallel:

        @@ -2893,77 +2865,89 @@

        HTMLMediaElement Extensions

        • mediaKeys is not null,

        • -

          the CDM instance represented by mediaKeys is already in use by another media element

          +

          the [=CDM=] instance represented by mediaKeys is already in use by another media element

        • the user agent is unable to use it with this element

        - then let this object's attaching media keys value be false and reject promise with a . + then let this object's attaching media keys value be false and reject promise with a {{QuotaExceededError}}.

        8. -

      8. If the attribute is not null, run the following steps:

        +

      9. If the {{HTMLMediaElement/mediaKeys}} attribute is not null, run the following steps:

          -

        1. If the user agent or CDM do not support removing the association, let this object's attaching media keys value be false and reject promise with a .

          2. -

        2. If the association cannot currently be removed, let this object's attaching media keys value be false and reject promise with an .

          +

        3. If the user agent or [=CDM=] do not support removing the association, let this object's attaching media keys value be false and reject promise with a {{NotSupportedError}}.

          4. +

        4. If the association cannot currently be removed, let this object's attaching media keys value be false and reject promise with an {{InvalidStateError}}.

          For example, some implementations may not allow removal during playback.

          5. -

        5. Stop using the CDM instance represented by the attribute to decrypt and remove the association with the media element.

          6. -

        6. If the preceding step failed, let this object's attaching media keys value be false and reject promise with .

          7. +

        7. Stop using the [=CDM=] instance represented by the {{HTMLMediaElement/mediaKeys}} attribute to decrypt [=HTMLMediaElement/media data=] and remove the association with the media element.

          8. +

        8. If the preceding step failed, let this object's attaching media keys value be false and reject promise with the appropriate error name.

      10. If mediaKeys is not null, run the following steps:

          -

        1. Associate the CDM instance represented by mediaKeys with the media element for decrypting .

          2. +

        2. Associate the [=CDM=] instance represented by mediaKeys with the media element for decrypting [=HTMLMediaElement/media data=].

        3. If the preceding step failed, run the following steps:

            -

          1. Set the attribute to null.

            2. +

          2. Set the {{HTMLMediaElement/mediaKeys}} attribute to null.

          3. Let this object's attaching media keys value be false.

            4. -

          4. Reject promise with .

            5. +

          5. Reject promise with a new {{DOMException}} whose name is the appropriate error name.

          4. -

        4. algorithm on the media element.

          +

        5. [=Queue a task=] to run the [=Attempt to Resume Playback If Necessary=] algorithm on the media element.

        11. -

      11. Set the attribute to mediaKeys.

        12. +

      12. Set the {{HTMLMediaElement/mediaKeys}} attribute to mediaKeys.

      13. Let this object's attaching media keys value be false.

      14. Resolve promise.

    • Return promise.

      • -
    Enumeration description
    internal-error - The session was closed because of an unrecoverable error in the CDM. - When this occurs, applications MUST NOT create new sessions on this MediaKeys instance. -
    closed-by-application - The session was closed by the application calling the method of the session explicitly. -
    release-acknowledged - The session was closed because the CDM received a acknowledgement. -
    hardware-context-reset - The session was closed because the CDM's original hardware context was reset. - When this occurs, the User Agent MUST allow the application to create new sessions on this MediaKeys instance. + + + + + +
    Enumeration description
    internal-error + The session was closed because of an unrecoverable error in the [=CDM=]. + When this occurs, applications MUST NOT create new sessions on this {{MediaKeys}} instance. +
    closed-by-application + The session was closed by the application calling the {{MediaKeySession/close()}} method of the session explicitly. +
    release-acknowledged + The session was closed because the [=CDM=] received a [=record of license destruction=] acknowledgement. +
    hardware-context-reset + The session was closed because the [=CDM=]'s original hardware context was reset. + When this occurs, the User Agent MUST allow the application to create new sessions on this {{MediaKeys}} instance.

    This could occur for many reasons, including device hibernation, monitor configuration change, etc. The exact reasons for a hardware context reset are implementation-dependent.

    -
    resource-evicted +
    resource-evicted The session was closed because the system needed to reclaim resources to allow the creation of other sessions.

    @@ -1858,99 +1770,114 @@

    MediaKeySession Interface

    - 
    [Exposed=Window, SecureContext] interface MediaKeySession : EventTarget {
-    readonly        attribute DOMString                            sessionId;
-    readonly        attribute unrestricted double                  expiration;
-    readonly        attribute Promise<MediaKeySessionClosedReason> closed;
-    readonly        attribute MediaKeyStatusMap                    keyStatuses;
-                    attribute EventHandler                         onkeystatuseschange;
-                    attribute EventHandler                         onmessage;
-    Promise<undefined>    generateRequest (DOMString initDataType, BufferSource initData);
-    Promise<boolean> load (DOMString sessionId);
-    Promise<undefined>    update (BufferSource response);
-    Promise<undefined>    close ();
-    Promise<undefined>    remove ();
-};
-

    Attributes

    sessionId of type {{DOMString}}, readonly
    -

    The for this object and the associated key(s) or license(s).

    -
    expiration of type {{unrestricted double}}, readonly
    -

    The for all key(s) in the session, or NaN if no such time exists or if the license explicitly never expires, as determined by the CDM.

    -

    This value MAY change during the session lifetime, such as when an action triggers the start of a window.

    -
    closed of type Promise<{{MediaKeySessionClosedReason}}>, readonly
    -

    Signals when the object becomes as a result of the algorithm being run. - This promise can only be fulfilled and is never rejected.

    -
    keyStatuses of type MediaKeyStatusMap, readonly
    -

    A reference to a read-only map of key IDs known to the session to the current status of the associated key. + 

    +        [Exposed=Window, SecureContext] interface MediaKeySession : EventTarget {
+          readonly        attribute DOMString                            sessionId;
+          readonly        attribute unrestricted double                  expiration;
+          readonly        attribute Promise<MediaKeySessionClosedReason> closed;
+          readonly        attribute MediaKeyStatusMap                    keyStatuses;
+                          attribute EventHandler                         onkeystatuseschange;
+                          attribute EventHandler                         onmessage;
+          Promise<undefined>    generateRequest (DOMString initDataType, BufferSource initData);
+          Promise<boolean> load (DOMString sessionId);
+          Promise<undefined>    update (BufferSource response);
+          Promise<undefined>    close ();
+          Promise<undefined>    remove ();
+        };
+
    +
    +

    Attributes

    +
    +
    sessionId of type {{DOMString}}, readonly
    +

    The [=Session ID=] for this object and the associated key(s) or license(s).

    +
    expiration of type {{unrestricted double}}, readonly
    +
    +

    The [=expiration time=] for all key(s) in the session, or NaN if no such time exists or if the license explicitly never expires, as determined by the [=CDM=].

    +

    This value MAY change during the session lifetime, such as when an action triggers the start of a window.

    +
    +
    closed of type Promise<{{MediaKeySessionClosedReason}}>, readonly
    +
    +

    Signals when the object becomes [=media key session/closed=] as a result of the [=Session Closed=] algorithm being run. + This promise can only be fulfilled and is never rejected.

    +
    +
    keyStatuses of type {{MediaKeyStatusMap}}, readonly
    +
    +

    A reference to a read-only map of [=key IDs=] [=known=] to the session to the current status of the associated key. Each entry MUST have a unique key ID. -

    +

    The map entries and their values may be updated whenever the event loop spins. The map MUST NOT ever be inconsistent or partially updated, but it may change between accesses if the event loop spins in between the accesses. - Key IDs may be added as the result of a or call. - Key IDs may be removed as the result of a call that removes knowledge of existing keys (or replaces the existing set of keys with a new set). - Key IDs MUST NOT be removed because they became unusable, such as due to expiration. Instead, such keys MUST be given an appropriate status, such as . + Key IDs may be added as the result of a {{MediaKeySession/load()}} or {{MediaKeySession/update()}} call. + Key IDs may be removed as the result of a {{MediaKeySession/update()}} call that removes knowledge of existing keys (or replaces the existing set of keys with a new set). + Key IDs MUST NOT be removed because they became unusable, such as due to expiration. Instead, such keys MUST be given an appropriate status, such as {{MediaKeyStatus/"expired"}}.

    - Some older platforms may contain Key System implementations that do not expose key IDs, making it impossible to provide a compliant user agent implementation. - To maximize interoperability, user agent implementations exposing such CDMs SHOULD implement this member as follows: - Whenever a non-empty list is appropriate, such as when the key session represented by this object may contain key(s), populate the map with a single pair containing - the one-byte key ID 0 and the MediaKeyStatus most appropriate for the aggregated status of this object. -

    -
    onkeystatuseschange of type {{EventHandler}}
    -

    Event handler for the event.

    -
    onmessage of type {{EventHandler}}
    -

    Event handler for the event.

    -

    Methods

    generateRequest
    + Some older platforms may contain [=Key System=] implementations that do not expose key IDs, making it impossible to provide a compliant user agent implementation. + To maximize interoperability, user agent implementations exposing such [=CDMs=] SHOULD implement this member as follows: + Whenever a non-empty list is appropriate, such as when the [=key session=] represented by this object may contain [=key(s)=], populate the map with a single pair containing + the one-byte key ID 0 and the {{MediaKeyStatus}} most appropriate for the aggregated status of this object. +

    +
    +
    onkeystatuseschange of type {{EventHandler}}
    +

    Event handler for the {{keystatuseschange}} event.

    +
    onmessage of type {{EventHandler}}
    +

    Event handler for the {{message}} event.

    +
    +
    +
    +

    Methods

    +
    +
    generateRequest()
    +

    Generates a license request based on the initData. - A of type or will always be queued if the algorithm succeeds and the promise is resolved. + A {{message}} of type {{MediaKeyMessageType/"license-request"}} or {{MediaKeyMessageType/"individualization-request"}} will always be queued if the algorithm succeeds and the promise is resolved.

    - - - +

    When this method is invoked, the user agent MUST run the following steps:

      -

    1. If this object's closing or closed value is true, return a promise rejected with an .

      2. -

    2. If this object's uninitialized value is false, return a promise rejected with an .

      3. +

    3. If this object's closing or closed value is true, return a promise rejected with an {{InvalidStateError}}.

      4. +

    4. If this object's uninitialized value is false, return a promise rejected with an {{InvalidStateError}}.

    5. Let this object's uninitialized value be false.

      6. -

    6. If initDataType is the empty string, return a promise rejected with a newly created .

      7. -

    7. If initData is an empty array, return a promise rejected with a newly created .

      8. -

    8. If the implementation represented by this object's cdm implementation value does not support initDataType as an , return a promise rejected with a . String comparison is case-sensitive.

      9. +

    9. If initDataType is the empty string, return a promise rejected with a newly created {{TypeError}}.

      10. +

    10. If initData is an empty array, return a promise rejected with a newly created {{TypeError}}.

      11. +

    11. If the [=Key System=] implementation represented by this object's cdm implementation value does not support initDataType as an [=Initialization Data Type=], return a promise rejected with a {{NotSupportedError}}. String comparison is case-sensitive.

    12. Let init data be a copy of the contents of the initData parameter.

    13. Let session type be this object's session type.

    14. Let promise be a new promise.

    15. Run the following steps in parallel:

        -

      1. If the init data is not valid for initDataType, reject promise with a newly created .

        2. +

      2. If the init data is not valid for initDataType, reject promise with a newly created {{TypeError}}.

      3. Let sanitized init data be a validated and sanitized version of init data.

        -

        The user agent MUST thoroughly validate the before passing it to the CDM. +

        The user agent MUST thoroughly validate the [=Initialization Data=] before passing it to the [=CDM=]. This includes verifying that the length and values of fields are reasonable, verifying that values are within reasonable limits, and stripping irrelevant, unsupported, or unknown data or fields. - It is RECOMMENDED that user agents pre-parse, sanitize, and/or generate a fully sanitized version of the . - If the format specified by initDataType supports multiple entries, the user agent SHOULD remove entries that are not needed by the CDM. The user agent MUST NOT re-order entries within the . + It is RECOMMENDED that user agents pre-parse, sanitize, and/or generate a fully sanitized version of the [=Initialization Data=]. + If the [=Initialization Data=] format specified by initDataType supports multiple entries, the user agent SHOULD remove entries that are not needed by the [=CDM=]. The user agent MUST NOT re-order entries within the [=Initialization Data=].

        4. -

      4. If the preceding step failed, reject promise with a newly created .

        5. -

      5. If sanitized init data is empty, reject promise with a .

        6. +

      6. If the preceding step failed, reject promise with a newly created {{TypeError}}.

        7. +

      7. If sanitized init data is empty, reject promise with a {{NotSupportedError}}.

      8. Let session id be the empty string.

      9. Let message be null.

      10. Let message type be null.

        11. -

      11. Let cdm be the CDM instance represented by this object's cdm instance value.

        12. +

      12. Let cdm be the [=CDM=] instance represented by this object's cdm instance value.

      13. Use the cdm to execute the following steps:

          -

        1. If the sanitized init data is not supported by the cdm, reject promise with a .

          2. +

        2. If the sanitized init data is not supported by the cdm, reject promise with a {{NotSupportedError}}.

        3. Follow the steps for the value of session type from the following list:

          -
          +
          {{MediaKeySessionType/"temporary"}}

          Let requested license type be a temporary non-persistable license.

          The returned license must not be persistable or require persisting information related to it.

          -
          +
          {{MediaKeySessionType/"persistent-license"}}

          Let requested license type be a persistable license.

          4. -

        4. Let session id be a unique string.

          -

          If the result of running the algorithm on session type is true, the ID MUST be unique within the of this object's over time, including across Documents and browsing sessions.

          +

        5. Let session id be a unique [=Session ID=] string.

          +

          If the result of running the [=Is persistent session type?=] algorithm on session type is true, the ID MUST be unique within the [=origin=] of this object's [=Document=] over time, including across Documents and browsing sessions.

        6. @@ -1963,14 +1890,14 @@

          MediaKeySession Interface

          interpreted per initDataType.

          - The cdm MUST NOT use any stream-specific data, including , not provided via the + The cdm MUST NOT use any stream-specific data, including [=HTMLMediaElement/media data=], not provided via the sanitized init data.

          -

          The cdm SHOULD NOT store session data, including the session ID, at this point. See .

          +

          The cdm SHOULD NOT store session data, including the session ID, at this point. See Session Storage and Persistence.

        7. - Let message type be . + Let message type be {{MediaKeyMessageType/"license-request"}}.

        @@ -1984,13 +1911,13 @@

        MediaKeySession Interface

        for the requested license type can be generated based on the sanitized init data.

        - In a subsequent call to the CDM MUST generate a license request for the requested license type + In a subsequent call to {{MediaKeySession/update()}} the [=CDM=] MUST generate a license request for the requested license type based on the sanitized init data, which is interpreted per initDataType.

      14. - Let message type reflect the type of message, either or . + Let message type reflect the type of message, either {{MediaKeyMessageType/"license-request"}} or {{MediaKeyMessageType/"individualization-request"}}.

      @@ -2000,13 +1927,13 @@

      MediaKeySession Interface

  • -

    to run the following steps:

    +

    [=Queue a task=] to run the following steps:

      -

    1. If any of the preceding steps failed due to a lack of resources, reject promise with .

      2. -

    2. If any of the preceding steps failed for any other reason, reject promise with .

      3. -

    3. Set the attribute to session id.

      4. +

    4. If any of the preceding steps failed due to a lack of resources, reject promise with {{QuotaExceededError}}.

      5. +

    5. If any of the preceding steps failed for any other reason, reject promise with a new {{DOMException}} whose name is the appropriate error name.

      6. +

    6. Set the {{MediaKeySession/sessionId}} attribute to session id.

    7. Set this object's callable value to true.

      8. -

    8. Run the algorithm on the session, providing message type and message.

      +

    9. Run the [=Queue a "message" Event=] algorithm on the session, providing message type and message.

    10. Resolve promise.

      Since promise handlers are queued as microtasks, these will be executed ahead of any events queued by the preceding steps.

      @@ -2017,74 +1944,70 @@

      MediaKeySession Interface

    11. Return promise.

    -
    ParameterTypeNullableOptionalDescription
    initDataTypeDOMString - The of the initData. -
    initDataBufferSource - -
    Return type: Promise<undefined>
    • load
    +
    +
    load()
    +

    Loads the data stored for the specified session into this object.

    - - - +

    When this method is invoked, the user agent MUST run the following steps:

      -

    1. If this object's closing or closed value is true, return a promise rejected with an .

      2. -

    2. If this object's uninitialized value is false, return a promise rejected with an .

      3. +

    3. If this object's closing or closed value is true, return a promise rejected with an {{InvalidStateError}}.

      4. +

    4. If this object's uninitialized value is false, return a promise rejected with an {{InvalidStateError}}.

    5. Let this object's uninitialized value be false.

      6. -

    6. If sessionId is the empty string, return a promise rejected with a newly created .

      7. -

    7. If the result of running the algorithm on this object's session type is false, return a promise rejected with a newly created .

      8. -

    8. Let origin be the of this object's .

      9. +

    9. If sessionId is the empty string, return a promise rejected with a newly created {{TypeError}}.

      10. +

    10. If the result of running the [=Is persistent session type?=] algorithm on this object's session type is false, return a promise rejected with a newly created {{TypeError}}.

      11. +

    11. Let origin be the [=origin=] of this object's [=Document=].

    12. Let promise be a new promise.

    13. Run the following steps in parallel:

      1. Let sanitized session ID be a validated and/or sanitized version of sessionId.

        -

        The user agent should thoroughly validate the sessionId value before passing it to the CDM. +

        The user agent should thoroughly validate the sessionId value before passing it to the [=CDM=]. At a minimum, this should include checking that the length and value are reasonable (e.g., not longer than tens of characters and alphanumeric).

        2. -

      2. If the preceding step failed, or if sanitized session ID is empty, reject promise with a newly created .

        3. -

      3. If there is a MediaKeySession object that is not in this object's whose attribute is sanitized session ID, reject promise with a .

        +

      4. If the preceding step failed, or if sanitized session ID is empty, reject promise with a newly created {{TypeError}}.

        5. +

      5. If there is a {{MediaKeySession}} object that is not [=media key session/closed=] in this object's [=Document=] whose {{MediaKeySession/sessionId}} attribute is sanitized session ID, reject promise with a {{QuotaExceededError}}.

        In other words, do not create a session if a non-closed session, regardless of type, already exists for this sanitized session ID in this browsing context.

      6. Let expiration time be NaN.

      7. Let message be null.

      8. Let message type be null.

        9. -

      9. Let cdm be the CDM instance represented by this object's cdm instance value.

        10. +

      10. Let cdm be the [=CDM=] instance represented by this object's cdm instance value.

      11. Use the cdm to execute the following steps:

        1. If there is no data stored for the sanitized session ID in the origin, resolve promise with false and abort these steps.

          2. -

        2. If the stored session's session type is not the same as the current MediaKeySession session type, reject promise with a newly created .

          3. +

        3. If the stored session's session type is not the same as the current {{MediaKeySession}} session type, reject promise with a newly created {{TypeError}}.

        4. Let session data be the data stored for the sanitized session ID in the origin. This MUST NOT include data from other origin(s) or that is not associated with an origin.

          5. -

        5. If there is a MediaKeySession object that is not in any and that - represents the session data, reject promise with a .

          +

        6. If there is a {{MediaKeySession}} object that is not [=media key session/closed=] in any [=Document=] and that + represents the session data, reject promise with a {{QuotaExceededError}}.

          In other words, do not create a session if a non-closed persistent session already exists for this sanitized session ID in any browsing context.

        7. Load the session data.

          8. -

        8. If the session data indicates an for the session, let expiration time be that expiration time.

          9. +

        9. If the session data indicates an [=expiration time=] for the session, let expiration time be that expiration time.

        10. If a message needs to be sent, execute the following steps:

          1. Let message be a message generated based on the session data.

            2. -

          2. Let message type be the appropriate MediaKeyMessageType for the message.

            3. +

          3. Let message type be the appropriate {{MediaKeyMessageType}} for the message.

      12. -

        to run the following steps:

        +

        [=Queue a task=] to run the following steps:

          -

        1. If any of the preceding steps failed, reject promise with a .

          2. -

        2. Set the attribute to sanitized session ID.

          3. +

        3. If any of the preceding steps failed, reject promise with the appropriate error name.

          4. +

        4. Set the {{MediaKeySession/sessionId}} attribute to sanitized session ID.

        5. Set this object's callable value to true.

        6. - If the loaded session contains information about any keys (there are known keys), run the algorithm on the session, providing each key's along with the appropriate MediaKeyStatus. + If the loaded session contains information about any keys (there are [=known keys=]), run the [=Update Key Statuses=] algorithm on the session, providing each key's [=key ID=] along with the appropriate {{MediaKeyStatus}}.

          -

          Should additional processing be necessary to determine with certainty the status of a key, use . - Once the additional processing for one or more keys has completed, run the algorithm again with the actual status(es). +

          Should additional processing be necessary to determine with certainty the status of a key, use {{MediaKeyStatus/"status-pending"}}. + Once the additional processing for one or more keys has completed, run the [=Update Key Statuses=] algorithm again with the actual status(es).

          7. -

        7. Run the algorithm on the session, providing expiration time.

          8. -

        8. If message is not null, run the algorithm on the session, providing message type and message.

          9. +

        9. Run the [=Update Expiration=] algorithm on the session, providing expiration time.

          10. +

        10. If message is not null, run the [=Queue a "message" Event=] algorithm on the session, providing message type and message.

        11. Resolve promise with true.

          @@ -2096,36 +2019,35 @@

          MediaKeySession Interface

        12. Return promise.

        -
        ParameterTypeNullableOptionalDescription
        sessionIdDOMString - The of the session to load. -
        Return type: Promise<boolean>
    update
    -

    Provides messages, including licenses, to the CDM.

    - - - +
    +
    update()
    +
    +

    Provides messages, including licenses, to the [=CDM=].

    +

    The response parameter contains a message to be provided to the [=CDM=]. The contents are [=Key System=]-specific. It MUST NOT contain executable code.

    +

    When this method is invoked, the user agent MUST run the following steps:

      -

    1. If this object's closing or closed value is true, return a promise rejected with an .

      2. -

    2. If this object's callable value is false, return a promise rejected with an .

      3. -

    3. If response is an empty array, return a promise rejected with a newly created .

      4. +

    4. If this object's closing or closed value is true, return a promise rejected with an {{InvalidStateError}}.

      5. +

    5. If this object's callable value is false, return a promise rejected with an {{InvalidStateError}}.

      6. +

    6. If response is an empty array, return a promise rejected with a newly created {{TypeError}}.

    7. Let response copy be a copy of the contents of the response parameter.

    8. Let promise be a new promise.

    9. Run the following steps in parallel:

      1. Let sanitized response be a validated and/or sanitized version of response copy.

        -

        The user agent should thoroughly validate the response before passing it to the CDM. +

        The user agent should thoroughly validate the response before passing it to the [=CDM=]. This may include verifying values are within reasonable limits, stripping irrelevant data or fields, pre-parsing it, sanitizing it, and/or generating a fully sanitized version. The user agent should check that the length and values of fields are reasonable. Unknown fields should be rejected or removed.

        2. -

      2. If the preceding step failed, or if sanitized response is empty, reject promise with a newly created .

        3. +

      3. If the preceding step failed, or if sanitized response is empty, reject promise with a newly created {{TypeError}}.

      4. Let message be null.

      5. Let message type be null.

      6. Let session closed be false.

        7. -

      7. Let cdm be the CDM instance represented by this object's cdm instance value.

        8. +

      8. Let cdm be the [=CDM=] instance represented by this object's cdm instance value.

      9. Use the cdm to execute the following steps:

          -

        1. If the format of sanitized response is invalid in any way, reject promise with a newly created .

          2. +

        2. If the format of sanitized response is invalid in any way, reject promise with a newly created {{TypeError}}.

        3. Process sanitized response, following the stipulation for the first matching condition from the following list:

          If sanitized response contains a license or key(s)
          @@ -2133,40 +2055,40 @@

          MediaKeySession Interface

          This includes an initial license, an updated license, and a license renewal message.

          Process sanitized response, following the stipulation for the first matching condition from the following list:

          -
          If sessionType is and sanitized response does not specify that session data, including any license, key(s), or similar session data it contains, should be stored
          +
          If sessionType is {{MediaKeySessionType/"temporary"}} and sanitized response does not specify that session data, including any license, key(s), or similar session data it contains, should be stored
          Process sanitized response, not storing any session data.
          -
          If sessionType is and sanitized response contains a persistable license
          +
          If sessionType is {{MediaKeySessionType/"persistent-license"}} and sanitized response contains a persistable license
          Process sanitized response, storing the license/key(s) and related session data contained in sanitized response. - Such data MUST be stored such that only the of this object's can access it. + Such data MUST be stored such that only the [=origin=] of this object's [=Document=] can access it.
          Otherwise
          -

          Reject promise with a newly created .

          +

          Reject promise with a newly created {{TypeError}}.

          -

          See also .

          +

          See also Session Storage and Persistence.

          State information, including keys, for each session MUST be stored in such a way that closing one session does not affect the observable state in other session(s), even if they contain overlapping key IDs.

          When sanitized response contains key(s) and/or related data, cdm will likely store (in memory) the key and related data indexed by key ID.

          -

          The replacement algorithm within a session is -dependent.

          -

          It is RECOMMENDED that CDM implementations support a standard and reasonably high minimum number of keys per MediaKeySession object, including a standard replacement algorithm, and a standard and reasonably high minimum number of MediaKeySession objects. +

          The replacement algorithm within a session is [=Key System=]-dependent.

          +

          It is RECOMMENDED that [=CDM=] implementations support a standard and reasonably high minimum number of keys per {{MediaKeySession}} object, including a standard replacement algorithm, and a standard and reasonably high minimum number of {{MediaKeySession}} objects. This enables a reasonable number of key rotation algorithms to be implemented across user agents and may reduce the likelihood of playback interruptions in use cases that involve various streams in the same element (e.g., adaptive streams, various audio and video tracks) using different keys.

    -
    If sanitized response contains a acknowledgement and sessionType is
    +
    If sanitized response contains a [=record of license destruction=] acknowledgement and sessionType is {{MediaKeySessionType/"persistent-license"}}

    Run the following steps:

    1. - Close the key session and clear all stored session data associated with this object, - including the and . + Close the [=key session=] and clear all stored session data associated with this object, + including the {{MediaKeySession/sessionId}} and [=record of license destruction=].

      -

      A subsequent call to with the value of this object's would fail because there is no data stored for that session ID.

      +

      A subsequent call to {{MediaKeySession/load()}} with the value of this object's {{MediaKeySession/sessionId}} would fail because there is no data stored for that session ID.

    2. Set session closed to true.

    Otherwise
    Process sanitized response, not storing any session data. -

    For example, sanitized response may contain information that will be used to generate another event. +

    For example, sanitized response may contain information that will be used to generate another {{message}} event. In this case, there is no need to verify the contents against the sessionType.

    @@ -2175,19 +2097,19 @@

    MediaKeySession Interface

  • If a message needs to be sent, execute the following steps:

    1. Let message be that message.

      2. -

    2. Let message type be the appropriate MediaKeyMessageType for the message.

      3. +

    3. Let message type be the appropriate {{MediaKeyMessageType}} for the message.

  • -

    to run the following steps:

    +

    [=Queue a task=] to run the following steps:

    1. If session closed is true:
      -

      Run the algorithm on this object with reason .

      +

      Run the [=Session Closed=] algorithm on this object with reason {{MediaKeySessionClosedReason/"release-acknowledged"}}.

      Otherwise:
      @@ -2195,21 +2117,21 @@

      MediaKeySession Interface

      1. - If the set of keys known to the CDM for this object changed or the status of any key(s) changed, run the algorithm on the session, providing each known key's along with the appropriate MediaKeyStatus. + If the set of keys [=known=] to the [=CDM=] for this object changed or the status of any key(s) changed, run the [=Update Key Statuses=] algorithm on the session, providing each known key's [=key ID=] along with the appropriate {{MediaKeyStatus}}.

        - Should additional processing be necessary to determine with certainty the status of a key, use . - Once the additional processing for one or more keys has completed, run the algorithm again with the actual status(es). + Should additional processing be necessary to determine with certainty the status of a key, use {{MediaKeyStatus/"status-pending"}}. + Once the additional processing for one or more keys has completed, run the [=Update Key Statuses=] algorithm again with the actual status(es).

      2. -

        If the for the session changed, run the algorithm on the session, providing the new expiration time.

        +

        If the [=expiration time=] for the session changed, run the [=Update Expiration=] algorithm on the session, providing the new expiration time.

      3. -

        If any of the preceding steps failed, reject promise with .

        +

        If any of the preceding steps failed, reject promise with a new {{DOMException}} whose name is the appropriate error name.

      4. -

        If message is not null, run the algorithm on the session, providing message type and message.

        +

        If message is not null, run the [=Queue a "message" Event=] algorithm on the session, providing message type and message.

      @@ -2225,30 +2147,28 @@

      MediaKeySession Interface

    2. Return promise.

    -
    ParameterTypeNullableOptionalDescription
    responseBufferSource - A message to be provided to the CDM. - The contents are -specific. - It MUST NOT contain executable code. -
    Return type: Promise<undefined>
    • close
    -

    Indicates that the application no longer needs the session and the CDM should release any resources associated with the session and close it. Persisted data should not be released or cleared.

    -

    The returned promise is resolved when the request has been processed, and the attribute promise is resolved with when the session is closed.

    - +
    +
    close()
    +
    +

    Indicates that the application no longer needs the session and the [=CDM=] should release any resources associated with the session and close it. Persisted data should not be released or cleared.

    +

    The returned promise is resolved when the request has been processed, and the {{MediaKeySession/closed}} attribute promise is resolved with {{MediaKeySessionClosedReason/"closed-by-application"}} when the session is closed.

    +

    When this method is invoked, the user agent MUST run the following steps:

    1. If this object's closing or closed value is true, return a resolved promise.

      2. -

    2. If this object's callable value is false, return a promise rejected with an .

      3. +

    3. If this object's callable value is false, return a promise rejected with an {{InvalidStateError}}.

    4. Let promise be a new promise.

    5. Set this object's closing or closed value to true.

    6. Run the following steps in parallel:

        -

      1. Let cdm be the CDM instance represented by this object's cdm instance value.

        2. +

      2. Let cdm be the [=CDM=] instance represented by this object's cdm instance value.

      3. -

        Use cdm to close the key session associated with this object.

        +

        Use cdm to close the [=key session=] associated with this object.

        Closing the key session results in the destruction of any license(s) and key(s) that have not been explicitly stored.

      4. -

        to run the following steps:

        +

        [=Queue a task=] to run the following steps:

          -

        1. Run the algorithm on this object with reason .

          2. +

        2. Run the [=Session Closed=] algorithm on this object with reason {{MediaKeySessionClosedReason/"closed-by-application"}}.

        3. Resolve promise.

          Since promise handlers are queued as microtasks, these will be executed ahead of any events queued by the preceding steps.

          @@ -2259,19 +2179,21 @@

          MediaKeySession Interface

        4. Return promise.

        -
        No parameters.
        Return type: Promise<undefined>
    remove
    +
    +
    remove()
    +

    Removes all license(s) and key(s) associated with the session. - For persistent session types, other session data will be cleared as defined for each session type once a release message acknowledgment is processed by . + For persistent session types, other session data will be cleared as defined for each session type once a release message acknowledgment is processed by {{MediaKeySession/update()}}.

    - +

    When this method is invoked, the user agent MUST run the following steps:

      -

    1. If this object's closing or closed value is true, return a promise rejected with an .

      2. -

    2. If this object's callable value is false, return a promise rejected with an .

      3. +

    3. If this object's closing or closed value is true, return a promise rejected with an {{InvalidStateError}}.

      4. +

    4. If this object's callable value is false, return a promise rejected with an {{InvalidStateError}}.

    5. Let promise be a new promise.

    6. Run the following steps in parallel:

        -

      1. Let cdm be the CDM instance represented by this object's cdm instance value.

        2. +

      2. Let cdm be the [=CDM=] instance represented by this object's cdm instance value.

      3. Let message be null.

      4. Let message type be null.

      5. Use the cdm to execute the following steps:

        @@ -2291,16 +2213,16 @@

        MediaKeySession Interface

      6. Follow the steps for the value of this object's session type from the following list:

        -
        +
        {{MediaKeySessionType/"temporary"}}

        Continue with the following steps.

        -
        +
        {{MediaKeySessionType/"persistent-license"}}

        1. - Let record of license destruction be a for the license represented by this object. + Let record of license destruction be a [=record of license destruction=] for the license represented by this object.

        2. @@ -2322,17 +2244,17 @@

          MediaKeySession Interface

      7. -

        to run the following steps:

        +

        [=Queue a task=] to run the following steps:

        1. - Run the algorithm on the session, providing all key ID(s) in the session along with the MediaKeyStatus value for each. + Run the [=Update Key Statuses=] algorithm on the session, providing all [=key ID=](s) in the session along with the {{MediaKeyStatus/"released"}} {{MediaKeyStatus}} value for each.

          2. -

        2. Run the algorithm on the session, providing NaN.

          3. -

        3. If any of the preceding steps failed, reject promise with .

          4. -

        4. Let message type be .

          5. -

        5. If message is not null, run the algorithm on the session, providing message type and message.

          6. +

        6. Run the [=Update Expiration=] algorithm on the session, providing NaN.

          7. +

        7. If any of the preceding steps failed, reject promise with a new {{DOMException}} whose name is the appropriate error name.

          8. +

        8. Let message type be {{MediaKeyMessageType/"license-release"}}.

          9. +

        9. If message is not null, run the [=Queue a "message" Event=] algorithm on the session, providing message type and message.

        10. Resolve promise.

          Since promise handlers are queued as microtasks, these will be executed ahead of any events queued by the preceding steps.

          @@ -2343,52 +2265,50 @@

          MediaKeySession Interface

        11. Return promise.

        -
        No parameters.
        Return type: Promise<undefined>
    + + +

    MediaKeyStatusMap Interface

    -

    The MediaKeyStatusMap object is a read-only map of key IDs to the current status of the associated key.

    +

    The {{MediaKeyStatusMap}} object is a read-only map of [=key IDs=] to the current status of the associated key.

    A key's status is independent of whether the key is currently being used and of media data.

    -

    For example, if a key has output requirements that cannot currently be met, the key's status should be or , as appropriate, regardless of whether that key has been or is currently needed to decrypt media data.

    - 
    [Exposed=Window, SecureContext] interface MediaKeyStatusMap {
-    iterable<BufferSource,MediaKeyStatus>;
-    readonly        attribute unsigned long size;
-    boolean has (BufferSource keyId);
-    (MediaKeyStatus or undefined)     get (BufferSource keyId);
-};
    +

    For example, if a key has output requirements that cannot currently be met, the key's status should be {{MediaKeyStatus/"output-downscaled"}} or {{MediaKeyStatus/"output-restricted"}}, as appropriate, regardless of whether that key has been or is currently needed to decrypt media data.

    + 
    +          [Exposed=Window, SecureContext] interface MediaKeyStatusMap {
+            iterable<BufferSource,MediaKeyStatus>;
+            readonly attribute unsigned long size;
+            boolean has (BufferSource keyId);
+            (MediaKeyStatus or undefined) get (BufferSource keyId);
+          };
+

    Attributes

    -
    size of type {{unsigned long}}, readonly
    -

    The number of known keys.

    -
    +
    +
    size of type {{unsigned long}}, readonly
    +

    The number of [=known keys=].

    Methods

    -
    -
    has
    +
    +
    has()

    Returns true if the status of the key identified by keyId is known.

    - -
    ParameterTypeNullableOptionalDescription
    keyIdBufferSourceThe of the key.
    -
    Return type: boolean
    -
    get
    +
    get()
    -

    Returns the MediaKeyStatus of the key identified by keyId or undefined if the status of the key identified by keyId is not known.

    - -
    ParameterTypeNullableOptionalDescription
    keyIdBufferSourceThe of the key.
    -
    Return type: any
    +

    Returns the {{MediaKeyStatus}} of the key identified by keyId or undefined if the status of the key identified by keyId is not known.

    This interface has entries, keys, values, forEach and @@iterator methods - brought by iterable (see WebIDL, 3.2.7 Iterable declarations). + brought by [=iterable=] [[WebIDL]].

    - The value pairs to iterate over are a snapshot of the set of pairs formed from the and - associated MediaKeyStatus value for all known keys, sorted by . + The value pairs to iterate over are a snapshot of the set of pairs formed from the [=key ID=] and + associated {{MediaKeyStatus}} value for all [=known keys=], sorted by [=key ID=]. Key IDs are compared as follows: For key IDs A of length m and B of length n, assigned such that m <= n, let A < B if and only if the m octets of A are less in lexicographical @@ -2396,34 +2316,42 @@

    Methods

    - 
    enum MediaKeyStatus {
-    "usable",
-    "expired",
-    "released",
-    "output-restricted",
-    "output-downscaled",
-    "usable-in-future",
-    "status-pending",
-    "internal-error"
-};
    + 
    +          enum MediaKeyStatus {
+            "usable",
+            "expired",
+            "released",
+            "output-restricted",
+            "output-downscaled",
+            "usable-in-future",
+            "status-pending",
+            "internal-error"
+          };
+

    The MediaKeyStatus enumeration is defined as follows:

    - - - + + - - - + + +
    Enumeration description
    usable - The CDM is certain the key is currently .
    - Keys that may not currently be MUST NOT have this status. -
    expired - The key is no longer because its has passed.
    - The time represented by the attribute MUST be earlier than the current time. + + + + + + +
    Enumeration description
    usable + The [=CDM=] is certain the key is currently [=usable for decryption=].
    + Keys that may not currently be [=usable for decryption=] MUST NOT have this status. +
    expired + The key is no longer [=usable for decryption=] because its [=expiration time=] has passed.
    + The time represented by the {{MediaKeySession/expiration}} attribute MUST be earlier than the current time. All other keys in the session MUST have this status. -
    released - The key itself is no longer available to the CDM, but information about the key, such as a , is available. -
    output-restricted +
    released + The key itself is no longer available to the [=CDM=], but information about the key, such as a [=record of license destruction=], is available. +
    output-restricted There are output restrictions associated with the key that cannot currently be met. Media data decrypted with this key may be blocked from presentation, if necessary according to the output restrictions. The application should avoid using streams that will trigger the output restrictions associated with the key. -
    output-downscaled +
    output-downscaled There are output restrictions associated with the key that cannot currently be met. Media data decrypted with this key may be presented at a lower quality (e.g., resolution), if necessary according to the output restrictions. @@ -2431,65 +2359,98 @@

    Methods

    with the key.
    Support for downscaling is OPTIONAL. Applications SHOULD NOT rely on downscaling to ensure uninterrupted playback when output requirements cannot be met. -
    usable-in-future - The key is not yet because the start time is in the future. +
    usable-in-future + The key is not yet [=usable for decryption=] because the start time is in the future. The key will become usable when its start time is reached. -
    status-pending +
    status-pending The status of the key is not yet known and is being determined. The status will be updated with the actual status when it has been determined. -
    internal-error - The key is not currently because of an error in the CDM unrelated to the other values. +
    internal-error + The key is not currently [=usable for decryption=] because of an error in the [=CDM=] unrelated to the other values. This value is not actionable by the application.
    -

    MediaKeyMessageEvent

    -

    The MediaKeyMessageEvent object is used for the event.

    -

    Events are constructed as defined in [[DOM]].

    - - 
    enum MediaKeyMessageType {
-    "license-request",
-    "license-renewal",
-    "license-release",
-    "individualization-request"
-};
    +

    {{MediaKeyMessageEvent}}

    +

    The MediaKeyMessageEvent object is used for the {{message}} event.

    + + 
    +          enum MediaKeyMessageType {
+            "license-request",
+            "license-renewal",
+            "license-release",
+            "individualization-request"
+          };
+

    The MediaKeyMessageType is defined as follows:

    -
    Enumeration description
    license-requestThe message contains a request for a new license.
    license-renewalThe message contains a request to renew an existing license.
    license-releaseThe message contains a .
    individualization-request - The message contains a request for App-Assisted Individualization (or re-individualization).
    - As with all other messages, any identifiers in the message MUST be distinctive per origin and profile and MUST NOT be . -
    - - 
    [Exposed=Window, SecureContext]
-interface MediaKeyMessageEvent : Event {
-    constructor(DOMString type, MediaKeyMessageEventInit eventInitDict);
-    readonly        attribute MediaKeyMessageType messageType;
-    readonly        attribute ArrayBuffer         message;
-};

    Constructors

    MediaKeyMessageEvent
    - -
    ParameterTypeNullableOptionalDescription
    typeDOMString
    eventInitDictMediaKeyMessageEventInit

    Attributes

    messageType of type MediaKeyMessageType, readonly
    + + + + + + + + + + + + + + + + + + + + +
    Enumeration description
    license-requestThe message contains a request for a new license.
    license-renewalThe message contains a request to renew an existing license.
    license-releaseThe message contains a [=record of license destruction=].
    individualization-request + The message contains a request for [=App-Assisted Individualization=] (or re-individualization).
    + As with all other messages, any identifiers in the message MUST be distinctive per origin and profile and MUST NOT be [=Distinctive Permanent Identifiers=]. +
    + + 
    +          [Exposed=Window, SecureContext]
+          interface MediaKeyMessageEvent : Event {
+            constructor(DOMString type, MediaKeyMessageEventInit eventInitDict);
+            readonly attribute MediaKeyMessageType messageType;
+            readonly attribute ArrayBuffer         message;
+          };
+
    +
    +

    Attributes

    +
    +
    messageType of type {{MediaKeyMessageType}}, readonly
    +
    The type of the message.

    Implementations MUST NOT require applications to handle message types. Implementations MUST support applications that do not differentiate messages and MUST NOT require that applications handle message types. - Specifically, Key Systems MUST support passing all types of messages to a single URL. + Specifically, [=Key Systems=] MUST support passing all types of messages to a single URL.

    This attribute allows an application to differentiate messages without parsing the message. It is intended to enable optional application and/or server optimizations, but applications are not required to use it.

    -
    message of type {{ArrayBuffer}}, readonly
    - The message from the CDM. Messages are Key System-specific. +
    message of type {{ArrayBuffer}}, readonly
    + The message from the [=CDM=]. Messages are [=Key System=]-specific.

    MediaKeyMessageEventInit

    - 
    dictionary MediaKeyMessageEventInit : EventInit {
-             required MediaKeyMessageType messageType;
-             required ArrayBuffer         message;
-};

    Dictionary MediaKeyMessageEventInit Members

    messageType of type MediaKeyMessageType
    - The type of the message. -
    message of type {{ArrayBuffer}}
    - The message. -
    + 
    +            dictionary MediaKeyMessageEventInit : EventInit {
+              required MediaKeyMessageType messageType;
+              required ArrayBuffer         message;
+            };
+
    +
    +

    Dictionary MediaKeyMessageEventInit Members

    +
    +
    messageType of type {{MediaKeyMessageType}}
    +
    The type of the message.
    +
    message of type {{ArrayBuffer}}
    +
    The message.
    +
    +
    @@ -2506,14 +2467,14 @@

    Event Summary
    keystatuseschangekeystatuseschange{{Event}} There has been a change in the keys in the session or their status.
    messageMediaKeyMessageEventThe CDM has generated a message for the session.message{{MediaKeyMessageEvent}}The [=CDM=] has generated a message for the session.
    @@ -2523,116 +2484,116 @@

    Event Summary

    Algorithms

    -

    Queue a "message" Event

    -

    The Queue a "message" Event algorithm queues a message event to a MediaKeySession object. - Requests to run this algorithm include a target MediaKeySession object, a message type, and a message. +

    Queue a "message" Event

    +

    The Queue a "message" Event algorithm queues a message event to a {{MediaKeySession}} object. + Requests to run this algorithm include a target {{MediaKeySession}} object, a message type, and a message.

    - message MUST NOT contain , even in an encrypted form. - message MUST NOT contain , even in an encrypted form, if the MediaKeySession object's use distinctive identifier value is false. + message MUST NOT contain [=Distinctive Permanent Identifier(s)=], even in an encrypted form. + message MUST NOT contain [=Distinctive Identifier(s)=], even in an encrypted form, if the {{MediaKeySession}} object's use distinctive identifier value is false.

    The following steps are run:

      -

    1. Let the session be the specified MediaKeySession object.

      2. +

    2. Let the session be the specified {{MediaKeySession}} object.

    3. -

      to create an event named that does not bubble and is not cancellable using the MediaKeyMessageEvent interface with its type attribute set to message and its isTrusted attribute initialized to true, and dispatch it at the session.

      -

      The event interface MediaKeyMessageEvent has:

      +

      [=Queue a task=] to create an event named {{message}} that does not bubble and is not cancellable using the {{MediaKeyMessageEvent}} interface with its type attribute set to message and its isTrusted attribute initialized to true, and dispatch it at the session.

      +

      The event interface {{MediaKeyMessageEvent}} has:

      • - = the specified message type

        - = the specified message + {{MediaKeyMessageEvent/messageType}} = the specified message type

        + {{MediaKeyMessageEvent/message}} = the specified message
    -

    Update Key Statuses

    -

    The Update Key Statuses algorithm updates the set of known keys for a MediaKeySession or the status of one or more of the keys. - Requests to run this algorithm include a target MediaKeySession object and a sequence of and associated MediaKeyStatus pairs. +

    Update Key Statuses

    +

    The Update Key Statuses algorithm updates the set of [=known=] keys for a {{MediaKeySession}} or the status of one or more of the keys. + Requests to run this algorithm include a target {{MediaKeySession}} object and a sequence of [=key ID=] and associated {{MediaKeyStatus}} pairs.

    The algorithm is always run in a task.

    The following steps are run:

      -

    1. Let the session be the associated MediaKeySession object.

      2. -

    2. Let the input statuses be the sequence of pairs key ID and associated MediaKeyStatus pairs.

      3. -

    3. Let the statuses be session's attribute.

      4. +

    4. Let the session be the associated {{MediaKeySession}} object.

      5. +

    5. Let the input statuses be the sequence of pairs key ID and associated {{MediaKeyStatus}} pairs.

      6. +

    6. Let the statuses be session's {{MediaKeySession/keyStatuses}} attribute.

    7. Run the following steps to replace the contents of statuses:

      1. Empty statuses.

      2. For each pair in input statuses.

        1. Let pair be the pair.

          2. -

        2. Insert an entry for pair's key ID into statuses with the value of pair's MediaKeyStatus value.

          3. +

        3. Insert an entry for pair's key ID into statuses with the value of pair's {{MediaKeyStatus}} value.

      -

      The effect of this steps is that the contents of session's attribute are replaced without invalidating existing references to the attribute. +

      The effect of this steps is that the contents of session's {{MediaKeySession/keyStatuses}} attribute are replaced without invalidating existing references to the attribute. This replacement is atomic from a script perspective. That is, script MUST NOT ever see a partially populated sequence.

      8. -

    8. at the session.

      9. -

    9. algorithm on each of the media element(s) whose attribute is the MediaKeys object that created the session.

      +

    10. [=Queue a task=] to [=fire an event=] named {{keystatuseschange}} at the session.

      11. +

    11. [=Queue a task=] to run the [=Attempt to Resume Playback If Necessary=] algorithm on each of the media element(s) whose {{HTMLMediaElement/mediaKeys}} attribute is the {{MediaKeys}} object that created the session.

    -

    Update Expiration

    -

    The Update Expiration algorithm updates the of a MediaKeySession. - Requests to run this algorithm include a target MediaKeySession object and the new expiration time, which may be NaN. +

    Update Expiration

    +

    The Update Expiration algorithm updates the [=expiration time=] of a {{MediaKeySession}}. + Requests to run this algorithm include a target {{MediaKeySession}} object and the new expiration time, which may be NaN.

    The algorithm is always run in a task.

    The following steps are run:

      -

    1. Let the session be the associated MediaKeySession object.

      2. +

    2. Let the session be the associated {{MediaKeySession}} object.

    3. Let expiration time be NaN.

    4. If the new expiration time is not NaN, let expiration time be that expiration time.

      5. -

    5. Set the session's attribute to expiration time expressed as time.

      6. +

    6. Set the session's {{MediaKeySession/expiration}} attribute to expiration time expressed as [=time=].

    -

    Session Closed

    +

    Session Closed

    - The Session Closed algorithm updates the MediaKeySession state after a key session has been closed by the . - Requests to run this algorithm include a target MediaKeySession object and a MediaKeySessionClosedReason. + The Session Closed algorithm updates the {{MediaKeySession}} state after a [=key session=] has been closed by the [=CDM=]. + Requests to run this algorithm include a target {{MediaKeySession}} object and a {{MediaKeySessionClosedReason}}.

    The algorithm is always run in a task.

    When a session is closed, the license(s) and key(s) associated with it are no longer available to - decrypt . All MediaKeySession methods will fail and no further events will be queued for this object + decrypt [=HTMLMediaElement/media data=]. All {{MediaKeySession}} methods will fail and no further events will be queued for this object after this algorithm is run.

    - The CDM may close a session at any point, such as when the session is no longer needed or when system resources are lost. - In that case, the algorithm detects the change and runs this algorithm. + The [=CDM=] may close a session at any point, such as when the session is no longer needed or when system resources are lost. + In that case, the [=Monitor for CDM State Changes=] algorithm detects the change and runs this algorithm.

    Keys in other sessions MUST be unaffected, even if they have overlapping key IDs.

    After this algorithm has run, event handlers for the events queued by this algorithm will be executed, but no further events - can be queued. As a result, no messages can be sent by the CDM as a result of closing the session. + can be queued. As a result, no messages can be sent by the [=CDM=] as a result of closing the session.

    The following steps are run:

      -

    1. Let session be the associated MediaKeySession object.

      2. -

    2. Let promise be the session's attribute.

      3. +

    3. Let session be the associated {{MediaKeySession}} object.

      4. +

    4. Let promise be the session's {{MediaKeySession/closed}} attribute.

    5. If promise is resolved, abort these steps.

    6. Set the session's closing or closed value to true.

      7. -

    7. Run the algorithm on the session, providing an empty sequence.

      8. -

    8. Run the algorithm on the session, providing NaN.

      9. +

    9. Run the [=Update Key Statuses=] algorithm on the session, providing an empty sequence.

      10. +

    10. Run the [=Update Expiration=] algorithm on the session, providing NaN.

    11. Resolve promise with the provided reason.

    -

    Monitor for CDM State Changes

    +

    Monitor for CDM State Changes

    - The Monitor for CDM State Changes algorithm executes steps required when various aspects of CDM state change. + The Monitor for CDM State Changes algorithm executes steps required when various aspects of [=CDM=] state change.

    -

    This algorithm only applies to CDM state changes that are not covered by other algorithms. For example, may result in messages, key status changes and/or expiration changes, but those are all handled within that algorithm.

    +

    This algorithm only applies to [=CDM=] state changes that are not covered by other algorithms. For example, {{MediaKeySession/update()}} may result in messages, key status changes and/or expiration changes, but those are all handled within that algorithm.

    The algorithm is always run in parallel to the main event loop.

    The following steps are run: @@ -2641,13 +2602,13 @@

    Monitor for CDM State Changes

    1. - Let session be the MediaKeySession object. + Let session be the {{MediaKeySession}} object.

      2. -

    2. Let cdm be the CDM instance represented by session's cdm instance value.

      3. +

    3. Let cdm be the [=CDM=] instance represented by session's cdm instance value.

    4. - If cdm has an outgoing message that has not yet been sent, to execute the following steps: + If cdm has an outgoing message that has not yet been sent, [=queue a task=] to execute the following steps:

      1. @@ -2657,33 +2618,33 @@

        Monitor for CDM State Changes

      2. - Run the algorithm, passing session, message type and message. + Run the [=Queue a "message" Event=] algorithm, passing session, message type and message.

    5. - If cdm has changed the set of keys known to session or the status of one or more of the keys, - to execute the following steps: + If cdm has changed the set of keys [=known=] to session or the status of one or more of the keys, + [=queue a task=] to execute the following steps:

      1. - Let statuses be a list of key ID and MediaKeyStatus value pairs containing one pair for each key - known to session. + Let statuses be a list of key ID and {{MediaKeyStatus}} value pairs containing one pair for each key + [=known=] to session.

      2. - Run the algorithm, passing session and statuses. + Run the [=Update Key Statuses=] algorithm, passing session and statuses.

    6. - If cdm has changed the of session, to execute the following steps: + If cdm has changed the [=expiration time=] of session, [=queue a task=] to execute the following steps:

      1. @@ -2693,19 +2654,19 @@

        Monitor for CDM State Changes

      2. - Run the algorithm, passing session and expiration time. + Run the [=Update Expiration=] algorithm, passing session and expiration time.

    7. - If cdm has closed session, to run the algorithm on session with an appropriate MediaKeySessionClosedReason value. + If cdm has closed session, [=queue a task=] to run the [=Session Closed=] algorithm on session with an appropriate {{MediaKeySessionClosedReason}} value.

    8. - If cdm has become unavailable, to run the algorithm. + If cdm has become unavailable, [=queue a task=] to run the [=CDM Unavailable=] algorithm.

    @@ -2713,8 +2674,8 @@

    Monitor for CDM State Changes

    Exceptions

    -

    The methods report errors by rejecting the returned promise with a simple exception [[WEBIDL]] or a . - The following simple exceptions and DOMException names from [[WEBIDL]] are used in the algorithms. +

    The methods report errors by rejecting the returned promise with a [=simple exception=] [[WEBIDL]] or a {{DOMException}}. + The following [=simple exceptions=] and DOMException names from [[WEBIDL]] are used in the algorithms. Causes specified specified in the algorithms are listed alongside each name, though these names MAY be used for other reasons as well.

    @@ -2725,36 +2686,36 @@

    Exceptions

    		Possible Causes (non-exhaustive)
    TypeErrorTypeError The parameter is empty.
    Invalid initialization data.
    Invalid response format.
    - A persistent license was provided for a session. + A persistent license was provided for a {{MediaKeySessionType/"temporary"}} session.
    NotSupportedErrorNotSupportedError - The existing MediaKeys object cannot be removed.
    - The key system is not supported.
    - The initialization data type is not supported by the key system.
    - The session type is not supported by the key system.
    - The initialization data is not supported by the key system.
    - The operation is not supported by the key system. + The existing {{MediaKeys}} object cannot be removed.
    + The [=Key System=] is not supported.
    + The initialization data type is not supported by the [=Key System=].
    + The session type is not supported by the [=Key System=].
    + The initialization data is not supported by the [=Key System=].
    + The operation is not supported by the [=Key System=].
    InvalidStateErrorThe existing MediaKeys object cannot be removed at this time.
    +     		InvalidStateErrorThe existing {{MediaKeys}} object cannot be removed at this time.
    The session has already been used.
    The session is not yet initialized.
    The session is closed.
    QuotaExceededErrorThe MediaKeys object cannot be used with additional HTMLMediaElements.
    +     		QuotaExceededErrorThe {{MediaKeys}} object cannot be used with additional {{HTMLMediaElement}}s.
    A non-closed session already exists for this sessionId.
    There are insufficient resources to create a new session or license request.
    ParameterTypeNullableOptionalDescription
    mediaKeysMediaKeys - A MediaKeys object. -
    Return type: Promise<undefined>
    + + +

    MediaEncryptedEvent

    -

    The MediaEncryptedEvent object is used for the event.

    -

    Events are constructed as defined in [[DOM]].

    - - 
    [Exposed=Window]
-interface MediaEncryptedEvent : Event {
-    constructor(DOMString type, optional MediaEncryptedEventInit eventInitDict = {});
-    readonly        attribute DOMString    initDataType;
-    readonly        attribute ArrayBuffer? initData;
-};

    Constructors

    MediaEncryptedEvent
    - -
    ParameterTypeNullableOptionalDescription
    typeDOMString
    eventInitDictMediaEncryptedEventInit

    Attributes

    initDataType of type {{DOMString}}, readonly
    - Indicates the of the contained in the attribute. -
    initData of type {{ArrayBuffer}}, readonly , nullable
    - The for the event. -
    +

    The MediaEncryptedEvent object is used for the {{encrypted}} event.

    + + 
    +          [Exposed=Window]
+          interface MediaEncryptedEvent : Event {
+              constructor(DOMString type, optional MediaEncryptedEventInit eventInitDict = {});
+              readonly        attribute DOMString    initDataType;
+              readonly        attribute ArrayBuffer? initData;
+          };
+
    + +
    +

    Attributes

    +
    +
    initDataType of type {{DOMString}}, readonly
    +
    Indicates the [=Initialization Data Type=] of the [=Initialization Data=] contained in the {{MediaEncryptedEvent/initData}} attribute.
    +
    initData of type {{ArrayBuffer}}, readonly, nullable
    +
    The [=Initialization Data=] for the event.
    +
    +

    MediaEncryptedEventInit

    - 
    dictionary MediaEncryptedEventInit : EventInit {
-             DOMString    initDataType = "";
-             ArrayBuffer? initData = null;
-};

    Dictionary MediaEncryptedEventInit Members

    initDataType of type {{DOMString}}, defaulting to ""
    - The . -
    initData of type {{ArrayBuffer}}, nullable, defaulting to null
    - The . -
    + 
    +            dictionary MediaEncryptedEventInit : EventInit {
+              DOMString    initDataType = "";
+              ArrayBuffer? initData = null;
+            };
+
    +
    +

    Dictionary MediaEncryptedEventInit Members

    +
    +
    initDataType of type {{DOMString}}, defaulting to ""
    +
    The [=Initialization Data Type=].
    +
    initData of type {{ArrayBuffer}}, nullable, defaulting to null
    +
    The [=Initialization Data=].
    +
    +
    @@ -2981,19 +2965,19 @@

    Event Summary
    encryptedMediaEncryptedEventThe user agent encounters in the .The element's is equal to or greater than . + encrypted{{MediaEncryptedEvent}}The user agent encounters [=Initialization Data=] in the [=HTMLMediaElement/media data=].The element's {{HTMLMediaElement/readyState}} is equal to or greater than {{HTMLMediaElement/HAVE_METADATA}}.

    It is possible that the element is playing or has played.
    waitingforkeywaitingforkey{{Event}} Playback is blocked waiting for a key. - The is equal to or less than . + The {{HTMLMediaElement/readyState}} is equal to or less than {{HTMLMediaElement/HAVE_CURRENT_DATA}}. The element's playback blocked waiting for key value is newly true.