Engineers at Microsoft, Netflix and Google have penned a proposed extension to the HTML5 media streaming capability to add encryption for protecting copyright content.
Dubbed the 'Encrypted Media Extensions,' the trio claim that the proposed cryptography implementation does not represent an attempt to encumber the open HTML5 standard with digital rights management (DRM) technology. '
No "DRM" is added to the HTML5 specification,' the proposal claims, '
and only simple clear decryption is required as a common baseline.'
Using the proposed extensions, the HTML5MediaElement would be given the ability to acquire a decryption key using JavaScript. This key can then be used to decrypt a protected video or audio stream from within the browser.
It's easy to see why the three companies involved in the proposal would want this. Netflix is one of the largest names in streaming media, and currently relies on custom client applications or the Silverlight media playback plugin from Microsoft to decrypt its protected video streams. Google has its own video rental service via its YouTube subsidiary and on its Android handsets, while Microsoft runs rival Zune for PCs and its Windows Phone platforms.
While the three companies may be rivals in many ways, they're working together for a common goal here. The reason is simple: any DRM-like extension to HTML5's media streaming capabilities would represent a foot in the door of what will likely grow to become the most common method of watching videos or listening to audio over the internet.
The truth comes out towards the end of the proposal, in a question-and-answer format. '
Can I ensure the content key is protected without working with a content protection provider? No,' the proposal clarifies.
'
Protecting the content key would require that the browser's media stack have some secret that cannot easily be obtained. This is the type of thing DRM solutions provide. Establishing a standard mechanism to support this is beyond the scope of HTML5 standards and should be deferred to specific user agent solutions. In addition, it is not something that fully open source browsers could natively support.'
As a result, Google, Microsoft and Netflix are making sure that there's room for them in the future as providers of content protection technology. Without their support, and licences for their respective products, there would be no real way to protect the key.
Not that this leaves the open source types out in the cold, the trio argue. '
Content protected using this proposal without a content protection provider is still more secure and a higher barrier than providing an unencrypted file over HTTP or HTTPS,' the proposal points out. '
We would also argue that it is no less secure than encrypted HLS [HTTP Live Streaming].'
The full proposal can be read on the
W3C's website.
Want to comment? Please log in.