index.html

<!DOCTYPE html>
<html lang="en" dir="ltr" typeof="bibo:Document " prefix="bibo: http://purl.org/ontology/bibo/ w3p: http://www.w3.org/2001/02pd/rec54#">
<head><meta lang="" property="dc:language" content="en">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <title>Encrypted Media Extensions</title>
    
    
    
    <!-- script to register bugs -->
    <!-- Disabled unless/until it supports GitHub issues.
    <script src="https://w3c.github.io/webcomponents/assets/scripts/bug-assist.js"></script>
    <meta name="bug.product" content="HTML WG"/>
    <meta name="bug.component" content="Encrypted Media Extensions"/>
    -->

    <style>/* --- EXAMPLES --- */
div.example-title {
    min-width: 7.5em;
    color: #b9ab2d;
}
div.example-title span {
    text-transform: uppercase;
}
aside.example, div.example, div.illegal-example {
    padding: 0.5em;
    margin: 1em 0;
    position: relative;
    clear: both;
}
div.illegal-example { color: red }
div.illegal-example p { color: black }
aside.example, div.example {
    padding: .5em;
    border-left-width: .5em;
    border-left-style: solid;
    border-color: #e0cb52;
    background: #fcfaee;
}

aside.example div.example {
    border-left-width: .1em;
    border-color: #999;
    background: #fff;
}
aside.example div.example div.example-title {
    color: #999;
}
</style><style>/* --- ISSUES/NOTES --- */
div.issue-title, div.note-title , div.ednote-title, div.warning-title {
    padding-right:  1em;
    min-width: 7.5em;
    color: #b9ab2d;
}
div.issue-title { color: #e05252; }
div.note-title, div.ednote-title { color: #2b2; }
div.warning-title { color: #f22; }
div.issue-title span, div.note-title span, div.ednote-title span, div.warning-title span {
    text-transform: uppercase;
}
div.note, div.issue, div.ednote, div.warning {
    margin-top: 1em;
    margin-bottom: 1em;
}
.note > p:first-child, .ednote > p:first-child, .issue > p:first-child, .warning > p:first-child { margin-top: 0 }
.issue, .note, .ednote, .warning {
    padding: .5em;
    border-left-width: .5em;
    border-left-style: solid;
}
div.issue, div.note , div.ednote,  div.warning {
    padding: 1em 1.2em 0.5em;
    margin: 1em 0;
    position: relative;
    clear: both;
}
span.note, span.ednote, span.issue, span.warning { padding: .1em .5em .15em; }

.issue {
    border-color: #e05252;
    background: #fbe9e9;
}
.note, .ednote {
    border-color: #52e052;
    background: #e9fbe9;
}

.warning {
    border-color: #f11;
    border-right-width: .2em;
    border-top-width: .2em;
    border-bottom-width: .2em;
    border-style: solid;
    background: #fbe9e9;
}

.warning-title:before{
    content: "⚠"; /*U+26A0 WARNING SIGN*/
    font-size: 3em;
    float: left;
    height: 100%;
    padding-right: .3em;
    vertical-align: top;
    margin-top: -0.5em;
}

li.task-list-item {
    list-style: none;
}

input.task-list-item-checkbox {
    margin: 0 0.35em 0.25em -1.6em;
    vertical-align: middle;
}
</style><style>/* HIGHLIGHTS */
code.prettyprint {
    color:  inherit;
}

/* this from google-code-prettify */
.pln{color:#000}@media screen{.str{color:#080}.kwd{color:#008}.com{color:#800}.typ{color:#606}.lit{color:#066}.pun,.opn,.clo{color:#660}.tag{color:#008}.atn{color:#606}.atv{color:#080}.dec,.var{color:#606}.fun{color:red}}@media print,projection{.str{color:#060}.kwd{color:#006;font-weight:bold}.com{color:#600;font-style:italic}.typ{color:#404;font-weight:bold}.lit{color:#044}.pun,.opn,.clo{color:#440}.tag{color:#006;font-weight:bold}.atn{color:#404}.atv{color:#060}}ol.linenums{margin-top:0;margin-bottom:0}li.L0,li.L1,li.L2,li.L3,li.L5,li.L6,li.L7,li.L8{list-style-type:none}li.L1,li.L3,li.L5,li.L7,li.L9{background:#eee}
</style><style>/* --- WEB IDL --- */
pre.idl {
    border-top: 1px solid #90b8de;
    border-bottom: 1px solid #90b8de;
    padding:    1em;
    line-height:    120%;
}

pre.idl::before {
    content:    "WebIDL";
    display:    block;
    width:      150px;
    background: #90b8de;
    color:  #fff;
    font-family:    sans-serif;
    padding:    3px;
    font-weight:    bold;
    margin: -1em 0 1em -1em;
}

.idlType {
    color:  #ff4500;
    font-weight:    bold;
    text-decoration:    none;
}

/*.idlModule*/
/*.idlModuleID*/
/*.idlInterface*/
.idlInterfaceID, .idlDictionaryID, .idlCallbackID, .idlEnumID {
    font-weight:    bold;
    color:  #005a9c;
}
a.idlEnumItem {
    color:  #000;
    border-bottom:  1px dotted #ccc;
    text-decoration: none;
}

.idlSuperclass {
    font-style: italic;
    color:  #005a9c;
}

/*.idlAttribute*/
.idlAttrType, .idlFieldType, .idlMemberType {
    color:  #005a9c;
}
.idlAttrName, .idlFieldName, .idlMemberName {
    color:  #ff4500;
}
.idlAttrName a, .idlFieldName a, .idlMemberName a {
    color:  #ff4500;
    border-bottom:  1px dotted #ff4500;
    text-decoration: none;
}

/*.idlMethod*/
.idlMethType, .idlCallbackType {
    color:  #005a9c;
}
.idlMethName {
    color:  #ff4500;
}
.idlMethName a {
    color:  #ff4500;
    border-bottom:  1px dotted #ff4500;
    text-decoration: none;
}

/*.idlCtor*/
.idlCtorName {
    color:  #ff4500;
}
.idlCtorName a {
    color:  #ff4500;
    border-bottom:  1px dotted #ff4500;
    text-decoration: none;
}

/*.idlParam*/
.idlParamType {
    color:  #005a9c;
}
.idlParamName, .idlDefaultValue {
    font-style: italic;
}

.extAttr {
    color:  #666;
}

/*.idlSectionComment*/
.idlSectionComment {
    color: gray;
}

/*.idlIterable*/
.idlIterableKeyType, .idlIterableValueType {
    color:  #005a9c;
}

/*.idlMaplike*/
.idlMaplikeKeyType, .idlMaplikeValueType {
    color:  #005a9c;
}

/*.idlConst*/
.idlConstType {
    color:  #005a9c;
}
.idlConstName {
    color:  #ff4500;
}
.idlConstName a {
    color:  #ff4500;
    border-bottom:  1px dotted #ff4500;
    text-decoration: none;
}

/*.idlException*/
.idlExceptionID {
    font-weight:    bold;
    color:  #c00;
}

.idlTypedefID, .idlTypedefType {
    color:  #005a9c;
}

.idlRaises, .idlRaises a.idlType, .idlRaises a.idlType code, .excName a, .excName a code {
    color:  #c00;
    font-weight:    normal;
}

.excName a {
    font-family:    monospace;
}

.idlRaises a.idlType, .excName a.idlType {
    border-bottom:  1px dotted #c00;
}

.excGetSetTrue, .excGetSetFalse, .prmNullTrue, .prmNullFalse, .prmOptTrue, .prmOptFalse {
    width:  45px;
    text-align: center;
}
.excGetSetTrue, .prmNullTrue, .prmOptTrue { color:  #0c0; }
.excGetSetFalse, .prmNullFalse, .prmOptFalse { color:  #c00; }

.idlImplements a {
    font-weight:    bold;
}

dl.attributes, dl.methods, dl.constants, dl.constructors, dl.fields, dl.dictionary-members {
    margin-left:    2em;
}

.attributes dt, .methods dt, .constants dt, .constructors dt, .fields dt, .dictionary-members dt {
    font-weight:    normal;
}

.attributes dt code, .methods dt code, .constants dt code, .constructors dt code, .fields dt code, .dictionary-members dt code {
    font-weight:    bold;
    color:  #000;
    font-family:    monospace;
}

.attributes dt code, .fields dt code, .dictionary-members dt code {
    background:  #ffffd2;
}

.attributes dt .idlAttrType code, .fields dt .idlFieldType code, .dictionary-members dt .idlMemberType code {
    color:  #005a9c;
    background:  transparent;
    font-family:    inherit;
    font-weight:    normal;
    font-style: italic;
}

.methods dt code {
    background:  #d9e6f8;
}

.constants dt code {
    background:  #ddffd2;
}

.constructors dt code {
    background:  #cfc;
}

.attributes dd, .methods dd, .constants dd, .constructors dd, .fields dd, .dictionary-members dd {
    margin-bottom:  1em;
}

table.parameters, table.exceptions {
    border-spacing: 0;
    border-collapse:    collapse;
    margin: 0.5em 0;
    width:  100%;
}
table.parameters { border-bottom:  1px solid #90b8de; }
table.exceptions { border-bottom:  1px solid #deb890; }

.parameters th, .exceptions th {
    color:  #fff;
    padding:    3px 5px;
    text-align: left;
    font-weight:    normal;
    text-shadow:    #666 1px 1px 0;
}
.parameters th { background: #90b8de; }
.exceptions th { background: #deb890; }

.parameters td, .exceptions td {
    padding:    3px 10px;
    border-top: 1px solid #ddd;
    vertical-align: top;
}

.parameters tr:first-child td, .exceptions tr:first-child td {
    border-top: none;
}

.parameters td.prmName, .exceptions td.excName, .exceptions td.excCodeName {
    width:  100px;
}

.parameters td.prmType {
    width:  120px;
}

table.exceptions table {
    border-spacing: 0;
    border-collapse:    collapse;
    width:  100%;
}
</style><link rel="stylesheet" href="eme.css">
  <style>/*****************************************************************
 * ReSpec 3 CSS
 * Robin Berjon - http://berjon.com/
 *****************************************************************/

/* --- INLINES --- */
em.rfc2119 { 
    text-transform:     lowercase;
    font-variant:       small-caps;
    font-style:         normal;
    color:              #900;
}

h1 acronym, h2 acronym, h3 acronym, h4 acronym, h5 acronym, h6 acronym, a acronym,
h1 abbr, h2 abbr, h3 abbr, h4 abbr, h5 abbr, h6 abbr, a abbr {
    border: none;
}

dfn {
    font-weight:    bold;
}

a.internalDFN {
    color:  inherit;
    border-bottom:  1px solid #99c;
    text-decoration:    none;
}

a.externalDFN {
    color:  inherit;
    border-bottom:  1px dotted #ccc;
    text-decoration:    none;
}

a.bibref {
    text-decoration:    none;
}

cite .bibref {
    font-style: normal;
}

code {
    color:  #C83500;
}

/* --- TOC --- */
.toc a, .tof a {
    text-decoration:    none;
}

a .secno, a .figno {
    color:  #000;
}

ul.tof, ol.tof {
    list-style: none outside none;
}

.caption {
    margin-top: 0.5em;
    font-style:   italic;
}

/* --- TABLE --- */
table.simple {
    border-spacing: 0;
    border-collapse:    collapse;
    border-bottom:  3px solid #005a9c;
}

.simple th {
    background: #005a9c;
    color:  #fff;
    padding:    3px 5px;
    text-align: left;
}

.simple th[scope="row"] {
    background: inherit;
    color:  inherit;
    border-top: 1px solid #ddd;
}

.simple td {
    padding:    3px 10px;
    border-top: 1px solid #ddd;
}

.simple tr:nth-child(even) {
    background: #f0f6ff;
}

/* --- DL --- */
.section dd > p:first-child {
    margin-top: 0;
}

.section dd > p:last-child {
    margin-bottom: 0;
}

.section dd {
    margin-bottom:  1em;
}

.section dl.attrs dd, .section dl.eldef dd {
    margin-bottom:  0;
}

@media print {
    .removeOnSave {
        display: none;
    }
}
</style><link rel="stylesheet" href="https://www.w3.org/StyleSheets/TR/W3C-ED"><!--[if lt IE 9]><script src='https://www.w3.org/2008/site/js/html5shiv.js'></script><![endif]--><script id="initialUserConfig" type="application/json">{
  "specStatus": "ED",
  "previousMaturity": "WD",
  "shortName": "encrypted-media",
  "edDraftURI": "https://w3c.github.io/encrypted-media/",
  "editors": [
    {
      "name": "David Dorwin",
      "w3cid": "52505",
      "company": "Google Inc.",
      "companyURL": "https://www.google.com/"
    },
    {
      "name": "Jerry Smith",
      "w3cid": "60176",
      "company": "Microsoft Corporation",
      "companyURL": "https://www.microsoft.com/"
    },
    {
      "name": "Mark Watson",
      "url": "",
      "w3cid": "46379",
      "company": "Netflix Inc.",
      "companyURL": "https://www.netflix.com/"
    },
    {
      "name": "Adrian Bateman",
      "note": "Until May 2014",
      "w3cid": "42763",
      "company": "Microsoft Corporation",
      "companyURL": "https://www.microsoft.com/"
    }
  ],
  "otherLinks": [
    {
      "key": "Repository",
      "data": [
        {
          "value": "We are on GitHub.",
          "href": "https://github.com/w3c/encrypted-media/"
        },
        {
          "value": "File a bug.",
          "href": "https://github.com/w3c/encrypted-media/issues"
        },
        {
          "value": "Commit history.",
          "href": "https://github.com/w3c/encrypted-media/commits/gh-pages/encrypted-media-respec.html"
        }
      ]
    }
  ],
  "emeDefGroupName": "encrypted-media",
  "emeUnusedGroupNameExcludeList": [
    "eme-references-from-registry"
  ],
  "wg": "HTML Working Group",
  "wgURI": "http://www.w3.org/html/wg/",
  "wgPublicList": "public-html-media",
  "wgPatentURI": "https://www.w3.org/2004/01/pp-impl/40318/status",
  "noIDLIn": true,
  "scheme": "https",
  "preProcess": [
    null
  ],
  "definitionMap": {
    "initialization data type": [
      "initialization-data-type"
    ],
    "record of key usage": [
      "record-of-key-usage"
    ],
    "first decryption time": [
      "first-decryption-time"
    ],
    "latest decryption time": [
      "latest-decryption-time"
    ],
    "key usage accuracy": [
      "key-usage-accuracy"
    ],
    "record of license destruction": [
      "record-of-license-destruction"
    ],
    "notsupportederror": [
      "dfn-NotSupportedError"
    ],
    "invalidstateerror": [
      "dfn-InvalidStateError"
    ],
    "typeerror": [
      "dfn-TypeError"
    ],
    "rangeerror": [
      "dfn-RangeError"
    ],
    "quotaexceedederror": [
      "dfn-QuotaExceededError"
    ]
  },
  "postProcess": [
    null
  ],
  "localBiblio": {
    "EME-REGISTRY": {
      "title": "Encrypted Media Extensions Stream Format and Initialization Data Format Registry",
      "href": "initdata-format-registry.html",
      "authors": [
        "David Dorwin",
        "Adrian Bateman",
        "Mark Watson"
      ],
      "publisher": "W3C"
    }
  }
}</script></head>
  <body class="h-entry" role="document" id="respecDocument"><div class="head" role="contentinfo" id="respecHeader">
  <p>
      
        
            <a class="logo" href="http://www.w3.org/"><img width="72" height="48" src="https://www.w3.org/Icons/w3c_home" alt="W3C"></a>
            
            
        
      
  </p>
  <h1 class="title p-name" id="title" property="dcterms:title">Encrypted Media Extensions</h1>
  
  <h2 id="w3c-editor-s-draft-16-december-2015"><abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time property="dcterms:issued" class="dt-published" datetime="2015-12-16">16 December 2015</time></h2>
  <dl>
    
      <dt>This version:</dt>
      <dd><a class="u-url" href="https://w3c.github.io/encrypted-media/">https://w3c.github.io/encrypted-media/</a></dd>
      <dt>Latest published version:</dt>
      <dd><a href="http://www.w3.org/TR/encrypted-media/">http://www.w3.org/TR/encrypted-media/</a></dd>
    
    
      <dt>Latest editor's draft:</dt>
      <dd><a href="https://w3c.github.io/encrypted-media/">https://w3c.github.io/encrypted-media/</a></dd>
    
    
    
    
    
      
    
    
    
    <dt>Editors:</dt>
    <dd class="p-author h-card vcard" property="bibo:editor" resource="_:editor0" data-editor-id="52505"><span property="rdf:first" typeof="foaf:Person"><span property="foaf:name" class="p-name fn">David Dorwin</span>, <a property="foaf:workplaceHomepage" class="p-org org h-org h-card" href="https://www.google.com/">Google Inc.</a></span>
<span property="rdf:rest" resource="_:editor1"></span>
</dd>
<dd class="p-author h-card vcard" resource="_:editor1" data-editor-id="60176"><span property="rdf:first" typeof="foaf:Person"><span property="foaf:name" class="p-name fn">Jerry Smith</span>, <a property="foaf:workplaceHomepage" class="p-org org h-org h-card" href="https://www.microsoft.com/">Microsoft Corporation</a></span>
<span property="rdf:rest" resource="_:editor2"></span>
</dd>
<dd class="p-author h-card vcard" resource="_:editor2" data-editor-id="46379"><span property="rdf:first" typeof="foaf:Person"><span property="foaf:name" class="p-name fn">Mark Watson</span>, <a property="foaf:workplaceHomepage" class="p-org org h-org h-card" href="https://www.netflix.com/">Netflix Inc.</a></span>
<span property="rdf:rest" resource="_:editor3"></span>
</dd>
<dd class="p-author h-card vcard" resource="_:editor3" data-editor-id="42763"><span property="rdf:first" typeof="foaf:Person"><span property="foaf:name" class="p-name fn">Adrian Bateman</span>, <a property="foaf:workplaceHomepage" class="p-org org h-org h-card" href="https://www.microsoft.com/">Microsoft Corporation</a> (Until May 2014)</span>
<span property="rdf:rest" resource="rdf:nil"></span>
</dd>

    
    
      
        
          <dt>Repository:</dt>
          
             
                
                  <dd>
                    <a href="https://github.com/w3c/encrypted-media/">
                      We are on GitHub.
                    </a>
                  </dd>
                
             
                
                  <dd>
                    <a href="https://github.com/w3c/encrypted-media/issues">
                      File a bug.
                    </a>
                  </dd>
                
             
                
                  <dd>
                    <a href="https://github.com/w3c/encrypted-media/commits/gh-pages/encrypted-media-respec.html">
                      Commit history.
                    </a>
                  </dd>
                
             
          
        
      
    
  </dl>
  
  
  
  
    
      <p class="copyright">
        <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> ©
        2015
        
        <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup>
        (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>,
        <a href="http://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>,
        <a href="http://www.keio.ac.jp/">Keio</a>, <a href="http://ev.buaa.edu.cn/">Beihang</a>). 
        
        <abbr title="World Wide Web Consortium">W3C</abbr> <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
        <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and
        
          
            <a rel="license" href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a>
          
        
        rules apply.
      </p>
    
  
  <hr title="Separator for header">
</div>

    <section id="abstract" class="introductory" property="dc:abstract"><h2 id="h-abstract" resource="#h-abstract"><span property="xhv:role" resource="xhv:heading">Abstract</span></h2>
      <p>This proposal extends <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code> [<cite><a class="bibref" href="#bib-HTML5">HTML5</a></cite>] providing APIs to control playback of protected content.</p>
      <p>The API supports use cases ranging from simple clear key decryption to high value video (given an appropriate user agent implementation).
      License/key exchange is controlled by the application, facilitating the development of robust playback applications supporting a range of content decryption and protection technologies.</p>
      <p>This specification does not define a content protection or Digital Rights Management system. Rather, it defines a common API that may be used to discover, select and interact with
      such systems as well as with simpler content encryption systems. Implementation of Digital Rights Management is not required for compliance with this specification: only the
      Clear Key system is required to be implemented as a common baseline.</p>
      <p>The common API supports a simple set of content encryption capabilities, leaving application functions such as authentication and authorization to page authors. This is achieved by
      requiring content protection system-specific messaging to be mediated by the page rather than assuming out-of-band communication between the encryption system and a license
      or other server.</p>
    </section><section id="sotd" class="introductory"><h2 id="h-sotd" resource="#h-sotd"><span property="xhv:role" resource="xhv:heading">Status of This Document</span></h2>
  
    
      
        <p>
          <em>This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current <abbr title="World Wide Web Consortium">W3C</abbr> publications and the latest revision of this technical report can be found in the <a href="http://www.w3.org/TR/"><abbr title="World Wide Web Consortium">W3C</abbr> technical reports index</a> at http://www.w3.org/TR/.</em>
        </p>
        
          
          
      <p>The working group maintains <a href="https://github.com/w3c/encrypted-media/issues">a list of all bug reports that the editors have not yet tried to address</a>; there are also open bugs in the <a href="https://www.w3.org/brief/MjY5">previous bug tracker</a>. This draft highlights some of the pending issues that are still to be discussed in the working group. No decision has been taken on the outcome of these issues including whether they are valid.</p>
      <p>Implementors should be aware that this specification is not stable. <strong>Implementors who are not taking part in the discussions are likely to find the specification changing out from under them in incompatible ways.</strong> Vendors interested in implementing this specification before it eventually reaches the Candidate Recommendation stage should join the mailing list mentioned below and take part in the discussions.</p>

      <div class="issue" id="issue-1"><div class="issue-title" aria-level="3" role="heading" id="h-issue1"><span>Issue 1</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=20944">Bug 20944</a> - The specification should do more to encourage/ensure CDM-level interoperability.</p></div>
      <div class="issue" id="issue-2"><div class="issue-title" aria-level="3" role="heading" id="h-issue2"><span>Issue 2</span></div><p class="">This specification contains sections for describing <a href="#security">security</a> and <a href="#privacy">privacy</a> considerations. These sections are not final and review is welcome.</p></div>

<!-- This will be populated when addressing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23827.
      <p>The following features are <strong>at risk</strong> and may be removed due to lack of implementation.
      </p>
      <ul>
        <li><a def-id=""></a></li>
      </ul>
 -->
    
          
          <p>
            This document was published by the <a href="http://www.w3.org/html/wg/">HTML Working Group</a> as an Editor's Draft.
            
            
              If you wish to make comments regarding this document, please send them to
              <a href="mailto:public-html-media@w3.org">public-html-media@w3.org</a>
              (<a href="mailto:public-html-media-request@w3.org?subject=subscribe">subscribe</a>,
              <a href="http://lists.w3.org/Archives/Public/public-html-media/">archives</a>).
            
            
            
            
            
              
              All comments are welcome.
              
            
          </p>
          
          
          
            <p>
              Publication as an Editor's Draft does not imply endorsement by the <abbr title="World Wide Web Consortium">W3C</abbr>
              Membership. This is a draft document and may be updated, replaced or obsoleted by other
              documents at any time. It is inappropriate to cite this document as other than work in
              progress.
            </p>
          
          
          
          <p>
            
              This document was produced by
              
              a group
               operating under the
              <a id="sotd_patent" property="w3p:patentRules" href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 <abbr title="World Wide Web Consortium">W3C</abbr> Patent
              Policy</a>.
            
            
            
              
                <abbr title="World Wide Web Consortium">W3C</abbr> maintains a <a href="https://www.w3.org/2004/01/pp-impl/40318/status" rel="disclosure">public list of any patent
                disclosures</a>
              
              made in connection with the deliverables of
              
              the group; that page also includes
              
              instructions for disclosing a patent. An individual who has actual knowledge of a patent
              which the individual believes contains
              <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
              Claim(s)</a> must disclose the information in accordance with
              <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section
              6 of the <abbr title="World Wide Web Consortium">W3C</abbr> Patent Policy</a>.
            
            
          </p>
          
            <p>This document is governed by the <a id="w3c_process_revision" href="http://www.w3.org/2015/Process-20150901/">1 September 2015 <abbr title="World Wide Web Consortium">W3C</abbr> Process Document</a>.
            </p>
          
          
        
      
    
  
</section><section id="toc"><h2 class="introductory" id="h-toc" resource="#h-toc"><span property="xhv:role" resource="xhv:heading">Table of Contents</span></h2><ul class="toc" role="directory"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a></li><li class="tocline"><a href="#definitions" class="tocxref"><span class="secno">2. </span>Definitions</a></li><li class="tocline"><a href="#obtaining-access-to-key-systems" class="tocxref"><span class="secno">3. </span>Obtaining Access to Key Systems</a><ul class="toc"><li class="tocline"><a href="#navigator-extension-requestmediakeysystemaccess" class="tocxref"><span class="secno">3.1 </span><span class="formerLink"><code>Navigator</code></span> Extension: <code>requestMediaKeySystemAccess()</code></a><ul class="toc"><li class="tocline"><a href="#methods" class="tocxref"><span class="secno">3.1.1 </span>Methods</a></li><li class="tocline"><a href="#algorithms" class="tocxref"><span class="secno">3.1.2 </span>Algorithms</a><ul class="toc"><li class="tocline"><a href="#get-supported-configuration" class="tocxref"><span class="secno">3.1.2.1 </span>Get Supported Configuration</a></li><li class="tocline"><a href="#get-supported-capabilities-for-audio-video-type" class="tocxref"><span class="secno">3.1.2.2 </span>Get Supported Capabilities for Audio/Video Type</a></li><li class="tocline"><a href="#are-insecure-contexts-allowed---deprecated" class="tocxref"><span class="secno">3.1.2.3 </span>Are insecure contexts allowed? - DEPRECATED</a></li><li class="tocline"><a href="#get-distinctive-identifier-consent-status" class="tocxref"><span class="secno">3.1.2.4 </span>Get Distinctive Identifier Consent Status</a></li></ul></li></ul></li><li class="tocline"><a href="#mediakeysystemconfiguration-dictionary" class="tocxref"><span class="secno">3.2 </span><span class="formerLink"><code>MediaKeySystemConfiguration</code></span> dictionary</a><ul class="toc"><li class="tocline"><a href="#dictionary-mediakeysystemconfiguration-members" class="tocxref"><span class="secno">3.2.1 </span>Dictionary <span class="formerLink"><code>MediaKeySystemConfiguration</code></span> Members</a></li></ul></li><li class="tocline"><a href="#mediakeysystemmediacapability-dictionary" class="tocxref"><span class="secno">3.3 </span><span class="formerLink"><code>MediaKeySystemMediaCapability</code></span> dictionary</a><ul class="toc"><li class="tocline"><a href="#dictionary-mediakeysystemmediacapability-members" class="tocxref"><span class="secno">3.3.1 </span>Dictionary <span class="formerLink"><code>MediaKeySystemMediaCapability</code></span> Members</a></li></ul></li></ul></li><li class="tocline"><a href="#mediakeysystemaccess-interface" class="tocxref"><span class="secno">4. </span><span class="formerLink"><code>MediaKeySystemAccess</code></span> Interface</a><ul class="toc"><li class="tocline"><a href="#attributes" class="tocxref"><span class="secno">4.1 </span>Attributes</a></li><li class="tocline"><a href="#methods-1" class="tocxref"><span class="secno">4.2 </span>Methods</a></li></ul></li><li class="tocline"><a href="#mediakeys-interface" class="tocxref"><span class="secno">5. </span><span class="formerLink"><code>MediaKeys</code></span> Interface</a><ul class="toc"><li class="tocline"><a href="#methods-2" class="tocxref"><span class="secno">5.1 </span>Methods</a></li><li class="tocline"><a href="#algorithms-1" class="tocxref"><span class="secno">5.2 </span>Algorithms</a><ul class="toc"><li class="tocline"><a href="#is-persistent-session-type" class="tocxref"><span class="secno">5.2.1 </span>Is persistent session type?</a></li></ul></li></ul></li><li class="tocline"><a href="#mediakeysession-interface" class="tocxref"><span class="secno">6. </span><span class="formerLink"><code>MediaKeySession</code></span> Interface</a><ul class="toc"><li class="tocline"><a href="#attributes-1" class="tocxref"><span class="secno">6.1 </span>Attributes</a></li><li class="tocline"><a href="#methods-3" class="tocxref"><span class="secno">6.2 </span>Methods</a></li><li class="tocline"><a href="#mediakeystatusmap-interface" class="tocxref"><span class="secno">6.3 </span><span class="formerLink"><code>MediaKeyStatusMap</code></span> Interface</a><ul class="toc"><li class="tocline"><a href="#attributes-2" class="tocxref"><span class="secno">6.3.1 </span>Attributes</a></li><li class="tocline"><a href="#methods-4" class="tocxref"><span class="secno">6.3.2 </span>Methods</a></li><li class="tocline"><a href="#callback-foreachcallback-parameters" class="tocxref"><span class="secno">6.3.3 </span>Callback <span class="formerLink"><code>ForEachCallback</code></span> Parameters</a></li></ul></li><li class="tocline"><a href="#mediakeymessageevent" class="tocxref"><span class="secno">6.4 </span><span class="formerLink"><code>MediaKeyMessageEvent</code></span></a><ul class="toc"><li class="tocline"><a href="#constructors" class="tocxref"><span class="secno">6.4.1 </span>Constructors</a></li><li class="tocline"><a href="#attributes-3" class="tocxref"><span class="secno">6.4.2 </span>Attributes</a></li><li class="tocline"><a href="#mediakeymessageeventinit" class="tocxref"><span class="secno">6.4.3 </span><span class="formerLink"><code>MediaKeyMessageEventInit</code></span></a><ul class="toc"><li class="tocline"><a href="#dictionary-mediakeymessageeventinit-members" class="tocxref"><span class="secno">6.4.3.1 </span>Dictionary <span class="formerLink"><code>MediaKeyMessageEventInit</code></span> Members</a></li></ul></li></ul></li><li class="tocline"><a href="#mediakeysession-events" class="tocxref"><span class="secno">6.5 </span>Event Summary</a></li><li class="tocline"><a href="#mediakeysession-algorithms" class="tocxref"><span class="secno">6.6 </span>Algorithms</a><ul class="toc"><li class="tocline"><a href="#queue-message" class="tocxref"><span class="secno">6.6.1 </span>Queue a "message" Event</a></li><li class="tocline"><a href="#update-key-statuses" class="tocxref"><span class="secno">6.6.2 </span>Update Key Statuses</a></li><li class="tocline"><a href="#update-expiration" class="tocxref"><span class="secno">6.6.3 </span>Update Expiration</a></li><li class="tocline"><a href="#session-close" class="tocxref"><span class="secno">6.6.4 </span>Session Close</a></li></ul></li><li class="tocline"><a href="#exceptions" class="tocxref"><span class="secno">6.7 </span>Exceptions</a></li><li class="tocline"><a href="#session-storage" class="tocxref"><span class="secno">6.8 </span>Session Storage and Persistence</a></li></ul></li><li class="tocline"><a href="#htmlmediaelement-extensions" class="tocxref"><span class="secno">7. </span><span class="formerLink"><code>HTMLMediaElement</code></span> Extensions</a><ul class="toc"><li class="tocline"><a href="#attributes-4" class="tocxref"><span class="secno">7.1 </span>Attributes</a></li><li class="tocline"><a href="#methods-5" class="tocxref"><span class="secno">7.2 </span>Methods</a></li><li class="tocline"><a href="#mediaencryptedevent" class="tocxref"><span class="secno">7.3 </span><span class="formerLink"><code>MediaEncryptedEvent</code></span></a><ul class="toc"><li class="tocline"><a href="#constructors-1" class="tocxref"><span class="secno">7.3.1 </span>Constructors</a></li><li class="tocline"><a href="#attributes-5" class="tocxref"><span class="secno">7.3.2 </span>Attributes</a></li><li class="tocline"><a href="#mediaencryptedeventinit" class="tocxref"><span class="secno">7.3.3 </span><span class="formerLink"><code>MediaEncryptedEventInit</code></span></a><ul class="toc"><li class="tocline"><a href="#dictionary-mediaencryptedeventinit-members" class="tocxref"><span class="secno">7.3.3.1 </span>Dictionary <span class="formerLink"><code>MediaEncryptedEventInit</code></span> Members</a></li></ul></li></ul></li><li class="tocline"><a href="#htmlmediaelement-events" class="tocxref"><span class="secno">7.4 </span>Event Summary</a></li><li class="tocline"><a href="#htmlmediaelement-algorithms" class="tocxref"><span class="secno">7.5 </span>Algorithms</a><ul class="toc"><li class="tocline"><a href="#initdata-encountered" class="tocxref"><span class="secno">7.5.1 </span>Initialization Data Encountered</a></li><li class="tocline"><a href="#encrypted-block-encountered" class="tocxref"><span class="secno">7.5.2 </span>Encrypted Block Encountered</a></li><li class="tocline"><a href="#queue-waitingforkey" class="tocxref"><span class="secno">7.5.3 </span>Queue a "waitingforkey" Event</a></li><li class="tocline"><a href="#resume-playback" class="tocxref"><span class="secno">7.5.4 </span>Attempt to Resume Playback If Necessary</a></li></ul></li><li class="tocline"><a href="#media-element-restictions" class="tocxref"><span class="secno">7.6 </span>Media Element Restrictions</a></li></ul></li><li class="tocline"><a href="#implementation-requirements" class="tocxref"><span class="secno">8. </span>Implementation Requirements</a><ul class="toc"><li class="tocline"><a href="#identifier-requirements" class="tocxref"><span class="secno">8.1 </span>Identifiers</a><ul class="toc"><li class="tocline"><a href="#limit-or-avoid-use-of-distinctive-identifiers" class="tocxref"><span class="secno">8.1.1 </span>Limit or Avoid use of Distinctive Identifiers</a></li><li class="tocline"><a href="#encrypt-identifiers" class="tocxref"><span class="secno">8.1.2 </span>Encrypt Identifiers</a></li><li class="tocline"><a href="#per-origin-identifiers" class="tocxref"><span class="secno">8.1.3 </span>Use Per-Origin Identifiers</a></li><li class="tocline"><a href="#allow-identifiers-cleared" class="tocxref"><span class="secno">8.1.4 </span>Allow Identifiers to be Cleared</a></li></ul></li><li class="tocline"><a href="#support-multiple-keys" class="tocxref"><span class="secno">8.2 </span>Support Multiple Keys</a></li><li class="tocline"><a href="#initialization-data-type-support-requirements" class="tocxref"><span class="secno">8.3 </span>Initialization Data Type Support</a><ul class="toc"><li class="tocline"><a href="#licenses-generated-are-independent-of-content-type" class="tocxref"><span class="secno">8.3.1 </span>Licenses Generated are Independent of Content Type</a></li><li class="tocline"><a href="#support-extraction-from-media-data" class="tocxref"><span class="secno">8.3.2 </span>Support Extraction From Media Data</a></li></ul></li><li class="tocline"><a href="#media-requirements" class="tocxref"><span class="secno">8.4 </span>Supported Media</a><ul class="toc"><li class="tocline"><a href="#unencrypted-container" class="tocxref"><span class="secno">8.4.1 </span>Unencrypted Container</a></li><li class="tocline"><a href="#interoperably-encrypted" class="tocxref"><span class="secno">8.4.2 </span>Interoperably Encrypted</a></li><li class="tocline"><a href="#unencrypted-in-band-support-content" class="tocxref"><span class="secno">8.4.3 </span>Unencrypted In-band Support Content</a></li></ul></li></ul></li><li class="tocline"><a href="#common-key-systems" class="tocxref"><span class="secno">9. </span>Common Key Systems</a><ul class="toc"><li class="tocline"><a href="#clear-key" class="tocxref"><span class="secno">9.1 </span>Clear Key</a><ul class="toc"><li class="tocline"><a href="#clear-key-capabilities" class="tocxref"><span class="secno">9.1.1 </span>Capabilities</a></li><li class="tocline"><a href="#clear-key-behavior" class="tocxref"><span class="secno">9.1.2 </span>Behavior</a></li><li class="tocline"><a href="#clear-key-request-format" class="tocxref"><span class="secno">9.1.3 </span>License Request Format</a><ul class="toc"><li class="tocline"><a href="#clear-key-request-format-example" class="tocxref"><span class="secno">9.1.3.1 </span>Example</a></li></ul></li><li class="tocline"><a href="#clear-key-license-format" class="tocxref"><span class="secno">9.1.4 </span>License Format</a><ul class="toc"><li class="tocline"><a href="#clear-key-license-format-example" class="tocxref"><span class="secno">9.1.4.1 </span>Example</a></li></ul></li><li class="tocline"><a href="#clear-key-release-format" class="tocxref"><span class="secno">9.1.5 </span>License Release Format</a><ul class="toc"><li class="tocline"><a href="#clear-key-release-format-example" class="tocxref"><span class="secno">9.1.5.1 </span>Example</a></li></ul></li><li class="tocline"><a href="#clear-key-release-ack-format" class="tocxref"><span class="secno">9.1.6 </span>License Release Acknowledgement Format</a><ul class="toc"><li class="tocline"><a href="#clear-key-release-ack-format-example" class="tocxref"><span class="secno">9.1.6.1 </span>Example</a></li></ul></li><li class="tocline"><a href="#using-base64url" class="tocxref"><span class="secno">9.1.7 </span>Using base64url</a></li></ul></li></ul></li><li class="tocline"><a href="#security" class="tocxref"><span class="secno">10. </span>Security</a><ul class="toc"><li class="tocline"><a href="#input-data-security" class="tocxref"><span class="secno">10.1 </span>Input Data Attacks and Vulnerabilities</a></li><li class="tocline"><a href="#cdm-security" class="tocxref"><span class="secno">10.2 </span>CDM Attacks and Vulnerabilities</a></li><li class="tocline"><a href="#network-attacks" class="tocxref"><span class="secno">10.3 </span>Network Attacks</a><ul class="toc"><li class="tocline"><a href="#potential-attacks" class="tocxref"><span class="secno">10.3.1 </span>Potential Attacks</a></li><li class="tocline"><a href="#mitigations" class="tocxref"><span class="secno">10.3.2 </span>Mitigations</a></li></ul></li><li class="tocline"><a href="#iframe-attacks" class="tocxref"><span class="secno">10.4 </span><code>iframe</code> Attacks</a><ul class="toc"><li class="tocline"><a href="#potential-attacks-1" class="tocxref"><span class="secno">10.4.1 </span>Potential Attacks</a></li><li class="tocline"><a href="#mitigations-1" class="tocxref"><span class="secno">10.4.2 </span>Mitigations</a></li></ul></li><li class="tocline"><a href="#cross-directory-attacks" class="tocxref"><span class="secno">10.5 </span>Cross-Directory Attacks</a></li></ul></li><li class="tocline"><a href="#privacy" class="tocxref"><span class="secno">11. </span>Privacy</a><ul class="toc"><li class="tocline"><a href="#privacy-disclosure" class="tocxref"><span class="secno">11.1 </span>Information Disclosed by EME and Key Systems</a></li><li class="tocline"><a href="#privacy-fingerprinting" class="tocxref"><span class="secno">11.2 </span>Fingerprinting</a></li><li class="tocline"><a href="#privacy-leakage" class="tocxref"><span class="secno">11.3 </span>Information Leakage</a><ul class="toc"><li class="tocline"><a href="#concerns" class="tocxref"><span class="secno">11.3.1 </span>Concerns</a></li><li class="tocline"><a href="#mitigations-2" class="tocxref"><span class="secno">11.3.2 </span>Mitigations</a></li></ul></li><li class="tocline"><a href="#user-tracking" class="tocxref"><span class="secno">11.4 </span>User Tracking</a><ul class="toc"><li class="tocline"><a href="#concerns-1" class="tocxref"><span class="secno">11.4.1 </span>Concerns</a></li><li class="tocline"><a href="#mitigations-3" class="tocxref"><span class="secno">11.4.2 </span>Mitigations</a></li><li class="tocline"><a href="#privacy-individualization" class="tocxref"><span class="secno">11.4.3 </span>Individualization</a><ul class="toc"><li class="tocline"><a href="#origin-independent-individualization" class="tocxref"><span class="secno">11.4.3.1 </span>Origin-Independent Individualization</a></li><li class="tocline"><a href="#per-origin-individualization" class="tocxref"><span class="secno">11.4.3.2 </span>Per-Origin Individualization</a></li></ul></li></ul></li><li class="tocline"><a href="#privacy-storedinfo" class="tocxref"><span class="secno">11.5 </span>Information Stored on User Devices</a><ul class="toc"><li class="tocline"><a href="#concerns-2" class="tocxref"><span class="secno">11.5.1 </span>Concerns</a></li><li class="tocline"><a href="#mitigations-4" class="tocxref"><span class="secno">11.5.2 </span>Mitigations</a></li></ul></li><li class="tocline"><a href="#incomplete-clearing" class="tocxref"><span class="secno">11.6 </span>Incomplete Clearing of Data</a><ul class="toc"><li class="tocline"><a href="#concerns-3" class="tocxref"><span class="secno">11.6.1 </span>Concerns</a></li><li class="tocline"><a href="#mitigations-5" class="tocxref"><span class="secno">11.6.2 </span>Mitigations</a></li></ul></li><li class="tocline"><a href="#private-browsing" class="tocxref"><span class="secno">11.7 </span>Private Browsing Modes</a></li><li class="tocline"><a href="#privacy-secureorigin" class="tocxref"><span class="secno">11.8 </span>Secure Origin and Transport</a></li></ul></li><li class="tocline"><a href="#examples" class="tocxref"><span class="secno">12. </span>Examples</a><ul class="toc"><li class="tocline"><a href="#example-source-and-key-known" class="tocxref"><span class="secno">12.1 </span>Source and Key Known at Page Load (Clear Key)</a></li><li class="tocline"><a href="#example-selecting-key-system" class="tocxref"><span class="secno">12.2 </span>Selecting a Supported Key System and Using Initialization Data from the "encrypted" Event</a></li><li class="tocline"><a href="#example-mediakeys-before-source" class="tocxref"><span class="secno">12.3 </span>Create MediaKeys Before Loading Media</a></li><li class="tocline"><a href="#example-using-all-events" class="tocxref"><span class="secno">12.4 </span>Using All Events</a></li><li class="tocline"><a href="#example-stored-license" class="tocxref"><span class="secno">12.5 </span>Stored License</a></li></ul></li><li class="tocline"><a href="#revision-history" class="tocxref"><span class="secno">13. </span>Revision History</a></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></section>


    


    <section id="introduction" class="informative" typeof="bibo:Chapter" resource="#introduction" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-introduction" resource="#h-introduction"><span property="xhv:role" resource="xhv:heading"><span class="secno">1. </span>Introduction</span></h2><p><em>This section is non-normative.</em></p>
      <p>
        This specification enables script to select content protection mechanisms, control license/key exchange, and implement custom license management algorithms.
        It supports a wide range of use cases without requiring client-side modifications in each user agent for each use case.
        This enables content providers to develop a single application solution for all devices.
      </p>
      <p>
        Supported content is encrypted per container-specific "common encryption" specifications, enabling use across key systems.
        Supported content has an unencrypted container, enabling metadata to be provided to the application and maintaining compatibility with other <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code> features.
      </p>
      <p>
        A generic stack implemented using the API is shown below.
        This diagram shows an example flow; other combinations of API calls and events are possible.
      </p>
      <img src="stack_overview.svg" alt="A generic stack implemented using the proposed APIs" height="700">
    </section>

    <section id="definitions" typeof="bibo:Chapter" resource="#definitions" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-definitions" resource="#h-definitions"><span property="xhv:role" resource="xhv:heading"><span class="secno">2. </span>Definitions</span></h2>

      <dl>
        <dt id="cdm">Content Decryption Module (CDM)</dt>
        <dd>
          <p>Content Decryption Module (CDM) is the client component that provides the functionality, including decryption, for one or more <a href="#key-system">Key Systems</a>.</p>
          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note1"><span>Note</span></div><p class="">Implementations may or may not separate the implementations of CDMs or treat them as separate from the user agent.
          This is transparent to the API and application.</p></div>

          <p>All messages and communication to and from the CDM, such as between the CDM and a license server, <em class="rfc2119" title="MUST">MUST</em> be passed through the user agent.
            The CDM <em class="rfc2119" title="MUST NOT">MUST NOT</em> make direct out-of band network requests.
            All messages and communication other than those described in <a href="#origin-independent-individualization">Origin-Independent Individualization</a> <em class="rfc2119" title="MUST">MUST</em> be passed through the application via the APIs defined in this specification.
            Specifically, all communication that contains application-, <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>-, or content-specific information or is sent to a URL specified by the application or based on its origin, <em class="rfc2119" title="MUST">MUST</em> pass through the APIs.
            This includes all license exchange messages.
          </p>
          <p>
          
          </p>
        </dd>

        <dt id="key-system">Key System</dt>
        <dd>
          <p>A Key System is a generic term for a decryption mechanism and/or content protection provider.
          Key System strings provide unique identification of a Key System.
          They are used by the user agent to select a <a href="#cdm">CDM</a> and identify the source of a key-related event.
          User agents <em class="rfc2119" title="MUST">MUST</em> support the <a href="#common-key-systems">Common Key Systems</a>.
          User agents <em class="rfc2119" title="MAY">MAY</em> also provide additional CDMs with corresponding Key System strings.
          </p>

          <p>A Key System string is always a reverse domain name.
          Key System strings are compared using case-sensitive matching. It is <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> that CDMs use simple lower-case ASCII key system strings.</p>
          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note2"><span>Note</span></div><p class="">For example, "com.example.somesystem".</p></div>

          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note3"><span>Note</span></div><p class="">
          Within a given system ("somesystem" in the example), subsystems may be defined as determined by the key system provider.
          For example, "com.example.somesystem.1" and "com.example.somesystem.1_5".
          Key System providers should keep in mind that these will be used for comparison and discovery, so they should be easy to compare and the structure should remain reasonably simple.
          </p></div>
        </dd>

        <dt id="key-session">Key Session</dt>
        <dd>
          <p>A Key Session, or simply Session, provides a context for message exchange with the CDM as a result of which key(s) are made available to the <a href="#cdm">CDM</a>.
          Sessions are embodied as <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> objects.
          Each Key session is associated with a single instance of <a href="#initialization-data">Initialization Data</a> provided in the <code><a href="#widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData">generateRequest()</a></code> call.
          </p>
          <p>Each Key Session is associated with a single <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object, and only media element(s) associated with that object may access key(s) associated with the session.
          Other <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> objects, <a href="#cdm">CDM</a> instances, and media elements <em class="rfc2119" title="MUST NOT">MUST NOT</em> access the key session or use its key(s).
          Key sessions and the keys they contain are no longer usable by the CDM for decryption when the <a href="#session-close">session is closed</a>, including when the <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object is destroyed.
          </p>
          <p><a href="#decryption-key-id">Key IDs</a> <em class="rfc2119" title="MUST">MUST</em> be unique within a session.</p>
        </dd>

        <dt id="session-id">Session ID</dt>
        <dd>
          <p>A Session ID is a unique string identifier generated by the <a href="#cdm">CDM</a> that can be used by the application to identify <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> objects.</p>

          <p>A new Session ID is generated each time the user agent and CDM successfully create a new session.</p>

          <p>Each Session ID <em class="rfc2119" title="SHALL">SHALL</em> be unique within the browsing context in which it was created.
            For session types for which the <a href="#is-persistent-session-type">Is persistent session type?</a> algorithm returns <code>true</code>, Session IDs <em class="rfc2119" title="MUST">MUST</em> be unique within the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> over time, including across browsing sessions.
          </p>

          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note4"><span>Note</span></div><p class="">The underlying content protection protocol does not necessarily need to support Session IDs.</p></div>
        </dd>

        <dt id="decryption-key">Key</dt>
        <dd>
          <p>Unless otherwise stated, key refers to a decryption key that can be used to decrypt blocks within <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.
          Each such key is uniquely identified by a <a href="#decryption-key-id">key ID</a>.
          A key is associated with the <a href="#key-session">session</a> used to provide it to the CDM. (The same key may be present in multiple sessions.)
          Such keys <em class="rfc2119" title="MUST">MUST</em> only be provided to the <a href="#cdm">CDM</a> via an <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> call. (They may later be loaded by <code><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load()</a></code> as part of the stored session data.)
          </p>

          <p>A key is considered <em>usable</em> if the CDM is certain the key is currently usable to decrypt <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a></p>
          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note5"><span>Note</span></div><p class="">For example, a key is not usable if its license has expired.</p></div>
          
          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note6"><span>Note</span></div><p class="">Authors <em class="rfc2119" title="SHOULD">SHOULD</em> encrypt each set of stream(s) that requires enforcement of a meaningfully different policy with a distinct key (and key ID).
            For example, if policies may differ between two video resolutions, stream(s) containing one resolution should not be encrypted with the key used to encrypt stream(s) containing the other resolution.
            When encrypted, audio streams <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> use the same key as any video stream.
            This is the only way to ensure enforcement and compatibility across clients.
          </p></div>
        </dd>

        <dt id="decryption-key-id">Key ID</dt>
        <dd>
          <p>A <a href="#decryption-key">key</a> is associated with a key ID that is a sequence of octets and which uniquely identifies the key.
          The container specifies the ID of the key that can decrypt a block or set of blocks within the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.
          <a href="#initialization-data">Initialization Data</a> <em class="rfc2119" title="MAY">MAY</em> contain key ID(s) to identify the keys that are needed to decrypt the media data.
          However, there is no requirement that Initialization Data contain any or all key IDs used in the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> or <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-resource">media resource</a>.
          <a href="#license">Licenses</a> provided to the CDM associate each key with a key ID so the <a href="#cdm">CDM</a> can select the appropriate key when decrypting an encrypted block of media data.
          </p>
        </dd>

        <dt id="known-key">Known Key</dt>
        <dd>
          <p>A key is considered to be known to a session if the CDM's implementation of the session contains any information - specifically the <a href="#decryption-key-id">key ID</a> - about it, regardless of whether the actual <a href="#decryption-key">key</a> is usable or its value is known.
            Known keys are exposed via the <code><a href="#widl-MediaKeySession-keyStatuses">keyStatuses</a></code> attribute.
          </p>

          <p>Keys are considered known even after they become unusable, such as due to expiration or if they are removed but a <a href="#record-of-license-destruction">record of license destruction</a> or <a href="#record-of-key-usage">record of key usage</a> is available.
            Keys only become unknown when they are explicitly removed from a session and any license release message is acknowledged.
          </p>

          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note7"><span>Note</span></div><p class="">For example, a key could become unknown if an <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> call provides a new license that does not include the key and includes instructions to replace the license(s) that previously contained the key.</p></div>
        </dd>

        <dt id="license">License</dt>
        <dd>
          <p>A license is key system-specific state information that includes one or more <a href="#decryption-key">key(s)</a> - each associated with a <a href="#decryption-key-id">key ID</a> - and potentially other information about key usage.</p>
        </dd>

        <dt id="initialization-data">Initialization Data</dt>
        <dd>
          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note8"><span>Note</span></div><p class="">
          <a href="#key-system">Key Systems</a> usually require a block of initialization data containing information about the stream to be decrypted before they can construct a license request message.
          This block could be a simple key or content ID or a more complex structure containing such information.
          It <em class="rfc2119" title="SHOULD">SHOULD</em> always allow unique identification of the <a href="#decryption-key">key(s)</a> needed to decrypt the content.
          This initialization information <em class="rfc2119" title="MAY">MAY</em> be obtained in some application-specific way or provided with the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.
          </p></div>

          <p>
          Initialization Data is a generic term for container-specific data that is used by a <a href="#cdm">CDM</a> to generate a license request.
          </p>

          <p>
          The format of the initialization data depends upon the type of container, and containers <em class="rfc2119" title="MAY">MAY</em> support more than one format
          of initialization data. The <dfn id="initialization-data-type" data-dfn-type="dfn">Initialization Data Type</dfn> is a string that indicates the
          format of the accompanying Initialization Data. Initialization Data Type strings are always matched case-sensitively. It is
          <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> that Initialization Data Type strings are lower-case ASCII strings.
          </p>

          <p>
          The Encrypted Media Extensions Stream Format and Initialization Data Format Registry [<cite><a class="bibref" href="#bib-EME-REGISTRY">EME-REGISTRY</a></cite>]
          provides the mapping from <a href="#initialization-data-type">Initialization Data Type</a> string to the specification for each format.
          </p>

          <p>
          When the user agent encounters Initialization Data in the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, it provides that Initialization Data to the application in the <code><a href="#widl-MediaEncryptedEventInit-initData">initData</a></code> attribute of the <code><a href="#dom-evt-encrypted">encrypted</a></code> event.
          The user agent <em class="rfc2119" title="MUST NOT">MUST NOT</em> store the Initialization Data or use its <em>content</em> at the time it is encountered.  
          The application provides Initialization Data to the <a href="#cdm">CDM</a> via <code><a href="#widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData">generateRequest()</a></code>.
          The user agent <em class="rfc2119" title="MUST NOT">MUST NOT</em> provide Initialization Data to the CDM by other means.
          </p>

          <p>Initialization Data <em class="rfc2119" title="MUST">MUST</em> be a fixed value for a given set of stream(s) or <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.
            It <em class="rfc2119" title="MUST">MUST</em> only contain information related to the keys required to play a given set of stream(s) or <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.
            It <em class="rfc2119" title="MUST NOT">MUST NOT</em> contain application data, client-specific data, user-specific data, or executable code.
          </p>

          <p>Initialization Data <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> contain Key System-specific data or values.
            Implementations <em class="rfc2119" title="MUST">MUST</em> support the common formats defined [<cite><a class="bibref" href="#bib-EME-REGISTRY">EME-REGISTRY</a></cite>] for each <a href="#initialization-data-type">Initialization Data Type</a> they support.
          </p>
          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note9"><span>Note</span></div><p class="">
            Use of proprietary formats/contents is discouraged, and supporting or using <em>only</em> proprietary formats is strongly discouraged.
            Proprietary formats should only be used with pre-existing content or on pre-existing devices that do not support the common formats.
          </p></div>
        </dd>

        <dt id="distinctive-identifier">Distinctive Identifier</dt>
        <dd>
          <p>A distinctive identifier is a piece of data, implication of the possession of a piece of data, or an observable behavior or timing for which all of the following criteria hold:</p>
          <ul>
            <li><p>It is not shared across a large population of users or devices.</p></li>
            <li><p>It is exposed outside the client device or exposed to the application such that the application has the opportunity to send it (even if in encrypted form if decryptable outside the device) or information about it outside the client device.</p></li>
            <li><p>It is used in more than one session or <!-- TODO: Get clarity on this: -->is potentially used in one persistent session across the point of persistence.</p></li>
          </ul>

          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note10"><span>Note</span></div><p class="">A distinctive identifier is typically unique to a user or device, but an identifier does not need to be strictly unique to be distinctive.
            For example, an identifier shared among a small number of users could still be distinctive.
          </p></div>

          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note11"><span>Note</span></div><div class="">
            <p>Examples of distinctive identifiers include but are not limited to:</p>
            <ul>
              <li><p>A string of bytes that is included in key requests and that is different from the string included by other devices.</p></li>
              <li><p>A public key included in key requests that is different from the public keys included in the requests by other devices.</p></li>
              <li><p>Demonstration of possession of a private key (e.g. by signing some data) that other devices do not have.</p></li>
              <li><p>An identifier for such a key.</p></li>
            </ul>
            <p>Examples of things that are not distinctive identifiers:</p>
            <ul>
              <li><p>A public key shared among all copies of a given CDM version if the installed base is large.</p></li>
              <li><p>A nonce or ephemeral key that is unique but used in only one <!-- TODO: Get clarity on this: "non-persistent" --> session.</p></li>
              <li><p>Device-unique keys used in attestations between, for example, the video pipeline and the CDM when the CDM does not let these attestations further flow to the application and instead makes a new attestation on its own using a key that does not constitute a distinctive identifier.</p></li>
            </ul>
          </div></div>
          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note12"><span>Note</span></div><p class="">The source of the identifier does not affect whether it is distinctive.
            For example, an identifier that is permanently part of the client device, contained in the CDM, generated on the client, or generated as part of some individualization or other provisioning process is considered distinctive if it meets the criteria above.
          </p></div>
        </dd>

        <dt id="cross-origin">Cross Origin Limitations</dt>
        <dd>
          <p>During playback, embedded media data is exposed to script in the embedding <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>.
          In order for the API to provide <a href="#initialization-data">Initialization Data</a> in the <code><a href="#dom-evt-encrypted">encrypted</a></code> event, <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> <em class="rfc2119" title="MUST">MUST</em> be <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a> with the embedding page.
          If <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> is cross-origin with the embedding document, authors <em class="rfc2119" title="SHOULD">SHOULD</em> use the <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#attr-media-crossorigin">crossorigin</a></code> attribute
          on the <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code> and CORS headers on the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> response to make it <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a>.
          </p>
        </dd>

        <dt id="mixed-content">Mixed Content Limitations</dt>
        <dd>
          <p>During playback, embedded media data is exposed to script in the embedding <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>.
          In order for the API to provide <a href="#initialization-data">Initialization Data</a> in the <code><a href="#dom-evt-encrypted">encrypted</a></code> event, <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> <em class="rfc2119" title="MUST NOT">MUST NOT</em> be Mixed Content [<cite><a class="bibref" href="#bib-MIXED-CONTENT">MIXED-CONTENT</a></cite>].
          </p>
        </dd>
      </dl>
    </section>


    <section id="obtaining-access-to-key-systems" typeof="bibo:Chapter" resource="#obtaining-access-to-key-systems" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-obtaining-access-to-key-systems" resource="#h-obtaining-access-to-key-systems"><span property="xhv:role" resource="xhv:heading"><span class="secno">3. </span>Obtaining Access to Key Systems</span></h2>
      <p>This section defines the mechanism for obtaining access to a key system.
        The inclusion of capabilities in the request also enables feature detection.
      </p>
      <p>The steps of an algorithm are always aborted when rejecting a promise.</p>

      <section id="navigator-extension-requestmediakeysystemaccess" typeof="bibo:Chapter" resource="#navigator-extension-requestmediakeysystemaccess" property="bibo:hasPart">
        <h3 id="h-navigator-extension-requestmediakeysystemaccess" resource="#h-navigator-extension-requestmediakeysystemaccess"><span property="xhv:role" resource="xhv:heading"><span class="secno">3.1 </span><a href="#idl-def-Navigator" class="idlType"><code>Navigator</code></a> Extension: <code>requestMediaKeySystemAccess()</code></span></h3>

        <pre class="idl"><span class="idlInterface" id="idl-def-Navigator">partial interface <span class="idlInterfaceID">Navigator</span> {
<span class="idlMethod">    <span class="idlMethType">Promise&lt;<a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a>&gt;</span> <span class="idlMethName"><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess</a></span> (<span class="idlParam"><span class="idlParamType">DOMString</span> <span class="idlParamName">keySystem</span></span>, <span class="idlParam"><span class="idlParamType">sequence&lt;<a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a>&gt;</span> <span class="idlParamName">supportedConfigurations</span></span>);</span>
};</span></pre><section id="methods" typeof="bibo:Chapter" resource="#methods" property="bibo:hasPart"><h4 id="h-methods" resource="#h-methods"><span property="xhv:role" resource="xhv:heading"><span class="secno">3.1.1 </span>Methods</span></h4><dl class="methods"><dt id="widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations"><code id="requestMediaKeySystemAccess">requestMediaKeySystemAccess</code></dt><dd>
            <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note13"><span>Note</span></div><p class="">Calling this method may have <em>user-visible effects</em>, including requests for user consent.
            This method should only be called when when the author intends to create and use a <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object with the provided configuration.
            </p></div>
            <p>Requests access to the specified <a href="#key-system">Key System</a>.
              When <code>supportedConfigurations</code> is specified, the configuration specified by at least one of its elements must be supported.
              The resulting <a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a> will correspond to the first such elment.
            </p>
            <p>Any permission checks or user interaction, such as a prompt, <em class="rfc2119" title="MUST">MUST</em> be performed before resolving the promise.</p>
            <p>If the <code>keySystem</code> is not supported or not allowed (in one at least one of the <code>supportedConfigurations</code>, if specified), the promise is rejected.
              Otherwise, it is resolved with a new <a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a> object.
            </p>

            

            
          <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">keySystem</td><td class="prmType"><code>DOMString</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc">
                The <a href="#key-system">Key System</a> for which access is being requested.
              </td></tr><tr><td class="prmName">supportedConfigurations</td><td class="prmType"><code>sequence&lt;<a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a>&gt;</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc">
                A sequence of <a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a> configurations to try in order.
                The first element with a satisfiable configuration will be used.
              </td></tr></tbody></table><div><em>Return type: </em><code>Promise&lt;<a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a>&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
              <!-- TODO: Convert all parameters to use <code>. -->
              <li><p>If <var>keySystem</var> is the empty string, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
              <li><p>If <var>supportedConfigurations</var> is empty, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
              <li><p>Let <var>document</var> be the calling context's <a href="https://dom.spec.whatwg.org/#concept-document">Document</a>.</p></li>
              <li><p>If the <a href="http://www.w3.org/TR/html5/webappapis.html#incumbent-settings-object">incumbant settings object</a> is not a <a href="https://w3c.github.io/webappsec-secure-contexts/#secure-context">secure context</a> [<cite><a class="bibref" href="#bib-POWERFUL-FEATURES">POWERFUL-FEATURES</a></cite>], run the following steps:</p>

                  <div class="issue" id="issue-3"><div class="issue-title" aria-level="5" role="heading" id="h-issue3"><span>Issue 3</span></div><p class="">Support for communication from Secure Contexts to devices on a private network is an open issue. A bug will be filed with the Web Application Security Working Group and referenced here.</p></div>
                <ol>
                  <li><p>If the result of running the <a href="#are-insecure-contexts-allowed---deprecated">Are insecure contexts allowed?</a> algorithm is <code>Allowed</code>, skip the next step.</p>
                    <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note14"><span>Note</span></div><p class="">This step is <strong>DEPRECATED</strong>.
                      It is expected that removal of this step will be evaluated during Candidate Recommendation (CR).
                      Authors are advised that implementations <em class="rfc2119" title="MAY">MAY</em> remove it before then.
                    </p></div>
                  </li>
                  <li><p>Reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>.</p>
                    <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note15"><span>Note</span></div><p class="">
                      Requiring Secure Contexts is <em>not</em> a replacement for other security- and privacy-related requirements and recommendations.
                      Implementations <em class="rfc2119" title="MUST">MUST</em> meet all related requirements and <em class="rfc2119" title="SHOULD">SHOULD</em> follow related recommendations such that the risks on in an secure context would be similar.
                    </p></div>
                  </li>
                </ol>
              </li>
              <li><p>Let <var>origin</var> be the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of <var>document</var>.</p></li>
              <li><p>Let <var>promise</var> be a new promise.</p></li>
              <li><p>Run the following steps in parallel:</p>
                <ol>
                  <li><p>If <var>keySystem</var> is not one of the <a href="#key-system">Key Systems</a> supported by the user agent, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>. String comparison is case-sensitive.</p></li>
                  <li><p>Let <var>implementation</var> be the implementation of <var>keySystem</var>.</p></li>
                  <li><p>For each value in <code>supportedConfigurations</code>:</p>
                    <ol>
                      <li><p>Let <var>candidate configuration</var> be the value.</p></li>
                      <li><p>Let <var>supported configuration</var> be the result of executing the <a href="#get-supported-configuration">Get Supported Configuration</a> algorithm on <var>implementation</var>, <var>candidate configuration</var>, and <var>origin</var>.
                      </p></li><li><p>If <var>supported configuration</var> is not <code>null</code>, run the following steps:</p>
                        <ol>
                          <li>
                            <p>Let <var>access</var> be a new <a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a> object, and initialize it as follows:</p>
                            <ol>
                              <li><p>Set the <code><a href="#widl-MediaKeySystemAccess-keySystem">keySystem</a></code> attribute to <var>keySystem</var>.</p></li>
                              <li><p>Let the <var>configuration</var> value be <var>supported configuration</var>.</p></li>
                              <li><p>Let the <var>cdm implementation</var> value be <var>implementation</var>.</p></li>
                            </ol>
                          </li>
                          <li><p>Resolve <var>promise</var> with <var>access</var> and abort these steps.</p></li>
                        </ol>
                      </li>
                    </ol>
                  </li>
                  <li><p>Reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>.</p>
                    <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note16"><span>Note</span></div><p class=""><code>keySystem</code> was not supported/allowed or none of the configurations in <code>supportedConfigurations</code> were supported/allowed.</p></div>
                  </li>
                </ol>
              </li>
              <li><p>Return <var>promise</var>.</p></li>
            </ol></dd></dl></section>

        <section id="algorithms" typeof="bibo:Chapter" resource="#algorithms" property="bibo:hasPart">
          <h4 id="h-algorithms" resource="#h-algorithms"><span property="xhv:role" resource="xhv:heading"><span class="secno">3.1.2 </span>Algorithms</span></h4>

          <section id="get-supported-configuration" typeof="bibo:Chapter" resource="#get-supported-configuration" property="bibo:hasPart">
            <h5 id="h-get-supported-configuration" resource="#h-get-supported-configuration"><span property="xhv:role" resource="xhv:heading"><span class="secno">3.1.2.1 </span>Get Supported Configuration</span></h5>
            <p>Given a <a href="#key-system">Key Systems</a> implementation <var>implementation</var>, <a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a> <var>candidate configuration</var>, and <var>origin</var>, this algorithm returns a supported configuration or <code>null</code> as appropriate.</p>
            <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note17"><span>Note</span></div><p class="">Unrecognized dictionary members in <var>candidate configuration</var> are ignored per [<cite><a class="bibref" href="#bib-WebIDL">WebIDL</a></cite>] and will never reach this algorithm. Thus, they cannot be considered as part of the configuration.</p></div>
            <ol>
              <li><p>Let <var>accumulated configuration</var> be a new <a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a> dictionary.</p></li>
              
              <li>
                <p>
                  Set the <code><a href="#widl-MediaKeySystemConfiguration-label">label</a></code> member of <var>accumulated configuration</var> to equal the <code><a href="#widl-MediaKeySystemConfiguration-label">label</a></code> member of <var>candidate configuration</var>.
                </p>
              </li>

              <li><p>If the <code><a href="#widl-MediaKeySystemConfiguration-initDataTypes">initDataTypes</a></code> member is <a href="https://heycam.github.io/webidl/#dfn-present">present</a> in <var>candidate configuration</var>, run the following steps:</p>
                <ol>
                  <li><p>Let <var>supported types</var> be an empty sequence of DOMStrings.</p></li>
                  <li><p>For each value in <var>candidate configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-initDataTypes">initDataTypes</a></code> member:</p>
                    <ol>
                      <li><p>Let <var>initDataType</var> be the value.</p></li>
                      <li>
                        <p>If the <var>implementation</var> supports generating requests based on <var>initDataType</var>, add <var>initDataType</var> to <var>supported types</var>.
                          String comparison is case-sensitive.
                          The empty string is never supported.
                        </p>
                        <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note18"><span>Note</span></div><p class="">The <var>initDataType</var> <em class="rfc2119" title="MUST">MUST</em> be supported independent of content types in order to avoid unexpectedly rejecting the configuration in later steps.
                          Support for <var>initDataType</var> includes both license generation and, when appropriate, extraction from media data.
                          See <a href="#initialization-data-type-support-requirements">Initialization Data Type Support requirements</a>.
                        </p></div>
                      </li>
                    </ol>
                  </li>
                  <li><p>If <var>supported types</var> is empty, return <code>null</code>.</p></li>
                  <li><p>Set the <code><a href="#widl-MediaKeySystemConfiguration-initDataTypes">initDataTypes</a></code> member of <var>accumulated configuration</var> to <var>supported types</var>.</p></li>
                </ol>
              </li>

              <!-- Table of results for MediaKeysRequirement members based on implementation capabilities:
                              ||                        Implementation Capabilities                       |
                  Input Value ||     Only Supported     |   Only Not Supported   |          Both          |
                ===========================================================================================
                "required"    ||       "required"       |       Return null      |       "required"       |
                "optional"    ||       "required"       |      "not-allowed"     | Depends on combination |
                "not-allowed" ||       Return null      |      "not-allowed"     |      "not-allowed"     |
               -->
              <li><p>Follow the steps for the value of <var>candidate configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code> member from the following list:</p>
                <dl class="switch">
                  <dt><code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code></dt>
                  <dd>
                    <p>If the <var>implementation</var> does not support a persistent <a href="#distinctive-identifier">Distinctive Identifier</a> in combination with <var>accumulated configuration</var>, return <code>null</code>.</p>
                  </dd>
                  <dt><code><a href="#idl-def-MediaKeysRequirement.optional">"optional"</a></code></dt>
                  <dd>
                    <p>Continue.<!-- Will be updated below. --></p>
                  </dd>
                  <dt><code><a href="#idl-def-MediaKeysRequirement.not-allowed">"not-allowed"</a></code></dt>
                  <dd>
                    <p>If the <var>implementation</var> requires a <a href="#distinctive-identifier">Distinctive Identifier</a> in combination with <var>accumulated configuration</var>, return <code>null</code>.</p>
                  </dd>
                </dl>
              </li>
              <li><p>Set the <code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code> member of <var>accumulated configuration</var> to equal <var>candidate configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code> member.

              </p></li><li><p>Follow the steps for the value of <var>candidate configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> member from the following list:</p>
                <dl class="switch">
                  <dt><code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code></dt>
                  <dd>
                    <p>If the <var>implementation</var> does not support persisting state in combination with <var>accumulated configuration</var>, return <code>null</code>.</p>
                  </dd>
                  <dt><code><a href="#idl-def-MediaKeysRequirement.optional">"optional"</a></code></dt>
                  <dd>
                    <p>Continue.<!-- Will be updated below. --></p>
                  </dd>
                  <dt><code><a href="#idl-def-MediaKeysRequirement.not-allowed">"not-allowed"</a></code></dt>
                  <dd>
                    <p>If the <var>implementation</var> requires persisting state in combination with <var>accumulated configuration</var>, return <code>null</code>.</p>
                  </dd>
                </dl>
              </li>
              <li><p>Set the <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> member of <var>accumulated configuration</var> to equal the value of <var>candidate configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> member.
              
              </p></li><li><p>Follow the steps for the first matching condition from the following list:</p>
                <dl class="switch">
                  <dt>If the <code><a href="#widl-MediaKeySystemConfiguration-sessionTypes">sessionTypes</a></code> member is <a href="https://heycam.github.io/webidl/#dfn-present">present</a> in <var>candidate configuration</var></dt>
                  <dd>
                    <p>Let <var>session types</var> be <var>candidate configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-sessionTypes">sessionTypes</a></code> member.</p>
                  </dd>
                  <dt>Otherwise</dt>
                  <dd>
                    <p>Let <var>session types</var> be <code>[ <code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code> ]</code>.</p>
                  </dd>
                </dl>
              </li>        
              <li><p>For each value in <var>session types</var>:</p>
                <ol>
                  <li><p>Let <var>session type</var> be the value.</p></li>
                  <li>
                    <p>If the <var>implementation</var> does not support <var>session type</var> in combination with <var>accumulated configuration</var>, return <code>null</code>.</p>
                    <p>Unsupported combinations include but are not limited to a <var>session type</var> for which the <a href="#is-persistent-session-type">Is persistent session type?</a> algorithm returns <code>true</code> when <var>accumulated configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> value is <code><a href="#idl-def-MediaKeysRequirement.not-allowed">"not-allowed"</a></code>.</p>
                  </li>
                  <li><p>If <var>accumulated configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> value is <code><a href="#idl-def-MediaKeysRequirement.optional">"optional"</a></code> and the result of running the <a href="#is-persistent-session-type">Is persistent session type?</a> algorithm on <var>session type</var> is <code>true</code>, change <var>accumulated configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> value to <code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code>.</p></li>
                </ol>
              </li>
              <li><p>Set the <code><a href="#widl-MediaKeySystemConfiguration-sessionTypes">sessionTypes</a></code> member of <var>accumulated configuration</var> to <var>session types</var>.
              
              </p></li><li><p>If the <code><a href="#widl-MediaKeySystemConfiguration-videoCapabilities">videoCapabilities</a></code> member is <a href="https://heycam.github.io/webidl/#dfn-present">present</a> in <var>candidate configuration</var>:</p>
                <ol>
                  <li><p>Let <var>video capabilities</var> be the result of executing the <a href="#get-supported-capabilities-for-audio-video-type">Get Supported Capabilities for Audio/Video Type</a> algorithm on Video, <var>candidate configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-videoCapabilities">videoCapabilities</a></code> member, and <var>accumulated configuration</var>.</p></li>
                  <li><p>If <var>video capabilities</var> is <code>null</code>, return <code>null</code>.</p></li><!-- Video capabilities were specified, but none were supported. -->
                  <li><p>Set the <code><a href="#widl-MediaKeySystemConfiguration-videoCapabilities">videoCapabilities</a></code> member of <var>accumulated configuration</var> to <var>video capabilities</var>.</p></li>
                </ol>
              </li>

              <li><p>If the <code><a href="#widl-MediaKeySystemConfiguration-audioCapabilities">audioCapabilities</a></code> member is <a href="https://heycam.github.io/webidl/#dfn-present">present</a> in <var>candidate configuration</var>:</p>
                <ol>
                  <li><p>Let <var>audio capabilities</var> be the result of executing the <a href="#get-supported-capabilities-for-audio-video-type">Get Supported Capabilities for Audio/Video Type</a> algorithm on Audio, <var>candidate configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-audioCapabilities">audioCapabilities</a></code> member, and <var>accumulated configuration</var>.</p></li>
                  <li><p>If <var>audio capabilities</var> is <code>null</code>, return <code>null</code>.</p></li><!-- Audio capabilities were specified, but none were supported. -->
                  <li><p>Set the <code><a href="#widl-MediaKeySystemConfiguration-audioCapabilities">audioCapabilities</a></code> member of <var>accumulated configuration</var> to <var>audio capabilities</var>.</p></li>
                </ol>
              </li>

              <!-- Replace "optional" values in the combined configuration before checking permissions and for the value exposed by MediaKeySystemAccess. -->
              <li><p>If <var>accumulated configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code> value is <code><a href="#idl-def-MediaKeysRequirement.optional">"optional"</a></code>, follow the steps for the first matching condition from the following list:</p>
                <dl class="switch">
                  <dt>If the <var>implementation</var> requires a <a href="#distinctive-identifier">Distinctive Identifier</a> for any of the combinations in <var>accumulated configuration</var></dt>
                  <dd>
                    <p>Change <var>accumulated configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code> value to <code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code>.</p>
                  </dd>
                  <dt>Otherwise</dt>
                  <dd>
                    <p>Change <var>accumulated configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code> value to <code><a href="#idl-def-MediaKeysRequirement.not-allowed">"not-allowed"</a></code>.</p>
                  </dd>
                </dl>
              </li>

              <li><p>If <var>accumulated configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> value is <code><a href="#idl-def-MediaKeysRequirement.optional">"optional"</a></code>, follow the steps for the first matching condition from the following list:</p>
                <dl class="switch">
                  <dt>If the <var>implementation</var> requires persisting state for any of the combinations in <var>accumulated configuration</var></dt>
                  <dd>
                    <p>Change <var>accumulated configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> value to <code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code>.</p>
                  </dd>
                  <dt>Otherwise</dt>
                  <dd>
                    <p>Change <var>accumulated configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> value to <code><a href="#idl-def-MediaKeysRequirement.not-allowed">"not-allowed"</a></code>.</p>
                  </dd>
                </dl>
              </li>

              <li><p>If <var>implementation</var> in the configuration specified by the combination of the values in <var>accumulated configuration</var> is not supported or not allowed in the <var>origin</var>, return <code>null</code>.</p>
                <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note19"><span>Note</span></div><p class="">In this step, "supported" includes the implementation being available for use when this algorithm returns, not just user agent support for such an implementation.</p></div>
              </li>

              <li><p>If <var>accumulated configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code> value is <code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code>:</p>
                <ol>
                  <li>
                    <p>
                      If the <a href="#distinctive-identifier">Distinctive Identifier</a> is not <a href="#per-origin-identifiers">unique per-origin</a> and <a href="#allow-identifiers-cleared">clearable</a>, return <code>null</code>.
                    </p>
                    <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note20"><span>Note</span></div><p class="">
                      The "unique per-origin" and "clearable" conditions cannot be false in a compliant implementation because implementations <em class="rfc2119" title="MUST">MUST</em> <a href="#per-origin-identifiers">use per-origin identifiers</a> and <a href="#allow-identifiers-cleared">allow the user to clear identifier</a>.
                    </p></div>
                  </li>
                  <li>
                    <p>
                      Let <var>distinctive identifier consent status</var> be the result of running the <a href="#get-distinctive-identifier-consent-status">Get Distinctive Identifier Consent Status</a> algorithm on <var>accumulated configuration</var> and <var>origin</var> and follow the steps for the value of <var>distinctive identifier consent status</var> from the following list:":
                    </p>

                    <dl class="switch">
                      <dt><code>ConsentRequired</code>:</dt>
                      <dd>
                        <ol>
                          <li>
                            <p>
                              Request user consent to use <a href="#distinctive-identifier">Distinctive Identifier(s)</a> in conjunction with <var>accumulated configuration</var> in the <var>origin</var> and wait for the user response.
                            </p>
                            <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note21"><span>Note</span></div><p class="">User consent to use <a href="#distinctive-identifier">Distinctive Identifier(s)</a> is specific to the <var>origin</var> and may be limited to configurations sharing certain properties with <var>accumulated configuration</var>..</p></div>
                            <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note22"><span>Note</span></div><p class="">The user agent <em class="rfc2119" title="MAY">MAY</em> choose to persist the user response.</p></div>
                          </li>
                          <li>
                            <p>
                              If consent was denied, return <code>null</code>.
                            </p>
                          </li>
                        </ol>
                      </dd>
                      <dt><code>InformUser</code>:</dt>
                      <dd>
                        <p>
                          Inform the user that <a href="#distinctive-identifier">Distinctive Identifier(s)</a> are in use for <var>accumulated configuration</var> in the <var>origin</var> and continue with the following steps.
                        </p>
                      </dd>
                      <dt><code>Allowed</code>:</dt>
                      <dd>
                        <p>
                          Continue with the following steps.
                        </p>
                      </dd>
                      <dt><code>Denied</code>:</dt>
                      <dd>
                        <p>
                          Return <code>null</code>.
                        </p>
                      </dd>
                    </dl>
                  </li>
                </ol>
              </li>

              <li><p>Return <var>accumulated configuration</var>.</p></li>
            </ol>
          </section>

          <section id="get-supported-capabilities-for-audio-video-type" typeof="bibo:Chapter" resource="#get-supported-capabilities-for-audio-video-type" property="bibo:hasPart">
            <h5 id="h-get-supported-capabilities-for-audio-video-type" resource="#h-get-supported-capabilities-for-audio-video-type"><span property="xhv:role" resource="xhv:heading"><span class="secno">3.1.2.2 </span>Get Supported Capabilities for Audio/Video Type</span></h5>
            <p>Given an <var>audio/video type</var>, <a href="#idl-def-MediaKeySystemMediaCapability" class="idlType"><code>MediaKeySystemMediaCapability</code></a> sequence <var>requested media capabilities</var>, and <a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a> <var>partial configuration</var>, this algorithm returns a sequence of supported <a href="#idl-def-MediaKeySystemMediaCapability" class="idlType"><code>MediaKeySystemMediaCapability</code></a> values for this audio/video type or <code>null</code> as appropriate.</p>
            <ol>
              <li><p>Let <var>local accumulated configuration</var> be a local copy of <var>partial configuration</var>.</p></li>
              <li><p>Let <var>supported media capabilities</var> be an empty sequence of <a href="#idl-def-MediaKeySystemMediaCapability" class="idlType"><code>MediaKeySystemMediaCapability</code></a> dictionaries.</p></li>
              <li><p>For each <var>requested media capability</var> in <var>requested media capabilities</var>:</p>
                <ol>
                  <li><p>Let <var>content type</var> be <var>requested media capability</var>'s <code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code> member.</p></li>
                  <li><p>Let <var>robustness</var> be <var>requested media capability</var>'s <code><a href="#widl-MediaKeySystemMediaCapability-robustness">robustness</a></code> member.</p></li>
                  <li><p>If <var>content type</var> is the empty string, return <code>null</code>.</p></li><!-- Invalid input. -->
                  <li><p>If <var>content type</var> is an invalid or unrecognized MIME type, continue to the next iteration.</p></li>
                  <li><p>Let <var>container</var> be the container type specified by <var>content type</var>.</p></li>
                  <li><p>If the user agent does not support <var>container</var>, continue to the next iteration. The case-sensitivity of string comparisons is determined by the appropriate RFC.</p>
                    <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note23"><span>Note</span></div><p class="">Per RFC 6838 [<cite><a class="bibref" href="#bib-RFC6838">RFC6838</a></cite>], "Both top-level type and subtype names are case-insensitive."</p></div>
                  </li>
                  <li><p>Let <var>parameters</var> be the RFC 6381 [<cite><a class="bibref" href="#bib-RFC6381">RFC6381</a></cite>] parameters, if any, specified by <var>content type</var>.</p></li>
                  <li><p>If the user agent does not recognize one or more <var>parameters</var>, continue to the next iteration.</p></li>
                  <li><p>Let <var>media types</var> be the set of codecs, with parameters, specified by <var>parameters</var>. It <em class="rfc2119" title="MAY">MAY</em> be empty. The case-sensitivity of string comparisons is determined by the appropriate RFC or other specification.</p>
                    <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note24"><span>Note</span></div><p class="">Case-sensitive string comparison is <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> because RFC 6381 [<cite><a class="bibref" href="#bib-RFC6381">RFC6381</a></cite>] says, "Values are case sensitive" for some formats.</p></div>
                  </li>
                  <li><p>If <var>content type</var> is not strictly a <var>audio/video type</var>, continue to the next iteration.</p>
                    <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note25"><span>Note</span></div><p class="">For example, if <var>audio/video type</var> is Video and the top-level type is not "video" or <var>media types</var> contains non-video codecs.</p></div>
                  </li>
                  <li><p>If <var>robustness</var> is not the empty string and contains an unrecognized value or a value not supported by <var>implementation</var>, continue to the next iteration. String comparison is case-sensitive.</p></li>
                  <li><p>If the user agent and <var>implementation</var> do not support playback of encrypted <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> for the combination of <var>container</var>, <var>media types</var>, <var>robustness</var> and <var>local accumulated configuration</var>, continue to the next iteration.</p>
                    <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note26"><span>Note</span></div><p class=""><var>requested media capability</var> (content type and robustness) must be supported with all previously added requested media capabilities.</p></div>
                  </li>
                  <li>
                    <p>
                      Add <var>requested media capability</var> to <var>supported media capabilities</var>.
                    </p>
                    <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note27"><span>Note</span></div><p class="">
                      This step ensures that the values of the members of entries in <var>supported media capabilities</var> are exactly the strings supplied in
                      <var>requested media capability</var> without modification by the User Agent.
                    </p></div>
                  </li>
                  <li>
                    <dl class="switch">
                      <dt>If <var>audio/video type</var> is Video:</dt>
                      <dd>
                        <p>
                          Add <var>requested media capability</var> to the <code><a href="#widl-MediaKeySystemConfiguration-videoCapabilities">videoCapabilities</a></code> member of <var>local accumulated configuration</var>.
                        </p>
                      </dd>
                      <dt>If <var>audio/video type</var> is Audio:</dt>
                      <dd>
                        <p>
                          Add <var>requested media capability</var> to the <code><a href="#widl-MediaKeySystemConfiguration-audioCapabilities">audioCapabilities</a></code> member of <var>local accumulated configuration</var>.
                        </p>
                      </dd>
                    </dl>
                    <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note28"><span>Note</span></div><p class="">
                      This step ensures that configurations are always checked with configurations from previous iterations, including from previous calls to this algorithm.
                      Otherwise, only configurations from previous calls to this algorithm would be checked in subsequent calls.
                    </p></div>
                  </li>
                </ol>
              </li>
              <li><p>If <var>supported media capabilities</var> is empty, return <code>null</code>.</p>
                <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note29"><span>Note</span></div><p class="">None of the <a href="#idl-def-MediaKeySystemMediaCapability" class="idlType"><code>MediaKeySystemMediaCapability</code></a> elements in <var>requested media capabilities</var> is supported in combination with <var>partial configuration</var>.</p></div>
              </li>
              <li><p>Return <var>supported media capabilities</var>.</p></li>
            </ol>
          </section>
          
          <section id="are-insecure-contexts-allowed---deprecated" typeof="bibo:Chapter" resource="#are-insecure-contexts-allowed---deprecated" property="bibo:hasPart">
            <h5 id="h-are-insecure-contexts-allowed---deprecated" resource="#h-are-insecure-contexts-allowed---deprecated"><span property="xhv:role" resource="xhv:heading"><span class="secno">3.1.2.3 </span>Are insecure contexts allowed? - DEPRECATED</span></h5>
            <p>This algorithm is <strong>DEPRECATED</strong>. When removed, callers will behave as if it returned <code>Not Allowed</code>.</p>
            <p>Implementations <em class="rfc2119" title="SHOULD">SHOULD</em> return <code>Not Allowed</code>. Implementations <em class="rfc2119" title="MAY">MAY</em> return <code>Allowed</code>.</p>
          </section>
          
          <section id="get-distinctive-identifier-consent-status" typeof="bibo:Chapter" resource="#get-distinctive-identifier-consent-status" property="bibo:hasPart">
            <h5 id="h-get-distinctive-identifier-consent-status" resource="#h-get-distinctive-identifier-consent-status"><span property="xhv:role" resource="xhv:heading"><span class="secno">3.1.2.4 </span>Get Distinctive Identifier Consent Status</span></h5>
            <p>
              Given an <var>accumulated configuration</var> and an <var>origin</var>, this algorithm returns the consent status of <a href="#distinctive-identifier">Distinctive Identifier(s)</a> for <var>accumulated configuration</var> and <var>origin</var> as one of <code>ConsentRequired</code>, <code>InformUser</code>, <code>Allowed</code> or <code>Denied</code>.
            </p>
            <ol>
              <li>
                <p>
                  If there is persisted denial for <var>origin</var> indicating that <a href="#distinctive-identifier">Distinctive Identifier(s)</a> are not allowed in conjunction with <var>accumulated configuration</var>, return <code>Denied</code>.
                </p>
              </li>
              <li>
                <p>
                  If there is persisted consent for <var>origin</var> indicating that <a href="#distinctive-identifier">Distinctive Identifier(s)</a> are allowed in conjunction with <var>accumulated configuration</var>, return <code>Allowed</code>.
                </p>
                <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note30"><span>Note</span></div><p class="">
                  A previous user consent for a prompt that did not include use of a <a href="#distinctive-identifier">Distinctive Identifier</a> (with similar properties) would not be considered as covering an <var>accumulated configuration</var> that requires use of such an identifier.
                </p></div>
              </li>
              <li>
                <p>
                  If any of the recommendations of <a href="#allow-identifiers-cleared">Allow Identifiers to be Cleared</a> are not supported by the User Agent, return <code>ConsentRequired</code>.
                </p>
              </li>
              <li>
                <p>
                  If the user agent requires explicit user consent for the use of
                  <a href="#distinctive-identifier">Distinctive Identifier(s)</a> for other reasons, return <code>ConsentRequired</code>.
                </p>
                <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note31"><span>Note</span></div><p class="">
                  Another reason for requiring explicit user consent may be due to the security properties of the CDM implementation.
                </p></div>
              </li>
              <li>
                <p>
                  Return <code>InformUser</code>.
                </p>
              </li>
            </ol>
          </section>
          
        </section>
      </section>

      <section id="mediakeysystemconfiguration-dictionary" typeof="bibo:Chapter" resource="#mediakeysystemconfiguration-dictionary" property="bibo:hasPart">
        <h3 id="h-mediakeysystemconfiguration-dictionary" resource="#h-mediakeysystemconfiguration-dictionary"><span property="xhv:role" resource="xhv:heading"><span class="secno">3.2 </span><a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a> dictionary</span></h3>

        <pre class="idl"><span class="idlEnum" id="idl-def-MediaKeysRequirement">enum <span class="idlEnumID">MediaKeysRequirement</span> {
    "<a href="#idl-def-MediaKeysRequirement.required" class="idlEnumItem">required</a>",
    "<a href="#idl-def-MediaKeysRequirement.optional" class="idlEnumItem">optional</a>",
    "<a href="#idl-def-MediaKeysRequirement.not-allowed" class="idlEnumItem">not-allowed</a>"
};</span></pre><table class="simple"><tbody><tr><th colspan="2">Enumeration description</th></tr><tr><td><code id="idl-def-MediaKeysRequirement.required">required</code></td><td>
            <dl>
              <dt>When used in a call to <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code></dt>
              <dd>The returned object <em class="rfc2119" title="MUST">MUST</em> support this feature.</dd>
              <dt>When returned by a <a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a> object</dt>
              <dd>CDM instances created by the object <em class="rfc2119" title="MAY">MAY</em> use this feature.</dd>
            </dl>
          </td></tr><tr><td><code id="idl-def-MediaKeysRequirement.optional">optional</code></td><td>
            <dl>
              <dt>When used in a call to <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code></dt>
              <dd>The returned object <em class="rfc2119" title="MAY">MAY</em> support and use this feature.</dd>
              <dt>When returned by a <a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a> object</dt>
              <dd>This value cannot and <em class="rfc2119" title="MUST NOT">MUST NOT</em> be present in such an object.</dd>
            </dl>
          </td></tr><tr><td><code id="idl-def-MediaKeysRequirement.not-allowed">not-allowed</code></td><td>
            <dl>
              <dt>When used in a call to <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code></dt>
              <dd>The returned object <em class="rfc2119" title="MUST">MUST</em> function without using this feature and <em class="rfc2119" title="MUST NOT">MUST NOT</em> use it at any time.</dd>
              <dt>When returned by a <a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a> object</dt>
              <dd>CDM instances created by the object <em class="rfc2119" title="MUST NOT">MUST NOT</em> use this feature.</dd>
            </dl>
          </td></tr></tbody></table>

        <pre class="idl"><span class="idlDictionary" id="idl-def-MediaKeySystemConfiguration">dictionary <span class="idlDictionaryID">MediaKeySystemConfiguration</span> {
<span class="idlMember">             <span class="idlMemberType">DOMString</span>                               <span class="idlMemberName"><a href="#widl-MediaKeySystemConfiguration-label">label</a></span> = <span class="idlMemberValue">""</span>;</span>
<span class="idlMember">             <span class="idlMemberType">sequence&lt;DOMString&gt;</span>                     <span class="idlMemberName"><a href="#widl-MediaKeySystemConfiguration-initDataTypes">initDataTypes</a></span>;</span>
<span class="idlMember">             <span class="idlMemberType">sequence&lt;<a href="#idl-def-MediaKeySystemMediaCapability" class="idlType"><code>MediaKeySystemMediaCapability</code></a>&gt;</span> <span class="idlMemberName"><a href="#widl-MediaKeySystemConfiguration-audioCapabilities">audioCapabilities</a></span>;</span>
<span class="idlMember">             <span class="idlMemberType">sequence&lt;<a href="#idl-def-MediaKeySystemMediaCapability" class="idlType"><code>MediaKeySystemMediaCapability</code></a>&gt;</span> <span class="idlMemberName"><a href="#widl-MediaKeySystemConfiguration-videoCapabilities">videoCapabilities</a></span>;</span>
<span class="idlMember">             <span class="idlMemberType"><a href="#idl-def-MediaKeysRequirement" class="idlType"><code>MediaKeysRequirement</code></a></span>                    <span class="idlMemberName"><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></span> = <span class="idlMemberValue">"optional"</span>;</span>
<span class="idlMember">             <span class="idlMemberType"><a href="#idl-def-MediaKeysRequirement" class="idlType"><code>MediaKeysRequirement</code></a></span>                    <span class="idlMemberName"><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></span> = <span class="idlMemberValue">"optional"</span>;</span>
<span class="idlMember">             <span class="idlMemberType">sequence&lt;DOMString&gt;</span>                     <span class="idlMemberName"><a href="#widl-MediaKeySystemConfiguration-sessionTypes">sessionTypes</a></span>;</span>
};</span></pre><section id="dictionary-mediakeysystemconfiguration-members" typeof="bibo:Chapter" resource="#dictionary-mediakeysystemconfiguration-members" property="bibo:hasPart"><h4 id="h-dictionary-mediakeysystemconfiguration-members" resource="#h-dictionary-mediakeysystemconfiguration-members"><span property="xhv:role" resource="xhv:heading"><span class="secno">3.2.1 </span>Dictionary <a class="idlType" href="#idl-def-MediaKeySystemConfiguration"><code>MediaKeySystemConfiguration</code></a> Members</span></h4><dl class="dictionary-members"><dt id="widl-MediaKeySystemConfiguration-audioCapabilities"><code>audioCapabilities</code> of type <span class="idlMemberType">sequence&lt;<a href="#idl-def-MediaKeySystemMediaCapability" class="idlType"><code>MediaKeySystemMediaCapability</code></a>&gt;</span></dt><dd>
            A list of supported audio type and capability pairs.
            The audio capability of this object is considered supported if the list is empty or contains one or more values that are supported with all other members (as determined by the algorithm).
            When there is a conflict between values, the earlier value will be selected.
          </dd><dt id="widl-MediaKeySystemConfiguration-distinctiveIdentifier"><code>distinctiveIdentifier</code> of type <span class="idlMemberType"><a href="#idl-def-MediaKeysRequirement" class="idlType"><code>MediaKeysRequirement</code></a></span>, defaulting to <code>"optional"</code></dt><dd>
            Whether a persistent <a href="#distinctive-identifier">Distinctive Identifier</a> is required.
            <p>Messages from the CDM, such as <code><a href="#dom-evt-message">message</a></code> events, <em class="rfc2119" title="MUST NOT">MUST NOT</em> contain a <a href="#distinctive-identifier">Distinctive Identifier</a>, even in an encrypted form, when this member is <code><a href="#idl-def-MediaKeysRequirement.not-allowed">"not-allowed"</a></code>.
          </p></dd><dt id="widl-MediaKeySystemConfiguration-initDataTypes"><code>initDataTypes</code> of type <span class="idlMemberType">sequence&lt;DOMString&gt;</span></dt><dd>
            A list of supported <a href="#initialization-data-type">Initialization Data Type</a> names.
            The <a href="#initialization-data-type">Initialization Data Type</a> capability of this object is considered supported if the list is empty or contains one or more values that are supported with all other members (as determined by the algorithm).
            Values in the sequence <em class="rfc2119" title="MUST">MUST</em> not be the empty string.
          </dd><dt id="widl-MediaKeySystemConfiguration-label"><code>label</code> of type <span class="idlMemberType">DOMString</span>, defaulting to <code>""</code></dt><dd>
            An optional label that will be preserved in the <a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a> returned from the <code><a href="#widl-MediaKeySystemAccess-getConfiguration-MediaKeySystemConfiguration">getConfiguration()</a></code> method of <a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a>.
          </dd><dt id="widl-MediaKeySystemConfiguration-persistentState"><code>persistentState</code> of type <span class="idlMemberType"><a href="#idl-def-MediaKeysRequirement" class="idlType"><code>MediaKeysRequirement</code></a></span>, defaulting to <code>"optional"</code></dt><dd>
            Whether the ability to persist state is required. This includes session data and any other type of state.
            <p>The CDM <em class="rfc2119" title="MUST NOT">MUST NOT</em> persist any state related to the application or <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <a href="https://dom.spec.whatwg.org/#concept-document">Document</a> when this member is <code><a href="#idl-def-MediaKeysRequirement.not-allowed">"not-allowed"</a></code>.
            </p><div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note32"><span>Note</span></div><p class="">For the purposes of this member, persistent state does not include persistent unique identifiers (<a href="#distinctive-identifier">Distinctive Identifiers</a>) controlled by the <a href="#key-system">Key System</a> implementation. <code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code> independently reflects this requirement.</p></div>
            <p>Only <code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code> sessions may be created when persistent state is not supported.</p>
            <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note33"><span>Note</span></div><p class="">For <code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code> sessions, the need and ability to store state is <a href="#key-system">Key System</a> implementation-specific and may vary by feature used.</p></div>
            <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note34"><span>Note</span></div><p class="">Applications intending to create non-<code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code> sessions, should set this member to <code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code> when calling <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code>.</p></div>
          </dd><dt id="widl-MediaKeySystemConfiguration-sessionTypes"><code>sessionTypes</code> of type <span class="idlMemberType">sequence&lt;DOMString&gt;</span></dt><dd>
            A list of <a href="#idl-def-MediaKeySessionType" class="idlType"><code>MediaKeySessionType</code></a>s that must be supported. All values must be supported.
            <p>If this member is <a href="https://heycam.github.io/webidl/#dfn-present">not present</a> when the dictionary is passed to <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code>, the dictionary will be treated as if this member is set to <code>[ <code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code> ]</code>.</p>
          </dd><dt id="widl-MediaKeySystemConfiguration-videoCapabilities"><code>videoCapabilities</code> of type <span class="idlMemberType">sequence&lt;<a href="#idl-def-MediaKeySystemMediaCapability" class="idlType"><code>MediaKeySystemMediaCapability</code></a>&gt;</span></dt><dd>
            A list of supported video type and capability pairs.
            The video capability of this object is considered supported if the list is empty or contains one or more values that are supported with all other members (as determined by the algorithm).
            When there is a conflict between values, the earlier value will be selected.
          </dd></dl></section>

        <p>Implementations <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> add members to the this dictionary.
          Should member(s) be added, they <em class="rfc2119" title="MUST">MUST</em> be of type <a href="#idl-def-MediaKeysRequirement" class="idlType"><code>MediaKeysRequirement</code></a>, and it is <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> that they have default values of <code><a href="#idl-def-MediaKeysRequirement.optional">"optional"</a></code> to support the widest range of application and client combinations.
        </p>
        <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note35"><span>Note</span></div><p class="">Dictionary members not recognized by a user agent implementation are ignored per [<cite><a class="bibref" href="#bib-WebIDL">WebIDL</a></cite>] and will not be considered in the <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code> algorithm.
          Should an application use non-standard dictionary member(s), it <em class="rfc2119" title="MUST NOT">MUST NOT</em> rely on user agent implementations rejecting a configuration that includes such dictionary members.
        </p></div>
        <p>This dictionary <em class="rfc2119" title="MUST NOT">MUST NOT</em> be used to pass state or data to the CDM.</p>

      </section>

      <section id="mediakeysystemmediacapability-dictionary" typeof="bibo:Chapter" resource="#mediakeysystemmediacapability-dictionary" property="bibo:hasPart">
        <h3 id="h-mediakeysystemmediacapability-dictionary" resource="#h-mediakeysystemmediacapability-dictionary"><span property="xhv:role" resource="xhv:heading"><span class="secno">3.3 </span><a href="#idl-def-MediaKeySystemMediaCapability" class="idlType"><code>MediaKeySystemMediaCapability</code></a> dictionary</span></h3>
        <pre class="idl"><span class="idlDictionary" id="idl-def-MediaKeySystemMediaCapability">dictionary <span class="idlDictionaryID">MediaKeySystemMediaCapability</span> {
<span class="idlMember">             <span class="idlMemberType">DOMString</span> <span class="idlMemberName"><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></span> = <span class="idlMemberValue">""</span>;</span>
<span class="idlMember">             <span class="idlMemberType">DOMString</span> <span class="idlMemberName"><a href="#widl-MediaKeySystemMediaCapability-robustness">robustness</a></span> = <span class="idlMemberValue">""</span>;</span>
};</span></pre><section id="dictionary-mediakeysystemmediacapability-members" typeof="bibo:Chapter" resource="#dictionary-mediakeysystemmediacapability-members" property="bibo:hasPart"><h4 id="h-dictionary-mediakeysystemmediacapability-members" resource="#h-dictionary-mediakeysystemmediacapability-members"><span property="xhv:role" resource="xhv:heading"><span class="secno">3.3.1 </span>Dictionary <a class="idlType" href="#idl-def-MediaKeySystemMediaCapability"><code>MediaKeySystemMediaCapability</code></a> Members</span></h4><dl class="dictionary-members"><dt id="widl-MediaKeySystemMediaCapability-contentType"><code>contentType</code> of type <span class="idlMemberType">DOMString</span>, defaulting to <code>""</code></dt><dd>
            The type of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-resource">media resource</a>.  Allows the user agent to determine if it can play this <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-resource">media resource</a> with the requested <a href="#key-system">Key System</a> before fetching the content.
            If specified, its value must be a <a href="http://www.w3.org/TR/html5/embedded-content-0.html#mime-types">valid MIME type</a>.
            The codecs parameter, which certain MIME types define, might be necessary to specify exactly how the resource is encoded.
          </dd><dt id="widl-MediaKeySystemMediaCapability-robustness"><code>robustness</code> of type <span class="idlMemberType">DOMString</span>, defaulting to <code>""</code></dt><dd>
            The robustness level associated with the content type.
            The empty string indicates that any ability to decrypt and decode the content type is acceptable.
          </dd></dl></section>

        <p>The entire <code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code>, including all codecs, must be supported with <code><a href="#widl-MediaKeySystemMediaCapability-robustness">robustness</a></code> in order for the capability represented by this object to be considered supported.</p>
        <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note36"><span>Note</span></div><p class="">If any of a set of codecs is acceptable, use a separate instances of this dictionary for each codec.</p></div>
      </section>
    </section>


    <section id="mediakeysystemaccess-interface" typeof="bibo:Chapter" resource="#mediakeysystemaccess-interface" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-mediakeysystemaccess-interface" resource="#h-mediakeysystemaccess-interface"><span property="xhv:role" resource="xhv:heading"><span class="secno">4. </span><a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a> Interface</span></h2>
      <p>The MediaKeySystemAccess object provides access to a <a href="#key-system">Key System</a>.</p>

      <pre class="idl"><span class="idlInterface" id="idl-def-MediaKeySystemAccess">interface <span class="idlInterfaceID">MediaKeySystemAccess</span> {
<span class="idlAttribute">    readonly        attribute <span class="idlAttrType">DOMString</span> <span class="idlAttrName"><a href="#widl-MediaKeySystemAccess-keySystem">keySystem</a></span>;</span>
<span class="idlMethod">    <span class="idlMethType"><a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a></span> <span class="idlMethName"><a href="#widl-MediaKeySystemAccess-getConfiguration-MediaKeySystemConfiguration">getConfiguration</a></span> ();</span>
<span class="idlMethod">    <span class="idlMethType">Promise&lt;<a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a>&gt;</span>          <span class="idlMethName"><a href="#widl-MediaKeySystemAccess-createMediaKeys-Promise-MediaKeys">createMediaKeys</a></span> ();</span>
};</span></pre><section id="attributes" typeof="bibo:Chapter" resource="#attributes" property="bibo:hasPart"><h3 id="h-attributes" resource="#h-attributes"><span property="xhv:role" resource="xhv:heading"><span class="secno">4.1 </span>Attributes</span></h3><dl class="attributes"><dt id="widl-MediaKeySystemAccess-keySystem"><code>keySystem</code> of type <span class="idlAttrType">DOMString</span>, readonly       </dt><dd>
          Identifies the <a href="#key-system">Key System</a> being used.
        </dd></dl></section><section id="methods-1" typeof="bibo:Chapter" resource="#methods-1" property="bibo:hasPart"><h3 id="h-methods-1" resource="#h-methods-1"><span property="xhv:role" resource="xhv:heading"><span class="secno">4.2 </span>Methods</span></h3><dl class="methods"><dt id="widl-MediaKeySystemAccess-createMediaKeys-Promise-MediaKeys"><code id="createMediaKeys">createMediaKeys</code></dt><dd>
          <p>Creates a new <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object for <var>keySystem</var>.</p>

          
        <div><em>No parameters.</em></div><div><em>Return type: </em><code>Promise&lt;<a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a>&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
            <li><p>Let <var>promise</var> be a new promise.</p></li>
            <li><p>Run the following steps in parallel:</p>
              <ol>
                <li><p>Let <var>configuration</var> be the value of this object's <var>configuration</var> value.</p></li>
                <li><p>Let <var>distinctive identifier</var> be the value of <var>configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code> member.</p></li>
                <li><p>Follow the steps for the value of <var>distinctive identifier</var> from the following list:</p>
                  <dl class="switch">
                    <dt><code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code></dt>
                    <dd>
                      Let <var>use distinctive identifier</var> be <code>true</code>.
                    </dd>
                    <dt><code><a href="#idl-def-MediaKeysRequirement.not-allowed">"not-allowed"</a></code></dt>
                    <dd>
                      Let <var>use distinctive identifier</var> be <code>false</code>.
                    </dd>
                  </dl>
                  <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note37"><span>Note</span></div><p class="">The value of <var>distinctive identifier</var> cannot be <code><a href="#idl-def-MediaKeysRequirement.optional">"optional"</a></code>.</p></div>
                </li>
                <li><p>Let <var>persistent state</var> be the value of <var>configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> member.</p></li>
                <li><p>Follow the steps for the value of <var>persistent state</var> from the following list:</p>
                  <dl class="switch">
                    <dt><code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code></dt>
                    <dd>
                      Let <var>persistent state allowed</var> be <code>true</code>.
                    </dd>
                    <dt><code><a href="#idl-def-MediaKeysRequirement.not-allowed">"not-allowed"</a></code></dt>
                    <dd>
                      Let <var>persistent state allowed</var> be <code>false</code>.
                    </dd>
                  </dl>
                  <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note38"><span>Note</span></div><p class="">The value of <var>persistent state</var> cannot be <code><a href="#idl-def-MediaKeysRequirement.optional">"optional"</a></code>.</p></div>
                </li>
                <li><p>Load and initialize the <a href="#key-system">Key System</a> implementation represented by this object's <var>cdm implementation</var> value if necessary.</p></li>
                <li><p>Let <var>instance</var> be a new instance of the <a href="#key-system">Key System</a> implementation represented by this object's <var>cdm implementation</var> value.</p></li>
                <li><p>If <var>use distinctive identifier</var> is <code>false</code>, prevent <var>instance</var> from using <a href="#distinctive-identifier">Distinctive Identifier(s)</a>.</p></li>
                <li><p>If <var>persistent state allowed</var> is <code>false</code>, prevent <var>instance</var> from persisting any state related to the application or <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <a href="https://dom.spec.whatwg.org/#concept-document">Document</a>.</p></li>
                <li><p>If any of the preceding steps failed, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is the appropriate <a href="#error-names">error name</a>.</p></li>
                <li><p>Let <var>media keys</var> be a new <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object, and initialize it as follows:</p>
                  <ol>
                    <li><p>Let the <var>use distinctive identifier</var> value be <var>use distinctive identifier</var>.</p></li>
                    <li><p>Let the <var>persistent state allowed</var> value be <var>persistent state allowed</var>.</p></li>
                    <li><p>Let the <var>supported session types</var> value be be the value of <var>configuration</var>'s <code><a href="#widl-MediaKeySystemConfiguration-sessionTypes">sessionTypes</a></code> member.</p></li>
                    <li><p>Let the <var>cdm implementation</var> value be this object's <var>cdm implementation</var> value.</p></li>
                    <li><p>Let the <var>cdm instance</var> value be <var>instance</var>.</p></li>
                  </ol>
                </li>
                <li><p>Resolve <var>promise</var> with <var>media keys</var>.</p></li>
              </ol>
            </li>
            <li><p>Return <var>promise</var>.</p></li>
          </ol></dd><dt id="widl-MediaKeySystemAccess-getConfiguration-MediaKeySystemConfiguration"><code id="getConfiguration">getConfiguration</code></dt><dd>
          <p>Returns the supported combination of configuration options selected by the <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code> algorithm.
          </p>
          <p>The returned object is a non-strict subset (plus any implied defaults) of the first satisfiable <a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a> configuration passed to the <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code> call that returned the promise that was resolved with this object.
            It does not contain values capabilities not specified in that single configuration (other than implied defaults) and thus may not reflect all capabilities of the <a href="#key-system">Key System</a> implementation.
            All values in the configuration may be used in any combination.
            Members of type <a href="#idl-def-MediaKeysRequirement" class="idlType"><code>MediaKeysRequirement</code></a> reflect whether the capability is required for any combination. They will not have the value <code><a href="#idl-def-MediaKeysRequirement.optional">"optional"</a></code>.
          </p>

          
        <div><em>No parameters.</em></div><div><em>Return type: </em><code><a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a></code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
            <li>
              <p>
                Return this object's <var>configuration</var> value.
              </p>
              <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note39"><span>Note</span></div><p class="">
                This results in a new JavaScript object being created and initalized from <var>configuration</var> each time this method is called.
              </p></div>
            </li>
          </ol></dd></dl></section>
    </section>


    <section id="mediakeys-interface" typeof="bibo:Chapter" resource="#mediakeys-interface" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-mediakeys-interface" resource="#h-mediakeys-interface"><span property="xhv:role" resource="xhv:heading"><span class="secno">5. </span><a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> Interface</span></h2>
      <p>The MediaKeys object represents a set of keys that an associated HTMLMediaElement can use for decryption of <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> during playback.
        It also represents a CDM instance.
      </p>
      <p>A MediaKeys object may be destroyed by the user agent when it is no longer accessible (i.e. there are no JavaScript references and no attached media element).</p>
      <p>For methods that return a promise, all errors are reported asynchronously by rejecting the returned Promise. This includes [<cite><a class="bibref" href="#bib-WebIDL">WebIDL</a></cite>] type mapping errors.</p>
      <p>The steps of an algorithm are always aborted when rejecting a promise.</p>

      <pre class="idl"><span class="idlEnum" id="idl-def-MediaKeySessionType">enum <span class="idlEnumID">MediaKeySessionType</span> {
    "<a href="#idl-def-MediaKeySessionType.temporary" class="idlEnumItem">temporary</a>",
    "<a href="#idl-def-MediaKeySessionType.persistent-usage-record" class="idlEnumItem">persistent-usage-record</a>",
    "<a href="#idl-def-MediaKeySessionType.persistent-license" class="idlEnumItem">persistent-license</a>"
};</span></pre><table class="simple"><tbody><tr><th colspan="2">Enumeration description</th></tr><tr><td><code id="idl-def-MediaKeySessionType.temporary">temporary</code></td><td>
          <p>
            A session for which the license and record of or data related to the session <em class="rfc2119" title="MUST NOT">MUST NOT</em> be persisted.
          </p>
          <p>
            The application need not worry about managing such storage.
            Support for this session type is <em class="rfc2119" title="REQUIRED">REQUIRED</em>.
          </p>
        </td></tr><tr><td><code id="idl-def-MediaKeySessionType.persistent-usage-record">persistent-usage-record</code></td><td>
          <div class="issue" id="issue-4"><div class="issue-title" aria-level="3" role="heading" id="h-issue4"><span>Issue 4</span></div><p class=""><a href="https://github.com/w3c/encrypted-media/issues/85">Issue 85</a> - There are concerns about the architectural implications of <code>"persistent-usage-record"</code> sessions that are pending a TAG discussion. The outcome of this discussion could result in modification (including removal) of the feature.</p></div>
          <p>
            A session for which the license and any key(s) it contains <em class="rfc2119" title="SHALL NOT">SHALL NOT</em> be persisted and for which a <a href="#record-of-key-usage">record of key usage</a> <em class="rfc2119" title="SHALL">SHALL</em> be persisted when
            the keys available within the session are destroyed.
            The <dfn id="record-of-key-usage" data-dfn-type="dfn">record of key usage</dfn> consists of:
          </p>
          <ul>
            <li>
              <p>A record of the <a href="#decryption-key-id">key IDs</a> of all the key(s) that were at any time <a href="#known-key">known</a> to the session,</p>
            </li>
            <li>
              <p>
                <var>first decryption time</var> - The <dfn id="first-decryption-time" data-dfn-type="dfn">first decryption time</dfn>, defined as the time at which the session was first used to decrypt content, accurate to <var><var><a href="#key-usage-accuracy">key usage accuracy</a></var></var> and
              </p>
            </li>
            <li>
              <p>
                <var>latest decryption time</var> - The <dfn id="latest-decryption-time" data-dfn-type="dfn">latest decryption time</dfn>, defined as the latest time at which the session was used to decrypt content, accurate to <var><var><a href="#key-usage-accuracy">key usage accuracy</a></var></var>.
              </p>
            </li>
          </ul>
          <p>
              A <code><a href="#dom-evt-message">message</a></code> of type <code><a href="#idl-def-MediaKeyMessageType.license-release">"license-release"</a></code> containing the <a href="#record-of-key-usage">record of key usage</a> will be generated when <code><a href="#widl-MediaKeySession-remove-Promise-void">remove()</a></code> is called until the record is acknowledged by a response passed to <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code>.
          </p>
          <p>
            The <dfn id="key-usage-accuracy" data-dfn-type="dfn"><var>key usage accuracy</var></dfn> is implementation-dependant but <em class="rfc2119" title="SHALL NOT">SHALL NOT</em> be greater than 60 seconds.
          </p>
          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note40"><span>Note</span></div><p class="">
            Because the license and keys are not persisted, this record implicitly proves that the keys are no longer available in the session.
          </p></div>
          <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note41"><span>Note</span></div><p class="">
            User agents <em class="rfc2119" title="MAY">MAY</em> implememt this mechanism by means other than persisting data on key destruction - for example by persisting data during playback which is later used
            to infer the fact of key destruction - provided the observable behavior is compliant to this specification.
          </p></div>
          <p>
            The session <em class="rfc2119" title="MUST">MUST</em> be loadable via its <a href="#session-id">Session ID</a> once <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> is called successfully.
            The application is responsible for managing any such storage that may be generated by the CDM.
            See <a href="#session-storage">Session Storage and Persistence</a>.
            Can only be created if the configuration associated with the <a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a> object that created this object has a <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> value of <code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code>.
            Support for this session type is <em class="rfc2119" title="OPTIONAL">OPTIONAL</em>.
          </p>
        </td></tr><tr><td><code id="idl-def-MediaKeySessionType.persistent-license">persistent-license</code></td><td>
          <p>
            A session for which the license (and potentially other data related to the session) will be persisted.
            A <a href="#record-of-license-destruction">record of license destruction</a> <em class="rfc2119" title="SHALL">SHALL</em> be persisted when the license and key(s) it contains are destroyed.
            The <dfn id="record-of-license-destruction" data-dfn-type="dfn">record of license destruction</dfn> is a <a href="#key-system">Key System</a>-specific attestation that the license and key(s) it contains are no longer usable by the client.
          </p>
          <p>
            A <code><a href="#dom-evt-message">message</a></code> of type <code><a href="#idl-def-MediaKeyMessageType.license-release">"license-release"</a></code> containing the <a href="#record-of-license-destruction">record of license destruction</a> will be generated when <code><a href="#widl-MediaKeySession-remove-Promise-void">remove()</a></code> is called until the record is acknowledged by a response passed to <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code>.
          </p>
          <p>
            The session <em class="rfc2119" title="MUST">MUST</em> be loadable via its <a href="#session-id">Session ID</a> once <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> is called successfully.
            The application is responsible for managing any such storage that may be generated by the CDM.
            See <a href="#session-storage">Session Storage and Persistence</a>.
            Can only be created if the configuration associated with the <a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a> object that created this object has a <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> value of <code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code>.
            Support for this session type is <em class="rfc2119" title="OPTIONAL">OPTIONAL</em>.
          </p>
        </td></tr></tbody></table>

      <pre class="idl"><span class="idlInterface" id="idl-def-MediaKeys">interface <span class="idlInterfaceID">MediaKeys</span> {
<span class="idlMethod">    <span class="idlMethType"><a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a></span> <span class="idlMethName"><a href="#widl-MediaKeys-createSession-MediaKeySession-MediaKeySessionType-sessionType">createSession</a></span> (<span class="idlParam">optional <span class="idlParamType"><a href="#idl-def-MediaKeySessionType" class="idlType"><code>MediaKeySessionType</code></a></span> <span class="idlParamName">sessionType</span> = <span class="idlDefaultValue">"temporary"</span></span>);</span>
<span class="idlMethod">    <span class="idlMethType">Promise&lt;void&gt;</span>   <span class="idlMethName"><a href="#widl-MediaKeys-setServerCertificate-Promise-void--BufferSource-serverCertificate">setServerCertificate</a></span> (<span class="idlParam"><span class="idlParamType">BufferSource</span> <span class="idlParamName">serverCertificate</span></span>);</span>
};</span></pre><section id="methods-2" typeof="bibo:Chapter" resource="#methods-2" property="bibo:hasPart"><h3 id="h-methods-2" resource="#h-methods-2"><span property="xhv:role" resource="xhv:heading"><span class="secno">5.1 </span>Methods</span></h3><dl class="methods"><dt id="widl-MediaKeys-createSession-MediaKeySession-MediaKeySessionType-sessionType"><code id="createSession">createSession</code></dt><dd>
          <p>Returns a new <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object.</p>

          

          
        <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">sessionType</td><td class="prmType"><code><a href="#idl-def-MediaKeySessionType" class="idlType"><code>MediaKeySessionType</code></a> = "temporary"</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptTrue"><span role="img" aria-label="True">✔</span></td><td class="prmDesc">
              The type of session to create. The session type affects the behavior of the returned object.
            </td></tr></tbody></table><div><em>Return type: </em><code><a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a></code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
            <li><p>If this object's <var>supported session types</var> value does not contain <var>sessionType</var>, throw a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>.</p>
              <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note42"><span>Note</span></div><p class=""><var>sessionType</var> values for which the <a href="#is-persistent-session-type">Is persistent session type?</a> algorithm returns <code>true</code> will fail if this object's <var>persistent state allowed</var> value is <code>false</code>.</p></div>
            </li>
            <li><p>Let <var>session</var> be a new <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object, and initialize it as follows:</p>
              <ol>
                <li><p>Let the <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code> attribute be the empty string.</p></li>
                <li><p>Let the <code><a href="#widl-MediaKeySession-expiration">expiration</a></code> attribute be <code>NaN</code>.</p></li>
                <li><p>Let the <code><a href="#widl-MediaKeySession-closed">closed</a></code> attribute be a new promise.</p></li>
				<li><p>Let <var>key status</var> be a new <a href="#idl-def-MediaKeyStatusMap" class="idlType"><code>MediaKeyStatusMap</code></a> object, and initialize it as follows:</p>
				  <ol>
                    <li><p>Let the <code><a href="#widl-MediaKeyStatusMap-size">size</a></code> attribute be <code>NaN</code>.</p></li>
				  </ol>
                </li><li><p>Let the <var>session type</var> value be <var>sessionType</var>.</p></li>
                <li><p>Let the <var>uninitialized</var> value be true.</p></li>
                <li><p>Let the <var>callable</var> value be false.</p></li>
                <li><p>Let the <var>use distinctive identifier</var> value be this object's <var>use distinctive identifier</var>.</p></li>
                <li><p>Let the <var>cdm implementation</var> value be this object's <var>cdm implementation</var>.</p></li>
                <li><p>Let the <var>cdm instance</var> value be this object's <var>cdm instance</var>.</p></li>
              </ol>
            </li>
            <li><p>Return <var>session</var>.</p></li>
          </ol></dd><dt id="widl-MediaKeys-setServerCertificate-Promise-void--BufferSource-serverCertificate"><code id="setServerCertificate">setServerCertificate</code></dt><dd>
          <p id="server-certificate">Provides a server certificate to be used to encrypt messages to the license server.</p>
          <p>Key Systems that use such certificates <em class="rfc2119" title="MUST">MUST</em> also support requesting the certificate from the server via the <a href="#queue-message">Queue a "message" Event</a> algorithm.</p>
          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note43"><span>Note</span></div><p class="">This method allows an application to proactively provide a server certificate to implementations that support it to avod the additional round trip should the CDM request it.
            It is intended as an optimization, and applications are not required to use it.
          </p></div>

          

          
        <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">serverCertificate</td><td class="prmType"><code>BufferSource</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc">
              The server certificate.
              The contents are <a href="#key-system">Key System</a>-specific.
              It <em class="rfc2119" title="MUST NOT">MUST NOT</em> contain executable code.
            </td></tr></tbody></table><div><em>Return type: </em><code>Promise&lt;void&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
            <li><p>If <var>serverCertificate</var> is an empty array, return a promise rejected with a new a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
            <li><p>If the <a href="#key-system">Key System</a> implementation represented by this object's <var>cdm implementation</var> value does not support server certificates, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>.</p></li>
            <li><p>Let <var>certificate</var> be a copy of the contents of the <var>serverCertificate</var> parameter.</p></li>
            <li><p>Let <var>promise</var> be a new promise.</p></li>
            <li><p>Run the following steps in parallel:</p>
              <ol>
                <li><p>Use this object's <var>cdm instance</var> to process <var>certificate</var>.</p></li>
                <li><p>If the preceding step failed, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is the appropriate <a href="#error-names">error name</a>.</p></li>
                <li><p>Resolve <var>promise</var>.</p></li>
              </ol>
            </li>
            <li><p>Return <var>promise</var>.</p></li>
          </ol></dd></dl></section>

      <section id="algorithms-1" typeof="bibo:Chapter" resource="#algorithms-1" property="bibo:hasPart">
        <h3 id="h-algorithms-1" resource="#h-algorithms-1"><span property="xhv:role" resource="xhv:heading"><span class="secno">5.2 </span>Algorithms</span></h3>
        <section id="is-persistent-session-type" typeof="bibo:Chapter" resource="#is-persistent-session-type" property="bibo:hasPart">
          <h4 id="h-is-persistent-session-type" resource="#h-is-persistent-session-type"><span property="xhv:role" resource="xhv:heading"><span class="secno">5.2.1 </span>Is persistent session type?</span></h4>
          <p>The Is persistent session type? algorithm is run to determine whether the specified session type supports persistence of any kind.
            Requests to run this algorithm include a <a href="#idl-def-MediaKeySessionType" class="idlType"><code>MediaKeySessionType</code></a> value.
          </p>
          <p>The following steps are run:</p>
          <ol>
            <li><p>Let the <var>session type</var> be the specified <a href="#idl-def-MediaKeySessionType" class="idlType"><code>MediaKeySessionType</code></a> value.</p></li>
            <li><p>Follow the steps for the value of <var>session type</var> from the following list:</p>
              <dl class="switch">
                <dt><code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code></dt>
                <dd>Return <code>false</code>.</dd>
                <dt><code><a href="#idl-def-MediaKeySessionType.persistent-usage-record">"persistent-usage-record"</a></code></dt>
                <dd>Return <code>true</code>.</dd>
                <dt><code><a href="#idl-def-MediaKeySessionType.persistent-license">"persistent-license"</a></code></dt>
                <dd>Return <code>true</code>.</dd>
              </dl>
            </li>
          </ol>
        </section>
      </section>
    </section>


    <section id="mediakeysession-interface" typeof="bibo:Chapter" resource="#mediakeysession-interface" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-mediakeysession-interface" resource="#h-mediakeysession-interface"><span property="xhv:role" resource="xhv:heading"><span class="secno">6. </span><a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> Interface</span></h2>
      <p>The MediaKeySession object represents a <a href="#key-session">key session</a>.</p>
      
      <p>
        A MediaKeySession object <em class="rfc2119" title="SHALL NOT">SHALL NOT</em> be destroyed and <em class="rfc2119" title="SHALL">SHALL</em> continue to receive events if it has
        not been closed and the <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object that created it remains accessible. Otherwise,
        a MediaKeySession object that is no longer accessible to JavaScript <em class="rfc2119" title="SHALL NOT">SHALL NOT</em> receive further
        events and <em class="rfc2119" title="MAY">MAY</em> be destroyed.
      </p>
      <div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note44"><span>Note</span></div><p class="">
        The above rule implies that the CDM instance must not be destroyed until all <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a>
        objects and all <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> objects associated with the CDM instance are destroyed.
      </p></div>
      

      <p>For methods that return a promise, all errors are reported asynchronously by rejecting the returned Promise. This includes [<cite><a class="bibref" href="#bib-WebIDL">WebIDL</a></cite>] type mapping errors.</p>
      <p>The steps of an algorithm are always aborted when rejecting a promise.</p>

      <pre class="idl"><span class="idlInterface" id="idl-def-MediaKeySession">interface <span class="idlInterfaceID">MediaKeySession</span> : <span class="idlSuperclass">EventTarget</span> {
<span class="idlAttribute">    readonly        attribute <span class="idlAttrType">DOMString</span>           <span class="idlAttrName"><a href="#widl-MediaKeySession-sessionId">sessionId</a></span>;</span>
<span class="idlAttribute">    readonly        attribute <span class="idlAttrType">unrestricted double</span> <span class="idlAttrName"><a href="#widl-MediaKeySession-expiration">expiration</a></span>;</span>
<span class="idlAttribute">    readonly        attribute <span class="idlAttrType">Promise&lt;void&gt;</span>       <span class="idlAttrName"><a href="#widl-MediaKeySession-closed">closed</a></span>;</span>
<span class="idlAttribute">    readonly        attribute <span class="idlAttrType"><a href="#idl-def-MediaKeyStatusMap" class="idlType"><code>MediaKeyStatusMap</code></a></span>   <span class="idlAttrName"><a href="#widl-MediaKeySession-keyStatuses">keyStatuses</a></span>;</span>
<span class="idlMethod">    <span class="idlMethType">Promise&lt;void&gt;</span>    <span class="idlMethName"><a href="#widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData">generateRequest</a></span> (<span class="idlParam"><span class="idlParamType">DOMString</span> <span class="idlParamName">initDataType</span></span>, <span class="idlParam"><span class="idlParamType">BufferSource</span> <span class="idlParamName">initData</span></span>);</span>
<span class="idlMethod">    <span class="idlMethType">Promise&lt;boolean&gt;</span> <span class="idlMethName"><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load</a></span> (<span class="idlParam"><span class="idlParamType">DOMString</span> <span class="idlParamName">sessionId</span></span>);</span>
<span class="idlMethod">    <span class="idlMethType">Promise&lt;void&gt;</span>    <span class="idlMethName"><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update</a></span> (<span class="idlParam"><span class="idlParamType">BufferSource</span> <span class="idlParamName">response</span></span>);</span>
<span class="idlMethod">    <span class="idlMethType">Promise&lt;void&gt;</span>    <span class="idlMethName"><a href="#widl-MediaKeySession-close-Promise-void">close</a></span> ();</span>
<span class="idlMethod">    <span class="idlMethType">Promise&lt;void&gt;</span>    <span class="idlMethName"><a href="#widl-MediaKeySession-remove-Promise-void">remove</a></span> ();</span>
};</span></pre><section id="attributes-1" typeof="bibo:Chapter" resource="#attributes-1" property="bibo:hasPart"><h3 id="h-attributes-1" resource="#h-attributes-1"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.1 </span>Attributes</span></h3><dl class="attributes"><dt id="widl-MediaKeySession-closed"><code>closed</code> of type <span class="idlAttrType">Promise&lt;void&gt;</span>, readonly       </dt><dd>
          <p>Signals when object becomes closed as a result of the <a href="#session-close">Session Close</a> algorithm being run.
          This promise can only be fulfilled and is never rejected.</p>
        </dd><dt id="widl-MediaKeySession-expiration"><code>expiration</code> of type <span class="idlAttrType">unrestricted double</span>, readonly       </dt><dd>
          <p>The time, in milliseconds since 01 January, 1970 UTC, after which the key(s) in the session will no longer be usable to decrypt <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, or <code>NaN</code> if no such time exists or if the license explicitly never expires, as determined by the CDM. The value of <code>Infinity</code> should never be used.</p>
          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note45"><span>Note</span></div><p class="">This value <em class="rfc2119" title="MAY">MAY</em> change during the session lifetime, such as when an action triggers the start of a window.</p></div>
        </dd><dt id="widl-MediaKeySession-keyStatuses"><code>keyStatuses</code> of type <span class="idlAttrType"><a href="#idl-def-MediaKeyStatusMap" class="idlType"><code>MediaKeyStatusMap</code></a></span>, readonly       </dt><dd>
          <p>A reference to a read-only map of <a href="#decryption-key-id">key IDs</a> <a href="#known-key">known</a> to the session to the current status of the associated key.
           Each entry <em class="rfc2119" title="MUST">MUST</em> have a unique key ID.
         </p>
          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note46"><span>Note</span></div><p class="">The map entries and their values may be updated whenever the event loop spins.
            The map can never be inconsistent or partially updated, but it may change between accesses if the event loop spins in between accesses.
            Key IDs may be added as the result of a <code><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load()</a></code> or <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> call.
            Key IDs may be removed as the result of a <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> call that removes knowledge of existing keys (or replaces the existing set of keys with a new set).
            Key IDs <em class="rfc2119" title="MUST NOT">MUST NOT</em> be removed because they became unusable, such as due to expiration. Instead, such keys <em class="rfc2119" title="MUST">MUST</em> be given an appropriate status, such as <code><a href="#idl-def-MediaKeyStatus.expired">"expired"</a></code>.</p></div>
        </dd><dt id="widl-MediaKeySession-sessionId"><code>sessionId</code> of type <span class="idlAttrType">DOMString</span>, readonly       </dt><dd>
          <p>The <a href="#session-id">Session ID</a> for this object and the associated key(s) or license(s).</p>
        </dd></dl></section><section id="methods-3" typeof="bibo:Chapter" resource="#methods-3" property="bibo:hasPart"><h3 id="h-methods-3" resource="#h-methods-3"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.2 </span>Methods</span></h3><dl class="methods"><dt id="widl-MediaKeySession-close-Promise-void"><code id="close">close</code></dt><dd>
          <p>Indicates that the application no longer needs the session and the CDM should release any resources associated with this object and close it. Persisted data should not be released or cleared.</p>
          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note47"><span>Note</span></div><p class="">The returned promise is resolved when the request has been processed, and the <code><a href="#widl-MediaKeySession-closed">closed</a></code> attribute promise is resolved when the session is closed.</p></div>

          
        <div><em>No parameters.</em></div><div><em>Return type: </em><code>Promise&lt;void&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
            <li><p>If the <a href="#session-close">Session Close</a> algorithm has been run on this object, return a resolved promise.</p></li>
            <li><p>If this object's <var>callable</var> value is false, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p></li>
            <li><p>Let <var>promise</var> be a new promise.</p></li>
            <li><p>Run the following steps in parallel:</p>
              <ol>
                <li><p>Let <var>cdm</var> be the CDM instance represented by this object's <var>cdm instance</var> value.</p></li>
                <li><p>Use the <var>cdm</var> to execute the following steps:</p>
                  <ol>
                    <li>
                      <p>Process the close request.</p>
                      <p>Do not remove stored session data.
                        Do not generate or send key or license release messages.
                      </p>
                    </li>
                    <li><p>If the preceding step caused the session to be closed, run the <a href="#session-close">Session Close</a> algorithm on this object.</p></li>
                  </ol>
                </li>
                <li><p>Resolve <var>promise</var>.</p></li>
              </ol>
            </li>
            <li><p>Return <var>promise</var>.</p></li>
          </ol></dd><dt id="widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData"><code id="generateRequest">generateRequest</code></dt><dd>
          <p>Generates a license request based on the <var>initData</var>.
            A <code><a href="#dom-evt-message">message</a></code> of type <code><a href="#idl-def-MediaKeyMessageType.license-request">"license-request"</a></code> will always be queued if the algorithm succeeds and the promise is resolved.
          </p>

          

          
        <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">initDataType</td><td class="prmType"><code>DOMString</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc">
              The <a href="#initialization-data-type">Initialization Data Type</a> of the <var>initData</var>.
            </td></tr><tr><td class="prmName">initData</td><td class="prmType"><code>BufferSource</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc">
              <a href="#initialization-data">Initialization Data</a>
            </td></tr></tbody></table><div><em>Return type: </em><code>Promise&lt;void&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
            <li><p>If the <a href="#session-close">Session Close</a> algorithm has been run on this object, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p></li>
            <li><p>If this object's <var>uninitialized</var> value is false, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p></li>
            <li><p>Let this object's <var>uninitialized</var> be false.</p></li><!-- For simplicity and consistency, this object cannot be reused after any failure. -->
            <li><p>If <var>initDataType</var> is the empty string, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
            <li><p>If <var>initData</var> is an empty array, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
            <li><p>If the <a href="#key-system">Key System</a> implementation represented by this object's <var>cdm implementation</var> value does not support <var>initDataType</var> as an <a href="#initialization-data-type">Initialization Data Type</a>, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>. String comparison is case-sensitive.</p></li>
            <li><p>Let <var>init data</var> be a copy of the contents of the <var>initData</var> parameter.</p></li>
            <li><p>Let <var>session type</var> be this object's <var>session type</var>.</p></li>
            <li><p>Let <var>promise</var> be a new promise.</p></li>
            <li><p>Run the following steps in parallel:</p>
              <ol>
                <li><p>If the <var>init data</var> is not valid for <var>initDataType</var>, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
                <li><p>Let <var>sanitized init data</var> be a validated and sanitized version of <var>init data</var>.</p>
                  <p>The user agent <em class="rfc2119" title="MUST">MUST</em> thoroughly validate the <a href="#initialization-data">Initialization Data</a> before passing it to the CDM.
                    This includes verifying that the length and values of fields are reasonable, verifying that values are within reasonable limits, and stripping irrelevant, unsupported, or unknown data or fields.
                    It is <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> that user agents pre-parse, sanitize, and/or generate a fully sanitized version of the <a href="#initialization-data">Initialization Data</a>.
                    If the <a href="#initialization-data">Initialization Data</a> format specified by <var>initDataType</var> supports multiple entries, the user agent <em class="rfc2119" title="SHOULD">SHOULD</em> remove entries that are not needed by the CDM. The user agent <em class="rfc2119" title="MUST NOT">MUST NOT</em> re-order entries within the <a href="#initialization-data">Initialization Data</a>.
                  </p>
                </li>
                <li><p>If the preceding step failed, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
                <li><p>If <var>sanitized init data</var> is empty, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>.</p></li>
                <li><p>Let <var>session id</var> be the empty string.</p></li>
                <li><p>Let <var>message</var> be null.</p></li>
                <li><p>Let <var>cdm</var> be the CDM instance represented by this object's <var>cdm instance</var> value.</p></li>
                <li><p>Use the <var>cdm</var> to execute the following steps:</p>
                  <ol>
                    <li><p>If the <var>sanitized init data</var> is not supported by the <var>cdm</var>, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>.</p></li>
                    <li><p>Follow the steps for the value of <var>session type</var> from the following list:</p>
                      <dl class="switch">
                        <dt><code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code></dt>
                        <dd>
                          <p>Let <var>requested license type</var> be a temporary non-persistable license.</p>
                          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note48"><span>Note</span></div><p class="">The returned license must not be persistable or require persisting information related to it.</p></div>
                        </dd>
                        <dt><code><a href="#idl-def-MediaKeySessionType.persistent-usage-record">"persistent-usage-record"</a></code></dt>
                        <dd>
                          <ol>
                            <li>
                              <p>Initialize this object's <var>record of key usage</var> as follows.</p>
                              <ul>
                                <li>
                                  <p>
                                    Set the list of <a href="#decryption-key-id">key IDs</a> <a href="#known-key">known</a> to the session to an empty list.
                                  </p>
                                </li>
                                <li>
                                  <p>
                                    Set the <var>first decrypt time</var> to <code>null</code>.
                                  </p>
                                </li>
                                <li>
                                  <p>
                                    Set the <var>latest decrypt time</var> to <code>null</code>.
                                  </p>
                                </li>
                              </ul>
                            </li>
                            <li>
                              <p>Let <var>requested license type</var> be a non-persistable license that will persist a <a href="#record-of-key-usage">record of key usage</a>.</p>
                            </li>
                          </ol>
                        </dd>
                        <dt><code><a href="#idl-def-MediaKeySessionType.persistent-license">"persistent-license"</a></code></dt>
                        <dd>
                          <p>Let <var>requested license type</var> be a persistable license.</p><p>
                        </p></dd>
                      </dl>
                    </li>

                    <li><p>Let <var>session id</var> be a unique <a href="#session-id">Session ID</a> string.</p>
                      <p>If the result of running the <a href="#is-persistent-session-type">Is persistent session type?</a> algorithm on <var>session type</var> is <code>true</code>, the ID <em class="rfc2119" title="MUST">MUST</em> be unique within the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <a href="https://dom.spec.whatwg.org/#concept-document">Document</a> over time, including across Documents and browsing sessions.</p>
                    </li>
                    <li><p>Let <var>message</var> be a license request for the <var>requested license type</var> generated based on the <var>sanitized init data</var>, which is interpreted per <var>initDataType</var>.</p>
                      <p>The <var>cdm</var> <em class="rfc2119" title="MUST NOT">MUST NOT</em> use any stream-specific data, including <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, not provided via the <var>sanitized init data</var>.</p>
                      <p>The <var>cdm</var> <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> store session data, including the session ID, at this point. See <a href="#session-storage">Session Storage and Persistence</a>.</p>
                    </li>
                  </ol>
                </li>
                <li><p>If any of the preceding steps failed, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is the appropriate <a href="#error-names">error name</a>.</p></li>
                <li><p>Set the <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code> attribute to <var>session id</var>.</p></li>
                <li><p>Let this object's <var>callable</var> be true.</p></li>
                <li><p>Run the <a href="#queue-message">Queue a "message" Event</a> algorithm on the <var>session</var>, providing <code><a href="#idl-def-MediaKeyMessageType.license-request">"license-request"</a></code> and <var>message</var>.</p></li>
                <li><p>Resolve <var>promise</var>.</p>
                  <div class="issue" id="issue-5"><div class="issue-title" aria-level="4" role="heading" id="h-issue5"><span>Issue 5</span></div><p class=""><a href="https://github.com/w3c/encrypted-media/issues/19">Issue 19</a> - Ensure promises returned by methods are fulfilled before event handlers are executed.</p></div>
                </li>                
              </ol>
            </li>
            <li><p>Return <var>promise</var>.</p></li>
          </ol></dd><dt id="widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId"><code id="load">load</code></dt><dd>
          <p>Loads the data stored for the specified session into this object.</p>

          

          
        <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">sessionId</td><td class="prmType"><code>DOMString</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc">
              The <a href="#session-id">Session ID</a> of the session to load.
            </td></tr></tbody></table><div><em>Return type: </em><code>Promise&lt;boolean&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
            <li><p>If the <a href="#session-close">Session Close</a> algorithm has been run on this object, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p></li>
            <li><p>If this object's <var>uninitialized</var> value is false, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p></li>
            <li><p>Let this object's <var>uninitialized</var> be false.</p></li><!-- For simplicity and consistency, this object cannot be reused after any failure. -->
            <li><p>If <var>sessionId</var> is the empty string, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
            <li><p>If the result of running the <a href="#is-persistent-session-type">Is persistent session type?</a> algorithm on this object's <var>session type</var> is <code>false</code>, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
            <li><p>If this object's <var>session type</var> is not the same as the current <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> <var>session type</var>, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
            <li><p>Let <var>origin</var> be the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <a href="https://dom.spec.whatwg.org/#concept-document">Document</a>.</p></li>
            <li><p>Let <var>promise</var> be a new promise.</p></li>
            <li><p>Run the following steps in parallel:</p>
              <ol>
                <li><p>Let <var>sanitized session ID</var> be a validated and/or sanitized version of <var>sessionId</var>.</p>
                  <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note49"><span>Note</span></div><p class="">The user agent should thoroughly validate the sessionId value before passing it to the CDM.
                    At a minimum, this should include checking that the length and value (e.g. alphanumeric) are reasonable.
                  </p></div>
                </li>
                <li><p>If the preceding step failed, or if <var>sanitized session ID</var> is empty, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
                <li><p>If there is an unclosed session in this object's <a href="https://dom.spec.whatwg.org/#concept-document">Document</a> whose <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code> attribute is <var>sanitized session ID</var>, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-QuotaExceededError">QuotaExceededError</a></code>.</p>
                  <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note50"><span>Note</span></div><p class="">In other words, do not create a session if a non-closed session, regardless of type, already exists for this <var>sanitized session ID</var> in this browsing context.</p></div>
                </li>
                <li><p>Let <var>expiration time</var> be <code>NaN</code>.</p></li>
                <li><p>Let <var>message</var> be null.</p></li>
                <li><p>Let <var>message type</var> be null.</p></li>
                <li><p>Let <var>cdm</var> be the CDM instance represented by this object's <var>cdm instance</var> value.</p></li>
                <li><p>Use the <var>cdm</var> to execute the following steps:</p>
                  <ol>
                    <li><p>If there is no data stored for the <var>sanitized session ID</var> in the <var>origin</var>, resolve <var>promise</var> with <code>false</code> and abort these steps.</p><!-- Per https://github.com/w3ctag/promises-guide#rejections-should-be-used-for-exceptional-situations. -->
                      <div class="issue" id="issue-6"><div class="issue-title" aria-level="4" role="heading" id="h-issue6"><span>Issue 6</span></div><p class=""><a href="https://github.com/w3c/encrypted-media/issues/20">Issue 20</a> - Ensure this object's <var>session type</var> matches the stored session.</p></div>
                    </li>
                    <li><p>Let <var>session data</var> be the data stored for the <var>sanitized session ID</var> in the <var>origin</var>.
                    This <em class="rfc2119" title="MUST NOT">MUST NOT</em> include data from other origin(s) or that is not associated with an origin.</p></li>
                    <li><p>If there is an unclosed session in any <a href="https://dom.spec.whatwg.org/#concept-document">Document</a> representing the <var>session data</var>, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-QuotaExceededError">QuotaExceededError</a></code>.</p>
                      <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note51"><span>Note</span></div><p class="">In other words, do not create a session if a non-closed persistent session already exists for this <var>sanitized session ID</var> in any browsing context.</p></div>
                    </li>
                    <li><p>Load the <var>session data</var>.</p></li>
                    <li><p>If the <var>session data</var> indicates an expiration time for the session, let <var>expiration time</var> be the expiration time in milliseconds since 01 January 1970 UTC.</p></li>
                    <li><p>If the CDM needs to send a message:</p>
                      <ol>
                        <li><p>Let <var>message</var> be a message generated by the <a href="#cdm">CDM</a> based on the <var>session data</var>.</p></li>
                        <li><p>Let <var>message type</var> be the appropriate <a href="#idl-def-MediaKeyMessageType" class="idlType"><code>MediaKeyMessageType</code></a> for the message.</p></li>
                      </ol>
                    </li>
                  </ol>
                </li>
                <li><p>If any of the preceding steps failed, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is the appropriate <a href="#error-names">error name</a>.</p></li>
                <li><p>Set the <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code> attribute to <var>sanitized session ID</var>.</p></li>
                <li><p>Let this object's <var>callable</var> be true.</p></li>
                <li><p>If the loaded session contains information about any keys (there are <a href="#known-key">known keys</a>), run the <a href="#update-key-statuses">Update Key Statuses</a> algorithm on the <var>session</var>, providing each key's <a href="#decryption-key-id">key ID</a> along with the appropriate <a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a>.</p>
                  <p>Should additional processing be necessary to determine with certainty the status of a key, use <code><a href="#idl-def-MediaKeyStatus.status-pending">"status-pending"</a></code>.
                    Once the additional processing for one or more keys has completed, run the <a href="#update-key-statuses">Update Key Statuses</a> algorithm again with the actual status(es).
                  </p>
                </li>
                <li><p>Run the <a href="#update-expiration">Update Expiration</a> algorithm on the <var>session</var>, providing <var>expiration time</var>.</p></li>
                <li><p>If <var>message</var> is not null, run the <a href="#queue-message">Queue a "message" Event</a> algorithm on the <var>session</var>, providing <var>message type</var> and <var>message</var>.</p></li>
                <li><p>Resolve <var>promise</var> with <code>true</code>.</p>
                  <div class="issue" id="issue-7"><div class="issue-title" aria-level="4" role="heading" id="h-issue7"><span>Issue 7</span></div><p class=""><a href="https://github.com/w3c/encrypted-media/issues/19">Issue 19</a> - Ensure promises returned by methods are fulfilled before event handlers are executed.</p></div>
                </li>                
              </ol>
            </li>
            <li><p>Return <var>promise</var>.</p></li>
          </ol></dd><dt id="widl-MediaKeySession-remove-Promise-void"><code id="remove">remove</code></dt><dd>
          <p>Removes stored session data associated with this object.</p>

          
        <div><em>No parameters.</em></div><div><em>Return type: </em><code>Promise&lt;void&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
            <li><p>If the <a href="#session-close">Session Close</a> algorithm has been run on this object, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p></li>
            <li><p>If this object's <var>callable</var> value is false, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p></li>
            <li><p>If the result of running the <a href="#is-persistent-session-type">Is persistent session type?</a> algorithm on this object's <var>session type</var> is <code>false</code>, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-RangeError">RangeError</a></code>.</p></li>
            <li><p>Let <var>promise</var> be a new promise.</p></li>
            <li><p>If this object's <var>session type</var> is <code><a href="#idl-def-MediaKeySessionType.persistent-usage-record">"persistent-usage-record"</a></code> or <code><a href="#idl-def-MediaKeySessionType.persistent-license">"persistent-license"</a></code>, run the following steps in parallel:</p>
              <ol>
                <li><p>Let <var>cdm</var> be the CDM instance represented by this object's <var>cdm instance</var> value.</p></li>
                <li><p>Use the <var>cdm</var> to execute the following steps:</p>
                  <ol>
                    <li>
                      <p>
                        If any license(s) and/or key(s) are associated with the session:
                      </p>
                      <ol>
                        <li>
                          <p>
                            Destroy the license(s) and/or key(s) associated with the session.
                          </p>
                        </li>
                        <li><p>Follow the steps for the value of this object's <var>session type</var> from the following list:</p>
                          <dl class="switch">
                            <dt><code><a href="#idl-def-MediaKeySessionType.persistent-usage-record">"persistent-usage-record"</a></code></dt>
                            <dd>
                              <ol>
                                <li>
                                  Store this object's <var>record of key usage</var>.
                                </li>
                                <li>
                                  <p>
                                    Let <var>message</var> be a message containing or reflecting this object's <var>record of key usage</var>.
                                  </p>
                                </li>
                              </ol>
                            </dd>
                            <dt><code><a href="#idl-def-MediaKeySessionType.persistent-license">"persistent-license"</a></code></dt>
                            <dd>
                              <ol>
                                <li>
                                  <p>
                                    Let <var>record of license destruction</var> be a <a href="#record-of-license-destruction">record of license destruction</a> for the license represented by this object.
                                  </p>
                                </li>
                                <li>
                                  <p>
                                    Store the <var>record of license destruction</var>.
                                  </p>
                                </li>
                                <li>
                                  <p>
                                    Let <var>message</var> be a message containing or reflecting the <var>record of license destruction</var>.
                                  </p>
                                </li>
                              </ol>
                            </dd>
                          </dl>
                        </li>
                      </ol>
                    </li>
                    <li>
                      <p>
                        Run the <a href="#update-key-statuses">Update Key Statuses</a> algorithm on the <var>session</var>, providing all <a href="#decryption-key-id">key ID(s)</a> in the session along with the <code><a href="#idl-def-MediaKeyStatus.released">"released"</a></code> <a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a> value for each.
                      </p>
                    </li>

                    <li><p>Run the <a href="#update-expiration">Update Expiration</a> algorithm on the <var>session</var>, providing <code>NaN</code>.</p></li>
                    <li><p>Let <var>message type</var> be <code><a href="#idl-def-MediaKeyMessageType.license-release">"license-release"</a></code>.</p></li>
                    <li><p>If any of the preceding steps failed, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is the appropriate <a href="#error-names">error name</a>.</p></li>
                    <li><p>Run the <a href="#queue-message">Queue a "message" Event</a> algorithm on the <var>session</var>, providing <var>message type</var> and <var>message</var>.</p></li>
                  </ol>
                </li>
                <li><p>Resolve <var>promise</var>.</p></li>
              </ol>
            </li>
            <li><p>Return <var>promise</var>.</p></li>
          </ol></dd><dt id="widl-MediaKeySession-update-Promise-void--BufferSource-response"><code id="update">update</code></dt><dd>
          <p>Provides messages, including licenses, to the CDM.</p>

          

          
        <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">response</td><td class="prmType"><code>BufferSource</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc">
              A message to be provided to the CDM.
              The contents are <a href="#key-system">Key System</a>-specific.
              It <em class="rfc2119" title="MUST NOT">MUST NOT</em> contain executable code.
            </td></tr></tbody></table><div><em>Return type: </em><code>Promise&lt;void&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
            <li><p>If the <a href="#session-close">Session Close</a> algorithm has been run on this object, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p></li>
            <li><p>If this object's <var>callable</var> value is false, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p></li>
            <li><p>If <var>response</var> is an empty array, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
            <li><p>Let <var>response copy</var> be a copy of the contents of the <var>response</var> parameter.</p></li>
            <li><p>Let <var>promise</var> be a new promise.</p></li>
            <li><p>Run the following steps in parallel:</p>
              <ol>
                <li><p>Let <var>sanitized response</var> be a validated and/or sanitized version of <var>response copy</var>.</p>
                  <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note52"><span>Note</span></div><p class="">The user agent should thoroughly validate the response before passing it to the CDM.
                    This may include verifying values are within reasonable limits, stripping irrelevant data or fields, pre-parsing it, sanitizing it, and/or generating a fully sanitized version.
                    The user agent should check that the length and values of fields are reasonable.
                    Unknown fields should be rejected or removed.
                  </p></div>
                </li>
                <li><p>If the preceding step failed, or if <var>sanitized response</var> is empty, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
                <li><p>Let <var>message</var> be null.</p></li>
                <li><p>Let <var>message type</var> be null.</p></li>
                <li><p>Let <var>cdm</var> be the CDM instance represented by this object's <var>cdm instance</var> value.</p></li>
                <li><p>Use the <var>cdm</var> to execute the following steps:</p>
                  <ol>
                    <li><p>If the format of <var>sanitized response</var> is invalid in any way, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-TypeError">TypeError</a></code>.</p></li>
                    <li><p>Process <var>sanitized response</var>, following the stipulation for the first matching condition from the following list:</p>
                      <dl class="switch">
                        <dt>If <var>sanitized response</var> contains a license or key(s)</dt>
                        <dd>
                          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note53"><span>Note</span></div><p class="">This includes an initial license, an updated license, and a license renewal message.</p></div>
                          <p>Process <var>sanitized response</var>, following the stipulation for the first matching condition from the following list:</p>
                          <dl class="switch">
                            <dt>If <var>sessionType</var> is <code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code> and <var>sanitized response</var> does not specify that session data, including any license, key(s), or similar session data it contains, should be stored</dt>
                            <dd>Process <var>sanitized response</var>, not storing any session data.</dd>
                            <dt>If <var>sessionType</var> is <code><a href="#idl-def-MediaKeySessionType.persistent-usage-record">"persistent-usage-record"</a></code> and <var>sanitized response</var> contains a non-persistable license</dt>
                            <dd>
                              <p>Run the following steps:</p>
                              <ol>
                                <li>
                                  <p>
                                    Process <var>sanitized response</var>, not storing any session data.
                                  </p>
                                </li>
                                <li>
                                  <p>
                                    If processing <var>sanitized response</var> results in the addition of keys to the set of <a href="#known-key">known keys</a>, add the <a href="#decryption-key-id">key IDs</a> of these keys to this object's <var>record of key usage</var>.
                                  </p>
                                </li>
                              </ol>
                            </dd><dt>If <var>sessionType</var> is <code><a href="#idl-def-MediaKeySessionType.persistent-license">"persistent-license"</a></code> and <var>sanitized response</var> contains a persistable license</dt>
                            <dd>Process <var>sanitized response</var>, storing the license/key(s) and related session data contained in <var>sanitized response</var>.
                              Such data <em class="rfc2119" title="MUST">MUST</em> be stored such that only the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <a href="https://dom.spec.whatwg.org/#concept-document">Document</a> can access it.
                            </dd>
                            <dt>Otherwise</dt>
                            <dd>Reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-RangeError">RangeError</a></code>.</dd>
                          </dl>
                          <p>See also <a href="#session-storage">Session Storage and Persistence</a>.</p>
                          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note54"><span>Note</span></div><p class="">When <var>sanitized response</var> contains key(s) and/or related data, <var>cdm</var> will likely cache the key and related data indexed by key ID.</p></div>
                          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note55"><span>Note</span></div><p class="">The replacement algorithm within a session is <a href="#key-system">Key System</a>-dependent.</p></div>
                          <p>Keys from different sessions <em class="rfc2119" title="SHOULD">SHOULD</em> be cached independently such that closing one session does not affect keys in other sessions, even if they have overlapping key IDs.</p>
                          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note56"><span>Note</span></div><p class="">It is <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> that CDM implementations support a standard and reasonably high minimum number of keys per <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object, including a standard replacement algorithm, and a standard and reasonably high minimum number of <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> objects.
                            This enables a reasonable number of key rotation algorithms to be implemented across user agents and may reduce the likelihood of playback interruptions in use cases that involve various streams in the same element (i.e. adaptive streams, various audio and video tracks) using different keys.
                          </p></div>
                        </dd>
                        <dt>If <var>sanitized response</var> contains a license destruction acknowledgement and <var>sessionType</var> is <code><a href="#idl-def-MediaKeySessionType.persistent-license">"persistent-license"</a></code></dt>
                        <dd>
                          <p>Run the following steps:</p>
                          <ol>
                            <li><p>Clear all stored session data associated with this object, including the <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code> and license destruction record.</p>
                              <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note57"><span>Note</span></div><p class="">A subsequent call to <code><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load()</a></code> with the value of this object's <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code> would fail because there is no data stored for that session ID.</p></div>
                            </li>
                            <li>
                              <p>
                                Run the <a href="#update-key-statuses">Update Key Statuses</a> algorithm on the <var>session</var>, providing an empty sequence.
                              </p>
                            </li>
                            <li><p>Run the <a href="#session-close">Session Close</a> algorithm on this object.</p></li>
                          </ol>
                        </dd>
                        <dt>If <var>sanitized response</var> contains a key usage record acknowledgement and <var>sessionType</var> is <code><a href="#idl-def-MediaKeySessionType.persistent-usage-record">"persistent-usage-record"</a></code></dt>
                        <dd>
                          <p>Run the following steps:</p>
                          <ol>
                            <li><p>Clear all stored session data associated with this object, including the <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code> and the <a href="#record-of-key-usage">record of key usage</a>.</p>
                              <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note58"><span>Note</span></div><p class="">A subsequent call to <code><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load()</a></code> with the value of this object's <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code> would fail because there is no data stored for that session ID.</p></div>
                            </li>
                            <li>
                              <p>
                                Run the <a href="#update-key-statuses">Update Key Statuses</a> algorithm on the <var>session</var>, providing an empty sequence.
                              </p>
                            </li>
                            <li><p>Run the <a href="#session-close">Session Close</a> algorithm on this object.</p></li>
                          </ol>
                        </dd>
                        <dt>Otherwise</dt>
                        <dd>Process <var>sanitized response</var>, not storing any session data.
                          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note59"><span>Note</span></div><p class="">For example, <var>sanitized response</var> may contain information that will be used to generate another <code><a href="#dom-evt-message">message</a></code> event.
                            In this case, there is no need to verify the contents against the <var>sessionType</var>. 
                          </p></div>
                        </dd>
                      </dl>
                    </li>
                    <li><p>If the set of keys <a href="#known-key">known</a> to the CDM for this object changed or the status of any key(s) changed, run the <a href="#update-key-statuses">Update Key Statuses</a> algorithm on the <var>session</var>, providing each known key's <a href="#decryption-key-id">key ID</a> along with the appropriate <a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a>.</p>
                      <p>Should additional processing be necessary to determine with certainty the status of a key, use <code><a href="#idl-def-MediaKeyStatus.status-pending">"status-pending"</a></code>.
                        Once the additional processing for one or more keys has completed, run the <a href="#update-key-statuses">Update Key Statuses</a> algorithm again with the actual status(es).
                      </p>
                    </li>
                    <li><p>If the expiration time for the session changed, run the <a href="#update-expiration">Update Expiration</a> algorithm on the <var>session</var>, providing the new expiration time.</p></li>
                    <li><p>If a message needs to be sent to the server, execute the following steps:</p>
                      <ol>
                        <li><p>Let <var>message</var> be that message.</p></li>
                        <li><p>Let <var>message type</var> be the appropriate <a href="#idl-def-MediaKeyMessageType" class="idlType"><code>MediaKeyMessageType</code></a> for the message.</p></li>
                      </ol>
                    </li>
                  </ol>
                </li>
                <li><p>If any of the preceding steps failed, reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is the appropriate <a href="#error-names">error name</a>.</p></li>
                <li><p>If <var>message</var> is not null, run the <a href="#queue-message">Queue a "message" Event</a> algorithm on the <var>session</var>, providing <var>message type</var> and <var>message</var>.</p></li>
                <li><p>Resolve <var>promise</var>.</p></li>
              </ol>
            </li>
            <li><p>Return <var>promise</var>.</p></li>
          </ol></dd></dl></section>

      <section id="mediakeystatusmap-interface" typeof="bibo:Chapter" resource="#mediakeystatusmap-interface" property="bibo:hasPart">
        <h3 id="h-mediakeystatusmap-interface" resource="#h-mediakeystatusmap-interface"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.3 </span><a href="#idl-def-MediaKeyStatusMap" class="idlType"><code>MediaKeyStatusMap</code></a> Interface</span></h3>
        <p>The MediaKeyStatusMap object is a read-only map of <a href="#decryption-key-id">key IDs</a> to the current status of the associated key.</p>
        <p>A key's status is independent of whether the key is currently being used and of media data.</p>
        <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note60"><span>Note</span></div><p class="">For example, if a key has output requirements that cannot currently be met, the key's status should be <code><a href="#idl-def-MediaKeyStatus.output-downscaled">"output-downscaled"</a></code> or <code><a href="#idl-def-MediaKeyStatus.output-restricted">"output-restricted"</a></code>, as appropriate, regardless of whether that key has been or is currently needed to decrypt media data.</p></div>
        <pre class="idl"><span class="idlInterface" id="idl-def-MediaKeyStatusMap">interface <span class="idlInterfaceID">MediaKeyStatusMap</span> {
<span class="idlIterable">    iterable&lt;<span class="idlIterableKeyType">BufferSource</span>,<span class="idlIterableValueType"><a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a></span>&gt;;</span>
<span class="idlAttribute">    readonly        attribute <span class="idlAttrType">unsigned long</span> <span class="idlAttrName"><a href="#widl-MediaKeyStatusMap-size">size</a></span>;</span>
<span class="idlMethod">    <span class="idlMethType">boolean</span>        <span class="idlMethName"><a href="#widl-MediaKeyStatusMap-has-boolean-BufferSource-keyId">has</a></span> (<span class="idlParam"><span class="idlParamType">BufferSource</span> <span class="idlParamName">keyId</span></span>);</span>
<span class="idlMethod">    <span class="idlMethType"><a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a></span> <span class="idlMethName"><a href="#widl-MediaKeyStatusMap-get-MediaKeyStatus-BufferSource-keyId">get</a></span> (<span class="idlParam"><span class="idlParamType">BufferSource</span> <span class="idlParamName">keyId</span></span>);</span>
<span class="idlMethod">    <span class="idlMethType">void</span>           <span class="idlMethName"><a href="#widl-MediaKeyStatusMap-forEach-void-ForEachCallback-callback">forEach</a></span> (<span class="idlParam"><span class="idlParamType"><a href="#idl-def-ForEachCallback" class="idlType"><code>ForEachCallback</code></a></span> <span class="idlParamName">callback</span></span>);</span>
};</span></pre><p>This interface has "entries", "keys", "values" and @@iterator methods brought by <code>iterable</code>.</p><p>
            <div class="issue" id="issue-8"><div class="issue-title" aria-level="4" role="heading" id="h-issue8"><span>Issue 8</span></div><p class=""><a href="https://github.com/w3c/encrypted-media/issues/75">Issue 75</a> - The exact behavior is still being determined and may change in incompatible ways. This includes the definition of the value pairs and the <a href="#idl-def-ForEachCallback">ForEachCallback</a> parameters.</p></div>
            The value pairs to iterate over are a snapshot of the set of pairs formed from the <a href="#decryption-key-id">key ID</a> and
            associated <a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a> value for all <a href="#known-key">known keys</a>, sorted by <a href="#decryption-key-id">key ID</a>.
          </p><section id="attributes-2" typeof="bibo:Chapter" resource="#attributes-2" property="bibo:hasPart"><h4 id="h-attributes-2" resource="#h-attributes-2"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.3.1 </span>Attributes</span></h4><dl class="attributes"><dt id="widl-MediaKeyStatusMap-size"><code>size</code> of type <span class="idlAttrType">unsigned long</span>, readonly       </dt><dd>
            <p>The number of <a href="#known-key">known keys.</a></p>
          </dd></dl></section><section id="methods-4" typeof="bibo:Chapter" resource="#methods-4" property="bibo:hasPart"><h4 id="h-methods-4" resource="#h-methods-4"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.3.2 </span>Methods</span></h4><dl class="methods"><dt id="widl-MediaKeyStatusMap-forEach-void-ForEachCallback-callback"><code id="forEach">forEach</code></dt><dd>
            <p>Calls <var>callback</var> once for each key-value pair present in the MediaKeyStatus map.</p>
            
          <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">callback</td><td class="prmType"><code><a href="#idl-def-ForEachCallback" class="idlType"><code>ForEachCallback</code></a></code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc">A callback function</td></tr></tbody></table><div><em>Return type: </em><code>void</code></div></dd><dt id="widl-MediaKeyStatusMap-get-MediaKeyStatus-BufferSource-keyId"><code id="get">get</code></dt><dd>
            <p>Returns the <a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a> of the key identified by <var>keyId</var>.</p>
            
          <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">keyId</td><td class="prmType"><code>BufferSource</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc">The <a href="#decryption-key-id">key ID</a> of the key.</td></tr></tbody></table><div><em>Return type: </em><code><a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a></code></div></dd><dt id="widl-MediaKeyStatusMap-has-boolean-BufferSource-keyId"><code id="has">has</code></dt><dd>
            <p>Returns <code>true</code> if the status of the key identified by <var>keyId</var> is known.</p>
            
          <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">keyId</td><td class="prmType"><code>BufferSource</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc">The <a href="#decryption-key-id">key ID</a> of the key.</td></tr></tbody></table><div><em>Return type: </em><code>boolean</code></div></dd></dl></section>
        
        <pre class="idl"><span class="idlCallback" id="idl-def-ForEachCallback">callback <span class="idlCallbackID">ForEachCallback</span> = <span class="idlCallbackType">void</span> (<span class="idlParam"><span class="idlParamType">BufferSource</span> <span class="idlParamName">keyId</span></span>, <span class="idlParam"><span class="idlParamType"><a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a></span> <span class="idlParamName">status</span></span>);</span></pre><section id="callback-foreachcallback-parameters" typeof="bibo:Chapter" resource="#callback-foreachcallback-parameters" property="bibo:hasPart"><h4 id="h-callback-foreachcallback-parameters" resource="#h-callback-foreachcallback-parameters"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.3.3 </span>Callback <a class="idlType" href="#idl-def-ForEachCallback"><code>ForEachCallback</code></a> Parameters</span></h4><dl class="callback-members"><dt id="widl-ForEachCallback-keyId"><code>keyId</code> of type <span class="idlMemberType">BufferSource</span></dt><dd>The <a href="#decryption-key-id">key ID</a>.</dd><dt id="widl-ForEachCallback-status"><code>status</code> of type <span class="idlMemberType"><a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a></span></dt><dd>The key status.</dd></dl></section>

        <pre class="idl"><span class="idlEnum" id="idl-def-MediaKeyStatus">enum <span class="idlEnumID">MediaKeyStatus</span> {
    "<a href="#idl-def-MediaKeyStatus.usable" class="idlEnumItem">usable</a>",
    "<a href="#idl-def-MediaKeyStatus.expired" class="idlEnumItem">expired</a>",
    "<a href="#idl-def-MediaKeyStatus.released" class="idlEnumItem">released</a>",
    "<a href="#idl-def-MediaKeyStatus.output-restricted" class="idlEnumItem">output-restricted</a>",
    "<a href="#idl-def-MediaKeyStatus.output-downscaled" class="idlEnumItem">output-downscaled</a>",
    "<a href="#idl-def-MediaKeyStatus.status-pending" class="idlEnumItem">status-pending</a>",
    "<a href="#idl-def-MediaKeyStatus.internal-error" class="idlEnumItem">internal-error</a>"
};</span></pre><table class="simple"><tbody><tr><th colspan="2">Enumeration description</th></tr><tr><td><code id="idl-def-MediaKeyStatus.usable">usable</code></td><td>
            The CDM is certain the key is currently usable to decrypt <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.<br>
            Keys that <em>may not</em> currently be usable <em class="rfc2119" title="MUST NOT">MUST NOT</em> have this status.
          </td></tr><tr><td><code id="idl-def-MediaKeyStatus.expired">expired</code></td><td>
            The key is no longer usable to decrypt <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> because its expiration time has passed.<br>
            The time represented by the <code><a href="#widl-MediaKeySession-expiration">expiration</a></code> attribute <em class="rfc2119" title="MUST">MUST</em> be earlier than the current time.
            All other keys in the session <em class="rfc2119" title="MUST">MUST</em> have this status.
          </td></tr><tr><td><code id="idl-def-MediaKeyStatus.released">released</code></td><td>
            The key itself is no longer available to the CDM, but information about the key, such as a <a href="#record-of-license-destruction">record of license destruction</a> or <a href="#record-of-key-usage">record of key usage</a>, is available.
          </td></tr><tr><td><code id="idl-def-MediaKeyStatus.output-restricted">output-restricted</code></td><td>
            There are output restrictions associated with the key that cannot currently be met.
            Media data decrypted with this key may be blocked from presentation, if necessary according to
            the output restrictions.
            The application should avoid using streams that will trigger the output restrictions associated
            with the key.
          </td></tr><tr><td><code id="idl-def-MediaKeyStatus.output-downscaled">output-downscaled</code></td><td>
            There are output restrictions associated with the key that cannot currently be met.
            Media data decrypted with this key may be presented at a lower quality (e.g. resolution),
            if necessary according to the output restrictions.
            The application should avoid using streams that will trigger the output restrictions associated
            with the key.<br>
            Support for downscaling is <em class="rfc2119" title="OPTIONAL">OPTIONAL</em>.
            Applications <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> rely on downscaling to ensure uninterrupted playback when output requirements cannot be met.
          </td></tr><tr><td><code id="idl-def-MediaKeyStatus.status-pending">status-pending</code></td><td>
            The status of the key is not yet known and is being determined.
            The status will be updated with the actual status when it has been determined.
          </td></tr><tr><td><code id="idl-def-MediaKeyStatus.internal-error">internal-error</code></td><td>
            The key is not currently usable to decrypt <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> because of an error in the CDM unrelated to the other values.
            This value is not actionable by the application.
          </td></tr></tbody></table>
      </section>

      <section id="mediakeymessageevent" typeof="bibo:Chapter" resource="#mediakeymessageevent" property="bibo:hasPart">
        <h3 id="h-mediakeymessageevent" resource="#h-mediakeymessageevent"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.4 </span><a href="#idl-def-MediaKeyMessageEvent" class="idlType"><code>MediaKeyMessageEvent</code></a></span></h3>
        <p>The MediaKeyMessageEvent object is used for the <code><a href="#dom-evt-message">message</a></code> event.</p>
        <p>Events are constructed as defined in <a href="https://dom.spec.whatwg.org/#constructing-events">Constructing events</a> [<cite><a class="bibref" href="#bib-DOM">DOM</a></cite>].</p>

        <pre class="idl"><span class="idlEnum" id="idl-def-MediaKeyMessageType">enum <span class="idlEnumID">MediaKeyMessageType</span> {
    "<a href="#idl-def-MediaKeyMessageType.license-request" class="idlEnumItem">license-request</a>",
    "<a href="#idl-def-MediaKeyMessageType.license-renewal" class="idlEnumItem">license-renewal</a>",
    "<a href="#idl-def-MediaKeyMessageType.license-release" class="idlEnumItem">license-release</a>",
    "<a href="#idl-def-MediaKeyMessageType.individualization-request" class="idlEnumItem">individualization-request</a>"
};</span></pre><table class="simple"><tbody><tr><th colspan="2">Enumeration description</th></tr><tr><td><code id="idl-def-MediaKeyMessageType.license-request">license-request</code></td><td>The message contains a request for a new license.</td></tr><tr><td><code id="idl-def-MediaKeyMessageType.license-renewal">license-renewal</code></td><td>The message contains a request to renew an existing license.</td></tr><tr><td><code id="idl-def-MediaKeyMessageType.license-release">license-release</code></td><td>The message contains a <a href="#record-of-license-destruction">record of license destruction</a> or <a href="#record-of-key-usage">record of key usage</a>.</td></tr><tr><td><code id="idl-def-MediaKeyMessageType.individualization-request">individualization-request</code></td><td>
            The message contains a request for per-origin individualization (or re-individualization). See <a href="#per-origin-individualization">Per-Origin Individualization</a>.<br>
            As with all other messages, any identifiers in the message <em class="rfc2119" title="MUST">MUST</em> be <a href="#per-origin-identifiers">distinctive per-origin</a> and <em class="rfc2119" title="MUST NOT">MUST NOT</em> contain any non-origin-specific <a href="#distinctive-identifier">Distinctive Identifiers</a>.
          </td></tr></tbody></table>

        <pre class="idl"><span class="idlInterface" id="idl-def-MediaKeyMessageEvent">[<span class="idlCtor"> <span class="idlCtorKeyword"></span><span class="idlCtorName"><a href="#widl-ctor-MediaKeyMessageEvent--DOMString-type-MediaKeyMessageEventInit-eventInitDict">Constructor</a></span> (<span class="idlParam"><span class="idlParamType">DOMString</span> <span class="idlParamName">type</span></span>, <span class="idlParam">optional <span class="idlParamType"><a href="#idl-def-MediaKeyMessageEventInit" class="idlType"><code>MediaKeyMessageEventInit</code></a></span> <span class="idlParamName">eventInitDict</span></span>)</span>]
interface <span class="idlInterfaceID">MediaKeyMessageEvent</span> : <span class="idlSuperclass">Event</span> {
<span class="idlAttribute">    readonly        attribute <span class="idlAttrType"><a href="#idl-def-MediaKeyMessageType" class="idlType"><code>MediaKeyMessageType</code></a></span> <span class="idlAttrName"><a href="#widl-MediaKeyMessageEvent-messageType">messageType</a></span>;</span>
<span class="idlAttribute">    readonly        attribute <span class="idlAttrType">ArrayBuffer</span>         <span class="idlAttrName"><a href="#widl-MediaKeyMessageEvent-message">message</a></span>;</span>
};</span></pre><section id="constructors" typeof="bibo:Chapter" resource="#constructors" property="bibo:hasPart"><h4 id="h-constructors" resource="#h-constructors"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.4.1 </span>Constructors</span></h4><dl class="constructors"><dt id="widl-ctor-MediaKeyMessageEvent--DOMString-type-MediaKeyMessageEventInit-eventInitDict"><code>MediaKeyMessageEvent</code></dt><dd>

          <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">type</td><td class="prmType"><code>DOMString</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc"></td></tr><tr><td class="prmName">eventInitDict</td><td class="prmType"><code><a href="#idl-def-MediaKeyMessageEventInit" class="idlType"><code>MediaKeyMessageEventInit</code></a></code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptTrue"><span role="img" aria-label="True">✔</span></td><td class="prmDesc"></td></tr></tbody></table></dd></dl></section><section id="attributes-3" typeof="bibo:Chapter" resource="#attributes-3" property="bibo:hasPart"><h4 id="h-attributes-3" resource="#h-attributes-3"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.4.2 </span>Attributes</span></h4><dl class="attributes"><dt id="widl-MediaKeyMessageEvent-message"><code>message</code> of type <span class="idlAttrType">ArrayBuffer</span>, readonly       </dt><dd>
            The message from the CDM. Messages are Key System-specific.
          </dd><dt id="widl-MediaKeyMessageEvent-messageType"><code>messageType</code> of type <span class="idlAttrType"><a href="#idl-def-MediaKeyMessageType" class="idlType"><code>MediaKeyMessageType</code></a></span>, readonly       </dt><dd>
            The type of the message.
            <p>Implementations <em class="rfc2119" title="MUST NOT">MUST NOT</em> require applications to handle message types.
              Implementations <em class="rfc2119" title="MUST">MUST</em> support applications that do not differentiate messages and <em class="rfc2119" title="MUST NOT">MUST NOT</em> require that applications handle message types.
              Specifically, Key Systems <em class="rfc2119" title="MUST">MUST</em> support passing all types of messages to a single URL.
            </p>
            <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note61"><span>Note</span></div><p class="">This attribute allows an application to differentiate messages without parsing the message.
              It is intended to enable optional application and/or server optimizations, but applications are not required to use it.
            </p></div>
          </dd></dl></section>

        <section id="mediakeymessageeventinit" typeof="bibo:Chapter" resource="#mediakeymessageeventinit" property="bibo:hasPart">
          <h4 id="h-mediakeymessageeventinit" resource="#h-mediakeymessageeventinit"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.4.3 </span><a href="#idl-def-MediaKeyMessageEventInit" class="idlType"><code>MediaKeyMessageEventInit</code></a></span></h4>
          <pre class="idl"><span class="idlDictionary" id="idl-def-MediaKeyMessageEventInit">dictionary <span class="idlDictionaryID">MediaKeyMessageEventInit</span> : <span class="idlSuperclass">EventInit</span> {
<span class="idlMember">             <span class="idlMemberType"><a href="#idl-def-MediaKeyMessageType" class="idlType"><code>MediaKeyMessageType</code></a></span> <span class="idlMemberName"><a href="#widl-MediaKeyMessageEventInit-messageType">messageType</a></span> = <span class="idlMemberValue">"license-request"</span>;</span>
<span class="idlMember">             <span class="idlMemberType">ArrayBuffer</span>         <span class="idlMemberName"><a href="#widl-MediaKeyMessageEventInit-message">message</a></span>;</span>
};</span></pre><section id="dictionary-mediakeymessageeventinit-members" typeof="bibo:Chapter" resource="#dictionary-mediakeymessageeventinit-members" property="bibo:hasPart"><h5 id="h-dictionary-mediakeymessageeventinit-members" resource="#h-dictionary-mediakeymessageeventinit-members"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.4.3.1 </span>Dictionary <a class="idlType" href="#idl-def-MediaKeyMessageEventInit"><code>MediaKeyMessageEventInit</code></a> Members</span></h5><dl class="dictionary-members"><dt id="widl-MediaKeyMessageEventInit-message"><code>message</code> of type <span class="idlMemberType">ArrayBuffer</span></dt><dd>
              The message.
            </dd><dt id="widl-MediaKeyMessageEventInit-messageType"><code>messageType</code> of type <span class="idlMemberType"><a href="#idl-def-MediaKeyMessageType" class="idlType"><code>MediaKeyMessageType</code></a></span>, defaulting to <code>"license-request"</code></dt><dd>
              The type of the message.
            </dd></dl></section>
        </section>
      </section>

      <section id="mediakeysession-events" class="informative" typeof="bibo:Chapter" resource="#mediakeysession-events" property="bibo:hasPart">
        <h3 id="h-mediakeysession-events" resource="#h-mediakeysession-events"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.5 </span>Event Summary</span></h3><p><em>This section is non-normative.</em></p>

        <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note62"><span>Note</span></div><p class="">In some implementations, <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> objects may not fire any events until the <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object is associated with a media element using <code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys()</a></code>.</p></div>
        <div class="issue" id="issue-9"><div class="issue-title" aria-level="4" role="heading" id="h-issue9"><span>Issue 9</span></div><p class=""><a href="https://github.com/w3c/encrypted-media/issues/9">Issue 9</a> - The above note should be removed.</p></div>

        <table class="old-table">
          <thead>
            <tr>
              <th>Event name</th>
              <th>Interface</th>
              <th>Dispatched when...</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td><dfn id="dom-evt-keystatuseschange"><code>keystatuseschange</code></dfn></td>
              <td><code><a href="https://dom.spec.whatwg.org/#event">Event</a></code></td>
              <td>There has been a change in the keys in the session or their status.</td>
            </tr>
            <tr>
              <td><dfn id="dom-evt-message"><code>message</code></dfn></td>
              <td><a href="#idl-def-MediaKeyMessageEvent" class="idlType"><code>MediaKeyMessageEvent</code></a></td>
              <td>The CDM has generated a message for the session.</td>
            </tr>
          </tbody>
        </table>
      </section>

      <section id="mediakeysession-algorithms" typeof="bibo:Chapter" resource="#mediakeysession-algorithms" property="bibo:hasPart">
        <h3 id="h-mediakeysession-algorithms" resource="#h-mediakeysession-algorithms"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.6 </span>Algorithms</span></h3>

        <section id="queue-message" typeof="bibo:Chapter" resource="#queue-message" property="bibo:hasPart">
          <h4 id="h-queue-message" resource="#h-queue-message"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.6.1 </span>Queue a "message" Event</span></h4>
          <p>The Queue a "message" Event algorithm is run when the CDM needs to queue a message event to a <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object.
          Requests to run this algorithm include a target <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object, a <var>message type</var>, and a <var>message</var>.
          </p>
          <p><var>message</var> <em class="rfc2119" title="MUST NOT">MUST NOT</em> contain a <a href="#distinctive-identifier">Distinctive Identifier</a>, even in an encrypted form, if the <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object's <var>use distinctive identifier</var> value is false.</p>
          <p>The following steps are run:</p>
          <ol>
            <li><p>Let the <var>session</var> be the specified <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object.</p></li>
            <li>
              <p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-evt-message">message</a></code> at the <var>session</var>.</p>
              <p>The event is of type <a href="#idl-def-MediaKeyMessageEvent" class="idlType"><code>MediaKeyMessageEvent</code></a> and has:</p>
              <ul style="list-style-type:none"><li>
                <code><a href="#widl-MediaKeyMessageEvent-messageType">messageType</a></code> = the specified <var>message type</var><br><br>
                <code><a href="#widl-MediaKeyMessageEvent-message">message</a></code> = the specified <var>message</var>
              </li></ul>
            </li>
          </ol>
        </section>

        <section id="update-key-statuses" typeof="bibo:Chapter" resource="#update-key-statuses" property="bibo:hasPart">
          <h4 id="h-update-key-statuses" resource="#h-update-key-statuses"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.6.2 </span>Update Key Statuses</span></h4>
          <p>The Update Key Statuses algorithm is run when the CDM changes the set of keys <a href="#known-key">known</a> to the session or the status of one or more of the keys.
          This can happen as the result of a <code><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load()</a></code> or <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> call or some other event, such as expiration.
          Requests to run this algorithm include a target <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object and a sequence of <a href="#decryption-key-id">key ID</a> and associated <a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a> pairs.
          </p>
          <p>The following steps are run:</p>
          <ol>
            <li><p>Let the <var>session</var> be the associated <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object.</p></li>
            <li><p>Let the <var>input statuses</var> be the sequence of pairs key ID and associated <a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a> pairs.</p></li>
            <li><p>Let the <var>statuses</var> be <var>session</var>'s <code><a href="#widl-MediaKeySession-keyStatuses">keyStatuses</a></code> attribute.</p></li>
            <li><p>Run the following steps to replace the contents of <var>statuses</var>:</p>
              <ol>
                <li><p>Empty <var>statuses</var>.</p></li>
                <li><p>For each pair in <var>input statuses</var>.</p>
                  <ol>
                    <li><p>Let <var>pair</var> be the pair.</p></li>
                    <li><p>Insert an entry for <var>pair</var>'s key ID into <var>statuses</var> with the value of <var>pair</var>'s <a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a> value.</p></li>
                  </ol>
                </li>
              </ol>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note63"><span>Note</span></div><p class="">The effect of this steps is that the contents of <var>session</var>'s <code><a href="#widl-MediaKeySession-keyStatuses">keyStatuses</a></code> attribute are replaced without invalidating existing references to the attribute.
                This replacement is atomic from a script perspective. That is, script <em class="rfc2119" title="MUST NOT">MUST NOT</em> ever see a partially populated sequence.
              </p></div>
            </li>
            <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-evt-keystatuseschange">keystatuseschange</a></code> at the <var>session</var>.</p></li>
            <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to run the <a href="#resume-playback">Attempt to Resume Playback If Necessary</a> algorithm on each of the media element(s) whose <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute is the MediaKeys object that created the <var>session</var>.</p>
            </li>
          </ol>
        </section>

        <section id="update-expiration" typeof="bibo:Chapter" resource="#update-expiration" property="bibo:hasPart">
          <h4 id="h-update-expiration" resource="#h-update-expiration"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.6.3 </span>Update Expiration</span></h4>
          <p>The Update Expiration algorithm is run when the CDM changes the expiration time of a session.
          This can happen as the result of an <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> call or some other event.
          Requests to run this algorithm include a target <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object and the new expiration time, which may be <code>NaN</code>.
          </p>
          <p>The following steps are run:</p>
          <ol>
            <li><p>Let the <var>session</var> be the associated <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object.</p></li>
            <li><p>Let <var>expiration time</var> be <code>NaN</code>.</p></li>
            <li><p>If the new expiration time is not <code>NaN</code>, let <var>expiration time</var> be the new expiration time in milliseconds since 01 January 1970 UTC.</p></li>
            <li><p>Set the <var>session</var>'s <code><a href="#widl-MediaKeySession-expiration">expiration</a></code> attribute to <var>expiration time</var>.</p></li>
          </ol>
        </section>

        <section id="session-close" typeof="bibo:Chapter" resource="#session-close" property="bibo:hasPart">
          <h4 id="h-session-close" resource="#h-session-close"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.6.4 </span>Session Close</span></h4>
          <p>The Session Close algorithm is run when the CDM closes the session associated with a <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object.</p>
          <p>Closing a session means that the license(s) and key(s) associated with it are no longer available to decrypt <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.
            All <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> methods will fail for this object.
          </p>
          <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note64"><span>Note</span></div><p class="">The CDM may close a session at any point, such as in response to a <code><a href="#widl-MediaKeySession-close-Promise-void">close()</a></code> call, when the session is no longer needed, or when system resources are lost.
          Keys in other sessions <em class="rfc2119" title="SHOULD">SHOULD</em> be unaffected, even if they have overlapping key IDs.
          </p></div>
          <p>The following steps are run:</p>
          <ol>
            <li><p>Let the <var>session</var> be the associated <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object.</p></li>
            <li>
              <p>
                 If any license(s) and/or key(s) associated with <var>session</var> exist that have not been explicitly stored:
              </p>
              <ol>
                <li>
                  <p>
                    Destroy these license(s) and/or key(s).
                  </p>
                </li>
                <li>
                  <p>
                    If this object's <var>session type</var> is <code><a href="#idl-def-MediaKeySessionType.persistent-usage-record">"persistent-usage-record"</a></code>, store the <var>record of key usage</var>.
                  </p>
                </li>
              </ol>
            </li>
            <li><p>Run the <a href="#update-key-statuses">Update Key Statuses</a> algorithm on the <var>session</var>, providing an empty sequence.</p></li>
            <li><p>Run the <a href="#update-expiration">Update Expiration</a> algorithm on the <var>session</var>, providing <code>NaN</code>.</p></li>
            <li><p>Let <var>promise</var> be the <code><a href="#widl-MediaKeySession-closed">closed</a></code> attribute of the <var>session</var>.</p></li>
            <li><p>Resolve <var>promise</var>.</p></li>
          </ol>
        </section>
      </section>

      <section id="exceptions" typeof="bibo:Chapter" resource="#exceptions" property="bibo:hasPart">
        <h3 id="h-exceptions" resource="#h-exceptions"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.7 </span>Exceptions</span></h3>
        <p id="error-names">The methods report errors by rejecting the returned promise with a <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code>.
        The following <a href="https://heycam.github.io/webidl/#idl-DOMException-error-names">DOMException names from WebIDL</a> [<cite><a class="bibref" href="#bib-WebIDL">WebIDL</a></cite>] are used in the algorithms.
        Causes specified specified in the algorithms are listed alongside each name, though these names <em class="rfc2119" title="MAY">MAY</em> be used for other reasons as well.
        </p>

        <table class="old-table">
          <tbody>
            <tr>
              <th>Name</th>
              <th>Possible Causes (non-exhaustive)</th>
            </tr>
            <tr>
              <td><dfn id="dfn-NotSupportedError" data-dfn-type="dfn"><code>NotSupportedError</code></dfn></td>
              <td>
                The existing MediaKeys object cannot be removed.<br>
                The key system is not supported.<br>
                The key system is not supported in an insecure context.<br>
                The initialization data type is not supported by the key system.<br>
                The session type is not supported by the key system.<br>
                The initialization data is not supported by the key system.<br>
                The operation is not supported by the key system.
              </td>
            </tr>
            <tr>
              <td><dfn id="dfn-InvalidStateError" data-dfn-type="dfn"><code>InvalidStateError</code></dfn></td>
              <td>The existing MediaKeys object cannot be removed at this time.<br>
                The session has already been used.<br>
                The session is not yet initialized.<br>
                The session is closed.
              </td>
            </tr>
            <tr>
              <td><dfn id="dfn-TypeError" data-dfn-type="dfn"><code>TypeError</code></dfn></td>
              <td>
                The parameter is empty.<br>
                Invalid initialization data.<br>
                Invalid response format.<br>
                A persistent license was provided for a <code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code> session.
              </td>
            </tr>
            <tr>
              <td><dfn id="dfn-RangeError" data-dfn-type="dfn"><code>RangeError</code></dfn></td>
              <td>
                Indicates a value that is not in the set or range of allowable values. For example, the operation is not supported on sessions of this type.<br>
              </td>
            </tr>
            <tr>
              <td><dfn id="dfn-QuotaExceededError" data-dfn-type="dfn"><code>QuotaExceededError</code></dfn></td>
              <td>The MediaKeys object cannot be used with additional HTMLMediaElements.<br>
                A non-closed session already exists for this sessionId.
              </td>
            </tr>
          </tbody>
        </table>
      </section>

      <section id="session-storage" typeof="bibo:Chapter" resource="#session-storage" property="bibo:hasPart">
        <h3 id="h-session-storage" resource="#h-session-storage"><span property="xhv:role" resource="xhv:heading"><span class="secno">6.8 </span>Session Storage and Persistence</span></h3>
        <p>This section provides an overview of session storage and persistence that complements the algorithms.</p>
        <p>If the result of running the <a href="#is-persistent-session-type">Is persistent session type?</a> algorithm on this object's <var>session type</var> is <code>false</code>, the user agent and CDM <em class="rfc2119" title="MUST NOT">MUST NOT</em> persist a record of or data related to the session at any point.
          This includes license(s), key(s), records of key usage or proof of license destruction, and the <a href="#session-id">Session ID</a>.
        </p>
        <p>The remainder of this section applies to session types for which the <a href="#is-persistent-session-type">Is persistent session type?</a> algorithm returns <code>true</code>.</p>
        <p>Persisted data <em class="rfc2119" title="MUST">MUST</em> always be stored such that only the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of this object's <a href="https://dom.spec.whatwg.org/#concept-document">Document</a> can access it.
          In addition, the data <em class="rfc2119" title="MUST">MUST</em> only be accessible by the current profile of this user agent; other user agent profiles, user agents, and applications <em class="rfc2119" title="MUST NOT">MUST NOT</em> be able to access the stored data.
          See <a href="#privacy-storedinfo">Information Stored on User Devices</a>.
        </p>
        <p>The CDM <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> store session data, including the Session ID, until <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> is called the first time.
          Specifically, the CDM <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> store session data during the <code><a href="#widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData">generateRequest()</a></code> algorithm.
          This ensures that the application is aware of the session and knows it needs to eventually remove it.
        </p>
        <p>The CDM <em class="rfc2119" title="MUST">MUST</em> ensure that data for a given session is only present in one active unclosed session in any <a href="https://dom.spec.whatwg.org/#concept-document">Document</a>.
          In other words, <code><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load()</a></code> <em class="rfc2119" title="MUST">MUST</em> fail when there is already a <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> representing the session specified by the <var>sessionId</var> parameter, either because the object that created it via <code><a href="#widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData">generateRequest()</a></code> is still active or it has been loaded into another object via <code><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load()</a></code>.
          A session <em class="rfc2119" title="MAY">MAY</em> only be loaded again after the <a href="#session-close">Session Close</a> algorithm has not been run on the object representing it.
        </p>
        <p>An application that creates a session using a type for which the <a href="#is-persistent-session-type">Is persistent session type?</a> algorithm returns <code>true</code> <em class="rfc2119" title="SHOULD">SHOULD</em> later remove the stored data using <code><a href="#widl-MediaKeySession-remove-Promise-void">remove()</a></code>.
          The CDM <em class="rfc2119" title="MAY">MAY</em> also remove sessions as appropriate, but applications <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> rely on this.
        </p>
        <p>See the <a href="#security">Security</a> and <a href="#privacy">Privacy</a> sections for additional considerations when supporting persistent storage.</p>
      </section>
    </section>

    <section id="htmlmediaelement-extensions" typeof="bibo:Chapter" resource="#htmlmediaelement-extensions" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-htmlmediaelement-extensions" resource="#h-htmlmediaelement-extensions"><span property="xhv:role" resource="xhv:heading"><span class="secno">7. </span><a href="#idl-def-HTMLMediaElement" class="idlType"><code>HTMLMediaElement</code></a> Extensions</span></h2>
      <p>This section specifies additions to and modifications of the <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code> [<cite><a class="bibref" href="#bib-HTML5">HTML5</a></cite>] when the Encrypted Media Extensions are supported.</p>

      <p>When a <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code> is created, its internal <var>waiting for key</var> value is initialized to <code>false</code>.</p>

      <p>For methods that return a promise, all errors are reported asynchronously by rejecting the returned Promise. This includes [<cite><a class="bibref" href="#bib-WebIDL">WebIDL</a></cite>] type mapping errors.</p>
      <p>The steps of an algorithm are always aborted when rejecting a promise.</p>

      <pre class="idl"><span class="idlInterface" id="idl-def-HTMLMediaElement">partial interface <span class="idlInterfaceID">HTMLMediaElement</span> : <span class="idlSuperclass">EventTarget</span> {
<span class="idlAttribute">    readonly        attribute <span class="idlAttrType"><a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a>?</span>   <span class="idlAttrName"><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></span>;</span>
<span class="idlAttribute">                    attribute <span class="idlAttrType">EventHandler</span> <span class="idlAttrName"><a href="#widl-HTMLMediaElement-onencrypted">onencrypted</a></span>;</span>
<span class="idlMethod">    <span class="idlMethType">Promise&lt;void&gt;</span> <span class="idlMethName"><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys</a></span> (<span class="idlParam"><span class="idlParamType"><a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a>?</span> <span class="idlParamName">mediaKeys</span></span>);</span>
};</span></pre><section id="attributes-4" typeof="bibo:Chapter" resource="#attributes-4" property="bibo:hasPart"><h3 id="h-attributes-4" resource="#h-attributes-4"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.1 </span>Attributes</span></h3><dl class="attributes"><dt id="widl-HTMLMediaElement-mediaKeys"><code>mediaKeys</code> of type <span class="idlAttrType"><a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a></span>, readonly       , nullable</dt><dd>
          <p>The <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> being used when decrypting encrypted <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> for this media element.</p>
        </dd><dt id="widl-HTMLMediaElement-onencrypted"><code>onencrypted</code> of type <span class="idlAttrType">EventHandler</span></dt><dd>
          <p>Event handler for the <code><a href="#dom-evt-encrypted">encrypted</a></code> event <em class="rfc2119" title="MUST">MUST</em> be supported by all HTMLMediaElements as both a content attribute and an IDL attribute.</p>
        </dd></dl></section><section id="methods-5" typeof="bibo:Chapter" resource="#methods-5" property="bibo:hasPart"><h3 id="h-methods-5" resource="#h-methods-5"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.2 </span>Methods</span></h3><dl class="methods"><dt id="widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys"><code id="setMediaKeys">setMediaKeys</code></dt><dd>
          <p>Provides the <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> to use when decrypting media data during playback.</p>

          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note65"><span>Note</span></div><p class="">Support for clearing or replacing the associated <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object during playback is a quality of implementation issue. In many cases it will result in a bad user experience or rejected promise.</p></div>
          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note66"><span>Note</span></div><p class="">As a best practice, applications should create a MediaKeys object and call <code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys()</a></code> before providing <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> (for example, setting the <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#attr-media-src">src</a></code> attribute). This avoids potential delays in some implementations.</p></div>
          <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note67"><span>Note</span></div><p class="">Some implementations may only support decrypting media data provided via Media Source Extensions [<cite><a class="bibref" href="#bib-MEDIA-SOURCE">MEDIA-SOURCE</a></cite>].
            This is not reflected in the results of calling <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code>.
          </p></div>
          
          

          
        <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">mediaKeys</td><td class="prmType"><code><a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a></code></td><td class="prmNullTrue"><span role="img" aria-label="True">✔</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc">
              A <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object.
            </td></tr></tbody></table><div><em>Return type: </em><code>Promise&lt;void&gt;</code></div><p>When this method is invoked, the user agent must run the following steps:</p><ol class="method-algorithm">
            <!-- For simplicity and consistency, do not allow multiple pending calls. -->
            <li><p>If <var>mediaKeys</var> and the <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute are the same object, return a resolved promise.</p></li>
            <li><p>If this object's <var>attaching media keys</var> value is true, return a promise rejected with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p></li>
            <li><p>Let this object's <var>attaching media keys</var> value be true.</p></li>
            <li><p>Let <var>promise</var> be a new promise.</p></li>
            <li><p>Run the following steps in parallel:</p>
              <ol>
                <li><p>If <var>mediaKeys</var> is not null, the CDM instance represented by <var>mediaKeys</var> is already in use by another media element, and the user agent is unable to use it with this element, let this object's <var>attaching media keys</var> value be false and reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-QuotaExceededError">QuotaExceededError</a></code>.</p></li>
                <li><p>If the <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute is not null, run the following steps:</p>
                  <ol>
                    <li><p>If the user agent or CDM do not support removing the association, let this object's <var>attaching media keys</var> value be false and reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-NotSupportedError">NotSupportedError</a></code>.</p></li>
                    <li><p>If the association cannot currently be removed, let this object's <var>attaching media keys</var> value be false and reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is <code><a href="#dfn-InvalidStateError">InvalidStateError</a></code>.</p>
                      <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note68"><span>Note</span></div><p class="">For example, some implementations may not allow removal during playback.</p></div>
                    </li>
                    <li><p>Stop using the CDM instance represented by the <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute to decrypt <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> and remove the association with the media element.</p></li>
                    <li><p>If the preceding step failed, let this object's <var>attaching media keys</var> value be false and reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is the appropriate <a href="#error-names">error name</a>.</p></li>
                  </ol>
                </li>
                <li><p>If <var>mediaKeys</var> is not null, run the following steps:</p>
                  <ol>
                    <li><p>Associate the CDM instance represented by <var>mediaKeys</var> with the media element for decrypting <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.</p></li>
                    <li><p>If the preceding step failed, run the following steps:</p>
                      <ol>
                        <li><p>Set the <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute to null.</p></li><!-- In case it was previously not null since the previous association has been removed. -->
                        <li><p>Let this object's <var>attaching media keys</var> value be false.</p></li>
                        <li><p>Reject <var>promise</var> with a new <code><a href="https://heycam.github.io/webidl/#dfn-DOMException">DOMException</a></code> whose name is the appropriate <a href="#error-names">error name</a>.</p></li>
                      </ol>
                    </li>
                    <li><p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to run the <a href="#resume-playback">Attempt to Resume Playback If Necessary</a> algorithm on the media element.</p>
                      <p>The user agent <em class="rfc2119" title="MAY">MAY</em> choose to skip this step if it knows resuming will fail.</p><p>
                      </p><div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note69"><span>Note</span></div><p class="">For example, the user agent may skip this step if <var>mediaKeys</var> has no sessions.</p></div>
                    </li>
                  </ol>
                </li>
                <li><p>Set the <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute to <var>mediaKeys</var>.</p></li>
                <li><p>Let this object's <var>attaching media keys</var> value be false.</p></li>
                <li><p>Resolve <var>promise</var>.</p></li>
              </ol>
            </li>
            <li><p>Return <var>promise</var>.</p></li>
          </ol></dd></dl></section>

      <section id="mediaencryptedevent" typeof="bibo:Chapter" resource="#mediaencryptedevent" property="bibo:hasPart">
        <h3 id="h-mediaencryptedevent" resource="#h-mediaencryptedevent"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.3 </span><a href="#idl-def-MediaEncryptedEvent" class="idlType"><code>MediaEncryptedEvent</code></a></span></h3>
        <p>The MediaEncryptedEvent object is used for the <code><a href="#dom-evt-encrypted">encrypted</a></code> event.</p>
        <p>Events are constructed as defined in <a href="https://dom.spec.whatwg.org/#constructing-events">Constructing events</a> [<cite><a class="bibref" href="#bib-DOM">DOM</a></cite>].</p>

        <pre class="idl"><span class="idlInterface" id="idl-def-MediaEncryptedEvent">[<span class="idlCtor"> <span class="idlCtorKeyword"></span><span class="idlCtorName"><a href="#widl-ctor-MediaEncryptedEvent--DOMString-type-MediaEncryptedEventInit-eventInitDict">Constructor</a></span> (<span class="idlParam"><span class="idlParamType">DOMString</span> <span class="idlParamName">type</span></span>, <span class="idlParam">optional <span class="idlParamType"><a href="#idl-def-MediaEncryptedEventInit" class="idlType"><code>MediaEncryptedEventInit</code></a></span> <span class="idlParamName">eventInitDict</span></span>)</span>]
interface <span class="idlInterfaceID">MediaEncryptedEvent</span> : <span class="idlSuperclass">Event</span> {
<span class="idlAttribute">    readonly        attribute <span class="idlAttrType">DOMString</span>    <span class="idlAttrName"><a href="#widl-MediaEncryptedEvent-initDataType">initDataType</a></span>;</span>
<span class="idlAttribute">    readonly        attribute <span class="idlAttrType">ArrayBuffer?</span> <span class="idlAttrName"><a href="#widl-MediaEncryptedEvent-initData">initData</a></span>;</span>
};</span></pre><section id="constructors-1" typeof="bibo:Chapter" resource="#constructors-1" property="bibo:hasPart"><h4 id="h-constructors-1" resource="#h-constructors-1"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.3.1 </span>Constructors</span></h4><dl class="constructors"><dt id="widl-ctor-MediaEncryptedEvent--DOMString-type-MediaEncryptedEventInit-eventInitDict"><code>MediaEncryptedEvent</code></dt><dd>

          <table class="parameters"><tbody><tr><th>Parameter</th><th>Type</th><th>Nullable</th><th>Optional</th><th>Description</th></tr><tr><td class="prmName">type</td><td class="prmType"><code>DOMString</code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptFalse"><span role="img" aria-label="False">✘</span></td><td class="prmDesc"></td></tr><tr><td class="prmName">eventInitDict</td><td class="prmType"><code><a href="#idl-def-MediaEncryptedEventInit" class="idlType"><code>MediaEncryptedEventInit</code></a></code></td><td class="prmNullFalse"><span role="img" aria-label="False">✘</span></td><td class="prmOptTrue"><span role="img" aria-label="True">✔</span></td><td class="prmDesc"></td></tr></tbody></table></dd></dl></section><section id="attributes-5" typeof="bibo:Chapter" resource="#attributes-5" property="bibo:hasPart"><h4 id="h-attributes-5" resource="#h-attributes-5"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.3.2 </span>Attributes</span></h4><dl class="attributes"><dt id="widl-MediaEncryptedEvent-initData"><code>initData</code> of type <span class="idlAttrType">ArrayBuffer</span>, readonly       , nullable</dt><dd>
            The <a href="#initialization-data">Initialization Data</a> for the event.
          </dd><dt id="widl-MediaEncryptedEvent-initDataType"><code>initDataType</code> of type <span class="idlAttrType">DOMString</span>, readonly       </dt><dd>
            Indicates the <a href="#initialization-data-type">Initialization Data Type</a> of the <a href="#initialization-data">Initialization Data</a> contained in the <code><a href="#widl-MediaEncryptedEventInit-initData">initData</a></code> attribute.
          </dd></dl></section>

        <section id="mediaencryptedeventinit" typeof="bibo:Chapter" resource="#mediaencryptedeventinit" property="bibo:hasPart">
          <h4 id="h-mediaencryptedeventinit" resource="#h-mediaencryptedeventinit"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.3.3 </span><a href="#idl-def-MediaEncryptedEventInit" class="idlType"><code>MediaEncryptedEventInit</code></a></span></h4>
          <pre class="idl"><span class="idlDictionary" id="idl-def-MediaEncryptedEventInit">dictionary <span class="idlDictionaryID">MediaEncryptedEventInit</span> : <span class="idlSuperclass">EventInit</span> {
<span class="idlMember">             <span class="idlMemberType">DOMString</span>    <span class="idlMemberName"><a href="#widl-MediaEncryptedEventInit-initDataType">initDataType</a></span> = <span class="idlMemberValue">""</span>;</span>
<span class="idlMember">             <span class="idlMemberType">ArrayBuffer?</span> <span class="idlMemberName"><a href="#widl-MediaEncryptedEventInit-initData">initData</a></span> = <span class="idlMemberValue">null</span>;</span>
};</span></pre><section id="dictionary-mediaencryptedeventinit-members" typeof="bibo:Chapter" resource="#dictionary-mediaencryptedeventinit-members" property="bibo:hasPart"><h5 id="h-dictionary-mediaencryptedeventinit-members" resource="#h-dictionary-mediaencryptedeventinit-members"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.3.3.1 </span>Dictionary <a class="idlType" href="#idl-def-MediaEncryptedEventInit"><code>MediaEncryptedEventInit</code></a> Members</span></h5><dl class="dictionary-members"><dt id="widl-MediaEncryptedEventInit-initData"><code>initData</code> of type <span class="idlMemberType">ArrayBuffer</span>, nullable, defaulting to <code>null</code></dt><dd>
              The <a href="#initialization-data">Initialization Data</a>.
            </dd><dt id="widl-MediaEncryptedEventInit-initDataType"><code>initDataType</code> of type <span class="idlMemberType">DOMString</span>, defaulting to <code>""</code></dt><dd>
              The <a href="#initialization-data-type">Initialization Data Type</a>.
            </dd></dl></section>
        </section>
      </section>

      <section id="htmlmediaelement-events" class="informative" typeof="bibo:Chapter" resource="#htmlmediaelement-events" property="bibo:hasPart">
        <h3 id="h-htmlmediaelement-events" resource="#h-htmlmediaelement-events"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.4 </span>Event Summary</span></h3><p><em>This section is non-normative.</em></p>

        <table class="old-table">
          <thead>
            <tr>
              <th>Event name</th>
              <th>Interface</th>
              <th>Dispatched when...</th>
              <th>Preconditions</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td><dfn id="dom-evt-encrypted"><code>encrypted</code></dfn></td>
              <td><a href="#idl-def-MediaEncryptedEvent" class="idlType"><code>MediaEncryptedEvent</code></a></td>
              <td>The user agent encounters <a href="#initialization-data">Initialization Data</a> in the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>.</td>
              <td>The element's <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-readystate">readyState</a></code> is equal to <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-have_metadata">HAVE_METADATA</a></code> or greater.
              <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note70"><span>Note</span></div><p class="">It is possible that the element is playing or has played.</p></div>
              </td>
            </tr>
              <tr><td><dfn id="dom-evt-waitingforkey"><code>waitingforkey</code></dfn></td>
              <td><code><a href="https://dom.spec.whatwg.org/#event">Event</a></code></td>
              <td>Playback is blocked waiting for a key.</td>
              <td>The element is <a href="http://www.w3.org/TR/html5/embedded-content-0.html#potentially-playing">potentially playing</a> and its <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-readystate">readyState</a></code> is equal to <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-have_future_data">HAVE_FUTURE_DATA</a></code> or greater.</td>
          </tr></tbody>
        </table>
      </section>

      <section id="htmlmediaelement-algorithms" typeof="bibo:Chapter" resource="#htmlmediaelement-algorithms" property="bibo:hasPart">
        <h3 id="h-htmlmediaelement-algorithms" resource="#h-htmlmediaelement-algorithms"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.5 </span>Algorithms</span></h3>

        <section id="initdata-encountered" typeof="bibo:Chapter" resource="#initdata-encountered" property="bibo:hasPart">
          <h4 id="h-initdata-encountered" resource="#h-initdata-encountered"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.5.1 </span>Initialization Data Encountered</span></h4>
          <p>The following steps are run when the media element encounters <a href="#initialization-data">Initialization Data</a> in the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> during the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>:</p>

          <ol>
            <li><p>Let <var>initDataType</var> be the empty string.</p></li>
            <li><p>Let <var>initData</var> be null.</p></li>
            <li>
              <p>If the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> is <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a> and <em>not</em> <a href="#mixed-content">mixed content</a>, run the following steps:</p>
              <ol>
                <li><p>Let <var>initDataType</var> be the string representing the <a href="#initialization-data-type">Initialization Data Type</a> of the Initialization Data.</p></li>
                <li><p>Let <var>initData</var> be the Initialization Data.</p></li>
              </ol>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note71"><span>Note</span></div><p class="">While the media element may allow loading of "Optionally-blockable Content" [<cite><a class="bibref" href="#bib-MIXED-CONTENT">MIXED-CONTENT</a></cite>], the user agent <em class="rfc2119" title="MUST NOT">MUST NOT</em> expose Initialization Data from such media data to the application.</p></div>
            </li>
            <li>
              <p><a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">Queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-evt-encrypted">encrypted</a></code> at the media element.</p>
              <p>The event is of type <a href="#idl-def-MediaEncryptedEvent" class="idlType"><code>MediaEncryptedEvent</code></a> and has:</p>
              <ul style="list-style-type:none"><li>
                <code><a href="#widl-MediaEncryptedEventInit-initDataType">initDataType</a></code> = <var>initDataType</var><br><br>
                <code><a href="#widl-MediaEncryptedEventInit-initData">initData</a></code> = <var>initData</var>
              </li></ul>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note72"><span>Note</span></div><p class=""><code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-readystate">readyState</a></code> is <em>not</em> changed and no algorithms are aborted. This event merely provides information.</p></div>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note73"><span>Note</span></div><p class="">The <code><a href="#widl-MediaEncryptedEventInit-initData">initData</a></code> attribute will be null if the media data is <em>not</em> <a href="http://www.w3.org/TR/html5/infrastructure.html#cors-same-origin">CORS-same-origin</a> or is <a href="#mixed-content">mixed content</a>.
                Applications may retrieve the Initialization Data from an alternate source.
              </p></div>
            </li>
            <li>
              <p>If the media element's <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute is null and the implementation requires specification of a <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object before decoding potentially-encrypted <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, run the following steps:</p>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note74"><span>Note</span></div><p class="">These steps may be reached when the application provides <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> before calling <code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys()</a></code> to provide a <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object.
                Selecting a <a href="#cdm">CDM</a> may affect the pipeline and/or decoders used, so some implementations may delay playback of media data that may contain encrypted blocks until a CDM is specified by passing a <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object to <code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys()</a></code>.
              </p></div>
              <ol>
                <li><p>Run the <a href="#queue-waitingforkey">Queue a "waitingforkey" Event</a> algorithm on the media element.</p></li>
                <li><p>Wait for a signal to resume playback.</p></li>
              </ol>
            </li>
            <li><p><i>Continue Normal Flow</i>: Continue with the existing media element's <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>.</p></li>
          </ol>
        </section>

        <section id="encrypted-block-encountered" typeof="bibo:Chapter" resource="#encrypted-block-encountered" property="bibo:hasPart">
          <h4 id="h-encrypted-block-encountered" resource="#h-encrypted-block-encountered"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.5.2 </span>Encrypted Block Encountered</span></h4>
          <p>The following steps are run when the media element encounters a block of encrypted <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> during the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>:</p>

          <ol>
            <li><p>If the media element's <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute is not null, run the following steps:</p>
              <ol>
                <li><p>Let <var>media keys</var> be the <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object referenced by that atribute.</p></li>
                <li><p>Let <var>cdm</var> be the CDM instance represented by <var>media keys</var>'s <var>cdm instance</var> value.</p></li>
                <li>
                  <p>If <var>cdm</var> is no longer usable for any reason, run the following steps:</p>
                  <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note75"><span>Note</span></div><p class="">These steps are intended to be run on unrecoverable failures of the CDM.</p></div>
                  <ol>
                    <li>
                      <p>Run the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#fatal-decode-error">media data is corrupted</a> steps of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>.</p>
                    </li>
                    <li>
                      <p>For each <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> created by the <var>media keys</var> on which the <a href="#session-close">Session Close</a> algorithm has not been run, run the <a href="#session-close">Session Close</a> algorithm.</p>
                    </li>
                    <li>
                      <p>Abort these steps.</p>
                    </li>
                  </ol>
                </li>
                <li><p>If there is at least one <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> created by the <var>media keys</var> on which the <a href="#session-close">Session Close</a> algorithm has not been run, run the following steps:</p>
                  <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note76"><span>Note</span></div><p class="">This check ensures the <var>cdm</var> has finished loading and is a prequisite for a matching key being available.</p></div>
                  <ol>
                    <li><p>Let the <var>block key ID</var> be the key ID of the current block.</p>
                      <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note77"><span>Note</span></div><p class="">The key ID is generally specified by the container.</p></div>
                    </li>
                    <li><p>Use the <var>cdm</var> to execute the following steps:</p>
                      <ol>
                        <li><p>Let <var>available keys</var> be the union of keys in sessions that were created by the <var>media keys</var>.</p></li>
                        <li><p>Let <var>block key</var> be null.</p></li>
                        <li><p>If any of the <var>available keys</var> corresponds to the <var>block key ID</var> and is usable, let <var>session</var> be a
                        <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object containg that key and let <var>block key</var> be that key.</p>
                          <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note78"><span>Note</span></div><p class="">If multiple sessions contain a <em>usable</em> key for the <var>block key ID</var>, which session and key to use is <a href="#key-system">Key System</a>-dependent.</p></div>
                        </li>
                        <li><p>If the status of any of the <var>available keys</var> changed as the result of running the preceding step, run the <a href="#update-key-statuses">Update Key Statuses</a> algorithm on each affected <var>session</var>, providing all <a href="#decryption-key-id">key ID(s)</a> in the session along with the appropriate <a href="#idl-def-MediaKeyStatus" class="idlType"><code>MediaKeyStatus</code></a> value(s) for each.
                        </p></li><li><p>If <var>block key</var> is not null, run the following steps:
                          </p><ol>
                            <li>
                              <p>If <var>session</var>'s <var>session type</var> is <code><a href="#idl-def-MediaKeySessionType.persistent-usage-record">"persistent-usage-record"</a></code>, run the following steps:</p>
                                <ol>
                                  <li>
                                    <p>Let <var>usage</var> be <var>session</var>'s <var>record of key usage</var>.
                                  </p></li>
                                  <li>
                                    <p>
                                      If the <var>first decrypt time</var> of <var>usage</var> is <code>null</code>, set the <var>first decrypt time</var> of <var>usage</var> to the current time, accurate to within <var><a href="#key-usage-accuracy">key usage accuracy</a></var>.
                                    </p>
                                  </li>
                                  <li>
                                    <p>
                                      Set the <var>latest decrypt time</var> of <var>usage</var> to the current time, accurate to within <var><a href="#key-usage-accuracy">key usage accuracy</a></var>.
                                    </p>
                                  </li>
                                </ol>
                                <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note79"><span>Note</span></div><p class="">
                                  Implementations <em class="rfc2119" title="MAY">MAY</em> optimize the times at which this step is executed provided the recorded key usage times remain
                                  accurate to within <var>key usage accuracy</var>.
                                </p></div>
                              <p></p>
                            </li><li><p>Use the <var>cdm</var> to decrypt the block using <var>block key</var>.</p></li>
                            <li><p>Follow the steps for the first matching condition from the following list:</p>
                              <dl class="switch">
                                <dt>If decryption fails</dt>
                                <dd>
                                  <p>Run the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#fatal-decode-error">media data is corrupted</a> steps of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>, and abort these steps.</p>
                                </dd>
                                <dt>Otherwise</dt>
                                <dd>
                                  <p>Abort these steps and process the decrypted block as normal.</p>
                                  <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note80"><span>Note</span></div><p class="">In other words, decode the block.</p></div>
                                </dd>
                              </dl>
                              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note81"><span>Note</span></div><p class="">Not all decryption problems (i.e. using the wrong key) will result in a decryption failure. In such cases, no error is fired here but one may be fired during decode.</p></div>
                            </li>
                          </ol>
                          <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note82"><span>Note</span></div><p class="">Otherwise, there is no key for the <var>block key ID</var> in any session so continue.</p></div>
                        </li>
                      </ol>
                    </li>
                  </ol>
                </li>
              </ol>
            </li>
            <li>
              <p>Run the following steps:</p>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note83"><span>Note</span></div><p class="">These steps are reached when there is no usable key for the block.</p></div>
              <ol>
                <li><p>Run the <a href="#queue-waitingforkey">Queue a "waitingforkey" Event</a> algorithm on the media element.</p></li>
                <li><p>Wait for a signal to resume playback.</p></li>
              </ol>
            </li>
          </ol>

          <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note84"><span>Note</span></div><div class="">
            <p>For frame-based encryption, this may be implemented as follows when the media element attempts to decode a frame as part of the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a>:</p>
            <ol>
              <li><p>Let <var>encrypted</var> be false.</p></li>
              <li><p>Detect whether the frame is encrypted.</p>
                <dl class="switch">
                  <dt>If the frame is encrypted</dt>
                  <dd>Run the steps above.</dd>
                  <dt>Otherwise</dt>
                  <dd>Continue.</dd>
                </dl>
              </li>
              <li><p>Decode the frame.</p></li>
              <li><p>Provide the frame for rendering.</p></li>
            </ol>
          </div></div>
        </section>

        <section id="queue-waitingforkey" typeof="bibo:Chapter" resource="#queue-waitingforkey" property="bibo:hasPart">
          <h4 id="h-queue-waitingforkey" resource="#h-queue-waitingforkey"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.5.3 </span>Queue a "waitingforkey" Event</span></h4>
          <p>The Queue a "waitingforkey" Event algorithm is run when the CDM cannot decrypt the current block.
            It should only be called when the <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code> object is <a href="http://www.w3.org/TR/html5/embedded-content-0.html#potentially-playing">potentially playing</a> and its <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-readystate">readyState</a></code> is equal to <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#dom-media-have_future_data">HAVE_FUTURE_DATA</a></code> or greater.  
            Requests to run this algorithm include a target <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code> object.
          </p>
          <p>The following steps are run:</p>
          <ol>
            <li><p>Let the <var>media element</var> be the specified <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code> object.</p></li>
            <li><p>If the <var>media element</var>'s <var>waiting for key</var> value is <code>false</code>, <a href="http://www.w3.org/TR/html5/webappapis.html#queue-a-task">queue a task</a> to <a href="http://www.w3.org/TR/html5/webappapis.html#fire-a-simple-event">fire a simple event</a> named <code><a href="#dom-evt-waitingforkey">waitingforkey</a></code> at the <var>media element</var>.</p></li>
            <li><p>Set the <var>media element</var>'s <var>waiting for key</var> value to <code>true</code>.</p></li>
            <li><p>Suspend playback.</p></li>
          </ol>
        </section>

        <section id="resume-playback" typeof="bibo:Chapter" resource="#resume-playback" property="bibo:hasPart">
          <h4 id="h-resume-playback" resource="#h-resume-playback"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.5.4 </span>Attempt to Resume Playback If Necessary</span></h4>
          <p>The Attempt to Resume Playback If Necessary algorithm is run when one or more keys becomes available.
          If playback is blocked waiting for a key, it resumes playback if a necessary key has been provided.
          Requests to run this algorithm include a target <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code> object.
          </p>

          <p>The following steps are run:</p>
          <ol>
            <li><p>Let the <var>media element</var> be the specified <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code> object.</p></li>
            <li><p>If the <var>media element</var>'s <var>waiting for key</var> is <code>false</code>, abort these steps.</p></li>
            <li><p>Attempt to resume the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#concept-media-load-resource">resource fetch algorithm</a> by running the <a href="#encrypted-block-encountered">Encrypted Block Encountered</a> algorithm.</p></li>
            <li><p>If the user agent can advance the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#current-playback-position">current playback position</a> in the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#direction-of-playback">direction of playback</a>, set the <var>media element</var>'s <var>waiting for key</var> value to <code>false</code>.</p></li>
          </ol>
        </section>
      </section>

      <section id="media-element-restictions" class="informative" typeof="bibo:Chapter" resource="#media-element-restictions" property="bibo:hasPart">
        <h3 id="h-media-element-restictions" resource="#h-media-element-restictions"><span property="xhv:role" resource="xhv:heading"><span class="secno">7.6 </span>Media Element Restrictions</span></h3><p><em>This section is non-normative.</em></p>
        <p>Media data processed by a CDM <em class="rfc2119" title="MAY">MAY</em> be unavailable through JavaScript APIs in the usual way (for example using the CanvasRenderingContext2D drawImage() method and the AudioContext MediaElementAudioSourceNode).
        This specification does not define conditions for such non-availability of media data, however, if media data is not available to JavaScript APIs then these APIs <em class="rfc2119" title="MAY">MAY</em> behave as if no media data was present at all.</p>
        <p>Where media rendering is not performed by the UA, for example in the case of a hardware protected media pipeline, then the full set of HTML rendering capabilities, for example CSS Transforms, <em class="rfc2119" title="MAY">MAY</em> be unavailable. One likely restriction is that
        video media <em class="rfc2119" title="MAY">MAY</em> be constrained to appear only in rectangular regions with sides parallel to the edges of the window and with normal orientation.</p>
      </section>
    </section>


    <section id="implementation-requirements" typeof="bibo:Chapter" resource="#implementation-requirements" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-implementation-requirements" resource="#h-implementation-requirements"><span property="xhv:role" resource="xhv:heading"><span class="secno">8. </span>Implementation Requirements</span></h2>
      <p>This section defines implementation requirements - for both user agents and <a href="#key-system">Key Systems</a>, including the <a href="#cdm">CDM</a> and server - that may not be explicitly addressed in the algorithms.</p>

      <section id="identifier-requirements" typeof="bibo:Chapter" resource="#identifier-requirements" property="bibo:hasPart">
        <h3 id="h-identifier-requirements" resource="#h-identifier-requirements"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.1 </span>Identifiers</span></h3>
        <p>The use of <a href="#distinctive-identifier">Distinctive Identifiers</a> by implementations presents a privacy concern.
          This defines requirements for avoiding or at least mitigating such concerns.
        </p>

        <section id="limit-or-avoid-use-of-distinctive-identifiers" typeof="bibo:Chapter" resource="#limit-or-avoid-use-of-distinctive-identifiers" property="bibo:hasPart">
          <h4 id="h-limit-or-avoid-use-of-distinctive-identifiers" resource="#h-limit-or-avoid-use-of-distinctive-identifiers"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.1.1 </span>Limit or Avoid use of Distinctive Identifiers</span></h4>
          <ul>
            <li>
              <p>Implementations <em class="rfc2119" title="SHOULD">SHOULD</em> avoid use of <a href="#distinctive-identifier">Distinctive Identifiers</a>.</p>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note85"><span>Note</span></div><p class="">For example, use keys or identifiers that apply to a group of clients or devices rather than individual clients.</p></div>
            </li>
            <li>
              <p>Implementations <em class="rfc2119" title="SHOULD">SHOULD</em> only use <a href="#distinctive-identifier">Distinctive Identifiers</a> when necessary to enforce the policies related to the specific CDM instance and session.</p>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note86"><span>Note</span></div><p class="">For example, <code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code> and <code><a href="#idl-def-MediaKeySessionType.persistent-license">"persistent-license"</a></code> sessions may have different requirements.</p></div>
            </li>
            <li>
              <p>Implementations that use <a href="#distinctive-identifier">Distinctive Identifier(s)</a> <em class="rfc2119" title="SHOULD">SHOULD</em> support the option to not use it.
                When supported, applications can select for this mode using <code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code> = <code><a href="#idl-def-MediaKeysRequirement.not-allowed">"not-allowed"</a></code>.
                Selecting such an option <em class="rfc2119" title="MAY">MAY</em> affect the results of the <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code> call and/or the license requests that are generated from subsequently generated sessions.
              </p>
            </li>
          </ul>
        </section>

        <section id="encrypt-identifiers" typeof="bibo:Chapter" resource="#encrypt-identifiers" property="bibo:hasPart">
          <h4 id="h-encrypt-identifiers" resource="#h-encrypt-identifiers"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.1.2 </span>Encrypt Identifiers</span></h4>
          <p>When exposed to the application - either from a <code><a href="#dom-evt-message">message</a></code> event or a message from the server, such as one that is passed to <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> - <a href="#distinctive-identifier">Distinctive Identifiers</a> <em class="rfc2119" title="MUST">MUST</em> be encrypted at the message exchange level.
            The encryption <em class="rfc2119" title="MUST">MUST</em> ensure that the ciphertext cannot be used as a proxy for the actual identifier, even given the same plaintext.
            The CDM <em class="rfc2119" title="MUST">MUST</em> verify that the encryption key belongs to a valid license server for its Key System.
          </p>
          <div class="issue" id="issue-10"><div class="issue-title" aria-level="5" role="heading" id="h-issue10"><span>Issue 10</span></div><p class="">Add more specific text about ensuring the desired privacy properties when encrypting identifiers.</p></div>
          <p>This <em class="rfc2119" title="MAY">MAY</em> be implemented using a <a href="#server-certificate">server certificate</a>.</p>
          <p>The license server <em class="rfc2119" title="MUST NOT">MUST NOT</em> expose a <a href="#distinctive-identifier">Distinctive Identifier</a> to any entity other than the CDM that sent it.</p>
          <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note87"><span>Note</span></div><p class="">Specifically, it should not be provided to the application or included unencrypted in messages to the CDM.
            This can be accomplished by encrypting the identifier or message with the identifier or such that it is only decryptable by that specific CDM.
          </p></div>
          <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note88"><span>Note</span></div><div class="">
            <p>Among other things, this means that:</p>
            <ul>
              <li><p>Every signature made with device-specific or user-specific keys <em class="rfc2119" title="MUST">MUST</em> be different, even given the same plaintext.</p></li>
              <li><p>Identifiers, keys, or certificates relating to device-specific or user-specific keys <em class="rfc2119" title="MUST">MUST</em> be encrypted for the license server.</p></li>
              <li><p>Messages from the license server to the CDM <em class="rfc2119" title="MUST NOT">MUST NOT</em> expose recipient-unique identifiers, such as the ID of the intended decryption key, on the outside of the encryption envelope.</p></li>
            </ul>
          </div></div>
        </section>

        <section id="per-origin-identifiers" typeof="bibo:Chapter" resource="#per-origin-identifiers" property="bibo:hasPart">
          <h4 id="h-per-origin-identifiers" resource="#h-per-origin-identifiers"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.1.3 </span>Use Per-Origin Identifiers</span></h4>
          <p>All <a href="#distinctive-identifier">Distinctive Identifiers</a> <em class="rfc2119" title="MUST">MUST</em> be distinctive per <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>.
            That is, the <a href="#distinctive-identifier">Distinctive Identifier(s)</a> used for one <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> using these APIs <em class="rfc2119" title="MUST">MUST</em> be different from those used for any other origin using the APIs.
          </p>
          <div class="issue" id="issue-11"><div class="issue-title" aria-level="5" role="heading" id="h-issue11"><span>Issue 11</span></div><p class=""><a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=27269">Bug 27269</a> - It has been suggested that the <a href="#distinctive-identifier">Distinctive Identifiers</a> be distinctive for the combination of top-level origin and the origin using these APIs.</p></div>

          <p id="non-reversible-identifiers">
            It <em class="rfc2119" title="MUST NOT">MUST NOT</em> be possible (with a reasonable amount of time and effort) to correlate identifiers from multiple origins, such as to determine that they came from the same client or user.
            Specifically, implementations that derive per-origin identifiers from an origin-independent identifier, <em class="rfc2119" title="MUST">MUST</em> do so in a non-reversible way.
          </p>
          <div class="issue" id="issue-12"><div class="issue-title" aria-level="5" role="heading" id="h-issue12"><span>Issue 12</span></div><p class="">Add more specific text about ensuring the desired non-reversible properties.</p></div>
        </section>

        <section id="allow-identifiers-cleared" typeof="bibo:Chapter" resource="#allow-identifiers-cleared" property="bibo:hasPart">
          <h4 id="h-allow-identifiers-cleared" resource="#h-allow-identifiers-cleared"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.1.4 </span>Allow Identifiers to be Cleared</span></h4>
          <p>Implementations that use <a href="#distinctive-identifier">Distinctive Identifier(s)</a> <em class="rfc2119" title="MUST">MUST</em> allow the user to clear those identifiers such that they are no longer retrievable both outside, such as via the APIs defined in this specification, and on the client device.
            Once cleared, new different values <em class="rfc2119" title="MUST">MUST</em> be generated when <a href="#distinctive-identifier">Distinctive Identifier(s)</a> are subsequently needed.
          </p>
          <p>Implementations <em class="rfc2119" title="SHOULD">SHOULD</em> allow users to clear <a href="#distinctive-identifier">Distinctive Identifier(s)</a> along with cookies [<cite><a class="bibref" href="#bib-COOKIES">COOKIES</a></cite>] and other site data.
            It is <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> that users be offered the option to clear <a href="#distinctive-identifier">Distinctive Identifier(s)</a> as part of user agent features to clear browsing history.
          </p>
          <p>It is <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> that users be able to request that <a href="#distinctive-identifier">Distinctive Identifiers</a> be forgotten on a per-origin basis, particularly as part of a "Forget about this site" feature that forgets cookies [<cite><a class="bibref" href="#bib-COOKIES">COOKIES</a></cite>], databases, etc. associated with a particular site in an operation that is sufficiently atomic to prevent "cookie resurrection" type of recorrelation of a new identifier with the old by relying on another type of locally stored data that did not get cleared at the same time.</p>
        </section>

      </section>

      <section id="support-multiple-keys" typeof="bibo:Chapter" resource="#support-multiple-keys" property="bibo:hasPart">
        <h3 id="h-support-multiple-keys" resource="#h-support-multiple-keys"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.2 </span>Support Multiple Keys</span></h3>
        <p>Implementations <em class="rfc2119" title="MUST">MUST</em> support multiple keys in each <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> object.</p>
        <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note89"><span>Note</span></div><p class="">The mechanics of how multiple keys are supported is an implementation detail, but it <em class="rfc2119" title="MUST">MUST</em> be transparent to the application and these APIs.</p></div>
        
        <p>Implementations <em class="rfc2119" title="MUST">MUST</em> support seamless switching between keys during playback.
          This includes both keys in the same <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> and keys in separate <a href="#idl-def-MediaKeySession" class="idlType"><code>MediaKeySession</code></a> objects.
        </p>
      </section>
      
      <section id="initialization-data-type-support-requirements" typeof="bibo:Chapter" resource="#initialization-data-type-support-requirements" property="bibo:hasPart">
        <h3 id="h-initialization-data-type-support-requirements" resource="#h-initialization-data-type-support-requirements"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.3 </span>Initialization Data Type Support</span></h3>
        <section id="licenses-generated-are-independent-of-content-type" typeof="bibo:Chapter" resource="#licenses-generated-are-independent-of-content-type" property="bibo:hasPart">
          <h4 id="h-licenses-generated-are-independent-of-content-type" resource="#h-licenses-generated-are-independent-of-content-type"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.3.1 </span>Licenses Generated are Independent of Content Type</span></h4>
          <p>Implementations <em class="rfc2119" title="SHOULD">SHOULD</em> allow licenses generated with any <a href="#initialization-data-type">Initialization Data Type</a> they support to be used with any content type.</p>
          <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note90"><span>Note</span></div><p class="">Otherwise, the <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code> algorithm might, for example, reject a <a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a> because one of the <code><a href="#widl-MediaKeySystemConfiguration-initDataTypes">initDataTypes</a></code> is not supported with one of the <code><a href="#widl-MediaKeySystemConfiguration-videoCapabilities">videoCapabilities</a></code>.</p></div>
        </section>

        <section id="support-extraction-from-media-data" typeof="bibo:Chapter" resource="#support-extraction-from-media-data" property="bibo:hasPart">
          <h4 id="h-support-extraction-from-media-data" resource="#h-support-extraction-from-media-data"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.3.2 </span>Support Extraction From Media Data</span></h4>
          <p>For any supported <a href="#initialization-data-type">Initialization Data Type</a> that may appear in a supported container, the user agents <em class="rfc2119" title="MUST">MUST</em> support <a href="#initdata-encountered">extracting</a> that type of <a href="#initialization-data">Initialization Data</a> from each such supported container.</p>
          <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note91"><span>Note</span></div><p class="">In other words, indicating support for an <a href="#initialization-data-type">Initialization Data Type</a> implies both CDM support for generating license requests and, for container-specific types, user agent support for extracting it from the container. 
            This does <strong>not</strong> mean that implementations must be able to parse <em>any</em> supported <a href="#initialization-data">Initialization Data</a> from <em>any</em> supported content type.
          </p></div>
        </section>
      </section>

      <section id="media-requirements" typeof="bibo:Chapter" resource="#media-requirements" property="bibo:hasPart">
        <h3 id="h-media-requirements" resource="#h-media-requirements"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.4 </span>Supported Media</span></h3>
        <p>This section defines properties of content (<a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-resource">media resources</a>) supported by implementations of this specification.</p>

        <section id="unencrypted-container" typeof="bibo:Chapter" resource="#unencrypted-container" property="bibo:hasPart">
          <h4 id="h-unencrypted-container" resource="#h-unencrypted-container"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.4.1 </span>Unencrypted Container</span></h4>
          <p>
            The media container <em class="rfc2119" title="MUST NOT">MUST NOT</em> be encrypted.
            This specification relies on the user agent's ability to parse the media container without having to decrypt any of the media data.
            This includes the <a href="#encrypted-block-encountered">Encrypted Block Encountered</a> and <a href="#initdata-encountered">Initialization Data Encountered</a> algorithms as well as supporting standard <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code> [<cite><a class="bibref" href="#bib-HTML5">HTML5</a></cite>] functionality, such as seeking.
          </p>
        </section>

        <section id="interoperably-encrypted" typeof="bibo:Chapter" resource="#interoperably-encrypted" property="bibo:hasPart">
          <h4 id="h-interoperably-encrypted" resource="#h-interoperably-encrypted"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.4.2 </span>Interoperably Encrypted</span></h4>
          <p>
            <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-resource">Media resources</a>, including all tracks, <em class="rfc2119" title="MUST">MUST</em> be encrypted and packaged per a container-specific "common encryption" specification that allows the content to be decrypted in a fully specified and compatible way when a key or keys are provided.
          </p>
          <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note92"><span>Note</span></div><p class="">
            The Encrypted Media Extensions Stream Format and Initialization Data Format Registry [<cite><a class="bibref" href="#bib-EME-REGISTRY">EME-REGISTRY</a></cite>] provides references to such stream formats.
          </p></div>
        </section>

        <section id="unencrypted-in-band-support-content" typeof="bibo:Chapter" resource="#unencrypted-in-band-support-content" property="bibo:hasPart">
          <h4 id="h-unencrypted-in-band-support-content" resource="#h-unencrypted-in-band-support-content"><span property="xhv:role" resource="xhv:heading"><span class="secno">8.4.3 </span>Unencrypted In-band Support Content</span></h4>
          <p>
            In-band support content, such as captions, described audio, and transcripts, <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> be encrypted.
          </p>
          <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note93"><span>Note</span></div><p class="">
            Decryption of such tracks - especially such that they can be provided back the user agent - is not generally supported by implementations.
            Thus, encrypting such tracks would prevent them from being widely available for use with accessibility features in user agent implementations.
          </p></div>
          <p>
            Implementations that choose to support encrypted support content <em class="rfc2119" title="MUST">MUST</em> provide the decrypted data to the user agent to be processed in the same way as equivalent unencrypted <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#timed-text-tracks">timed text tracks</a></code>.
          </p>
        </section>
      </section>

    </section>

    <section id="common-key-systems" typeof="bibo:Chapter" resource="#common-key-systems" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-common-key-systems" resource="#h-common-key-systems"><span property="xhv:role" resource="xhv:heading"><span class="secno">9. </span>Common Key Systems</span></h2>
      <p>All user agents <em class="rfc2119" title="MUST">MUST</em> support the common key systems described in this section.</p><p>
      </p><div class="note"><div class="note-title" aria-level="3" role="heading" id="h-note94"><span>Note</span></div><p class="">This ensures that there is a common baseline level of protection that is guaranteed to be supported in all user agents, including those that are entirely open source.
        Thus, content providers that need only basic protection can build simple applications that will work on all platforms without needing to work with any content protection providers.
      </p></div>

      <section id="clear-key" typeof="bibo:Chapter" resource="#clear-key" property="bibo:hasPart">
        <h3 id="h-clear-key" resource="#h-clear-key"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1 </span>Clear Key</span></h3>
        <p>The <code>"org.w3.clearkey"</code> <a href="#key-system">Key System</a> uses plain-text clear (unencrypted) key(s) to decrypt the source.
        No additional client-side content protection is required.
        This Key System is described below.
        </p>

        <section id="clear-key-capabilities" typeof="bibo:Chapter" resource="#clear-key-capabilities" property="bibo:hasPart">
          <h4 id="h-clear-key-capabilities" resource="#h-clear-key-capabilities"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1.1 </span>Capabilities</span></h4>
          <p>The following describe how Clear Key supports key system-specific capabilities:</p>
          <ul>
            <li><p><a href="#idl-def-MediaKeySystemConfiguration" class="idlType"><code>MediaKeySystemConfiguration</code></a>:</p><p>
              </p><ol>
                <li><p><code><a href="#widl-MediaKeySystemMediaCapability-robustness">robustness</a></code>: Only the empty string is supported.</p></li>
                <li><p><code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code>: <code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code> is not supported.</p></li>
                <li><p><code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code>: Not <code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code> unless the application intends to create non-<code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code> sessions, if supported.</p></li>
              </ol>
            </li>
            <li><p>The <code><a href="#idl-def-MediaKeySessionType.persistent-usage-record">"persistent-usage-record"</a></code> <a href="#idl-def-MediaKeySessionType" class="idlType"><code>MediaKeySessionType</code></a>: Implementations <em class="rfc2119" title="MAY">MAY</em> support this type.</p>
            </li><li><p>The <code><a href="#idl-def-MediaKeySessionType.persistent-license">"persistent-license"</a></code> <a href="#idl-def-MediaKeySessionType" class="idlType"><code>MediaKeySessionType</code></a>: Implementations <em class="rfc2119" title="MAY">MAY</em> support this type.</p></li>
            
            <li><p>The <code><a href="#widl-MediaKeys-setServerCertificate-Promise-void--BufferSource-serverCertificate">setServerCertificate()</a></code> method: Not supported.</p></li>
            <li><p>The <code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys()</a></code> method: Implementations <em class="rfc2119" title="MAY">MAY</em> support associating the <a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a> object with more than one <code><a href="http://www.w3.org/TR/html5/embedded-content-0.html#htmlmediaelement">HTMLMediaElement</a></code>.</p></li>
          </ul>
        </section>

        <section id="clear-key-behavior" typeof="bibo:Chapter" resource="#clear-key-behavior" property="bibo:hasPart">
          <h4 id="h-clear-key-behavior" resource="#h-clear-key-behavior"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1.2 </span>Behavior</span></h4>
          <p>The following describe how Clear Key implements key system-specific behaviors:</p>
          <ul>
            <li><p>In the <code><a href="#widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData">generateRequest()</a></code> algorithm:</p>
              <ul>
                <li><p>The generated <var>message</var> is a JSON object encoded in UTF-8 as described in <a href="#clear-key-request-format">License Request Format</a>.</p></li>
                <li><p>The request is generated by extracting the key IDs from the <var>sanitized init data</var>.</p></li>
                <li><p>The "type" member value is the value of the <var>sessionType</var> parameter.</p></li>
              </ul>
            </li>
            <li><p>The <code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code> attribute is a numerical value representable by a 32-bit integer.</p></li>
            <li><p>The <code><a href="#widl-MediaKeySession-expiration">expiration</a></code> attribute is always <code>NaN</code>.</p></li>
            <li><p>In the <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> algorithm:</p>
              <ul>
                <li>
                  <p>
                    The <var>response</var> parameter is either a JWK Set as described in <a href="#clear-key-license-format">License Format</a>,
                    or a JSON object encoded in UTF-8 as described in <a href="#clear-key-release-ack-format">License Release Acknowledgement Format</a>.
                  </p>
                </li>
                <li>
                  <p>
                    In the first case, <var>sanitized response</var> is considered invalid if it is not a valid JWK Set with at least one valid JWK key of a valid length for the audio/video type.
                    In the second case <var>sanitized response</var> is considered invalid if it is not a valid JSON object.
                  </p>
                </li>
              </ul>
            </li>
            <li>
              <p>
                For sessions of type <code><a href="#idl-def-MediaKeySessionType.persistent-usage-record">"persistent-usage-record"</a></code>, in the <code><a href="#widl-MediaKeySession-remove-Promise-void">remove()</a></code> and <code><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load()</a></code> algorithms, the <var>message</var> reflecting
                the object's <var>record of key usage</var> is a JSON object encoded in UTF-8 as described in <a href="#clear-key-release-format">License Release Format</a>.
              </p>
            </li>
            <li>
              <p>
                The <code><a href="#widl-MediaKeySession-keyStatuses">keyStatuses</a></code> attribute method initially contains all key IDs that have been provided via <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code>, with status <code><a href="#idl-def-MediaKeyStatus.usable">"usable"</a></code>.
                When the <code><a href="#widl-MediaKeySession-remove-Promise-void">remove()</a></code> algorithm is executed, the <code><a href="#widl-MediaKeySession-keyStatuses">keyStatuses</a></code> attribute will be set to an empty list.
              </p>
            </li>
            <li><p><a href="#initialization-data">Initialization Data</a>: Implementations <em class="rfc2119" title="MAY">MAY</em> support any combination of registered Initialization Data Types [<cite><a class="bibref" href="#bib-EME-REGISTRY">EME-REGISTRY</a></cite>].
              Implementations <em class="rfc2119" title="SHOULD">SHOULD</em> support the <code><a href="keyids-format.html">"keyids"</a></code> type and other types appropriate for content types supported by the user agent.
            </p></li>
          </ul>
        </section>

        <section id="clear-key-request-format" typeof="bibo:Chapter" resource="#clear-key-request-format" property="bibo:hasPart">
          <h4 id="h-clear-key-request-format" resource="#h-clear-key-request-format"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1.3 </span>License Request Format</span></h4>
          <p>This section describes the format of the license request provided to the application via the <code><a href="#widl-MediaKeyMessageEvent-message">message</a></code> attribute of the <code><a href="#dom-evt-message">message</a></code> event.</p>

          <p>The format is a JSON object containing the following members:</p>
          <dl>
            <dt>"kids"</dt>
            <dd>An array of <a href="#decryption-key-id">key IDs</a>. Each element of the array is the base64url encoding of the octet sequence containing the key ID value.</dd>
            <dt>"type"</dt>
            <dd>The requested <a href="#idl-def-MediaKeySessionType" class="idlType"><code>MediaKeySessionType</code></a></dd>
          </dl>

          <p>When contained in the ArrayBuffer <code><a href="#widl-MediaKeyMessageEvent-message">message</a></code> attribute of a <a href="#idl-def-MediaKeyMessageEvent" class="idlType"><code>MediaKeyMessageEvent</code></a> object, the JSON string is encoded in UTF-8 as specified in the Encoding specification [<cite><a class="bibref" href="#bib-ENCODING">ENCODING</a></cite>].
            Applications <em class="rfc2119" title="MAY">MAY</em> decode the contents of the ArrayBuffer to a JSON string using the <a href="http://www.w3.org/TR/encoding/#interface-textdecoder">TextDecoder interface</a> [<cite><a class="bibref" href="#bib-ENCODING">ENCODING</a></cite>].
          </p>

          <section id="clear-key-request-format-example" class="informative" typeof="bibo:Chapter" resource="#clear-key-request-format-example" property="bibo:hasPart">
            <h5 id="h-clear-key-request-format-example" resource="#h-clear-key-request-format-example"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1.3.1 </span>Example</span></h5><p><em>This section is non-normative.</em></p>
            <p>The following example is a license request for a temporary license for two key IDs. (Line breaks are for readability only.)</p>
            <div class="example"><div class="example-title"><span>Example 1</span></div><pre class="example highlight prettyprint prettyprinted"><span class="pun">{</span><span class="pln">
  </span><span class="str">"kids"</span><span class="pun">:</span><span class="pln">
    </span><span class="pun">[</span><span class="pln">
     </span><span class="str">"LwVHf8JLtPrv2GUXFW2v_A"</span><span class="pun">,</span><span class="pln">
     </span><span class="str">"0DdtU9od-Bh5L3xbv0Xf_A"</span><span class="pln">
    </span><span class="pun">],</span><span class="pln">
  </span><span class="str">"type"</span><span class="pun">:</span><code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code><span class="pln">
</span><span class="pun">}</span></pre></div>
          </section>
        </section>

        <section id="clear-key-license-format" typeof="bibo:Chapter" resource="#clear-key-license-format" property="bibo:hasPart">
          <h4 id="h-clear-key-license-format" resource="#h-clear-key-license-format"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1.4 </span>License Format</span></h4>
          <p>This section describes the format of the license to be provided via the <var>response</var> parameter of the <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> method.</p>

          <p>The format is a JSON Web Key (JWK) Set containing representation of the symmetric key to be used for decryption, as defined in the JSON Web Key (JWK) specification [<cite><a class="bibref" href="#bib-RFC7517">RFC7517</a></cite>].</p>

          <p>For each JWK in the set, the parameter values are as follows:</p>
          <dl>
            <dt>"kty" (key type)</dt>
            <dd>"oct" (octet sequence)</dd>
            <dt>"k" (key value)</dt>
            <dd>The base64url encoding of the octet sequence containing the symmetric <a href="#decryption-key">key</a> value</dd>
            <dt>"kid" (key ID)</dt>
            <dd>The base64url encoding of the octet sequence containing the <a href="#decryption-key-id">key ID</a> value</dd>
          </dl>

          <p>The JSON object <em class="rfc2119" title="MAY">MAY</em> have an optional "type" member value, which <em class="rfc2119" title="MUST">MUST</em> be one of the <a href="#idl-def-MediaKeySessionType" class="idlType"><code>MediaKeySessionType</code></a> values.
            If not specified, the default value of <code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code> is used.
            The <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> algorithm compares this value to the <var>sessionType</var>.
          </p>

          <p>When passed to the <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> method as the ArrayBuffer <var>response</var> parameter, the JSON string <em class="rfc2119" title="MUST">MUST</em> be encoded in UTF-8 as specified in the Encoding specification [<cite><a class="bibref" href="#bib-ENCODING">ENCODING</a></cite>].
            Applications <em class="rfc2119" title="MAY">MAY</em> encode the JSON string using the <a href="http://www.w3.org/TR/encoding/#interface-textencoder">TextEncoder interface</a> [<cite><a class="bibref" href="#bib-ENCODING">ENCODING</a></cite>].
          </p>

          <section id="clear-key-license-format-example" class="informative" typeof="bibo:Chapter" resource="#clear-key-license-format-example" property="bibo:hasPart">
            <h5 id="h-clear-key-license-format-example" resource="#h-clear-key-license-format-example"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1.4.1 </span>Example</span></h5><p><em>This section is non-normative.</em></p>
            <p>The following example is a JWK Set containing a single symmetric key. (Line breaks are for readability only.)</p>
            <div class="example"><div class="example-title"><span>Example 2</span></div><pre class="example highlight prettyprint prettyprinted"><span class="pun">{</span><span class="pln">
  </span><span class="str">"keys"</span><span class="pun">:</span><span class="pln">
    </span><span class="pun">[{</span><span class="pln">
      </span><span class="str">"kty"</span><span class="pun">:</span><span class="str">"oct"</span><span class="pun">,</span><span class="pln">
      </span><span class="str">"k"</span><span class="pun">:</span><span class="str">"tQ0bJVWb6b0KPL6KtZIy_A"</span><span class="pun">,</span><span class="pln">
      </span><span class="str">"kid"</span><span class="pun">:</span><span class="str">"LwVHf8JLtPrv2GUXFW2v_A"</span><span class="pln">
    </span><span class="pun">}],</span><span class="pln">
  </span><span class="str">'type'</span><span class="pun">:</span><code><a href="#idl-def-MediaKeySessionType.temporary">"temporary"</a></code><span class="pln">
</span><span class="pun">}</span></pre></div>
          </section>
        </section>
    
        <section id="clear-key-release-format" typeof="bibo:Chapter" resource="#clear-key-release-format" property="bibo:hasPart">
        
          <h4 id="h-clear-key-release-format" resource="#h-clear-key-release-format"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1.5 </span>License Release Format</span></h4>
          <p>This section describes the format of the license release message to be provided via the <code><a href="#widl-MediaKeyMessageEvent-message">message</a></code> attribute of the <code><a href="#dom-evt-message">message</a></code> event.</p>
          <p>The format is a JSON object containing the following members:</p>
          <dl>
            <dt>"kids"</dt>
            <dd>An array of <a href="#decryption-key-id">key IDs</a>. Each element of the array is the base64url encoding of the octet sequence containing the key ID value.</dd>
            <dt>"firstTime"</dt>
            <dd>The <a href="#first-decryption-time">first decryption time</a> expressed as a number giving the time, in milliseconds since 01 January, 1970 UTC.</dd>
            <dt>"latestTime"</dt>
            <dd>The <a href="#latest-decryption-time">latest decryption time</a> expressed as a number giving the time, in milliseconds since 01 January, 1970 UTC.</dd>
          </dl>

          <p>When contained in the ArrayBuffer <code><a href="#widl-MediaKeyMessageEvent-message">message</a></code> attribute of a <a href="#idl-def-MediaKeyMessageEvent" class="idlType"><code>MediaKeyMessageEvent</code></a> object, the JSON string is encoded in UTF-8 as specified in the Encoding specification [<cite><a class="bibref" href="#bib-ENCODING">ENCODING</a></cite>].
            Applications <em class="rfc2119" title="MAY">MAY</em> decode the contents of the ArrayBuffer to a JSON string using the <a href="http://www.w3.org/TR/encoding/#interface-textdecoder">TextDecoder interface</a> [<cite><a class="bibref" href="#bib-ENCODING">ENCODING</a></cite>].
          </p>

          <section id="clear-key-release-format-example" class="informative" typeof="bibo:Chapter" resource="#clear-key-release-format-example" property="bibo:hasPart">
            <h5 id="h-clear-key-release-format-example" resource="#h-clear-key-release-format-example"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1.5.1 </span>Example</span></h5><p><em>This section is non-normative.</em></p>
            <p>The following example is a license release for a temporary license for a single key ID. (Line breaks are for readability only.)</p>
            <div class="example"><div class="example-title"><span>Example 3</span></div><pre class="example highlight prettyprint prettyprinted"><span class="pun">{</span><span class="pln">
  </span><span class="str">"kids"</span><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="pln"> </span><span class="str">"LwVHf8JLtPrv2GUXFW2v_A"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"0DdtU9od-Bh5L3xbv0Xf_A"</span><span class="pln"> </span><span class="pun">],</span><span class="pln">
  </span><span class="str">"tfirst"</span><span class="pln"> </span><span class="pun">:</span><span class="pln"> </span><span class="lit">1430425323757</span><span class="pun">,</span><span class="pln">
  </span><span class="str">"tlatest"</span><span class="pln"> </span><span class="pun">:</span><span class="pln"> </span><span class="lit">1430425383757</span><span class="pln">
</span><span class="pun">}</span></pre></div>
          </section>
        </section>
        <section id="clear-key-release-ack-format" typeof="bibo:Chapter" resource="#clear-key-release-ack-format" property="bibo:hasPart">
          <h4 id="h-clear-key-release-ack-format" resource="#h-clear-key-release-ack-format"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1.6 </span>License Release Acknowledgement Format</span></h4>
          <p>This section describes the format of the license release acknowledgement provided via the <var>response</var> parameter of the <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> method.</p>

          <p>The format is a JSON object containing the following members:</p>
          <dl>
            <dt>"kids"</dt>
            <dd>An array of <a href="#decryption-key-id">key IDs</a>. Each element of the array is the base64url encoding of the octet sequence containing the key ID value.</dd>
          </dl>

          <p>When passed to the <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> method as the ArrayBuffer <var>response</var> parameter, the JSON string <em class="rfc2119" title="MUST">MUST</em> be encoded in UTF-8 as specified in the Encoding specification [<cite><a class="bibref" href="#bib-ENCODING">ENCODING</a></cite>].
            Applications <em class="rfc2119" title="MAY">MAY</em> encode the JSON string using the <a href="http://www.w3.org/TR/encoding/#interface-textencoder">TextEncoder interface</a> [<cite><a class="bibref" href="#bib-ENCODING">ENCODING</a></cite>].
          </p>

          <section id="clear-key-release-ack-format-example" class="informative" typeof="bibo:Chapter" resource="#clear-key-release-ack-format-example" property="bibo:hasPart">
            <h5 id="h-clear-key-release-ack-format-example" resource="#h-clear-key-release-ack-format-example"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1.6.1 </span>Example</span></h5><p><em>This section is non-normative.</em></p>
            <p>The following example is a license request for a temporary license for two key IDs. (Line breaks are for readability only.)</p>
            <div class="example"><div class="example-title"><span>Example 4</span></div><pre class="example highlight prettyprint prettyprinted"><span class="pun">{</span><span class="pln">
  </span><span class="str">"kids"</span><span class="pun">:</span><span class="pln">
    </span><span class="pun">[</span><span class="pln">
     </span><span class="str">"LwVHf8JLtPrv2GUXFW2v_A"</span><span class="pun">,</span><span class="pln">
     </span><span class="str">"0DdtU9od-Bh5L3xbv0Xf_A"</span><span class="pln">
    </span><span class="pun">]</span><span class="pln">
</span><span class="pun">}</span></pre></div>
          </section>
        </section>
        <section id="using-base64url" class="informative" typeof="bibo:Chapter" resource="#using-base64url" property="bibo:hasPart">
          <h4 id="h-using-base64url" resource="#h-using-base64url"><span property="xhv:role" resource="xhv:heading"><span class="secno">9.1.7 </span>Using base64url</span></h4><p><em>This section is non-normative.</em></p>
          <p>For more information on base64url and working with it, see the "Base64url Encoding" terminology definition and "Notes on implementing base64url encoding without padding" in [<cite><a class="bibref" href="#bib-RFC7515">RFC7515</a></cite>].
            Specifically, there is no '=' padding, and the characters '-' and '_' <em class="rfc2119" title="MUST">MUST</em> be used instead of '+' and '/', respectively.
          </p>
        </section>
      </section>
    </section>


    <section id="security" typeof="bibo:Chapter" resource="#security" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-security" resource="#h-security"><span property="xhv:role" resource="xhv:heading"><span class="secno">10. </span>Security</span></h2>

      <section id="input-data-security" typeof="bibo:Chapter" resource="#input-data-security" property="bibo:hasPart">
        <h3 id="h-input-data-security" resource="#h-input-data-security"><span property="xhv:role" resource="xhv:heading"><span class="secno">10.1 </span>Input Data Attacks and Vulnerabilities</span></h3>
        <p>User Agent and Key System implementations <em class="rfc2119" title="MUST">MUST</em> consider <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a>, <a href="#initialization-data">Initialization Data</a>, data passed to <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code>, licenses, key data, and all other data provided by the application as untrusted content and potential attack vectors.
          They <em class="rfc2119" title="MUST">MUST</em> use appropriate safeguards to mitigate any associated threats and take care to safely parse, decrypt, etc. such data.
          User Agents <em class="rfc2119" title="SHOULD">SHOULD</em> validate data before passing it to the CDM.
        </p>
        <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note95"><span>Note</span></div><p class="">Such validation is especially important if the CDM does not run in the same (sandboxed) context as, for example, the DOM.</p></div>

        <p>Implementations <em class="rfc2119" title="MUST NOT">MUST NOT</em> return active content or passive content that affects program control flow to the application.</p>
        <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note96"><span>Note</span></div><p class="">For example, it is not safe to expose URLs or other information that may have come from media data, such as is the case for the <a href="#initialization-data">Initialization Data</a> passed to <code><a href="#widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData">generateRequest()</a></code>.
          Applications must determine the URLs to use. The <code><a href="#widl-MediaKeyMessageEvent-messageType">messageType</a></code> attribute of the <code><a href="#dom-evt-message">message</a></code> event can be used by the application to select among a set of URLs if applicable.
        </p></div>
      </section>

      <section id="cdm-security" typeof="bibo:Chapter" resource="#cdm-security" property="bibo:hasPart">
        <h3 id="h-cdm-security" resource="#h-cdm-security"><span property="xhv:role" resource="xhv:heading"><span class="secno">10.2 </span>CDM Attacks and Vulnerabilities</span></h3>
        <p>User Agents are responsible for providing users with a secure way to browse the web, including any functionality, such as CDMs, from third parties.
          User agent implementers <em class="rfc2119" title="MUST">MUST</em> obtain sufficient information from Key System implementers to enable them to properly assess the security implications of integrating with the Key System.
          User agent implementers <em class="rfc2119" title="MUST">MUST</em> ensure CDM implementations provide and/or support sufficient controls for the user agent to provide security for the user.
          User agent implementers <em class="rfc2119" title="MUST">MUST</em> ensure CDM implementations can and will be quickly and proactively updated in the event of security vulnerabilities.
        </p>
        <p>Exploiting a CDM implementation that is not fully sandboxed and/or uses platform features may allow an attacker to access OS or platform features, elevate privilege (e.g. to run as system or root), and/or access drivers, kernel, firmware, hardware, etc.
          Such features, software, and hardware may not be written to be robust against hostile software or web-based attacks and may not be updated with security fixes, especially compared to the user agent.
          Lack of, infrequent, or slow updates for fixes to security vulnerabilities in CDM implementations increases the risk.
          Such CDM implementations and UAs that expose them <em class="rfc2119" title="MUST">MUST</em> be especially careful in all areas of security, including parsing of <a href="#input-data-security">all data</a>.
        </p>
        <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note97"><span>Note</span></div><p class="">User agents should be especially diligent when using a CDM or underlying mechanism that is part of or provided by the client OS, platform and/or hardware.</p></div>

        <!-- TODO: 27165 -->
        <p>If a user agent chooses to support a Key System implementation that cannot be sufficiently sandboxed or otherwise secured, the user agent <em class="rfc2119" title="SHOULD">SHOULD</em> ensure that users are fully informed and/or give explicit consent before loading or invoking it.
          Such implementations <em class="rfc2119" title="SHOULD">SHOULD</em> only be supported on secure contexts to mitigate the potential for <a href="#network-attacks">Network Attacks</a>.
        </p>
        <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note98"><span>Note</span></div><p class="">Granting permissions to unauthenticated origins is equivalent to granting the permissions to any origin in the presence of a network attacker.
          See also <a href="#privacy-prompts">User Alerts / Prompts</a> and <a href="#privacy-secureorigin">Use Secure Origin and Transport</a>.
        </p></div>
      </section>

      <!-- TODO: Update for 26332. -->
      <section id="network-attacks" typeof="bibo:Chapter" resource="#network-attacks" property="bibo:hasPart">
        <h3 id="h-network-attacks" resource="#h-network-attacks"><span property="xhv:role" resource="xhv:heading"><span class="secno">10.3 </span>Network Attacks</span></h3>
        <section class="informative" id="potential-attacks" typeof="bibo:Chapter" resource="#potential-attacks" property="bibo:hasPart">
          <h4 id="h-potential-attacks" resource="#h-potential-attacks"><span property="xhv:role" resource="xhv:heading"><span class="secno">10.3.1 </span>Potential Attacks</span></h4><p><em>This section is non-normative.</em></p>
          <p>Potential network attacks and their implications include:</p>
          <ul>
            <li><p>DNS spoofing attacks: One cannot guarantee that a host claiming to be in a certain domain (<a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>) really is from that domain.</p></li>
            <li><p>Passive network attacks: One cannot guarantee that data, including <a href="#distinctive-identifier">Distinctive Identifiers</a>, transmitted between the client and server is not viewed by other entities. See <a href="#user-tracking">User Tracking</a>.</p></li>
            <li>
              <p>Active network attacks: One cannot guarantee that Additional scripts or iframes are not injected into pages (both those that use these APIs for legitimate purposes and pages that do not use these APIs).
                The consequences are that:
              </p>
              <ul>
                <li><p>Calls to these APIs can be injected into any page.</p></li>
                <li><p>Calls to these APIs from pages using them for legitimate reasons can be manipulated, including modifying the requested functionality, modifying or adding calls, and modifying or injecting data. See also <a href="#input-data-security">Input Data Attacks and Vulnerabilities</a></p></li>
                <li><p>Data, including <a href="#distinctive-identifier">Distinctive Identifiers</a>, transmitted between the client and server can be viewed and/or modified by other entities. See <a href="#user-tracking">User Tracking</a>.</p></li>
              </ul>
            </li>
          </ul>
        </section>
        <section id="mitigations" typeof="bibo:Chapter" resource="#mitigations" property="bibo:hasPart">
          <h4 id="h-mitigations" resource="#h-mitigations"><span property="xhv:role" resource="xhv:heading"><span class="secno">10.3.2 </span>Mitigations</span></h4>
          <p>The following techniques may mitigate the risks:</p>
          <dl>
            <dt>Use TLS</dt>
            <dd>
              <p>Applications using TLS can be sure that only the user, software working on behalf of the user, and other pages using TLS that have certificates identifying them as being from the same domain, can interact with that application.
                Furthermore, <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>-specific permissions in combination with a secure origin, ensure that permissions granted to an application cannot be abused by a network attacker.
              </p>
              <p>User agents <em class="rfc2119" title="MAY">MAY</em> choose to only support these APIs and/or specific Key Systems (i.e. based on privacy and security risks) on secure origins.
                This is especially important if a user agent chooses to support a Key System implementation that cannot be sufficiently sandboxed or otherwise secured.
                See also <a href="#privacy-secureorigin">Secure Origin and Transport</a>.
              </p>
            </dd>

            <dt>Block Mixed Content</dt>
            <dd>
              <p>User agents <em class="rfc2119" title="MUST">MUST</em> properly handle Mixed Content [<cite><a class="bibref" href="#bib-MIXED-CONTENT">MIXED-CONTENT</a></cite>], including blocking "Blockable Content" [<cite><a class="bibref" href="#bib-MIXED-CONTENT">MIXED-CONTENT</a></cite>] to avoid potential exposure to insecure content.
                Such exposure could compromise other mitigations, such as use of TLS.
              </p>
              <p>User agents <em class="rfc2119" title="MAY">MAY</em> choose to block all Mixed Content, including "Optionally-blockable Content" [<cite><a class="bibref" href="#bib-MIXED-CONTENT">MIXED-CONTENT</a></cite>] to further increase security by preventing <a href="#input-data-security">untrusted media data</a> from being passed to the CDM (see <a href="#cdm-security">CDM Attacks and Vulnerabilities</a>).</p>
            </dd>

            <dt id="security-prompts">Per-origin user alerts / prompts and permissions</dt>
            <dd>
              <p>User Agents <em class="rfc2119" title="SHOULD">SHOULD</em> ensure that users are fully informed and/or give explicit consent before a Key System that presents security concerns that are greater than other user agent features (e.g. DOM content) may be accessed by an <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>.
                Such alerts and consent <em class="rfc2119" title="SHOULD">SHOULD</em> be per <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> to avoid valid uses enabling subsequent malicious access.
                (A full <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> <em class="rfc2119" title="MUST">MUST</em> be used rather than just the domain because the protocol is important for security as described above.)
                User agents <em class="rfc2119" title="SHOULD">SHOULD</em> only persist consent for secure origins (see <a href="#privacy-secureorigin">Secure Origin and Transport</a>), to mitigate the potential for future abuse via <a href="#network-attacks">Network Attacks</a>.
              </p>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note99"><span>Note</span></div><p class="">Granting permissions to unauthenticated origins is equivalent to granting the permissions to any origin in the presence of a network attacker.
                Alerting or prompting the user for consent on insecure origins without persisting the choice provides at least a minimum level of security because the user would be alerted to unexpected use (e.g. on a site that does not have protected media.
              </p></div>
            </dd>
          </dl>
        </section>
      </section>

      <section id="iframe-attacks" typeof="bibo:Chapter" resource="#iframe-attacks" property="bibo:hasPart">
        <h3 id="h-iframe-attacks" resource="#h-iframe-attacks"><span property="xhv:role" resource="xhv:heading"><span class="secno">10.4 </span><code>iframe</code> Attacks</span></h3>
        <section class="informative" id="potential-attacks-1" typeof="bibo:Chapter" resource="#potential-attacks-1" property="bibo:hasPart">
          <h4 id="h-potential-attacks-1" resource="#h-potential-attacks-1"><span property="xhv:role" resource="xhv:heading"><span class="secno">10.4.1 </span>Potential Attacks</span></h4><p><em>This section is non-normative.</em></p>
          <p>Malicious pages could host legitimate applications in an iframe in an attempt hide an attack or deceive the user as to the source, such as making the use appear to be from a legitimate content provider.
            This is especially relevent for user agents that support have <a href="#security-prompts">user alerts, prompts, and/or permissions</a>.
            In addition to <a href="#network-attacks">Network Attacks</a>, attackers could try to exploit legitimate uses of these APIs by hosting them in an <code>iframe</code>.
            By having the legitimate application performing the actions, the attacker can reuse existing granted permissions (or whitelisting) and/or appear to be a legitimate request or use.
          </p>
        </section>
        <section id="mitigations-1" typeof="bibo:Chapter" resource="#mitigations-1" property="bibo:hasPart">
          <h4 id="h-mitigations-1" resource="#h-mitigations-1"><span property="xhv:role" resource="xhv:heading"><span class="secno">10.4.2 </span>Mitigations</span></h4>
          <p>User agents are <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> to base the UI and persistence of <a href="#security-prompts">user alerts, prompts, and/or permissions</a> on the combination of <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of the top-level <a href="https://dom.spec.whatwg.org/#concept-document">Document</a> and the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> using these APIs.
            This ensures that users are informed of the main document making the request and that persisting a permission for one (legitimate) combination does not inadvertently allow malicious use to go undetected.
          </p>
          <p>Authors are <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> to prevent other entities from hosting their applications in <code>iframe</code>s.
            Applications that must support being hosted for legitimate application-design reasons <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> allow hosting documents to provide <a href="#input-data-security">any data to be passed to the CDM</a> - either via these APIs or as media data - and <em class="rfc2119" title="SHOULD NOT">SHOULD NOT</em> allow hosting frames to invoke these APIs.
          </p>
        </section>
      </section>

      <section id="cross-directory-attacks" class="informative" typeof="bibo:Chapter" resource="#cross-directory-attacks" property="bibo:hasPart">
        <h3 id="h-cross-directory-attacks" resource="#h-cross-directory-attacks"><span property="xhv:role" resource="xhv:heading"><span class="secno">10.5 </span>Cross-Directory Attacks</span></h3><p><em>This section is non-normative.</em></p>
        <p>Different authors sharing one host name, for example users hosting content on <code>geocities.com</code>, all share one <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>.
          User agents do not provide features to restrict access to APIs by pathname.
        </p>
        <p>Using these APIs on shared hosts compromises origin-based security and privacy mitigations implemented by user agents.
          For example, per-origin <a href="#distinctive-identifier">Distinctive Identifiers</a> are shared by all authors on one host name, and peristed data may be accessed and manipulated by any author on the host.
          The latter is especially important if, for example, modification or deletion of such data could erase a user's right to specific content.
        </p>
        <div class="note"><div class="note-title" aria-level="4" role="heading" id="h-note100"><span>Note</span></div><p class="">Even if a path-restriction feature was made available by user agents, the usual DOM scripting security model would make it trivial to bypass this protection and access the data from any path.</p></div>
        <p>Authors on shared hosts are therefore <em class="rfc2119" title="RECOMMENDED">RECOMMENDED</em> to avoid using these APIs because doing so compromises origin-based security and privacy mitigations in user agents.</p>
      </section>

    </section>

    <section id="privacy" typeof="bibo:Chapter" resource="#privacy" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-privacy" resource="#h-privacy"><span property="xhv:role" resource="xhv:heading"><span class="secno">11. </span>Privacy</span></h2>

      <p>The presence or use of Key System(s) on a user's device raises a number of privacy issues, falling into two categories: (a) user-specific information that may be disclosed by the EME interface itself or within Key System messages and (b) user-specific information that may be persistently stored on the user's device.</p>
      <p>User Agents <em class="rfc2119" title="MUST">MUST</em> take responsibility for providing users with adequate control over their own privacy.
        Since User Agents may integrate with third party CDM implementations, CDM implementers <em class="rfc2119" title="MUST">MUST</em> provide sufficient information and controls to user agent implementers to enable them to implement appropriate techniques to ensure users have control over their privacy, including but not limited to the techniques described below.
      </p>

      <section id="privacy-disclosure" typeof="bibo:Chapter" resource="#privacy-disclosure" property="bibo:hasPart">
        <h3 id="h-privacy-disclosure" resource="#h-privacy-disclosure"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.1 </span>Information Disclosed by EME and Key Systems</span></h3>
        <p>Concerns regarding information disclosed by EME and Key Systems fall into two categories: (a) concerns about non-specific information that may nevertheless contribute to the possibility of fingerprinting a user agent or device and (b) user-specific information that may be used directly for <a href="#user-tracking">user tracking</a>.</p>
      </section>

      <section id="privacy-fingerprinting" typeof="bibo:Chapter" resource="#privacy-fingerprinting" property="bibo:hasPart">
        <h3 id="h-privacy-fingerprinting" resource="#h-privacy-fingerprinting"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.2 </span>Fingerprinting</span></h3>
        <p>Malicious applications may be able to fingerprint users or user agents by detecting or enumerating the list of Key Systems that are supported and related information.
          If proper origin protections are not provided this could include detection of sites that have been visited and information stored for those sites. In particular, Key Systems <em class="rfc2119" title="MUST">MUST</em> not share key or other data between <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origins</a>.
        </p>
      </section>

      <section id="privacy-leakage" typeof="bibo:Chapter" resource="#privacy-leakage" property="bibo:hasPart">
        <h3 id="h-privacy-leakage" resource="#h-privacy-leakage"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.3 </span>Information Leakage</span></h3>
        <section class="informative" id="concerns" typeof="bibo:Chapter" resource="#concerns" property="bibo:hasPart">
          <h4 id="h-concerns" resource="#h-concerns"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.3.1 </span>Concerns</span></h4><p><em>This section is non-normative.</em></p>
          <p>CDMs, especially those implemented outside the user agent, may not have the same fundamental isolations as the web platform.
            It is important that steps be taken to avoid information leakage, especially across origins.
            This includes both in-memory and stored data.
            Failure to do so could lead to information leakage to/from private browsing sessions, across profiles, and even across different browsers, applications, and operating system user accounts.
          </p>
        </section>
        <section id="mitigations-2" typeof="bibo:Chapter" resource="#mitigations-2" property="bibo:hasPart">
          <h4 id="h-mitigations-2" resource="#h-mitigations-2"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.3.2 </span>Mitigations</span></h4>
          <p>To avoid such issues, user agent and CDM implementations <em class="rfc2119" title="MUST">MUST</em> ensure that:</p>
          <ul>
            <li><p>CDMs have a concept of a CDM instance that is associated one-to-one with a MediaKeys object.</p></li>
            <li><p>Keys, licenses, other session data, and the presence of sessions are restricted to the CDM instance associated with the MediaKeys object that created the session.</p></li>
            <li><p>Session data is not shared between MediaKeys objects or CDM instances.</p></li>
            <li><p>Session data is not shared with media elements not associated with the MediaKeys object that created the session.
              Among other things, this means a session's keys <em class="rfc2119" title="MUST">MUST</em> not be used to decrypt content loaded by a media element whose <code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code> attribute is not that MediaKeys object.
            </p></li>
            <li><p>MediaKeys objects and the underlying implementation do not expose information outside the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>.</p></li>
            <li><p>Persisted session data, if applicable, is stored on a per-<a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> basis.</p></li>
            <li><p>Only data stored by the requesting <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> may be loaded.</p></li>
          </ul>
        </section>
      </section>

      <section id="user-tracking" typeof="bibo:Chapter" resource="#user-tracking" property="bibo:hasPart">
        <h3 id="h-user-tracking" resource="#h-user-tracking"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.4 </span>User Tracking</span></h3>
        <section class="informative" id="concerns-1" typeof="bibo:Chapter" resource="#concerns-1" property="bibo:hasPart">
          <h4 id="h-concerns-1" resource="#h-concerns-1"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.4.1 </span>Concerns</span></h4><p><em>This section is non-normative.</em></p>
          <p>A third-party host (or any entity, such as an advertiser, capable of getting content distributed to multiple sites) could use a <a href="#distinctive-identifier">Distinctive Identifier</a> or data, including keys, stored in the <a href="#cdm">CDM</a>'s client-side database to track a user across multiple sessions (including across profiles and user accounts on the client device), building a profile of the user's activities or interests.
            Such tracking would undermine the privacy protections provided by the rest of the web platform and could, for example, enable highly-targeted advertising not otherwise possible.
            In conjunction with a site that is aware of the user's real identity (for example, a content provider or e-commerce site that requires authenticated credentials), this could allow oppressive groups to target individuals with greater accuracy than in a world with purely anonymous Web usage.
          </p>

          <p>User- or client-specific information that could be obtained via the APIs in this specification includes:</p>
          <ul>
            <li><p><a href="#distinctive-identifier">Distinctive Identifier(s)</a></p></li>
            <li><p>Origins visisted (via stored or in-memory data, permissions, etc.)</p></li>
            <li><p>Content viewed (via stored or in-memory keys, key IDs, data, etc.)</p></li>
          </ul>
          <p>This specification presents a specific concern because such information is commonly stored outside the user agent (and its profile storage), often in the CDM.</p>

          <p>Key Systems may access or create persistent or semi-persistent identifier(s), <a href="#distinctive-identifier">Distinctive Identifier(s)</a>, for a device or user of a device.
            In some cases these identifiers may be bound to a specific device in a secure manner.
            If these identifiers are present in Key System messages, then devices and/or users may be tracked.
            If the mitigations below are not applied this could include both tracking of users / devices over time and associating multiple users of a given device.
          </p>

          <p>It is important to note that such identifiers, especially those that are non-clearable, non-<a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>-specific or hardware-bound, exceed the tracking impact of existing techniques such as cookies [<cite><a class="bibref" href="#bib-COOKIES">COOKIES</a></cite>] or session identifiers embedded in URLs.</p>

          <p>If not mitigated, such tracking may take three forms depending on the design of the Key System:</p>
          <ul>
            <li><p>In all cases, such identifiers are expected to be available to sites and/or servers that fully support the Key System (and thus can interpret Key System messages) enabling tracking by such sites.</p></li>
            <li><p>If identifiers exposed by Key Systems are not origin-specific, then two sites and/or servers that fully support the Key System may collude to track the user.</p></li>
            <li><p>If Key System messages contain information derived from a user identifier in a consistent manner, for example such that a portion of the initial Key System message for a specific content item does not change over time and is dependent on the user identifier, then this information could be used by any application to track the device or user over time.</p></li>
          </ul>

          <p>In addition, if a Key System permits keys to be stored and to be re-used between origins, then it may be possible for two origins to collude and track a unique user by recording their ability to access a common key.</p>
          <p>Finally, if any user interface for user control of Key Systems presents data separately from data in HTTP session cookies [<cite><a class="bibref" href="#bib-COOKIES">COOKIES</a></cite>] or persistent storage, then users are likely to modify site authorization or delete data in one and not the others.
            This would allow sites to use the various features as redundant backup for each other, defeating a user's attempts to protect his privacy.
          </p>

          <p>The following section describes techniques that may mitigate the risks of tracking without user consent.</p>
        </section>
        <section id="mitigations-3" typeof="bibo:Chapter" resource="#mitigations-3" property="bibo:hasPart">
          <h4 id="h-mitigations-3" resource="#h-mitigations-3"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.4.2 </span>Mitigations</span></h4>
          <dl>
            <dt>Do not use <a href="#distinctive-identifier">Distinctive Identifiers</a></dt>
            <dd>
              <p>Key System implementations <em class="rfc2119" title="SHOULD">SHOULD</em> avoid using <a href="#distinctive-identifier">Distinctive Identifiers</a> whenever possible and only use them when they meaningfully contribute to the robustness of the implementation.
                See <a href="#limit-or-avoid-use-of-distinctive-identifiers">Limit or Avoid use of Distinctive Identifiers</a>.
              </p>
            </dd>

            <dt>User deletion of <a href="#distinctive-identifier">Distinctive Identifiers</a></dt>
            <dd>
              <p>User agents <em class="rfc2119" title="MUST">MUST</em> provide users with the ability to clear any <a href="#distinctive-identifier">Distinctive Identifiers</a> maintained by Key Systems.
                See <a href="#allow-identifiers-cleared">Allow Identifiers to be Cleared</a>.
              </p>
            </dd>

            <dt>Use of (non-reversible) per-origin identifiers</dt>
            <dd>
              <!-- TODO: Bug 27269 -->
              <p>Implementations that use <a href="#distinctive-identifier">Distinctive Identifiers</a> <em class="rfc2119" title="MUST">MUST</em> use a different value for each <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>, either by allocation of different identifiers for different origins or by use of a non-reversible origin-specific mapping from an origin-independent identifier.
                See <a href="#per-origin-identifiers">Use Per-Origin Identifiers</a> and <a href="#non-reversible-identifiers">non-reversible identifiers</a>.
              </p>
            </dd>

            <dt>Encryption of <a href="#distinctive-identifier">Distinctive Identifiers</a></dt>
            <dd>
              <p><a href="#distinctive-identifier">Distinctive Identifiers</a> in Key System messages <em class="rfc2119" title="MUST">MUST</em> be encrypted, together with a timestamp or nonce, such that the Key System messages are always different.
                This prevents the use of Key System messages for tracking except by servers fully supporting the Key System.
                See <a href="#encrypt-identifiers">Encrypt Identifiers</a>.
              </p>
            </dd>

            <dt>Blocking third-party access</dt>
            <dd>
              <!-- TODO: Bug 27269 -->
              <p>User agents <em class="rfc2119" title="MAY">MAY</em> restrict access to Key Systems and/or features to scripts originating at the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> of the top-level <a href="https://dom.spec.whatwg.org/#concept-document">Document</a> of the browsing context.
                For example, <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code> may deny requests for certain configurations for pages from other origins running in <code>iframe</code>s.
              </p>
            </dd>

            <dt>Expiring stored data</dt>
            <dd>
              <p>User agents <em class="rfc2119" title="MAY">MAY</em>, possibly in a manner configured by the user, automatically delete <a href="#distinctive-identifier">Distinctive Identifiers</a> and/or other Key System data after a period of time.</p>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note101"><span>Note</span></div><div class="">
                <p>For example, a user agent could be configured to such data as session-only storage, deleting the data once the user had closed all the browsing contexts that could access it.</p>
                <p>This can restrict the ability of a site to track a user, as the site would then only be able to track the user across multiple sessions when he authenticates with the site itself (e.g. by making a purchase or logging in to a service).</p>
                <p>However, this can also put the user's access to content, especially purchased or rented content, at risk if the user does not fully understand the implications of such expiration.</p>
              </div></div>
            </dd>

            <dt id="like-cookies">Treating <a href="#distinctive-identifier">Distinctive Identifiers</a> and Key System stored data like cookies / web storage</dt>
            <dd>
              <p>User agents <em class="rfc2119" title="SHOULD">SHOULD</em> present the presence of <a href="#distinctive-identifier">Distinctive Identifiers</a> and data stored by Key Systems to the user in a way that associates them strongly with HTTP session cookies [<cite><a class="bibref" href="#bib-COOKIES">COOKIES</a></cite>].
                This might encourage users to view such identifiers with healthy suspicion.
                User agents <em class="rfc2119" title="SHOULD">SHOULD</em> help the user avoid <a href="#incomplete-clearing">Incomplete Clearing of Data</a>.
              </p>
            </dd>

            <dt>Site-specific white-listing of access to each Key System</dt>
            <dd>
              <p>User agents <em class="rfc2119" title="MAY">MAY</em> require the user to explicitly authorize access to each Key System - and/or certain features - before a site can use it.
                User agents <em class="rfc2119" title="SHOULD">SHOULD</em> enable users to revoke this authorization either temporarily or permanently.
              </p>
            </dd>

            <dt>Shared blacklists</dt>
            <dd>
              <p>User agents <em class="rfc2119" title="MAY">MAY</em> allow users to share their Key System <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> blacklists.
                This would allow communities to act together to protect their privacy.
              </p>
            </dd>

            <dt id="privacy-prompts">Per-origin user alerts / prompts and permissions</dt>
            <dd>
              <p>User agents <em class="rfc2119" title="MUST">MUST</em> ensure that users are fully informed and/or give explicit consent before <a href="#distinctive-identifier">Distinctive Identifier(s)</a> are exposed, such as in messages from the Key System implementation.</p>
              <p>User agents <em class="rfc2119" title="MUST">MUST</em> prompt or otherwise inform the user before allowing use of a <a href="#distinctive-identifier">Distinctive Identifier</a> that is not <a href="#per-origin-identifiers">unique per-origin</a> and/or not <a href="#allow-identifiers-cleared">clearable</a> is used.
                User agents <em class="rfc2119" title="SHOULD">SHOULD</em> prompt or otherwise inform the user before allowing use of all other <a href="#distinctive-identifier">Distinctive Identifier</a>.
              </p>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note102"><span>Note</span></div><p class="">The "not unique per-origin" and "not clearable" conditions cannot be true in a compliant implementation because implementations <em class="rfc2119" title="MUST">MUST</em> <a href="#per-origin-identifiers">use per-origin identifiers</a> and <a href="#allow-identifiers-cleared">allow the user to clear identifiers</a>.</p></div>
              <p>Such alerts and consent <em class="rfc2119" title="SHOULD">SHOULD</em> be per <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> to avoid valid uses enabling subsequent malicious access.
                User agent implementers that consider such alerts or consent appropriate for a Key System implementation <em class="rfc2119" title="SHOULD">SHOULD</em> only support such Key Systems on secure origins (see <a href="#privacy-secureorigin">Secure Origin and Transport</a>), especially if they allow such consent to be persisted.
              </p>
              <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note103"><span>Note</span></div><p class="">Granting permissions to unauthenticated origins is equivalent to granting the permissions to any origin in the presence of a network attacker.</p></div>
            </dd>

            <dt>User controls to disable Key Systems or Key System use of identifiers</dt>
            <dd>
              <p>User Agents <em class="rfc2119" title="SHOULD">SHOULD</em> provide users with a global control of whether a Key System is enabled and/or whether Key System use of <a href="#distinctive-identifier">Distinctive Identifier(s)</a> is enabled (if supported by the Key System).
                User agents <em class="rfc2119" title="SHOULD">SHOULD</em> help the user avoid <a href="#incomplete-clearing">Incomplete Clearing of Data</a>.
              </p>
            </dd>
          </dl>

          <div class="note"><div class="note-title" aria-level="5" role="heading" id="h-note104"><span>Note</span></div><p class="">While these suggestions prevent trivial use of this API for user tracking, they do not block it altogether.
            Within a single origin, a site can continue to track the user during a session, and can then pass all this information to a third party along with any identifying information (names, credit card numbers, addresses) obtained by the site.
            If a third party cooperates with multiple sites to obtain such information, and if identifiers are not <!-- TODO: Bug 27269 --><a href="#per-origin-identifiers">unique per-origin</a>, then a profile can still be created.
          </p></div>
        </section>

        <!-- TODO: This is out of place as a sub-section here. -->
        <section id="privacy-individualization" typeof="bibo:Chapter" resource="#privacy-individualization" property="bibo:hasPart">
          <h4 id="h-privacy-individualization" resource="#h-privacy-individualization"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.4.3 </span>Individualization</span></h4>
          <p><a href="#distinctive-identifier">Distinctive Identifier(s)</a> are sometimes obtained via a process called individualization or provisioning.</p>
          <p>Individualization <em class="rfc2119" title="MAY">MAY</em> be origin-independent or per-origin.
            The resulting identifier <em class="rfc2119" title="MUST">MUST</em> be origin-independent or per-origin, respectively.
            In the former case the resulting identifier <em class="rfc2119" title="MUST NOT">MUST NOT</em> be provided to the application.
            The mechanisms and flow are for the two types of individualization are different, as described in the following sections.
          </p>
          <p>In all cases, implementations <em class="rfc2119" title="SHOULD">SHOULD</em> avoid sending <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin(s)</a> or <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>-specific information to centralized servers since this could create a central record of all origins visited by a user or device.</p>
          <p>Individualizaiton <em class="rfc2119" title="MAY">MAY</em> be performed multiple times, such as after identifier(s) are <a href="#allow-identifiers-cleared">cleared</a>.</p>

          <section id="origin-independent-individualization" typeof="bibo:Chapter" resource="#origin-independent-individualization" property="bibo:hasPart">
            <h5 id="h-origin-independent-individualization" resource="#h-origin-independent-individualization"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.4.3.1 </span>Origin-Independent Individualization</span></h5>
            <p><a href="http://www.w3.org/TR/html5/browsers.html#origin-0">Origin</a>-independent individualization is performed between the <a href="#cdm">CDM</a> and an origin- and application-independent server.
              The process <em class="rfc2119" title="MUST">MUST</em> be performed by the user agent and <em class="rfc2119" title="MUST NOT">MUST NOT</em> use these APIs.
            </p>
            <div class="note"><div class="note-title" aria-level="6" role="heading" id="h-note105"><span>Note</span></div><p class="">For example, such a process may initialize a client device by communicating with a pre-determined server hosted by the user agent or CDM vendor, possibly using identifiers from the client device.
              Such communication would not involve providing application- or origin-specific information.
            </p></div>
            <p>The resulting identifier <em class="rfc2119" title="MUST">MUST</em> be origin- and application-independent.
              Such identifiers <em class="rfc2119" title="MUST NOT">MUST NOT</em> be provided to applications (see <a href="#per-origin-identifiers">Use Per-Origin Identifiers</a>), even encrypted.
              Implementations <em class="rfc2119" title="MAY">MAY</em> derive <a href="#non-reversible-identifiers">non-reversible</a> per-origin identifiers from such identifiers and provide those to the application (<a href="#encrypt-identifiers">encrypted</a>)
            </p>
            <p>For such individualization, all message exchanges:</p>
            <ul>
              <li><p><em class="rfc2119" title="MUST">MUST</em> be handled by the user agent and performed by the user agent via the user agent's network stack.</p></li>
              <li><p><em class="rfc2119" title="MUST NOT">MUST NOT</em> be performed directly by the CDM.</p></li>
              <li><p><em class="rfc2119" title="MUST NOT">MUST NOT</em> be passed to or through the application via these APIs.</p></li>
              <li><p><em class="rfc2119" title="MUST">MUST</em> be sent to a URL selected independently of any origin and application.</p></li>
            </ul>
          </section>

          <section id="per-origin-individualization" typeof="bibo:Chapter" resource="#per-origin-individualization" property="bibo:hasPart">
            <h5 id="h-per-origin-individualization" resource="#h-per-origin-individualization"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.4.3.2 </span>Per-Origin Individualization</span></h5>
            <p>Per-<a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> individualization is performed between the <a href="#cdm">CDM</a> and an application-selected server and results in a per-origin identifier.
              The process <em class="rfc2119" title="MUST">MUST</em> be performed via these APIs and <em class="rfc2119" title="MUST NOT">MUST NOT</em> involve other types of communication.
              Any <a href="#distinctive-identifier">Distinctive Identifiers</a> used <em class="rfc2119" title="MUST">MUST</em> be origin-specific.
            </p>
            <p>For such individualization, all message exchanges:</p>
            <ul>
              <li><p><em class="rfc2119" title="MUST">MUST</em> be passed to or through the application via these APIs (message type <code><a href="#idl-def-MediaKeyMessageType.individualization-request">"individualization-request"</a></code>).</p></li>
              <li><p><em class="rfc2119" title="MUST NOT">MUST NOT</em> be performed by the user agent.</p></li>
              <li><p><em class="rfc2119" title="MUST NOT">MUST NOT</em> be performed directly by the CDM.</p></li>
              <li><p><em class="rfc2119" title="MUST NOT">MUST NOT</em> contain non-origin-specific per-client information, such as a <a href="#distinctive-identifier">Distinctive Identifier</a>.</p></li>
              <li><p>As with all other uses of the APIs, responses passed to the CDM <em class="rfc2119" title="MUST NOT">MUST NOT</em> contain executable code.</p></li>
            </ul>
            <p>With appropriate precautions, such individualization can provide better privacy than origin-independent individualization, though not as good as models that do not use <a href="#distinctive-identifier">Distinctive Identifiers</a>.
              To preserve the benefits of such a design and to avoid introducing other privacy concerns:
            </p>
            <ul>
              <li><p>Such implementations <em class="rfc2119" title="MUST NOT">MUST NOT</em> use <a href="#distinctive-identifier">Distinctive Identifier(s)</a> for a device or user of a device in the individualization process.</p></li>
              <li><p>Such implementations and the applications that support them <em class="rfc2119" title="SHOULD">SHOULD</em> also avoid deferring or forwarding individualization messages to a central server or other server not controlled by the application author.</p></li>
            </ul>
          </section>
        </section>
      </section>

      <section id="privacy-storedinfo" typeof="bibo:Chapter" resource="#privacy-storedinfo" property="bibo:hasPart">
        <h3 id="h-privacy-storedinfo" resource="#h-privacy-storedinfo"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.5 </span>Information Stored on User Devices</span></h3>
        <section class="informative" id="concerns-2" typeof="bibo:Chapter" resource="#concerns-2" property="bibo:hasPart">
          <h4 id="h-concerns-2" resource="#h-concerns-2"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.5.1 </span>Concerns</span></h4><p><em>This section is non-normative.</em></p>
          <p>Key Systems may store information on a user's device, or user agents may store information on behalf of Key Systems.
            Potentially, this could reveal information about a user to another user of the same device, including potentially the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origins</a> that have used a particular Key System (i.e. sites visited) or even the content that has been decrypted using a Key System.
          </p>
          <p>If information stored by one origin affects the operation of the Key System for another origin, then potentially the sites visited or content viewed by a user on one site may be revealed to another, potentially malicious, site.</p>
          <p>If information stored for one browsing profile, browser, or user account on the client device affects the operation of the Key System for other profiles, browsers, or accounts, then potentially the sites visited or content viewed by in one may be revealed by or correlatable with another profile, browser, or account.</p>
        </section>
        <section id="mitigations-4" typeof="bibo:Chapter" resource="#mitigations-4" property="bibo:hasPart">
          <h4 id="h-mitigations-4" resource="#h-mitigations-4"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.5.2 </span>Mitigations</span></h4>
          <p>In summary, user agent and CDM implementations that allow the CDM to persist data:</p>
          <ul>
            <li><p><em class="rfc2119" title="MUST">MUST</em> ensure it is restricted to the <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> for which it was created.</p></li>
            <li><p><em class="rfc2119" title="MUST">MUST</em> ensure it is restricted to the current profile and does not leak to or from private browsing sessions.</p></li>
            <li><p><em class="rfc2119" title="MUST">MUST</em> allow the user to clear it, preferably by <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>.</p></li>
            <li><p><em class="rfc2119" title="SHOULD">SHOULD</em> treat it like other site data, including presenting it along with cookies [<cite><a class="bibref" href="#bib-COOKIES">COOKIES</a></cite>], including it in "remove all data", and presenting it in the same UI locations.</p></li>
          </ul>

          <dl>
            <dt>Origin-specific Key System storage</dt>
            <dd>
              <p>Any data persistently stored by the CDM that might impact messages or behavior in an application- or license server-visible way <em class="rfc2119" title="MUST">MUST</em> be stored in an <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>-specific way.
                Session data, licenses, and keys that are persistently stored <em class="rfc2119" title="MUST">MUST</em> be stored per-<a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>.
                See <a href="#session-storage">Session Storage and Persistence</a>.
              </p>
            </dd>

            <dt>User deletion of Key System storage</dt>
            <dd>
              <p>User agents <em class="rfc2119" title="SHOULD">SHOULD</em> present the user with a way to delete Key System storage for a specific <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a> or all origins.
                User agents <em class="rfc2119" title="SHOULD">SHOULD</em> help the user avoid <a href="#incomplete-clearing">Incomplete Clearing of Data</a>.
              </p>
            </dd>

            <dt>Treating <a href="#distinctive-identifier">Distinctive Identifiers</a> and Key System stored data like cookies / web storage</dt>
            <dd>
              <p>See the <a href="#like-cookies">identical section above</a>.</p>
            </dd>

            <dt>Encryption or obfuscation of Key System stored data</dt>
            <dd>
              <p>User agents <em class="rfc2119" title="SHOULD">SHOULD</em> treat data stored by Key Systems as potentially sensitive; it is quite possible for user privacy to be compromised by the release of this information.
                To this end, user agents <em class="rfc2119" title="SHOULD">SHOULD</em> ensure that such data is securely stored and when deleting data, it is promptly deleted from the underlying storage.
              </p>
            </dd>
          </dl>
        </section>
      </section>

      <section id="incomplete-clearing" typeof="bibo:Chapter" resource="#incomplete-clearing" property="bibo:hasPart">
        <h3 id="h-incomplete-clearing" resource="#h-incomplete-clearing"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.6 </span>Incomplete Clearing of Data</span></h3>
        <section class="informative" id="concerns-3" typeof="bibo:Chapter" resource="#concerns-3" property="bibo:hasPart">
          <h4 id="h-concerns-3" resource="#h-concerns-3"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.6.1 </span>Concerns</span></h4><p><em>This section is non-normative.</em></p>
          <p>A user's attempts to protect his or her privacy by clearing <a href="#distinctive-identifier">Distinctive Identifiers</a> and stored data and/or disabling a Key System may be defeated if all such data and functionality as well as cookies [<cite><a class="bibref" href="#bib-COOKIES">COOKIES</a></cite>] and other site data are not cleared and/or disabled at the same time.
            For example:
          </p>
          <ul>
            <li><p>If a user clears cookies or other persistent storage without also clearing <a href="#distinctive-identifier">Distinctive Identifiers</a> and data stored by Key Systems, sites can defeat those attempts by using the various features as redundant backup for each other.</p></li>
            <li><p>If a user disables a key system, especially for a specific <a href="http://www.w3.org/TR/html5/browsers.html#origin-0">origin</a>, without also clearing cookies or other persistent storage, sites can defeat those attempts by using the remaining features.</p></li>
            <li><p>If a user disables a key system, then later decide to enable the key system, without also clearing clearing cookies or other persistent storage, <a href="#distinctive-identifier">Distinctive Identifiers</a>, and data stored by Key Systems, sites may be able to associate data prior to the disabling with data and behavior after the key system is re-enabled.</p></li>
          </ul>
        </section>
        <section id="mitigations-5" typeof="bibo:Chapter" resource="#mitigations-5" property="bibo:hasPart">
          <h4 id="h-mitigations-5" resource="#h-mitigations-5"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.6.2 </span>Mitigations</span></h4>
          <p>User agents <em class="rfc2119" title="SHOULD">SHOULD</em> present the interfaces for clearing <a href="#distinctive-identifier">Distinctive Identifiers</a> and Key System stored data in a way that helps users to understand this possibility and enables them to delete data in all persistent identification and storage features, including HTTP session cookies [<cite><a class="bibref" href="#bib-COOKIES">COOKIES</a></cite>] and web storage, simultaneously.
            Likewise, User agents <em class="rfc2119" title="SHOULD">SHOULD</em> present the interfaces for disabling and re-enabling a Key System in a way that helps users to understand this possibility and enables them to delete all such data in all persistent storage features simultaneously.
          </p>
        </section>
      </section>

      <section id="private-browsing" typeof="bibo:Chapter" resource="#private-browsing" property="bibo:hasPart">
        <h3 id="h-private-browsing" resource="#h-private-browsing"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.7 </span>Private Browsing Modes</span></h3>
        <p>User agents may support a mode (e.g. private browsing) of operation intended to preserve user anonymity and/or ensure records of browsing activity are not persisted on the client.
          The privacy concerns discussed in previous sections may be expecially concerning for users employing such modes.
        </p>
        <p>User agent implementers that support such mode(s) <em class="rfc2119" title="SHOULD">SHOULD</em> carefully consider whether access to Key Systems should be disabled in these mode(s).
          For example, such modes <em class="rfc2119" title="MAY">MAY</em> prohibit creation of <a href="#idl-def-MediaKeySystemAccess" class="idlType"><code>MediaKeySystemAccess</code></a> objects that support or use <code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code> or a <code><a href="#widl-MediaKeySystemConfiguration-distinctiveIdentifier">distinctiveIdentifier</a></code> (either as part of the CDM implementation or because the application indicated they were <code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code>).
          If implementations do not prohibit such creation, they <em class="rfc2119" title="SHOULD">SHOULD</em> inform the user of the implications and potential consequences for the expected privacy properties of such modes before allowing their use.
        </p>
      </section>

      <section id="privacy-secureorigin" typeof="bibo:Chapter" resource="#privacy-secureorigin" property="bibo:hasPart">
        <h3 id="h-privacy-secureorigin" resource="#h-privacy-secureorigin"><span property="xhv:role" resource="xhv:heading"><span class="secno">11.8 </span>Secure Origin and Transport</span></h3>
        <p>In order to protect identifiers and other information discussed in previous sections, user agents <em class="rfc2119" title="MAY">MAY</em> choose to only support these APIs and/or specific Key Systems (i.e. based on privacy and security risks) on secure origins.
        This is especially important if a user agent chooses to support a Key System implementation that expose <a href="#distinctive-identifier">Distinctive Identifiers</a> or other such information without effectively anonymizing it in transit.
        </p>
        <p>Regardless of user agent limitations, applications <em class="rfc2119" title="SHOULD">SHOULD</em> use secure transport (e.g. HTTPS) for all traffic containing messages from the CDM (i.e. all data passed from <code><a href="#dom-evt-message">message</a></code> events and to <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code>).</p>
        <p>All user agents <em class="rfc2119" title="MUST">MUST</em> properly handle Mixed Content [<cite><a class="bibref" href="#bib-MIXED-CONTENT">MIXED-CONTENT</a></cite>] to avoid exposure to insecure content or transport when the user agent or application wish to enforce secure origin and transport.</p>
      </section>

    </section>

    <section id="examples" class="informative" typeof="bibo:Chapter" resource="#examples" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-examples" resource="#h-examples"><span property="xhv:role" resource="xhv:heading"><span class="secno">12. </span>Examples</span></h2><p><em>This section is non-normative.</em></p>
      <p>This section contains example solutions for various use cases using the proposed extensions.
      These are not the only solutions to these use cases.
      Video elements are used in the examples, but the same would apply to all media elements.
      In some cases, such as using synchronous XHR, the examples are simplified to keep the focus on the extensions.
      </p>

      <section id="example-source-and-key-known" typeof="bibo:Chapter" resource="#example-source-and-key-known" property="bibo:hasPart">
        <h3 id="h-example-source-and-key-known" resource="#h-example-source-and-key-known"><span property="xhv:role" resource="xhv:heading"><span class="secno">12.1 </span>Source and Key Known at Page Load (Clear Key)</span></h3>
        <p class="exampledescription">In this simple example, the source file and <a href="#clear-key">clear-text license</a> are hard-coded in the page.
        Only one session will ever be created.</p>

        <div class="example"><div class="example-title"><span>Example 5</span></div><pre class="example highlight prettyprint prettyprinted"><span class="tag">&lt;script&gt;</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> onLoad</span><span class="pun">()</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> video </span><span class="pun">=</span><span class="pln"> document</span><span class="pun">.</span><span class="pln">getElementById</span><span class="pun">(</span><span class="str">'video'</span><span class="pun">);</span><span class="pln">

    </span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(!</span><span class="pln">video</span><span class="pun">.</span><code><a href="#widl-HTMLMediaElement-mediaKeys">mediaKeys</a></code><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
      navigator</span><span class="pun">.</span><code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess</a></code><span class="pun">(</span><span class="str">'org.w3.clearkey'</span><span class="pun">,</span><span class="pln"> </span><span class="pun">[</span><span class="pln">
        </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemConfiguration-initDataTypes">initDataTypes</a></code><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="str">'webm'</span><span class="pun">],</span><span class="pln">
          </span><code><a href="#widl-MediaKeySystemConfiguration-videoCapabilities">videoCapabilities</a></code><span class="pun">:</span><span class="pln"> </span><span class="pun">[{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'video/webm; codecs="vp8"'</span><span class="pln"> </span><span class="pun">}]</span><span class="pln"> </span><span class="pun">}</span><span class="pln">
      </span><span class="pun">]).</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
        </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">keySystemAccess</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
          </span><span class="kwd">var</span><span class="pln"> promise </span><span class="pun">=</span><span class="pln">  keySystemAccess</span><span class="pun">.</span><code><a href="#widl-MediaKeySystemAccess-createMediaKeys-Promise-MediaKeys">createMediaKeys</a></code><span class="pun">();</span><span class="pln">
          promise</span><span class="pun">.</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
            console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Unable to create MediaKeys'</span><span class="pun">)</span><span class="pln">
          </span><span class="pun">);</span><span class="pln">
          promise</span><span class="pun">.</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
            </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">createdMediaKeys</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
              </span><span class="kwd">return</span><span class="pln"> video</span><span class="pun">.</span><code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys</a></code><span class="pun">(</span><span class="pln">createdMediaKeys</span><span class="pun">);</span><span class="pln">
            </span><span class="pun">}</span><span class="pln">
          </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
            console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Unable to set MediaKeys'</span><span class="pun">)</span><span class="pln">
          </span><span class="pun">);</span><span class="pln">
          promise</span><span class="pun">.</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
            </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">createdMediaKeys</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
              </span><span class="kwd">var</span><span class="pln"> te </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> </span><span class="typ">TextEncoder</span><span class="pun">();</span><span class="pln">
              </span><span class="kwd">var</span><span class="pln"> initData </span><span class="pun">=</span><span class="pln"> te</span><span class="pun">.</span><span class="pln">encode</span><span class="pun">(</span><span class="pln"> </span><span class="str">'{"kids":["LwVHf8JLtPrv2GUXFW2v_A"]}'</span><span class="pun">);</span><span class="pln">
              </span><span class="kwd">var</span><span class="pln"> keySession </span><span class="pun">=</span><span class="pln"> createdMediaKeys</span><span class="pun">.</span><code><a href="#widl-MediaKeys-createSession-MediaKeySession-MediaKeySessionType-sessionType">createSession</a></code><span class="pun">();</span><span class="pln">
              keySession</span><span class="pun">.</span><span class="pln">addEventListener</span><span class="pun">(</span><span class="str">"</span><code><a href="#dom-evt-message">message</a></code><span class="str">"</span><span class="pun">,</span><span class="pln"> handleMessage</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">false</span><span class="pun">);</span><span class="pln">
              </span><span class="kwd">return</span><span class="pln"> keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData">generateRequest</a></code><span class="pun">(</span><span class="str">'keyids'</span><span class="pun">,</span><span class="pln"> initData</span><span class="pun">);</span><span class="pln">
            </span><span class="pun">}</span><span class="pln">
          </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
            console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Unable to create or initialize key session'</span><span class="pun">)</span><span class="pln">
          </span><span class="pun">);</span><span class="pln">
        </span><span class="pun">}</span><span class="pln">
      </span><span class="pun">);</span><span class="pln">
    </span><span class="pun">}</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="kwd">function</span><span class="pln"> handleMessage</span><span class="pun">(</span><span class="pln">event</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> keySession </span><span class="pun">=</span><span class="pln"> event</span><span class="pun">.</span><span class="pln">target</span><span class="pun">;</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> te </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> </span><span class="typ">TextEncoder</span><span class="pun">();</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> license </span><span class="pun">=</span><span class="pln"> te</span><span class="pun">.</span><span class="pln">encode</span><span class="pun">(</span><span class="str">'{"keys":[{"kty":"oct","k":"tQ0bJVWb6b0KPL6KtZIy_A","kid":"LwVHf8JLtPrv2GUXFW2v_A"}],"type":"temporary"}'</span><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update</a></code><span class="pun">(</span><span class="pln">license</span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
      console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'update() failed'</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">
</span><span class="tag">&lt;/script&gt;</span><span class="pln">

</span><span class="tag">&lt;body</span><span class="pln"> </span><span class="atn">onload</span><span class="pun">=</span><span class="atv">'</span><span class="pln">onLoad</span><span class="pun">()</span><span class="atv">'</span><span class="tag">&gt;</span><span class="pln">
  </span><span class="tag">&lt;video</span><span class="pln"> </span><span class="atn">src</span><span class="pun">=</span><span class="atv">'foo.webm'</span><span class="pln"> </span><span class="atn">autoplay</span><span class="pln"> </span><span class="atn">id</span><span class="pun">=</span><span class="atv">'video'</span><span class="tag">&gt;&lt;/video&gt;</span><span class="pln">
</span><span class="tag">&lt;/body&gt;</span></pre></div>
      </section>

      <section id="example-selecting-key-system" typeof="bibo:Chapter" resource="#example-selecting-key-system" property="bibo:hasPart">
        <h3 id="h-example-selecting-key-system" resource="#h-example-selecting-key-system"><span property="xhv:role" resource="xhv:heading"><span class="secno">12.2 </span>Selecting a Supported Key System and Using Initialization Data from the "encrypted" Event</span></h3>
        <p class="exampledescription">This example selects a supported <a href="#key-system">Key System</a> using the <code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess()</a></code> method then uses
        the <a href="#initialization-data">Initialization Data</a> from the <a href="http://www.w3.org/TR/html5/embedded-content-0.html#media-data">media data</a> to generate the license request and send it to the appropriate license server.
        One of the supported key systems uses a serverCertificate, which is provided proactively.
        </p>

        <div class="example"><div class="example-title"><span>Example 6</span></div><pre class="example highlight prettyprint prettyprinted"><span class="tag">&lt;script&gt;</span><span class="pln">
  </span><span class="kwd">var</span><span class="pln"> licenseUrl</span><span class="pun">;</span><span class="pln">
  </span><span class="kwd">var</span><span class="pln"> serverCertificate</span><span class="pun">;</span><span class="pln">

  </span><span class="com">// Returns a Promise&lt;</span><a href="#idl-def-MediaKeys" class="idlType"><code>MediaKeys</code></a><span class="com">&gt;.</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> createSupportedKeySystem</span><span class="pun">()</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    someSystemOptions </span><span class="pun">=</span><span class="pln"> </span><span class="pun">[</span><span class="pln">
     </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemConfiguration-initDataTypes">initDataTypes</a></code><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="str">'keyids'</span><span class="pun">,</span><span class="pln"> </span><span class="str">'webm'</span><span class="pun">],</span><span class="pln">
       </span><code><a href="#widl-MediaKeySystemConfiguration-audioCapabilities">audioCapabilities</a></code><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="pln">
         </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'audio/webm; codecs="opus"'</span><span class="pln"> </span><span class="pun">},</span><span class="pln">
         </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'audio/webm; codecs="vorbis"'</span><span class="pln"> </span><span class="pun">}</span><span class="pln">
       </span><span class="pun">],</span><span class="pln">
       </span><code><a href="#widl-MediaKeySystemConfiguration-videoCapabilities">videoCapabilities</a></code><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="pln">
         </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'video/webm; codecs="vp9"'</span><span class="pln"> </span><span class="pun">},</span><span class="pln">
         </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'video/webm; codecs="vp8"'</span><span class="pln"> </span><span class="pun">}</span><span class="pln">
       </span><span class="pun">]</span><span class="pln">
     </span><span class="pun">}</span><span class="pln">
    </span><span class="pun">];</span><span class="pln">
    clearKeyOptions </span><span class="pun">=</span><span class="pln"> </span><span class="pun">[</span><span class="pln">
     </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemConfiguration-initDataTypes">initDataTypes</a></code><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="str">'keyids'</span><span class="pun">,</span><span class="pln"> </span><span class="str">'webm'</span><span class="pun">],</span><span class="pln">
       </span><code><a href="#widl-MediaKeySystemConfiguration-audioCapabilities">audioCapabilities</a></code><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="pln">
         </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'audio/webm; codecs="opus"'</span><span class="pln"> </span><span class="pun">},</span><span class="pln">
         </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'audio/webm; codecs="vorbis"'</span><span class="pln"> </span><span class="pun">}</span><span class="pln">
       </span><span class="pun">],</span><span class="pln">
       </span><code><a href="#widl-MediaKeySystemConfiguration-videoCapabilities">videoCapabilities</a></code><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="pln">
         </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'video/webm; codecs="vp9"'</span><span class="pun">,</span><span class="pln">
           </span><code><a href="#widl-MediaKeySystemMediaCapability-robustness">robustness</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'foo'</span><span class="pln"> </span><span class="pun">},</span><span class="pln">
         </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'video/webm; codecs="vp9"'</span><span class="pun">,</span><span class="pln">
           </span><code><a href="#widl-MediaKeySystemMediaCapability-robustness">robustness</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'bar'</span><span class="pln"> </span><span class="pun">},</span><span class="pln">
         </span><span class="pun">{</span><span class="pln"> </span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'video/webm; codecs="vp8"'</span><span class="pun">,</span><span class="pln">
           </span><code><a href="#widl-MediaKeySystemMediaCapability-robustness">robustness</a></code><span class="pun">:</span><span class="pln"> </span><span class="str">'bar'</span><span class="pln"> </span><span class="pun">},</span><span class="pln">
       </span><span class="pun">]</span><span class="pln">
     </span><span class="pun">}</span><span class="pln">
    </span><span class="pun">];</span><span class="pln">

    </span><span class="kwd">return</span><span class="pln"> navigator</span><span class="pun">.</span><code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess</a></code><span class="pun">(</span><span class="str">'com.example.somesystem'</span><span class="pun">,</span><span class="pln"> someSystemOptions</span><span class="pun">).</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
      </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">keySystemAccess</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
        </span><span class="com">// Not shown:</span><span class="pln">
        </span><span class="com">// 1. Use both attributes of keySystemAccess.</span><code><a href="#widl-MediaKeySystemAccess-getConfiguration-MediaKeySystemConfiguration">getConfiguration()</a></code><span class="com">.</span><code><a href="#widl-MediaKeySystemConfiguration-audioCapabilities">audioCapabilities</a></code><span class="com">[0]</span><span class="pln">
        </span><span class="com">//    and both attributes of keySystemAccess.</span><code><a href="#widl-MediaKeySystemAccess-getConfiguration-MediaKeySystemConfiguration">getConfiguration()</a></code><span class="com">.</span><code><a href="#widl-MediaKeySystemConfiguration-videoCapabilities">videoCapabilities</a></code><span class="com">[0]</span><span class="pln">
        </span><span class="com">//    to retrieve appropriate stream(s).</span><span class="pln">
        </span><span class="com">// 2. Set video.src.</span><span class="pln">

        licenseUrl </span><span class="pun">=</span><span class="pln"> </span><span class="str">'https://license.example.com/getkey'</span><span class="pun">;</span><span class="pln">
        serverCertificate </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> </span><span class="typ">Uint8Array</span><span class="pun">([</span><span class="pln"> </span><span class="pun">...</span><span class="pln"> </span><span class="pun">]);</span><span class="pln">
        </span><span class="kwd">return</span><span class="pln"> keySystemAccess</span><span class="pun">.</span><code><a href="#widl-MediaKeySystemAccess-createMediaKeys-Promise-MediaKeys">createMediaKeys</a></code><span class="pun">();</span><span class="pln">
      </span><span class="pun">}</span><span class="pln">
    </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
      </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">error</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
        </span><span class="com">// Try the next key system.</span><span class="pln">
        navigator</span><span class="pun">.</span><code><a href="#widl-Navigator-requestMediaKeySystemAccess-Promise-MediaKeySystemAccess--DOMString-keySystem-sequence-MediaKeySystemConfiguration--supportedConfigurations">requestMediaKeySystemAccess</a></code><span class="pun">(</span><span class="str">'org.w3.clearkey'</span><span class="pun">,</span><span class="pln"> clearKeyOptions</span><span class="pun">).</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
          </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">keySystemAccess</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
            </span><span class="com">// Not shown:</span><span class="pln">
            </span><span class="com">// 1. Use keySystemAccess.</span><code><a href="#widl-MediaKeySystemAccess-getConfiguration-MediaKeySystemConfiguration">getConfiguration()</a></code><span class="com">.</span><code><a href="#widl-MediaKeySystemConfiguration-audioCapabilities">audioCapabilities</a></code><span class="com">[0].</span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pln">
            </span><span class="com">//    and keySystemAccess.</span><code><a href="#widl-MediaKeySystemAccess-getConfiguration-MediaKeySystemConfiguration">getConfiguration()</a></code><span class="com">.</span><code><a href="#widl-MediaKeySystemConfiguration-videoCapabilities">videoCapabilities</a></code><span class="com">[0].</span><code><a href="#widl-MediaKeySystemMediaCapability-contentType">contentType</a></code><span class="pln">
            </span><span class="com">//    to retrieve appropriate stream(s).</span><span class="pln">
            </span><span class="com">// 2. Set video.src.</span><span class="pln">

            licenseUrl </span><span class="pun">=</span><span class="pln"> </span><span class="str">'https://license.example.com/clearkey/request'</span><span class="pun">;</span><span class="pln">
            </span><span class="kwd">return</span><span class="pln"> keySystemAccess</span><span class="pun">.</span><code><a href="#widl-MediaKeySystemAccess-createMediaKeys-Promise-MediaKeys">createMediaKeys</a></code><span class="pun">();</span><span class="pln">
          </span><span class="pun">}</span><span class="pln">
        </span><span class="pun">);</span><span class="pln">
      </span><span class="pun">}</span><span class="pln">
    </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
      console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Unable to instantiate a key system supporting the required combinations'</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="kwd">function</span><span class="pln"> handleInitData</span><span class="pun">(</span><span class="pln">event</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> video </span><span class="pun">=</span><span class="pln"> event</span><span class="pun">.</span><span class="pln">target</span><span class="pun">;</span><span class="pln">
    </span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(</span><span class="pln">video</span><span class="pun">.</span><span class="pln">mediaKeysObject </span><span class="pun">===</span><span class="pln"> </span><span class="kwd">undefined</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
      video</span><span class="pun">.</span><span class="pln">mediaKeysObject </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">null</span><span class="pun">;</span><span class="pln"> </span><span class="com">// Prevent entering this path again.</span><span class="pln">
      video</span><span class="pun">.</span><span class="pln">pendingSessionData </span><span class="pun">=</span><span class="pln"> </span><span class="pun">[];</span><span class="pln"> </span><span class="com">// Will store all initData until the MediaKeys is ready.</span><span class="pln">
      createSupportedKeySystem</span><span class="pun">().</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
        </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">createdMediaKeys</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
          video</span><span class="pun">.</span><span class="pln">mediaKeysObject </span><span class="pun">=</span><span class="pln"> createdMediaKeys</span><span class="pun">;</span><span class="pln">

          </span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(</span><span class="pln">serverCertificate</span><span class="pun">)</span><span class="pln">
            createdMediaKeys</span><span class="pun">.</span><code><a href="#widl-MediaKeys-setServerCertificate-Promise-void--BufferSource-serverCertificate">setServerCertificate</a></code><span class="pun">(</span><span class="pln">serverCertificate</span><span class="pun">);</span><span class="pln">

          </span><span class="kwd">for</span><span class="pln"> </span><span class="pun">(</span><span class="kwd">var</span><span class="pln"> i </span><span class="pun">=</span><span class="pln"> </span><span class="lit">0</span><span class="pun">;</span><span class="pln"> i </span><span class="pun">&lt;</span><span class="pln"> video</span><span class="pun">.</span><span class="pln">pendingSessionData</span><span class="pun">.</span><span class="pln">length</span><span class="pun">;</span><span class="pln"> i</span><span class="pun">++)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
            </span><span class="kwd">var</span><span class="pln"> data </span><span class="pun">=</span><span class="pln"> video</span><span class="pun">.</span><span class="pln">pendingSessionData</span><span class="pun">[</span><span class="pln">i</span><span class="pun">];</span><span class="pln">
            makeNewRequest</span><span class="pun">(</span><span class="pln">video</span><span class="pun">.</span><span class="pln">mediaKeysObject</span><span class="pun">,</span><span class="pln"> data</span><span class="pun">.</span><span class="pln">initDataType</span><span class="pun">,</span><span class="pln"> data</span><span class="pun">.</span><span class="pln">initData</span><span class="pun">);</span><span class="pln">
          </span><span class="pun">}</span><span class="pln">
          video</span><span class="pun">.</span><span class="pln">pendingSessionData </span><span class="pun">=</span><span class="pln"> </span><span class="pun">[];</span><span class="pln">

          </span><span class="kwd">return</span><span class="pln"> video</span><span class="pun">.</span><code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys</a></code><span class="pun">(</span><span class="pln">createdMediaKeys</span><span class="pun">);</span><span class="pln">
        </span><span class="pun">}</span><span class="pln">
      </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
        console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Failed to create and initialize a MediaKeys object'</span><span class="pun">)</span><span class="pln">
      </span><span class="pun">);</span><span class="pln">
    </span><span class="pun">}</span><span class="pln">
    addSession</span><span class="pun">(</span><span class="pln">video</span><span class="pun">,</span><span class="pln"> event</span><span class="pun">.</span><code><a href="#widl-MediaEncryptedEventInit-initDataType">initDataType</a></code><span class="pun">,</span><span class="pln"> event</span><span class="pun">.</span><code><a href="#widl-MediaEncryptedEventInit-initData">initData</a></code><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="kwd">function</span><span class="pln"> addSession</span><span class="pun">(</span><span class="pln">video</span><span class="pun">,</span><span class="pln"> initDataType</span><span class="pun">,</span><span class="pln"> initData</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(</span><span class="pln">video</span><span class="pun">.</span><span class="pln">mediaKeysObject</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
      makeNewRequest</span><span class="pun">(</span><span class="pln">video</span><span class="pun">.</span><span class="pln">mediaKeysObject</span><span class="pun">,</span><span class="pln"> initDataType</span><span class="pun">,</span><span class="pln"> initData</span><span class="pun">);</span><span class="pln">
    </span><span class="pun">}</span><span class="pln"> </span><span class="kwd">else</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
      video</span><span class="pun">.</span><span class="pln">pendingSessionData</span><span class="pun">.</span><span class="pln">push</span><span class="pun">({</span><span class="pln">initDataType</span><span class="pun">:</span><span class="pln"> initDataType</span><span class="pun">,</span><span class="pln"> initData</span><span class="pun">:</span><span class="pln"> initData</span><span class="pun">});</span><span class="pln">
    </span><span class="pun">}</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="kwd">function</span><span class="pln"> makeNewRequest</span><span class="pun">(</span><span class="pln">mediaKeys</span><span class="pun">,</span><span class="pln"> initDataType</span><span class="pun">,</span><span class="pln"> initData</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> keySession </span><span class="pun">=</span><span class="pln"> mediaKeys</span><span class="pun">.</span><code><a href="#widl-MediaKeys-createSession-MediaKeySession-MediaKeySessionType-sessionType">createSession</a></code><span class="pun">();</span><span class="pln">
    keySession</span><span class="pun">.</span><span class="pln">addEventListener</span><span class="pun">(</span><span class="str">"</span><code><a href="#dom-evt-message">message</a></code><span class="str">"</span><span class="pun">,</span><span class="pln"> licenseRequestReady</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">false</span><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData">generateRequest</a></code><span class="pun">(</span><span class="pln">initDataType</span><span class="pun">,</span><span class="pln"> initData</span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
      console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Unable to create or initialize key session'</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="kwd">function</span><span class="pln"> licenseRequestReady</span><span class="pun">(</span><span class="pln">event</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> request </span><span class="pun">=</span><span class="pln"> event</span><span class="pun">.</span><code><a href="#widl-MediaKeyMessageEvent-message">message</a></code><span class="pun">;</span><span class="pln">

    </span><span class="kwd">var</span><span class="pln"> xmlhttp </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> </span><span class="typ">XMLHttpRequest</span><span class="pun">();</span><span class="pln">
    xmlhttp</span><span class="pun">.</span><span class="pln">keySession </span><span class="pun">=</span><span class="pln"> event</span><span class="pun">.</span><span class="pln">target</span><span class="pun">;</span><span class="pln">
    xmlhttp</span><span class="pun">.</span><span class="pln">open</span><span class="pun">(</span><span class="str">"POST"</span><span class="pun">,</span><span class="pln"> licenseUrl</span><span class="pun">);</span><span class="pln">
    xmlhttp</span><span class="pun">.</span><span class="pln">onreadystatechange </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">function</span><span class="pun">()</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
      </span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(</span><span class="pln">xmlhttp</span><span class="pun">.</span><span class="pln">readyState </span><span class="pun">==</span><span class="pln"> </span><span class="lit">4</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
        </span><span class="kwd">var</span><span class="pln"> license </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> </span><span class="typ">Uint8Array</span><span class="pun">(</span><span class="pln">xmlhttp</span><span class="pun">.</span><span class="pln">response</span><span class="pun">);</span><span class="pln">
        xmlhttp</span><span class="pun">.</span><span class="pln">keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update</a></code><span class="pun">(</span><span class="pln">license</span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
          console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'update() failed'</span><span class="pun">)</span><span class="pln">
        </span><span class="pun">);</span><span class="pln">
      </span><span class="pun">}</span><span class="pln">
    </span><span class="pun">}</span><span class="pln">
    xmlhttp</span><span class="pun">.</span><span class="pln">send</span><span class="pun">(</span><span class="pln">request</span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">
</span><span class="tag">&lt;/script&gt;</span><span class="pln">

</span><span class="tag">&lt;video</span><span class="pln"> </span><span class="atn">autoplay</span><span class="pln"> </span><code><a href="#widl-HTMLMediaElement-onencrypted">onencrypted</a></code><span class="pun">=</span><span class="atv">'handleInitData(event)'</span><span class="tag">&gt;&lt;/video&gt;</span></pre></div>
      </section>

      <section id="example-mediakeys-before-source" typeof="bibo:Chapter" resource="#example-mediakeys-before-source" property="bibo:hasPart">
        <h3 id="h-example-mediakeys-before-source" resource="#h-example-mediakeys-before-source"><span property="xhv:role" resource="xhv:heading"><span class="secno">12.3 </span>Create MediaKeys Before Loading Media</span></h3>
        <p class="exampledescription">Initialization is much simpler if encrypted events do not need to be handled during MediaKeys initialization.
        This can be accomplished either by providing the <a href="#initialization-data">Initialization Data</a> in other ways or setting the source after the MediaKeys object has been created.
        This example does the latter.
        </p>

        <div class="example"><div class="example-title"><span>Example 7</span></div><pre class="example highlight prettyprint prettyprinted"><span class="tag">&lt;script&gt;</span><span class="pln">
  </span><span class="kwd">var</span><span class="pln"> licenseUrl</span><span class="pun">;</span><span class="pln">
  </span><span class="kwd">var</span><span class="pln"> serverCertificate</span><span class="pun">;</span><span class="pln">
  </span><span class="kwd">var</span><span class="pln"> mediaKeys</span><span class="pun">;</span><span class="pln">

  </span><span class="com">// See the previous example for implementations of these functions.</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> createSupportedKeySystem</span><span class="pun">()</span><span class="pln"> </span><span class="pun">{</span><span class="pln"> </span><span class="pun">...</span><span class="pln"> </span><span class="pun">}</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> makeNewRequest</span><span class="pun">(</span><span class="pln">mediaKeys</span><span class="pun">,</span><span class="pln"> initDataType</span><span class="pun">,</span><span class="pln"> initData</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln"> </span><span class="pun">...</span><span class="pln"> </span><span class="pun">}</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> licenseRequestReady</span><span class="pun">(</span><span class="pln">event</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln"> </span><span class="pun">...</span><span class="pln"> </span><span class="pun">}</span><span class="pln">

  </span><span class="kwd">function</span><span class="pln"> handleInitData</span><span class="pun">(</span><span class="pln">event</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    makeNewRequest</span><span class="pun">(</span><span class="pln">mediaKeys</span><span class="pun">,</span><span class="pln"> event</span><span class="pun">.</span><code><a href="#widl-MediaEncryptedEventInit-initDataType">initDataType</a></code><span class="pun">,</span><span class="pln"> event</span><span class="pun">.</span><code><a href="#widl-MediaEncryptedEventInit-initData">initData</a></code><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  createSupportedKeySystem</span><span class="pun">().</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
    </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">createdMediaKeys</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
      mediaKeys </span><span class="pun">=</span><span class="pln"> createdMediaKeys</span><span class="pun">;</span><span class="pln">
      </span><span class="kwd">var</span><span class="pln"> video </span><span class="pun">=</span><span class="pln"> document</span><span class="pun">.</span><span class="pln">getElementById</span><span class="pun">(</span><span class="str">"v"</span><span class="pun">);</span><span class="pln">
      video</span><span class="pun">.</span><span class="pln">src </span><span class="pun">=</span><span class="pln"> </span><span class="str">'foo.webm'</span><span class="pun">;</span><span class="pln">
      </span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(</span><span class="pln">serverCertificate</span><span class="pun">)</span><span class="pln">
        mediaKeys</span><span class="pun">.</span><code><a href="#widl-MediaKeys-setServerCertificate-Promise-void--BufferSource-serverCertificate">setServerCertificate</a></code><span class="pun">(</span><span class="pln">serverCertificate</span><span class="pun">);</span><span class="pln">
      </span><span class="kwd">return</span><span class="pln"> video</span><span class="pun">.</span><code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys</a></code><span class="pun">(</span><span class="pln">mediaKeys</span><span class="pun">);</span><span class="pln">
    </span><span class="pun">}</span><span class="pln">
  </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
    console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Failed to create and initialize a MediaKeys object'</span><span class="pun">)</span><span class="pln">
  </span><span class="pun">);</span><span class="pln">
</span><span class="tag">&lt;/script&gt;</span><span class="pln">

</span><span class="tag">&lt;video</span><span class="pln"> </span><span class="atn">id</span><span class="pun">=</span><span class="atv">"v"</span><span class="pln"> </span><span class="atn">autoplay</span><span class="pln"> </span><code><a href="#widl-HTMLMediaElement-onencrypted">onencrypted</a></code><span class="pun">=</span><span class="atv">'handleInitData(event)'</span><span class="tag">&gt;&lt;/video&gt;</span></pre></div>
      </section>

      <section id="example-using-all-events" typeof="bibo:Chapter" resource="#example-using-all-events" property="bibo:hasPart">
        <h3 id="h-example-using-all-events" resource="#h-example-using-all-events"><span property="xhv:role" resource="xhv:heading"><span class="secno">12.4 </span>Using All Events</span></h3>
        <p class="exampledescription">This is a more complete example showing all events being used.</p>
        <p class="exampledescription">Note that <code>handleMessage()</code> could be called multiple times, including in response to the <code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update()</a></code> call if multiple round trips are required and for any other reason the Key System might need to send a message.</p>

        <div class="example"><div class="example-title"><span>Example 8</span></div><pre class="example highlight prettyprint prettyprinted"><span class="tag">&lt;script&gt;</span><span class="pln">
  </span><span class="kwd">var</span><span class="pln"> licenseUrl</span><span class="pun">;</span><span class="pln">
  </span><span class="kwd">var</span><span class="pln"> serverCertificate</span><span class="pun">;</span><span class="pln">
  </span><span class="kwd">var</span><span class="pln"> mediaKeys</span><span class="pun">;</span><span class="pln">

  </span><span class="com">// See previous examples for implementations of these functions.</span><span class="pln">
  </span><span class="com">// createSupportedKeySystem() additionally sets renewalUrl.</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> createSupportedKeySystem</span><span class="pun">()</span><span class="pln"> </span><span class="pun">{</span><span class="pln"> </span><span class="pun">...</span><span class="pln"> </span><span class="pun">}</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> handleInitData</span><span class="pun">(</span><span class="pln">event</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln"> </span><span class="pun">...</span><span class="pln"> </span><span class="pun">}</span><span class="pln">

  </span><span class="com">// This replaces the implementation in the previous example.</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> makeNewRequest</span><span class="pun">(</span><span class="pln">mediaKeys</span><span class="pun">,</span><span class="pln"> initDataType</span><span class="pun">,</span><span class="pln"> initData</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> keySession </span><span class="pun">=</span><span class="pln"> mediaKeys</span><span class="pun">.</span><code><a href="#widl-MediaKeys-createSession-MediaKeySession-MediaKeySessionType-sessionType">createSession</a></code><span class="pun">();</span><span class="pln">
    keySession</span><span class="pun">.</span><span class="pln">addEventListener</span><span class="pun">(</span><span class="str">'</span><code><a href="#dom-evt-message">message</a></code><span class="str">'</span><span class="pun">,</span><span class="pln"> handleMessage</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">false</span><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><span class="pln">addEventListener</span><span class="pun">(</span><span class="str">'</span><code><a href="#dom-evt-keystatuseschange">keystatuseschange</a></code><span class="str">'</span><span class="pun">,</span><span class="pln"> handlekeyStatusesChange</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">false</span><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-closed">closed</a></code><span class="pun">.</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
      console</span><span class="pun">.</span><span class="pln">log</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Session closed'</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData">generateRequest</a></code><span class="pun">(</span><span class="pln">initDataType</span><span class="pun">,</span><span class="pln"> initData</span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
      console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Unable to create or initialize key session'</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="kwd">function</span><span class="pln"> handleMessageResponse</span><span class="pun">(</span><span class="pln">keySession</span><span class="pun">,</span><span class="pln"> response</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> license </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> </span><span class="typ">Uint8Array</span><span class="pun">(</span><span class="pln">response</span><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update</a></code><span class="pun">(</span><span class="pln">license</span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
      </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">err</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
        console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">(</span><span class="str">'update() failed: '</span><span class="pln"> </span><span class="pun">+</span><span class="pln"> err</span><span class="pun">);</span><span class="pln">
      </span><span class="pun">}</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="kwd">function</span><span class="pln"> sendMessage</span><span class="pun">(</span><span class="pln">type</span><span class="pun">,</span><span class="pln"> message</span><span class="pun">,</span><span class="pln"> keySession</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> url </span><span class="pun">=</span><span class="pln"> licenseUrl</span><span class="pun">;</span><span class="pln">
    </span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(</span><span class="pln">type </span><span class="pun">==</span><span class="pln"> </span><code><a href="#idl-def-MediaKeyMessageType.license-renewal">"license-renewal"</a></code><span class="pun">)</span><span class="pln">
      url </span><span class="pun">=</span><span class="pln"> renewalUrl</span><span class="pun">;</span><span class="pln">
    xmlhttp </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> </span><span class="typ">XMLHttpRequest</span><span class="pun">();</span><span class="pln">
    xmlhttp</span><span class="pun">.</span><span class="pln">keySession </span><span class="pun">=</span><span class="pln"> keySession</span><span class="pun">;</span><span class="pln">
    xmlhttp</span><span class="pun">.</span><span class="pln">open</span><span class="pun">(</span><span class="str">'POST'</span><span class="pun">,</span><span class="pln"> url</span><span class="pun">);</span><span class="pln">
    xmlhttp</span><span class="pun">.</span><span class="pln">onreadystatechange </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">function</span><span class="pun">()</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
      </span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(</span><span class="pln">xmlhttp</span><span class="pun">.</span><span class="pln">readyState </span><span class="pun">==</span><span class="pln"> </span><span class="lit">4</span><span class="pun">)</span><span class="pln">
        handleMessageResponse</span><span class="pun">(</span><span class="pln">xmlhttp</span><span class="pun">.</span><span class="pln">keySession</span><span class="pun">,</span><span class="pln"> xmlhttp</span><span class="pun">.</span><span class="pln">response</span><span class="pun">);</span><span class="pln">
    </span><span class="pun">}</span><span class="pln">
    xmlhttp</span><span class="pun">.</span><span class="pln">send</span><span class="pun">(</span><span class="pln">message</span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="kwd">function</span><span class="pln"> handleMessage</span><span class="pun">(</span><span class="pln">event</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    sendMessage</span><span class="pun">(</span><span class="pln">event</span><span class="pun">.</span><code><a href="#widl-MediaKeyMessageEvent-messageType">messageType</a></code><span class="pun">,</span><span class="pln"> event</span><span class="pun">.</span><code><a href="#widl-MediaKeyMessageEvent-message">message</a></code><span class="pun">,</span><span class="pln"> event</span><span class="pun">.</span><span class="pln">target</span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="kwd">function</span><span class="pln"> handlekeyStatusesChange</span><span class="pun">(</span><span class="pln">event</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="com">// Evaluate the current state using one of the map-like methods exposed by</span><span class="pln">
    </span><span class="com">// event.target.</span><code><a href="#widl-MediaKeySession-keyStatuses">keyStatuses</a></code><span class="com">.</span><span class="pln">
    </span><span class="com">// For example:</span><span class="pln">
    event</span><span class="pun">.</span><span class="pln">target</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-keyStatuses">keyStatuses</a></code><span class="pun">.</span><span class="pln">forEach</span><span class="pun">(</span><span class="kwd">function</span><span class="pun">(</span><span class="pln">keyId</span><span class="pun">,</span><span class="pln"> status</span><span class="pun">,</span><span class="pln"> map</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
      </span><span class="kwd">switch</span><span class="pln"> </span><span class="pun">(</span><span class="pln">status</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
        </span><span class="kwd">case</span><span class="pln"> </span><code><a href="#idl-def-MediaKeyStatus.usable">"usable"</a></code><span class="pun">:</span><span class="pln">
          </span><span class="kwd">break</span><span class="pun">;</span><span class="pln">
        </span><span class="kwd">case</span><span class="pln"> </span><code><a href="#idl-def-MediaKeyStatus.expired">"expired"</a></code><span class="pun">:</span><span class="pln">
          </span><span class="com">// Report an expired key.</span><span class="pln">
          </span><span class="kwd">break</span><span class="pun">;</span><span class="pln">
        </span><span class="kwd">case</span><span class="pln"> </span><code><a href="#idl-def-MediaKeyStatus.status-pending">"status-pending"</a></code><span class="pun">:</span><span class="pln">
          </span><span class="com">// The status is not yet known. Consider the key unusable until the status is updated.</span><span class="pln">
          </span><span class="kwd">break</span><span class="pun">;</span><span class="pln">
        </span><span class="kwd">default</span><span class="pun">:</span><span class="pln">
          </span><span class="com">// Do something with |keyId| and |status|.</span><span class="pln">
      </span><span class="pun">}</span><span class="pln">
    </span><span class="pun">})</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  createSupportedKeySystem</span><span class="pun">().</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
    </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">createdMediaKeys</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
      mediaKeys </span><span class="pun">=</span><span class="pln"> createdMediaKeys</span><span class="pun">;</span><span class="pln">
      </span><span class="kwd">var</span><span class="pln"> video </span><span class="pun">=</span><span class="pln"> document</span><span class="pun">.</span><span class="pln">getElementById</span><span class="pun">(</span><span class="str">"v"</span><span class="pun">);</span><span class="pln">
      video</span><span class="pun">.</span><span class="pln">src </span><span class="pun">=</span><span class="pln"> </span><span class="str">'foo.webm'</span><span class="pun">;</span><span class="pln">
      </span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(</span><span class="pln">serverCertificate</span><span class="pun">)</span><span class="pln">
        mediaKeys</span><span class="pun">.</span><code><a href="#widl-MediaKeys-setServerCertificate-Promise-void--BufferSource-serverCertificate">setServerCertificate</a></code><span class="pun">(</span><span class="pln">serverCertificate</span><span class="pun">);</span><span class="pln">
      </span><span class="kwd">return</span><span class="pln"> video</span><span class="pun">.</span><code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys</a></code><span class="pun">(</span><span class="pln">mediaKeys</span><span class="pun">);</span><span class="pln">
    </span><span class="pun">}</span><span class="pln">
  </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
    console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Failed to create and initialize a MediaKeys object'</span><span class="pun">)</span><span class="pln">
  </span><span class="pun">);</span><span class="pln">
</span><span class="tag">&lt;/script&gt;</span><span class="pln">

</span><span class="tag">&lt;video</span><span class="pln"> </span><span class="atn">id</span><span class="pun">=</span><span class="atv">"v"</span><span class="pln"> </span><span class="atn">autoplay</span><span class="pln"> </span><code><a href="#widl-HTMLMediaElement-onencrypted">onencrypted</a></code><span class="pun">=</span><span class="atv">'handleInitData(event)'</span><span class="tag">&gt;&lt;/video&gt;</span></pre></div>
      </section>

      <section id="example-stored-license" typeof="bibo:Chapter" resource="#example-stored-license" property="bibo:hasPart">
        <h3 id="h-example-stored-license" resource="#h-example-stored-license"><span property="xhv:role" resource="xhv:heading"><span class="secno">12.5 </span>Stored License</span></h3>
        <p class="exampledescription">This example requests a persistent license for future use and stores it. It also provides functions for later retrieving the license and for destroying it.</p>

        <div class="example"><div class="example-title"><span>Example 9</span></div><pre class="example highlight prettyprint prettyprinted"><span class="tag">&lt;script&gt;</span><span class="pln">
  </span><span class="kwd">var</span><span class="pln"> licenseUrl</span><span class="pun">;</span><span class="pln">
  </span><span class="kwd">var</span><span class="pln"> serverCertificate</span><span class="pun">;</span><span class="pln">
  </span><span class="kwd">var</span><span class="pln"> mediaKeys</span><span class="pun">;</span><span class="pln">

  </span><span class="com">// See the previous examples for implementations of these functions.</span><span class="pln">
  </span><span class="com">// createSupportedKeySystem() additionally sets </span><code><a href="#widl-MediaKeySystemConfiguration-persistentState">persistentState</a></code><span class="com">: </span><code><a href="#idl-def-MediaKeysRequirement.required">"required"</a></code><span class="com"> in each options dictionary.</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> createSupportedKeySystem</span><span class="pun">()</span><span class="pln"> </span><span class="pun">{</span><span class="pln"> </span><span class="pun">...</span><span class="pln"> </span><span class="pun">}</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> sendMessage</span><span class="pun">(</span><span class="pln">message</span><span class="pun">,</span><span class="pln"> keySession</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln"> </span><span class="pun">...</span><span class="pln"> </span><span class="pun">}</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> handleMessage</span><span class="pun">(</span><span class="pln">event</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln"> </span><span class="pun">...</span><span class="pln"> </span><span class="pun">}</span><span class="pln">

  </span><span class="com">// Called if the application does not have a stored sessionId for the media resource.</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> makeNewRequest</span><span class="pun">(</span><span class="pln">mediaKeys</span><span class="pun">,</span><span class="pln"> initDataType</span><span class="pun">,</span><span class="pln"> initData</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> keySession </span><span class="pun">=</span><span class="pln"> mediaKeys</span><span class="pun">.</span><code><a href="#widl-MediaKeys-createSession-MediaKeySession-MediaKeySessionType-sessionType">createSession</a></code><span class="pun">(</span><code><a href="#idl-def-MediaKeySessionType.persistent-license">"persistent-license"</a></code><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><span class="pln">addEventListener</span><span class="pun">(</span><span class="str">'</span><code><a href="#dom-evt-message">message</a></code><span class="str">'</span><span class="pun">,</span><span class="pln"> handleMessage</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">false</span><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-closed">closed</a></code><span class="pun">.</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
      </span><span class="kwd">function</span><span class="pun">()</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
        console</span><span class="pun">.</span><span class="pln">log</span><span class="pun">(</span><span class="str">'Session '</span><span class="pln"> </span><span class="pun">+</span><span class="pln"> </span><span class="kwd">this</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code><span class="pln"> </span><span class="pun">+</span><span class="pln"> </span><span class="str">' closed'</span><span class="pun">);</span><span class="pln">
      </span><span class="pun">}.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">keySession</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-generateRequest-Promise-void--DOMString-initDataType-BufferSource-initData">generateRequest</a></code><span class="pun">(</span><span class="pln">initDataType</span><span class="pun">,</span><span class="pln"> initData</span><span class="pun">).</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
      </span><span class="kwd">function</span><span class="pun">()</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
        </span><span class="com">// Store this.</span><code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code><span class="com"> in the application.</span><span class="pln">
      </span><span class="pun">}.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">keySession</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
      console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Unable to request a persistent license'</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="com">// Called if the application has a stored sessionId for the media resource.</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> loadStoredSession</span><span class="pun">(</span><span class="pln">mediaKeys</span><span class="pun">,</span><span class="pln"> sessionId</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> keySession </span><span class="pun">=</span><span class="pln"> mediaKeys</span><span class="pun">.</span><code><a href="#widl-MediaKeys-createSession-MediaKeySession-MediaKeySessionType-sessionType">createSession</a></code><span class="pun">(</span><code><a href="#idl-def-MediaKeySessionType.persistent-license">"persistent-license"</a></code><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><span class="pln">addEventListener</span><span class="pun">(</span><span class="str">'</span><code><a href="#dom-evt-message">message</a></code><span class="str">'</span><span class="pun">,</span><span class="pln"> handleMessage</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">false</span><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-closed">closed</a></code><span class="pun">.</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
      console</span><span class="pun">.</span><span class="pln">log</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Session closed'</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-load-Promise-boolean--DOMString-sessionId">load</a></code><span class="pun">(</span><span class="pln">sessionId</span><span class="pun">).</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
      </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">loaded</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
        </span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(!</span><span class="pln">loaded</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
          console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">(</span><span class="str">'No stored session with the ID '</span><span class="pln"> </span><span class="pun">+</span><span class="pln"> sessionId </span><span class="pun">+</span><span class="pln"> </span><span class="str">' was found.'</span><span class="pun">);</span><span class="pln">
          </span><span class="com">// The application should remove its record of |sessionId|.</span><span class="pln">
          </span><span class="kwd">return</span><span class="pun">;</span><span class="pln">
        </span><span class="pun">}</span><span class="pln">
      </span><span class="pun">}</span><span class="pln">
    </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
      console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Unable to load or initialize the stored session with the ID '</span><span class="pln"> </span><span class="pun">+</span><span class="pln"> sessionId</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="com">// Called when the application wants to stop using the session without removing the stored license.</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> closeSession</span><span class="pun">(</span><span class="pln">keySession</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-close-Promise-void">close</a></code><span class="pun">();</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="com">// Called when the application wants to remove the stored license.</span><span class="pln">
  </span><span class="com">// The stored session data has not been completely removed until the promise returned by remove() is fulfilled.</span><span class="pln">
  </span><span class="com">// The remove() call may initiate a series of messages to/from the server that must be completed before this occurs.</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> removeStoredSession</span><span class="pun">(</span><span class="pln">keySession</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-remove-Promise-void">remove</a></code><span class="pun">().</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
      </span><span class="kwd">function</span><span class="pun">()</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
        console</span><span class="pun">.</span><span class="pln">log</span><span class="pun">(</span><span class="str">'Session '</span><span class="pln"> </span><span class="pun">+</span><span class="pln"> </span><span class="kwd">this</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code><span class="pln"> </span><span class="pun">+</span><span class="pln"> </span><span class="str">' removed'</span><span class="pun">);</span><span class="pln">
        </span><span class="com">// The application should remove its record of this.</span><code><a href="#widl-MediaKeySession-sessionId">sessionId</a></code><span class="com">.</span><span class="pln">
      </span><span class="pun">}.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">keySession</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
      console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Failed to remove the session'</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  </span><span class="com">// This replaces the implementation in the previous example.</span><span class="pln">
  </span><span class="kwd">function</span><span class="pln"> handleMessageResponse</span><span class="pun">(</span><span class="pln">keySession</span><span class="pun">,</span><span class="pln"> response</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
    </span><span class="kwd">var</span><span class="pln"> license </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> </span><span class="typ">Uint8Array</span><span class="pun">(</span><span class="pln">response</span><span class="pun">);</span><span class="pln">
    keySession</span><span class="pun">.</span><code><a href="#widl-MediaKeySession-update-Promise-void--BufferSource-response">update</a></code><span class="pun">(</span><span class="pln">license</span><span class="pun">).</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
      </span><span class="kwd">function</span><span class="pun">()</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
        </span><span class="com">// If this was the last required message from the server, the license is</span><span class="pln">
        </span><span class="com">// now stored. Update the application state as appropriate.</span><span class="pln">
      </span><span class="pun">}</span><span class="pln">
    </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
      console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'update() failed'</span><span class="pun">)</span><span class="pln">
    </span><span class="pun">);</span><span class="pln">
  </span><span class="pun">}</span><span class="pln">

  createSupportedKeySystem</span><span class="pun">().</span><span class="pln">then</span><span class="pun">(</span><span class="pln">
    </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">createdMediaKeys</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
      mediaKeys </span><span class="pun">=</span><span class="pln"> createdMediaKeys</span><span class="pun">;</span><span class="pln">
      </span><span class="kwd">var</span><span class="pln"> video </span><span class="pun">=</span><span class="pln"> document</span><span class="pun">.</span><span class="pln">getElementById</span><span class="pun">(</span><span class="str">"v"</span><span class="pun">);</span><span class="pln">
      </span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(</span><span class="pln">serverCertificate</span><span class="pun">)</span><span class="pln">
        mediaKeys</span><span class="pun">.</span><code><a href="#widl-MediaKeys-setServerCertificate-Promise-void--BufferSource-serverCertificate">setServerCertificate</a></code><span class="pun">(</span><span class="pln">serverCertificate</span><span class="pun">);</span><span class="pln">
      </span><span class="kwd">return</span><span class="pln"> video</span><span class="pun">.</span><code><a href="#widl-HTMLMediaElement-setMediaKeys-Promise-void--MediaKeys-mediaKeys">setMediaKeys</a></code><span class="pun">(</span><span class="pln">mediaKeys</span><span class="pun">);</span><span class="pln">
    </span><span class="pun">}</span><span class="pln">
  </span><span class="pun">).</span><span class="kwd">catch</span><span class="pun">(</span><span class="pln">
    console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">'Failed to create and initialize a MediaKeys object'</span><span class="pun">)</span><span class="pln">
  </span><span class="pun">);</span><span class="pln">
</span><span class="tag">&lt;/script&gt;</span><span class="pln">

</span><span class="tag">&lt;video</span><span class="pln"> </span><span class="atn">id</span><span class="pun">=</span><span class="atv">'v'</span><span class="pln"> </span><span class="atn">src</span><span class="pun">=</span><span class="atv">'foo.webm'</span><span class="pln"> </span><span class="atn">autoplay</span><span class="tag">&gt;&lt;/video&gt;</span></pre></div>
      </section>
    </section>


    <section id="revision-history" typeof="bibo:Chapter" resource="#revision-history" property="bibo:hasPart">
      <!--OddPage--><h2 id="h-revision-history" resource="#h-revision-history"><span property="xhv:role" resource="xhv:heading"><span class="secno">13. </span>Revision History</span></h2>
      <table class="old-table">
        <thead>
          <tr>
            <th>Version</th>
            <th>Comment</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td>13 November 2014</td>
            <td>Repository moved to GitHub.</td>
          </tr>
          <tr>
            <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/1130aeb43e71/encrypted-media/encrypted-media.html">10 October 2014</a></td>
            <td>Converted to <a href="https://www.w3.org/respec/">ReSpec</a>.</td>
          </tr>
          <tr>
            <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/a291ac57bad3/encrypted-media/encrypted-media.html">3 September 2014</a></td>
            <td>Reorganized by object.</td>
          </tr>
          <tr>
            <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/3a5e8f5332a2/encrypted-media/encrypted-media.html">27 August 2014</a></td>
            <td>Moved license request generation and session loading to MediaKeySession.</td>
          </tr>
          <tr>
            <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/9a94854a5999/encrypted-media/encrypted-media.html">18 August 2014</a></td>
            <td>Produced candidate WD.</td>
          </tr>
          <tr>
            <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/9842af174b80/encrypted-media/encrypted-media.html">14 April 2014</a></td>
            <td>Use promises.</td>
          </tr>
          <tr>
            <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/ef65c237d053/encrypted-media/encrypted-media.html">1 April 2014</a></td>
            <td>Moved Container Guidelines to the <a href="initdata-format-registry.html">Encrypted Media Extensions Stream Format and Initialization Data Format Registry</a>.</td>
          </tr>
          <tr>
            <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/11245f9516cf/encrypted-media/encrypted-media.html">3 February 2014</a></td>
            <td>Produced candidate WD.</td>
          </tr>
          <tr>
            <td>17 September 2013</td>
            <td>Produced candidate WD.</td>
          </tr>
          <tr>
            <td>6 May 2013</td>
            <td>Produced updated candidate FPWD.</td>
          </tr>
          <tr>
            <td>14 January 2013</td>
            <td>Produced candidate FPWD.</td>
          </tr>
          <tr>
            <td>16 August 2012</td>
            <td>Converted to the object-oriented API.</td>
          </tr>
          <tr>
            <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/eme-v0.1b/encrypted-media/encrypted-media.html">0.1b</a></td>
            <td>Last non-object-oriented revision.</td>
          </tr>
          <tr>
            <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/eme-v0.1a/encrypted-media/encrypted-media.html">0.1a</a></td>
            <td>Corrects minor mistakes in 0.1.</td>
          </tr>
          <tr>
            <td><a href="https://dvcs.w3.org/hg/html-media/raw-file/eme-v0.1/encrypted-media/encrypted-media.html">0.1</a></td>
            <td>Initial Proposal</td>
          </tr>
        </tbody>
      </table>
    </section>

  

<section id="references" class="appendix" typeof="bibo:Chapter" resource="#references" property="bibo:hasPart"><!--OddPage--><h2 id="h-references" resource="#h-references"><span property="xhv:role" resource="xhv:heading"><span class="secno">A. </span>References</span></h2><section id="normative-references" typeof="bibo:Chapter" resource="#normative-references" property="bibo:hasPart"><h3 id="h-normative-references" resource="#h-normative-references"><span property="xhv:role" resource="xhv:heading"><span class="secno">A.1 </span>Normative references</span></h3><dl class="bibliography" resource=""><dt id="bib-COOKIES">[COOKIES]</dt><dd>A. Barth. <a href="https://tools.ietf.org/html/rfc6265" property="dc:requires"><cite>HTTP State Management Mechanism</cite></a>. April 2011. Proposed Standard. URL: <a href="https://tools.ietf.org/html/rfc6265" property="dc:requires">https://tools.ietf.org/html/rfc6265</a>
</dd><dt id="bib-DOM">[DOM]</dt><dd>Anne van Kesteren; Aryeh Gregor; Ms2ger; Alex Russell; Robin Berjon. <a href="http://www.w3.org/TR/dom/" property="dc:requires"><cite>W3C DOM4</cite></a>. 19 November 2015. W3C Recommendation. URL: <a href="http://www.w3.org/TR/dom/" property="dc:requires">http://www.w3.org/TR/dom/</a>
</dd><dt id="bib-ENCODING">[ENCODING]</dt><dd>Anne van Kesteren; Joshua Bell; Addison Phillips. <a href="http://www.w3.org/TR/encoding/" property="dc:requires"><cite>Encoding</cite></a>. 20 October 2015. W3C Candidate Recommendation. URL: <a href="http://www.w3.org/TR/encoding/" property="dc:requires">http://www.w3.org/TR/encoding/</a>
</dd><dt id="bib-HTML5">[HTML5]</dt><dd>Ian Hickson; Robin Berjon; Steve Faulkner; Travis Leithead; Erika Doyle Navara; Edward O'Connor; Silvia Pfeiffer. <a href="http://www.w3.org/TR/html5/" property="dc:requires"><cite>HTML5</cite></a>. 28 October 2014. W3C Recommendation. URL: <a href="http://www.w3.org/TR/html5/" property="dc:requires">http://www.w3.org/TR/html5/</a>
</dd><dt id="bib-MIXED-CONTENT">[MIXED-CONTENT]</dt><dd>Mike West. <a href="http://www.w3.org/TR/mixed-content/" property="dc:requires"><cite>Mixed Content</cite></a>. 8 October 2015. W3C Candidate Recommendation. URL: <a href="http://www.w3.org/TR/mixed-content/" property="dc:requires">http://www.w3.org/TR/mixed-content/</a>
</dd><dt id="bib-POWERFUL-FEATURES">[POWERFUL-FEATURES]</dt><dd>Mike West; Yan Zhu. <a href="http://www.w3.org/TR/powerful-features/" property="dc:requires"><cite>Privileged Contexts</cite></a>. 24 April 2015. W3C Working Draft. URL: <a href="http://www.w3.org/TR/powerful-features/" property="dc:requires">http://www.w3.org/TR/powerful-features/</a>
</dd><dt id="bib-RFC6381">[RFC6381]</dt><dd>R. Gellens; D. Singer; P. Frojdh. <a href="https://tools.ietf.org/html/rfc6381" property="dc:requires"><cite>The 'Codecs' and 'Profiles' Parameters for "Bucket" Media Types</cite></a>. August 2011. Proposed Standard. URL: <a href="https://tools.ietf.org/html/rfc6381" property="dc:requires">https://tools.ietf.org/html/rfc6381</a>
</dd><dt id="bib-RFC7517">[RFC7517]</dt><dd>M. Jones. <a href="https://tools.ietf.org/html/rfc7517" property="dc:requires"><cite>JSON Web Key (JWK)</cite></a>. May 2015. Proposed Standard. URL: <a href="https://tools.ietf.org/html/rfc7517" property="dc:requires">https://tools.ietf.org/html/rfc7517</a>
</dd><dt id="bib-WebIDL">[WebIDL]</dt><dd>Cameron McCormack; Boris Zbarsky. <a href="http://www.w3.org/TR/WebIDL-1/" property="dc:requires"><cite>WebIDL Level 1</cite></a>. 4 August 2015. W3C Working Draft. URL: <a href="http://www.w3.org/TR/WebIDL-1/" property="dc:requires">http://www.w3.org/TR/WebIDL-1/</a>
</dd></dl></section><section id="informative-references" typeof="bibo:Chapter" resource="#informative-references" property="bibo:hasPart"><h3 id="h-informative-references" resource="#h-informative-references"><span property="xhv:role" resource="xhv:heading"><span class="secno">A.2 </span>Informative references</span></h3><dl class="bibliography" resource=""><dt id="bib-EME-REGISTRY">[EME-REGISTRY]</dt><dd>David Dorwin; Adrian Bateman; Mark Watson. <a href="initdata-format-registry.html" property="dc:references"><cite>Encrypted Media Extensions Stream Format and Initialization Data Format Registry</cite></a>. URL: <a href="initdata-format-registry.html" property="dc:references">initdata-format-registry.html</a>
</dd><dt id="bib-MEDIA-SOURCE">[MEDIA-SOURCE]</dt><dd>Matthew Wolenetz; Jerry Smith; Mark Watson; Aaron Colwell; Adrian Bateman. <a href="http://www.w3.org/TR/media-source/" property="dc:references"><cite>Media Source Extensions</cite></a>. 12 November 2015. W3C Candidate Recommendation. URL: <a href="http://www.w3.org/TR/media-source/" property="dc:references">http://www.w3.org/TR/media-source/</a>
</dd><dt id="bib-RFC6838">[RFC6838]</dt><dd>N. Freed; J. Klensin; T. Hansen. <a href="https://tools.ietf.org/html/rfc6838" property="dc:references"><cite>Media Type Specifications and Registration Procedures</cite></a>. January 2013. Best Current Practice. URL: <a href="https://tools.ietf.org/html/rfc6838" property="dc:references">https://tools.ietf.org/html/rfc6838</a>
</dd><dt id="bib-RFC7515">[RFC7515]</dt><dd>M. Jones; J. Bradley; N. Sakimura. <a href="https://tools.ietf.org/html/rfc7515" property="dc:references"><cite>JSON Web Signature (JWS)</cite></a>. May 2015. Proposed Standard. URL: <a href="https://tools.ietf.org/html/rfc7515" property="dc:references">https://tools.ietf.org/html/rfc7515</a>
</dd></dl></section></section></body></html>