The World Wide Web Consortium (W3C) has put forward a proposal which paves the way for easier Digital Rights Management implementation online.
“The W3C proposal extends HTMLMediaElement providing APIs to control playback of encrypted content.”
The API supports use cases ranging from clear key decryption to high-value video, given an appropriate user agent implementation.
“Licence/key exchange is controlled by the application, facilitating the development of robust playback applications supporting a range of content decryption and protection technologies,” said the W3C.
This specification does not define a content protection or Digital Rights Management system. Rather, it defines a common API that may be used to discover, select, and interact with such systems.
“Implementation of Digital Rights Management is not required for compliance with this specification: only the Clear Key system is required to be implemented as a common baseline.”
The common API supports a set of content encryption capabilities, leaving application functions such as authentication and authorisation to page authors.
This is achieved by requiring content protection system-specific messaging to be mediated by the page rather than assuming out-of-band communication between the encryption system and a licence or other server.