Inconsistency about requirements to clear persistent data #187
Comments
This seems clear to me. The UA must allow the user to clear the CDM persisted data. Any User Interface option which provided for this would meet the requirement, including options that did much more, such as a non-origin-specific, non-EME-specific "Clear all stored data" option.
"preferably" is not an RFC2119 term, so this could be clarified, but I would interpret this to have "recommendation" strength.
This may be a repetition of the recommendation above. However the implication here is that the User Interface provides for specifically clearing Key System storage (e.g. "Clear all licenses, keys and other content protection data"). This could be clarified, for example to say "... a specific way to delete ...".
Without the clarification, this is a restatement of the original requirement, but at lower strength, which is indeed confusing. With the clarification above, the recommendation here is that the method of clearing Key System data, whether per origin (recommended) or not, be specific to Key System data and not bundled with clearing of other data. I suggest we make the clarifications above, but I don't think they are essential for V1. |
|
Please see this pull request. |
|
Agreed this issue can be closed now. After #210 is addressed we shouldn't have any inconsistency issues. |
In 11.5 Information Stored on User Devices -> 11.5.2 Mitigations, the spec says
The in "User deletion of Key System storage" section, it says:
It becomes a bit confusing as for whether providing a way for user to clear the data is a requirement or a recommendataion.
Also, it's less clear about whether "by origin" or "for a specific origin" is more preferable, or it is actually equally acceptable as "for all origins".
The text was updated successfully, but these errors were encountered: