Rather, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems.Implementation of Digital Rights Management is not required for compliance with this specification: only the Clear Key system is required to be implemented as a common baseline.
This is achieved by requiring content protection system-specific messaging to be mediated by the page rather than assuming out-of-band communication between the encryption system and a license or other server. The section on CDM constraints was added since the previous publication.(The same key may be present in multiple sessions.) Such keys encrypt each set of stream(s) that requires enforcement of a meaningfully different policy with a distinct key (and key ID).For example, if policies may differ between two video resolutions, stream(s) containing one resolution should not be encrypted with the key used to encrypt stream(s) containing the other resolution.Implementers should pay attention to the mitigations for the security and privacy threats and concerns described in this specification.In particular, the specification requirements for security and privacy cannot be met without knowledge of the security and privacy properties of the Key System and its implementation(s).] providing APIs to control playback of encrypted content.