Securing WebM Video

Supporting real DRM is not required per se. It might be more about offering publishers different ways to protect video content. In the end there's a tradeoff between decent content protection ánd a decent way for users to legidly access the content (cross-platform, fair prices, etc).

That said, there seem to be three general mechanisms for content protection:

  • URL signing (all CDNs? / Flumotion): The URL to a video is signed with an SHA1? digest that includes geo, ip, time, referrer or user-agent restrictions. Protects good against leeching but not really against downloading. Implementation is easy (small module / script) and solely serverside.
  • Data encryption ( Apple HLS / RTMPE): Blocks of video data are encrypted on the server and decrypted inside the client. Protects good against both leeching and downloading. Both serverside and client-side work is needed though. This can be both in-browser (e.g. by adopting Apple's AES-128 encryption), but it can also be done in javascript:
 get video data using websockets » decrypt data » use something like videoTag.append(videoData).
  • Rights management (PlayReady?, FlashAccess?): Individual client access to individual files is centrally managed. Protects good against both leeching and downloading; access can even be revoked. Client-side work is needed, probably inside the UA since the JS layer can be easily compromised. Serverside work is needed too, since there's no "open DRM" server available (contradictio in terminis?).