Policies, Business Rules & Durations
Rental, EST, subscription policies; license durations; HDCP rules.
Why policies are central
A licence without policy is just a key. The policy is what makes a 48-hour rental different from an EST purchase, an SD-only desktop session different from a 4K UHD session on a phone. The licence server emits the policy; the CDM enforces it.
Anatomy of a policy
The fields below are the ones you will configure most often through the SDK. Names match the public protobuf vocabulary; the in-class material drills the exact field names.
Mapping business rules to policy
Cheat sheet for the patterns the exam loves to test:
| Business rule | Key policy fields |
|---|---|
| VOD streaming, single session | license_duration_seconds ≈ session length, can_persist = false |
| 30-day "start" window, 48-hour playback rental | license_duration_seconds = 30 days, playback_duration_seconds = 48h, can_persist = true |
| EST (own-it) download | Long license_duration_seconds, no playback_duration_seconds, can_persist = true, can_renew = true |
| Live channel | Short license_duration_seconds, key rotation enabled, renewal allowed |
| UHD/HDR premium tier | HDCP 2.2 required, L1 required (enforced via track restrictions) |
Track restrictions and per-resolution policies
Premium content typically uses per-resolution KIDs: the SD track is encrypted with KID_SD, the HD track with KID_HD, the UHD track with KID_UHD. The licence server hands out only the KIDs the policy says the device deserves:
- Phone in casual viewing context → SD + HD only.
- Set-top box with HDCP 2.2 → all three.
- Browser desktop L3 → SD only.
The player negotiates which adaptation set it can actually play; tracks it has no key for stay encrypted and unplayable.
Per-resolution KIDs are the mechanism behind "this device can only play SD". The licence simply does not include the HD/UHD keys. There is no special on-device flag.
HDCP and analogue blocking
HDCP version is requested in the policy. Enforcement happens at decryption time, not at request time:
- The licence is issued.
- The CDM checks the current display chain when about to decrypt.
- If HDCP doesn't match, the CDM refuses; the player downshifts.
This means a single licence covering UHD can still produce SD output if the user mid-session disconnects from a 2.2 display and connects to a 1.4-only one. The CDM re-evaluates and refuses the UHD keys at the moment the link drops.
Analogue blocking is a separate output-protection axis — modern policies routinely block analogue outputs (VGA, composite) entirely.
Real-world traps
Don't conflate license_duration_seconds with playback_duration_seconds. The first is "the licence object is valid until X." The second is "after first play, the user has Y to finish." A rental needs both, set differently.
Don't try to enforce geo-blocking via policy. Widevine policy doesn't speak country. Geo enforcement is your application's job, before issuing the licence.