From db210999a44741bd4cf95b2013ed5ef4878813ab Mon Sep 17 00:00:00 2001 From: Sriram Bhetanabottla Date: Mon, 18 May 2026 16:26:13 +0200 Subject: [PATCH 1/5] Added event for media signing key status --- doc/Security.xml | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/doc/Security.xml b/doc/Security.xml index 584313f93..cdaa41517 100644 --- a/doc/Security.xml +++ b/doc/Security.xml @@ -5590,10 +5590,50 @@ ]]> +
+ Media signing key assignment status + A device that indicates support for signing of media using a user provisioned key + via the UserMediaSigningKeySupported capability shall provide information about assigned + key changes via the below specified event + + + + + + + + + +]]> + The Assigned status shall indicate key assignment for future signed media streams + while ActiveStream shall is indicate key actively in use for the signed media + streaming. + If client configures the user provisioned key via AddMediaSigningCertificateAssignment, Changed property event with the + KeyID set to user provisioned key shall be triggered with 'Assigned' status set to True. + During this operation, If there are active signed media streams using manufactuter + provisioned key are in progress, ActiveStream status in the event payload for user + provisioned key shall be set to False. + If client removes the user provisioned key RemoveMediaSigningCertificateAssignment, Changed property event with the + KeyID falling back to manufacturer provisioned key shall be triggered with 'Assigned' + status set to True. During this operation, If there are active signed media streams + using user provisioned key are in progress, ActiveStream status in the event payload for + manufactuter provisioned key shall be set to False. + When client starts the first signed media stream, irrespective of user or + manufacturer provisioned key assignment, Changed property event gets triggered with + 'ActiveStream' status set to True along with the Assigned key status. + When client stops the last signed media stream, irrespective of user or manufacturer + provisioned key assignment, Changed property event gets triggered with 'ActiveStream' + status set to False along with the Assigned key status. +
+
Service specific data types - The service specific data types are defined in security.wsdl. + The service specific data types are defined in security.wsdl. CertificationPathID - + [tas:CertificationPathID]
From 8ba6cfe39b8890d74680ce2c8d87f6ac48b37b89 Mon Sep 17 00:00:00 2001 From: Sriram Bhetanabottla Date: Mon, 18 May 2026 16:41:55 +0200 Subject: [PATCH 2/5] removed unwanted text --- doc/Security.xml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/Security.xml b/doc/Security.xml index cdaa41517..df5040161 100644 --- a/doc/Security.xml +++ b/doc/Security.xml @@ -5632,8 +5632,7 @@
Service specific data types - The service specific data types are defined in security.wsdl. CertificationPathID - - [tas:CertificationPathID] + The service specific data types are defined in security.wsdl.
From 625493426c82cb9dd8f29c92a46bd84d5bc562cc Mon Sep 17 00:00:00 2001 From: Sriram Bhetanabottla Date: Thu, 21 May 2026 13:03:38 +0200 Subject: [PATCH 3/5] fixed review feedback and paraphrase for clarity --- doc/Security.xml | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/doc/Security.xml b/doc/Security.xml index df5040161..28cd64b3d 100644 --- a/doc/Security.xml +++ b/doc/Security.xml @@ -5601,32 +5601,32 @@ - - + ]]> - The Assigned status shall indicate key assignment for future signed media streams - while ActiveStream shall is indicate key actively in use for the signed media - streaming. - If client configures the user provisioned key via AddMediaSigningCertificateAssignment, Changed property event with the - KeyID set to user provisioned key shall be triggered with 'Assigned' status set to True. - During this operation, If there are active signed media streams using manufactuter - provisioned key are in progress, ActiveStream status in the event payload for user - provisioned key shall be set to False. - If client removes the user provisioned key RemoveMediaSigningCertificateAssignment, Changed property event with the - KeyID falling back to manufacturer provisioned key shall be triggered with 'Assigned' - status set to True. During this operation, If there are active signed media streams - using user provisioned key are in progress, ActiveStream status in the event payload for - manufactuter provisioned key shall be set to False. - When client starts the first signed media stream, irrespective of user or - manufacturer provisioned key assignment, Changed property event gets triggered with - 'ActiveStream' status set to True along with the Assigned key status. - When client stops the last signed media stream, irrespective of user or manufacturer - provisioned key assignment, Changed property event gets triggered with 'ActiveStream' - status set to False along with the Assigned key status. + When user provisioned key is configured via AddMediaSigningCertificateAssignment and If there are no active signed + streams using manufacturer key, Changed property event with the KeyID set to user + provisioned key shall be triggered with 'Effective' status set to True, indicating that + new signed streams shall use the user-provisioned key for signing immediately. + When user provisioned key is configured via AddMediaSigningCertificateAssignment and If there are signed streams using + manufacturer key in progress, Changed property event with the KeyID set to user + provisioned key shall be triggered with 'Effective' status set to False, indicating that + ongoing signed streams shall continue using the manufacturer key until + terminated. + When configured user provisioned key is removed via RemoveMediaSigningCertificateAssignment and If there are no active signed + streams using user provisioned key, Changed property event with the KeyID set to + manufacturer key shall be triggered with 'Effective' status set to True, indicating that + new signed streams shall use the manufacturer key for signing immediately. + When configured user provisioned key is removed via RemoveMediaSigningCertificateAssignment and If there are signed streams + using user provisioned key in progress, Changed property event with the KeyID set to + manufacturer key shall be triggered with 'Effective' status set to False, indicating + that ongoing signed streams shall continue using the user-provisioned key until + terminated. From 99fa55a748376fb68b7296c1605a8f71acfd9ee3 Mon Sep 17 00:00:00 2001 From: Sriram Bhetanabottla Date: Thu, 21 May 2026 13:34:59 +0200 Subject: [PATCH 4/5] text consistency --- doc/Security.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/Security.xml b/doc/Security.xml index 28cd64b3d..c9cf63fd1 100644 --- a/doc/Security.xml +++ b/doc/Security.xml @@ -5611,8 +5611,8 @@ provisioned key shall be triggered with 'Effective' status set to True, indicating that new signed streams shall use the user-provisioned key for signing immediately. When user provisioned key is configured via AddMediaSigningCertificateAssignment and If there are signed streams using - manufacturer key in progress, Changed property event with the KeyID set to user + >AddMediaSigningCertificateAssignment and If there are active signed + streams using manufacturer key, Changed property event with the KeyID set to user provisioned key shall be triggered with 'Effective' status set to False, indicating that ongoing signed streams shall continue using the manufacturer key until terminated. @@ -5622,8 +5622,8 @@ manufacturer key shall be triggered with 'Effective' status set to True, indicating that new signed streams shall use the manufacturer key for signing immediately. When configured user provisioned key is removed via RemoveMediaSigningCertificateAssignment and If there are signed streams - using user provisioned key in progress, Changed property event with the KeyID set to + >RemoveMediaSigningCertificateAssignment and If there are no active signed + streams using user provisioned key, Changed property event with the KeyID set to manufacturer key shall be triggered with 'Effective' status set to False, indicating that ongoing signed streams shall continue using the user-provisioned key until terminated. From 7338cb64b0689f88f4ab5c244db1f10f92c93401 Mon Sep 17 00:00:00 2001 From: Sriram Bhetanabottla Date: Thu, 21 May 2026 17:21:34 +0200 Subject: [PATCH 5/5] Update Security.xml --- doc/Security.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/Security.xml b/doc/Security.xml index c9cf63fd1..786a810fd 100644 --- a/doc/Security.xml +++ b/doc/Security.xml @@ -4408,7 +4408,7 @@ certificate in the chain and its associated private key shall be used for signing media as described in the [Media Signing Specification]. This key and certificate are referred to as user provisioned key and certificate in that specification. - If a user-provisioned certification path is configured, it shall be replaced by the + If a user provisioned certification path is configured, it shall be replaced by the new certification path only if it is not in use by an ongoing media streaming session; otherwise, the device shall return a ReferenceExists fault and shall not replace the certification path. @@ -4498,8 +4498,8 @@ AddMediaSigningCertificateAssignment. A device shall support this command if the MediaSigningSupported capability is true. - Response list shall be ordered with factory-provisioned ID first, followed by - user-provisioned ID. + Response list shall be ordered with factory-provisioned ID first, followed by user + provisioned ID. request @@ -5609,7 +5609,7 @@ >AddMediaSigningCertificateAssignment and If there are no active signed streams using manufacturer key, Changed property event with the KeyID set to user provisioned key shall be triggered with 'Effective' status set to True, indicating that - new signed streams shall use the user-provisioned key for signing immediately. + new signed streams shall use the user provisioned key for signing immediately. When user provisioned key is configured via AddMediaSigningCertificateAssignment and If there are active signed streams using manufacturer key, Changed property event with the KeyID set to user @@ -5625,7 +5625,7 @@ >RemoveMediaSigningCertificateAssignment and If there are no active signed streams using user provisioned key, Changed property event with the KeyID set to manufacturer key shall be triggered with 'Effective' status set to False, indicating - that ongoing signed streams shall continue using the user-provisioned key until + that ongoing signed streams shall continue using the user provisioned key until terminated.