Netflix users on Windows and OS X currently depend on Microsoft's Silverlight plugin to watch videos. With Silverlight no longer under active development, the company is looking at alternative delivery systems for its app-free, browser-based video delivery.

The answer it picked is, unsurprisingly, HTML5, but as the company details in a blog post, it's not up to the challenge just yet. The sticking point, again unsurprisingly, is DRM. Netflix's Silverlight player protects the content that it plays, and the company needs to maintain a similar level of protection in its HTML5 successor.

That isn't possible today, but with a trio of features currently being worked on under the remit of W3C, the World Wide Web Consortium, it soon will be.

Two of the features are relatively uncontentious. The <video> element that underpins HTML5-based video playback presently uses a specific URL or URLs as its data source. Netflix, however, performs dynamic management of the source, so that, for example, it can switch to lower bitrate streams if it detects a deterioration in network conditions. The Media Source Extensions (MSE) extends the <video> element to give JavaScript this kind of control.

The Web Cryptography (WebCrypto) API provides a JavaScript API for various standard cryptographic features such as hashing and encryption. This can be used for many things, such as client-side encrypted data storage, client-side generation of signed documents and e-mail message, and client-side secure instant messaging.

The third feature is, however, unwelcome for many. Encrypted Media Extensions (EME) provide an API that allows using encrypted media streams with HTML5's <video> and <audio> tags. EME defines how HTML5 browsers will detect that encrypted streams are being used, and then look up an appropriate Content Decryption Module (CDM) that will verify that the license is being properly respected, and then decrypt the data.

The announcement in February that W3C had deemed EME to be in scope for HTML5's development, and hence something that can be developed under W3C's banner, was not universally welcomed by the Web community. Content owners, and some of those providing services to content owners (both directly, such as Netflix, and indirectly, such as Microsoft and Google, with Internet Explorer and Chrome, respectively) regard EME as either desirable, or at least necessary, if premium video content is to move to HTML5.

For them, the choice is between "Silverlight/Flash/custom apps with DRM" and "HTML5 with DRM." "HTML5 without DRM" simply isn't in the running.

Countering that group are those who say variously that DRM is ineffective, DRM undermines users' rights, and that CDMs allow non-standard, proprietary code to be injected into the browser. In that light, it serves much the same role as plugins anyway, and as such, EME contradicts the goals of the open Web. Most or all CDMs are likely to be proprietary, unmodifiable code, to reduce the chance that they are tampered with.

Currently, the Chrome browser and Chrome OS have preliminary support for MSE and EME. Netflix is using both of these on Chrome OS to provide Netflix video to Chromebook users. It's using a plugin for WebCrypto; once that's included in Chrome, the plugin will be removed. From there, Netflix will begin testing its HTML5 player in Chrome on both Windows and OS X.