[pornel]

It doesn't work as you imagine. You can't use the EME spec for anything. It is equivalent to saying Flash is a Web Standard, because the spec says you invoke it with <object type="flash"> with no further details (which is less than NPAPI that actual Flash used to use).

The spec, both for browser developers and site authors, is completely impossible to use without a secret unspecified component. EME CDM isn't even a real component, but a spec placeholder for arbitrary vendor-specific code that has no standard API, and intentionally never will.

That secret component is for all practical purposes absolutely necessary and implements 99% of the functionality. The only key exchange scheme described in EME is a deliberate misdirection, and it's not used by anyone.

I can't emphasize enough how sleazy EME is. Google and Netflix have devised and documented a key exchange scheme nobody asked for, nobody uses, and even they have explicitly said they will never use it. The only purpose of this spec is to merely exist, so that DRM vendors like Google can exploit the confusion to say their closed proprietary DRM, which is not in the spec, and doesn't even work the way spec describes DRMs, is somehow a standard.

(I was an Invited Expert in W3C HTML Working Group when this spec was being written)