I'm a little thrown off by the description of PlayReady support in 4.8SDK:
"Only direct PlayReady licensing is supported. Indirect licensing is currently unsupported. That is, for decryption to work, the ProtectionHeader must be available in the manifest and the LA_URL should contain a valid URL to an accessible PlayReady license server."
Usually PlayReady would require some sort of business logic or authentication be exchanged with an entity before issuing a license. Otherwise anyone who has the stream URL could in theory play back the content, since access to the license server is not protected.
I've worked with a PlayReady DRM provider that requires that you pass in some Challenge Data along with the license request. The license server has the capability of validating that challenge data.
Is there anything similar with Roku implementation? Perhaps I am misunderstanding how the implementation would work on the Roku.