Here's the thing. As far as I can tell, you can play back any content that plays back in your iPhone's iPod and video applications on any Apple TV. That includes DRM content, all that encrypted stuff that normally requires you to register your computer with your iTunes account.
Somehow the AirPlay protocol sends over enough information to the Apple TV to allow that device to gain at least temporary authorization to play the media you stream to it. From what I've been able to find out, that authentication step seems to be transmitted via a simple key using a message that looks something like this...
POST /authorize HTTP/1.1
The authorize transmission sends what appears to be a Base-64 encoded string that contains the authentication information needed by Apple TV. That string changes each time you send a video, even if it's the same video from the same device. This suggests that the data includes some kind of timestamp to limit the session during which the Apple TV is authorized to play back the rights-managed media.
The way that iOS devices deal with protected media is that no DRM content can be synced to them unless the home computer is authorized to play that content, via an iTunes account. This means that any DRM-protected media on the device (playable in the iPod or Video applications) is basically pre-cleared for playback by virtue of its original sync.
Creating a simple key authentication like this retains the integrity of the original licensing while permitting the device to send data to a transient intermediary. Apple TV does not retain or store the media it plays back once playback has finished.
Perhaps this is a hint as to why we have not yet seen an AirPlay feature hit Mac OS X (or at least not officially). Until Apple engineers can implement a way to transiently and securely view data from third-party devices, they could be unable to deliver that data to the desktop under existing agreements with content providers.
I know I should finish with some kind of AirPlay/FairPlay DRM pun, but nothing springs to mind. Please feel free to share yours in the comments.
Thanks, Steven Troughton-Smith, Matthias Ringwald