Uniform client workflow for multi-DRM scenarios

[sandersaares]

This is the implementation of #300.

The security chapter has major additions/refactoring here, describing DRM client workflows and definig optional license request protocol extensions designed to enable highly interoperable DRM operation (driven entirely by the MPD, without the need for any DASH client customization or configuration).

The change is not only additive - existing ISOBMFF/MPD constraint chapters were reworked to better map to a "big picture" world view where we also make recommendations for client behavior, not only content format. Furthermore, ISOBMFF references were replaced with CMAF (at least in the chapters that were touched - some were left unmodified).

The workflows incorporating newly defined MPD elements are described as optional ("SHOULD") whereas the workflows describing already de-facto expected behavior based on widespread practices are often described as mandatory ("SHALL").

Parts of the described workflows are already implemented in dash.js 3.0 (Dash-Industry-Forum/dash.js#2953).

Axinom DRM has endpoints accepting requests following this protocol: https://github.com/Axinom/Axinom.Drm.BearerAuthLicenseServerProxy

DASH-IF has a test token provider service: https://github.com/Dash-Industry-Forum/test-vectors-drm-authz-token-provider (hardcoded tokens only for now)

Test video with conforming signaling for purely MPD-driven playback is available at: https://media.axprod.net/TestVectors/v7-MultiDRM-SingleKey/Manifest_1080p_Issue300Signaling.mpd

[documentbot]

Automated build report

Build was successful. Outputs:

• HTML document
• HTML diff with target branch
• PDF document
• Download PDF + HTML as archive

This comment will be updated after each build. Last update was at 2019-11-25 13:29:22Z.

[sandersaares]

Added text related to robustness and capability negotiation. Added authzurl to schema and adjusted laurl schema to be simpler (no legacy).

[sandersaares]

More updates:

• Reprocessed "additional constraints" section, merging/deduplicating/moving as appropriate.
• Merging low latency constraints into rest of the text (they were not very low latency specific and were partly already duplicated)
• Added some diagrams.
• Restored and updated chapter describing content protection related box structure.
• Resolved cenc/cbcs conflict with CMAF presentatation profiles.
• Added chapter on client architecture, to define some terms used in the workflows.
• Reworded robustness topic based on review comments.

[sandersaares]

Updated based on 10 Oct review.

• Added chapter on content protection policies, explaining the impact of these policies on DASH client behavior.
• Other minor adjustments

[sandersaares]

The error handling chapter defines some common problem situations. We should come up with a good list here - the ones currently specified are the bare minimum and it is likely that more entries would be beneficial here. I request input from other contributors on this aspect.

[sandersaares]

Contents of this pull request are moved to a separate repository to continue lifecycle of the security chapter as a separate document: https://github.com/Dash-Industry-Forum/Guidelines-Security