Overview of CDM contraints

[jdsmith3000]

The spec defines specific constraints on networking and storage access by CDMs, but doesn't currently have a clear overview of the constraints or the implementation options that might be used to meet them. A summary section could make the overview clearer and help connect the detailed requirements elsewhere in the spec. It would be good to add this summary early in Section 8 Implementation Requirements.

[jdsmith3000]

Resolution of this issue will be held until Issue 407 and Pull Request 394 have been resolved.

[jdsmith3000]

Draft language for the constraints overview is:

8.1 Constraints

User agent implementers MUST ensure that CDMs do not access any information, storage or system capabilities that are not reasonably required for playback of protected media using the features of this specification. Specifically, the CDM SHALL NOT access:

• network resources, either local or remote, except via the user agent, or as part of the user agent, as explicitly permitted by this specification
• storage (disk or memory), except where reasonably required for playback of protected media using the features of this specification
• user data other than CDM state and persistent data
• hardware components or devices, except where reasonably required for playback of protected media features of this specification

User Agent implementers may use various techniques to meet the above requirements. For example, a User Agent implementer also implementing their own CDM may include the above as design requirements for that component. A User Agent implementer making use of a third party CDM may ensure that it executes in a constrained environment (e.g., "sandbox") without access to the prohibited information and components.

[mwatson2]

Typo, 4th bullet: s/media features/media using the features/

[jdsmith3000]

Resolved by PR #411.