< draft-ietf-bfcpbis-bfcp-websocket-10.txt   draft-ietf-bfcpbis-bfcp-websocket-11.txt >
BFCPBIS Working Group V. Pascual BFCPBIS Working Group V. Pascual
Internet-Draft Oracle Internet-Draft Oracle
Intended status: Standards Track A. Roman Intended status: Standards Track A. Roman
Expires: December 16, 2016 Quobis Expires: April 19, 2017 Quobis
S. Cazeaux S. Cazeaux
France Telecom Orange France Telecom Orange
G. Salgueiro G. Salgueiro
R. Ravindranath R. Ravindranath
Cisco Cisco
S. Garcia Murillo S. Garcia Murillo
Medooze Medooze
June 14, 2016 October 16, 2016
The WebSocket Protocol as a Transport for the Binary Floor Control The WebSocket Protocol as a Transport for the Binary Floor Control
Protocol (BFCP) Protocol (BFCP)
draft-ietf-bfcpbis-bfcp-websocket-10 draft-ietf-bfcpbis-bfcp-websocket-11
Abstract Abstract
The WebSocket protocol enables two-way realtime communication between The WebSocket protocol enables two-way realtime communication between
clients and servers. This document specifies a new WebSocket sub- clients and servers. This document specifies a new WebSocket sub-
protocol as a reliable transport mechanism between Binary Floor protocol as a reliable transport mechanism between Binary Floor
Control Protocol (BFCP) entities to enable usage of BFCP in new Control Protocol (BFCP) entities to enable usage of BFCP in new
scenarios. scenarios.
Status of This Memo Status of This Memo
skipping to change at page 1, line 43 skipping to change at page 1, line 43
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 16, 2016. This Internet-Draft will expire on April 19, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 33 skipping to change at page 2, line 33
4.2. BFCP Encoding . . . . . . . . . . . . . . . . . . . . . . 5 4.2. BFCP Encoding . . . . . . . . . . . . . . . . . . . . . . 5
5. Transport Reliability . . . . . . . . . . . . . . . . . . . . 6 5. Transport Reliability . . . . . . . . . . . . . . . . . . . . 6
6. SDP Considerations . . . . . . . . . . . . . . . . . . . . . 6 6. SDP Considerations . . . . . . . . . . . . . . . . . . . . . 6
6.1. Transport Negotiation . . . . . . . . . . . . . . . . . . 6 6.1. Transport Negotiation . . . . . . . . . . . . . . . . . . 6
6.2. SDP Media Attributes . . . . . . . . . . . . . . . . . . 7 6.2. SDP Media Attributes . . . . . . . . . . . . . . . . . . 7
7. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 7 7. SDP Offer/Answer Procedures . . . . . . . . . . . . . . . . . 7
7.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 7 7.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 7
7.2. Example Usage of 'wss-uri' SDP Attribute . . . . . . . . 7 7.2. Example Usage of 'wss-uri' SDP Attribute . . . . . . . . 7
8. Authentication . . . . . . . . . . . . . . . . . . . . . . . 8 8. Authentication . . . . . . . . . . . . . . . . . . . . . . . 8
9. Security Considerations . . . . . . . . . . . . . . . . . . . 9 9. Security Considerations . . . . . . . . . . . . . . . . . . . 9
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
10.1. Registration of the WebSocket BFCP Sub-Protocol . . . . 10 10.1. Registration of the WebSocket BFCP Sub-Protocol . . . . 10
10.2. Registration of the 'TCP/WS/BFCP' and 'TCP/WSS/BFCP' SDP 10.2. Registration of the 'TCP/WS/BFCP' and 'TCP/WSS/BFCP' SDP
'proto' Values . . . . . . . . . . . . . . . . . . . . . 10 'proto' Values . . . . . . . . . . . . . . . . . . . . . 10
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
12.1. Normative References . . . . . . . . . . . . . . . . . . 10 12.1. Normative References . . . . . . . . . . . . . . . . . . 11
12.2. Informative References . . . . . . . . . . . . . . . . . 11 12.2. Informative References . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
The WebSocket [RFC6455] protocol enables two-way message exchange The WebSocket [RFC6455] protocol enables two-way message exchange
between clients and servers on top of a persistent TCP connection, between clients and servers on top of a persistent TCP connection,
optionally secured with Transport Layer Security (TLS) [RFC5246]. optionally secured with Transport Layer Security (TLS) [RFC5246].
The initial protocol handshake makes use of Hypertext Transfer The initial protocol handshake makes use of Hypertext Transfer
Protocol (HTTP) [RFC7230] semantics, allowing the WebSocket protocol Protocol (HTTP) [RFC7230] semantics, allowing the WebSocket protocol
skipping to change at page 5, line 11 skipping to change at page 5, line 11
protocol layered on top of a WebSocket connection. This document protocol layered on top of a WebSocket connection. This document
specifies the WebSocket BFCP sub-protocol for carrying BFCP messages specifies the WebSocket BFCP sub-protocol for carrying BFCP messages
over a WebSocket connection. over a WebSocket connection.
4.1. Handshake 4.1. Handshake
The BFCP WebSocket Client and BFCP WebSocket Server negotiate usage The BFCP WebSocket Client and BFCP WebSocket Server negotiate usage
of the WebSocket BFCP sub-protocol during the WebSocket handshake of the WebSocket BFCP sub-protocol during the WebSocket handshake
procedure as defined in Section 1.3 of [RFC6455]. The Client MUST procedure as defined in Section 1.3 of [RFC6455]. The Client MUST
include the value "bfcp" in the Sec-WebSocket-Protocol header in its include the value "bfcp" in the Sec-WebSocket-Protocol header in its
handshake request. The 101 reply from the Server MUST contain "bfcp" handshake request. The 101 reply from the Server MUST contain "BFCP"
in its corresponding Sec-WebSocket-Protocol header. in its corresponding Sec-WebSocket-Protocol header.
Below is an example of a WebSocket handshake in which the Client Below is an example of a WebSocket handshake in which the Client
requests the WebSocket BFCP sub-protocol support from the Server: requests the WebSocket BFCP sub-protocol support from the Server:
GET / HTTP/1.1 GET / HTTP/1.1
Host: bfcp-ws.example.com Host: bfcp-ws.example.com
Upgrade: websocket Upgrade: websocket
Connection: Upgrade Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
skipping to change at page 6, line 21 skipping to change at page 6, line 21
WebSocket [RFC6455] provides a reliable transport and therefore the WebSocket [RFC6455] provides a reliable transport and therefore the
BFCP WebSocket sub-protocol defined by this document also provides BFCP WebSocket sub-protocol defined by this document also provides
reliable BFCP transport. Thus, client and server transactions using reliable BFCP transport. Thus, client and server transactions using
WebSocket for transport MUST follow the procedures for reliable WebSocket for transport MUST follow the procedures for reliable
transports as defined in [I-D.ietf-bfcpbis-rfc4582bis] and transports as defined in [I-D.ietf-bfcpbis-rfc4582bis] and
[I-D.ietf-bfcpbis-rfc4583bis]. [I-D.ietf-bfcpbis-rfc4583bis].
BFCP WebSocket clients cannot receive incoming WebSocket connections BFCP WebSocket clients cannot receive incoming WebSocket connections
initiated by any other peer. This means that a BFCP WebSocket client initiated by any other peer. This means that a BFCP WebSocket client
MUST actively initiate a connection towards a BFCP WebSocket server. MUST actively initiate a connection towards a BFCP WebSocket server.
The BFCP server is a server, on the Internet, and thus doesn't need
ICE and thus the clients always initiate connection to it, and the
clients only validate its certificate and the clients do not include
their certificate in TLS ClientHello.
Each BFCP message MUST be carried within a single WebSocket message, Each BFCP message MUST be carried within a single WebSocket message,
and a WebSocket message MUST NOT contain more than one BFCP message. and a WebSocket message MUST NOT contain more than one BFCP message.
6. SDP Considerations 6. SDP Considerations
6.1. Transport Negotiation 6.1. Transport Negotiation
Rules to generate an 'm' line for a BFCP stream are described in Rules to generate an 'm' line for a BFCP stream are described in
[I-D.ietf-bfcpbis-rfc4583bis], Section 3 [I-D.ietf-bfcpbis-rfc4583bis], Section 3
skipping to change at page 8, line 49 skipping to change at page 8, line 49
Section 9 of [I-D.ietf-bfcpbis-rfc4582bis] states that BFCP clients Section 9 of [I-D.ietf-bfcpbis-rfc4582bis] states that BFCP clients
and floor control servers SHOULD authenticate each other prior to and floor control servers SHOULD authenticate each other prior to
accepting messages, and RECOMMENDS that mutual TLS/DTLS accepting messages, and RECOMMENDS that mutual TLS/DTLS
authentication be used. However, browser-based WebSocket clients authentication be used. However, browser-based WebSocket clients
have no control over the use of TLS in the WebSocket API [WS-API], so have no control over the use of TLS in the WebSocket API [WS-API], so
it is RECOMMENDED that standard Web-based methods for client and it is RECOMMENDED that standard Web-based methods for client and
server authentication are used, as follows. server authentication are used, as follows.
When a BFCP WebSocket client connects to a BFCP WebSocket server, it When a BFCP WebSocket client connects to a BFCP WebSocket server, it
SHOULD use TCP/WSS as its transport. The WebSocket client SHOULD SHOULD use TCP/WSS as its transport. The WebSocket client MUST
inspect the TLS certificate offered by the server and verify that it follow the procedures in [RFC7525] while setting up TLS connection
is valid. with webSocket server. The BFCP client validates the server by means
of verifying server certificate and this requires wss-uri contains a
hostname. a=fingerprint is not used here in the verification process.
Since the WebSocket API does not distinguish between certificate Since the WebSocket API does not distinguish between certificate
errors and other kinds of failure to establish a connection, it is errors and other kinds of failure to establish a connection, it is
expected that browser vendors will warn end users directly of any expected that browser vendors will warn end users directly of any
kind of problem with the server certificate. kind of problem with the server certificate.
A floor control server that receives a message over TCP/WS can A floor control server that receives a message over TCP/WS can
request the use of TCP/WSS by generating an Error message, as request the use of TCP/WSS by generating an Error message, as
described in Section 13.8 of [I-D.ietf-bfcpbis-rfc4582bis], with an described in Section 13.8 of [I-D.ietf-bfcpbis-rfc4582bis], with an
Error code with a value of 9 (use TLS). Error code with a value of 9 (use TLS).
Prior to sending BFCP requests, a BFCP WebSocket client connects to a Prior to sending BFCP requests, a BFCP WebSocket client connects to a
BFCP WebSocket server and performs the connection handshake. As BFCP WebSocket server and performs the connection handshake. As
described in Section 3 the handshake procedure involves a HTTP GET described in Section 3 the handshake procedure involves a HTTP GET
method request from the client and a response from the server method request from the client and a response from the server
including an HTTP 101 status code. including an HTTP 101 status code.
In order to authorize the WebSocket connection, the BFCP WebSocket In order to authorize the WebSocket connection, the BFCP WebSocket
server MAY inspect any cookie [RFC6265] headers present in the HTTP server SHOULD inspect any cookie [RFC6265] headers present in the
GET request. For many web applications the value of such a cookie is HTTP GET request. For many web applications the value of such a
provided by the web server once the user has authenticated themselves cookie is provided by the web server once the user has authenticated
to the web server, which could be done by many existing mechanisms. themselves to the web server, which could be done by many existing
As an alternative method, the BFCP WebSocket Server could request mechanisms. As an alternative method, the BFCP WebSocket Server
HTTP authentication by replying to the Client's GET method request could request HTTP authentication by replying to the Client's GET
with a HTTP 401 status code. The WebSocket protocol [RFC6455] covers method request with a HTTP 401 status code. The WebSocket protocol
this usage in Section 4.1: [RFC6455] covers this usage in Section 4.1:
If the status code received from the server is not 101, the If the status code received from the server is not 101, the
WebSocket client stack handles the response per HTTP [RFC7230] WebSocket client stack handles the response per HTTP [RFC7230]
procedures, in particular the client might perform authentication procedures, in particular the client might perform authentication
if it receives 401 status code. if it receives 401 status code.
9. Security Considerations 9. Security Considerations
Considerations from [I-D.ietf-bfcpbis-rfc4582bis], Considerations from [I-D.ietf-bfcpbis-rfc4582bis],
[I-D.ietf-bfcpbis-rfc4583bis] and RFC5018 [RFC5018] apply. [I-D.ietf-bfcpbis-rfc4583bis] and RFC5018 [RFC5018] apply.
BFCP relies on lower-layer security mechanisms to provide replay and BFCP relies on lower-layer security mechanisms to provide replay and
integrity protection and confidentiality. It is RECOMMENDED that the integrity protection and confidentiality. It is RECOMMENDED that the
BFCP traffic transported over a WebSocket communication be protected BFCP traffic transported over a WebSocket communication be protected
by using a secure WebSocket connection (using TLS [RFC5246] over by using a secure WebSocket connection (using TLS [RFC5246] over
TCP). TCP). The security model here is a typical webserver-client model
where the client validates the server certificate and then connects
to the server.
10. IANA Considerations 10. IANA Considerations
10.1. Registration of the WebSocket BFCP Sub-Protocol 10.1. Registration of the WebSocket BFCP Sub-Protocol
This specification requests IANA to register the WebSocket BFCP sub- This specification requests IANA to register the WebSocket BFCP sub-
protocol under the "WebSocket Subprotocol Name" Registry with the protocol under the "WebSocket Subprotocol Name" Registry with the
following data: following data:
Subprotocol Identifier: bfcp Subprotocol Identifier: bfcp
Subprotocol Common Name: WebSocket Transport for BFCP (Binary Floor Subprotocol Common Name: WebSocket Transport for BFCP (Binary Floor
Control Protocol) Control Protocol)
skipping to change at page 10, line 42 skipping to change at page 10, line 45
Figure 1: Values for the SDP 'proto' Field Figure 1: Values for the SDP 'proto' Field
[[NOTE TO RFC EDITOR: Please change XXXX to the number assigned to [[NOTE TO RFC EDITOR: Please change XXXX to the number assigned to
this specification, and remove this paragraph on publication.]] this specification, and remove this paragraph on publication.]]
11. Acknowledgements 11. Acknowledgements
The authors want to thank Robert Welbourn, from Acme Packet, who made The authors want to thank Robert Welbourn, from Acme Packet, who made
significant contributions to the first version of this document. significant contributions to the first version of this document.
This work benefited from the thorough review and constructive This work benefited from the thorough review and constructive
comments of Charles Eckel, Christer Holmberg and Paul Kyzivat. comments of Charles Eckel, Christer Holmberg, Paul Kyzivat and Dan
Wing.
12. References 12. References
12.1. Normative References 12.1. Normative References
[I-D.ietf-bfcpbis-rfc4582bis] [I-D.ietf-bfcpbis-rfc4582bis]
Camarillo, G., Drage, K., Kristensen, T., Ott, J., and C. Camarillo, G., Drage, K., Kristensen, T., Ott, J., and C.
Eckel, "The Binary Floor Control Protocol (BFCP)", draft- Eckel, "The Binary Floor Control Protocol (BFCP)", draft-
ietf-bfcpbis-rfc4582bis-16 (work in progress), November ietf-bfcpbis-rfc4582bis-16 (work in progress), November
2015. 2015.
[I-D.ietf-bfcpbis-sdp-ws-uri] [I-D.ietf-bfcpbis-sdp-ws-uri]
R, R. and G. Salgueiro, "Session Description Protocol R, R. and G. Salgueiro, "Session Description Protocol
skipping to change at page 11, line 14 skipping to change at page 11, line 15
[I-D.ietf-bfcpbis-rfc4582bis] [I-D.ietf-bfcpbis-rfc4582bis]
Camarillo, G., Drage, K., Kristensen, T., Ott, J., and C. Camarillo, G., Drage, K., Kristensen, T., Ott, J., and C.
Eckel, "The Binary Floor Control Protocol (BFCP)", draft- Eckel, "The Binary Floor Control Protocol (BFCP)", draft-
ietf-bfcpbis-rfc4582bis-16 (work in progress), November ietf-bfcpbis-rfc4582bis-16 (work in progress), November
2015. 2015.
[I-D.ietf-bfcpbis-sdp-ws-uri] [I-D.ietf-bfcpbis-sdp-ws-uri]
R, R. and G. Salgueiro, "Session Description Protocol R, R. and G. Salgueiro, "Session Description Protocol
(SDP) WebSocket Connection URI Attribute", draft-ietf- (SDP) WebSocket Connection URI Attribute", draft-ietf-
bfcpbis-sdp-ws-uri-04 (work in progress), May 2016. bfcpbis-sdp-ws-uri-05 (work in progress), July 2016.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in [RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in
the Session Description Protocol (SDP)", RFC 4145, the Session Description Protocol (SDP)", RFC 4145,
DOI 10.17487/RFC4145, September 2005, DOI 10.17487/RFC4145, September 2005,
<http://www.rfc-editor.org/info/rfc4145>. <http://www.rfc-editor.org/info/rfc4145>.
skipping to change at page 11, line 40 skipping to change at page 11, line 41
[RFC6455] Fette, I. and A. Melnikov, "The WebSocket Protocol", [RFC6455] Fette, I. and A. Melnikov, "The WebSocket Protocol",
RFC 6455, DOI 10.17487/RFC6455, December 2011, RFC 6455, DOI 10.17487/RFC6455, December 2011,
<http://www.rfc-editor.org/info/rfc6455>. <http://www.rfc-editor.org/info/rfc6455>.
12.2. Informative References 12.2. Informative References
[I-D.ietf-bfcpbis-rfc4583bis] [I-D.ietf-bfcpbis-rfc4583bis]
Camarillo, G., Kristensen, T., and P. Jones, "Session Camarillo, G., Kristensen, T., and P. Jones, "Session
Description Protocol (SDP) Format for Binary Floor Control Description Protocol (SDP) Format for Binary Floor Control
Protocol (BFCP) Streams", draft-ietf-bfcpbis-rfc4583bis-13 Protocol (BFCP) Streams", draft-ietf-bfcpbis-rfc4583bis-16
(work in progress), February 2016. (work in progress), September 2016.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, (TLS) Protocol Version 1.2", RFC 5246,
DOI 10.17487/RFC5246, August 2008, DOI 10.17487/RFC5246, August 2008,
<http://www.rfc-editor.org/info/rfc5246>. <http://www.rfc-editor.org/info/rfc5246>.
[RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265,
DOI 10.17487/RFC6265, April 2011, DOI 10.17487/RFC6265, April 2011,
<http://www.rfc-editor.org/info/rfc6265>. <http://www.rfc-editor.org/info/rfc6265>.
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Message Syntax and Routing", Protocol (HTTP/1.1): Message Syntax and Routing",
RFC 7230, DOI 10.17487/RFC7230, June 2014, RFC 7230, DOI 10.17487/RFC7230, June 2014,
<http://www.rfc-editor.org/info/rfc7230>. <http://www.rfc-editor.org/info/rfc7230>.
[RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre,
"Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security
(DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May
2015, <http://www.rfc-editor.org/info/rfc7525>.
[WS-API] W3C and I. Hickson, Ed., "The WebSocket API", May 2012. [WS-API] W3C and I. Hickson, Ed., "The WebSocket API", May 2012.
Authors' Addresses Authors' Addresses
Victor Pascual Victor Pascual
Oracle Oracle
Email: victor.pascual.avila@oracle.com Email: victor.pascual.avila@oracle.com
Anton Roman Anton Roman
 End of changes. 17 change blocks. 
24 lines changed or deleted 39 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/