[OAUTH-WG] Review of draft-ietf-tram-turn-third-party-authz-01

[Hannes Tschofenig <hannes.tschofenig@gmx.net>]

Hi all,

Simon asked us (Derek and myself) to do a quick review of this document
developed within another working group that happens to use OAuth.

* Background

TURN is a special tunnelling gateway (very much like an IPsec gateway
would be) but designed specifically to relay voice/video traffic. To
prevent attacks a TURN client (such as a VoIP phone) uses a shared
secret (username & password) with the TURN server (=gateway).

So, if Alice calls Bob and uses a TURN server then her VoIP client uses
SIP or WebRTC (as a signaling protocol) to establish the necessary
communication so that voice packets can be exchanged between the two
VoIP clients with the help of the TURN server.

The main idea of this document is to re-use OAuth to authorize the use
of this TURN server.

* The Design

I would have used OAuth as is (or maybe selected a specific grant type)
to obtain an access token. Then, I would have defined how the access
token is carried in the TURN protocol. This is a bit similar what we
have already done with the OAuth SASL draft where we defined a new way
to convey the access token from the SASL client to the SASL server.

How did the authors solve that problem? They pretty much did what I just
explained. Since TURN does not use DTLS (or TLS) the proof-of-possession
security work we are doing becomes relevant (namely the symmetric
key-based part).

Putting discovery information in-band into the exchange is also find
(which is what we did in the SASL document).

Instead of using the JWT access token format the authors have defined a
new, binary encoding to keep the size smaller. The OAuth framework
allows other token formats to be used - so that's fine as well.
(As a minor remark, I would use AEAD ciphers here since that's what
everyone is doing noways.)

Two things surprised me:

a) The spec leaves the way to obtain the access token pretty much open.
A big benefit from using OAuth is that there is a protocol mechanism
defined for getting the access token. You could, for example, recommend
using authorization code flow. This concerns the text written in Section 4.

b) You describe a key establishment scheme to be used between the
resource server and the authorization server. What assumption do you
make about the relationship between the authorization server and the
resource server? Are they supposed to have a business relationship or
some other relationship with each other?

Minor aspects:

 * Would the TURN server name really be an email alike address rather
than a URI?

 * Would you use Dynamic Client Registration to provision the client
with the necessary parameter? Is there the expectation that random
clients would work with random authorization servers?

 * Wouldn't you want to define a scope value for use with the TURN
service so that the authorization server is able to restrict the access
token for use with TURN only?

 * Crypto algorithm negotiation: would you expect the authorization
server to tell the client what crypto algorithms to use (since the
authorization server not only needs to share a key with the resource
server but also needs to have knowledge about the supported
cryptographic algorithms)?

 * In your TURN <-> OAuth terminology mapping you say that the resource
owner corresponds to the RTCWeb server. I don't think that's true. The
resource owner is the user but I believe you are trying to say that the
user grants authorization implicitly by making a WebRTC call.

Ciao
Hannes