Re: [rtcweb] usability of IdP concepts in draft-ietf-rtcweb-security-arch-07

Martin Thomson <martin.thomson@gmail.com> Wed, 06 November 2013 19:14 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFAF511E80DE for <rtcweb@ietfa.amsl.com>; Wed, 6 Nov 2013 11:14:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.522
X-Spam-Level:
X-Spam-Status: No, score=-2.522 tagged_above=-999 required=5 tests=[AWL=0.078, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYSLBXS+JLSl for <rtcweb@ietfa.amsl.com>; Wed, 6 Nov 2013 11:14:28 -0800 (PST)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) by ietfa.amsl.com (Postfix) with ESMTP id 003A721F9FD5 for <rtcweb@ietf.org>; Wed, 6 Nov 2013 11:14:27 -0800 (PST)
Received: by mail-wi0-f180.google.com with SMTP id ey11so4224386wid.13 for <rtcweb@ietf.org>; Wed, 06 Nov 2013 11:14:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=O11Snpe3Oh5rIvSxWtrB/LuTGEViNjjLHwflEVP5gFw=; b=pnmTqXlIht/SCEFX3wEacMt1/8pFyXOtbAkUTTFPvWUzC90yTHrGI+Szh9JFGHVkpe v4FrFMy8Qxgm2q1ZhY7IKU82AuUdFHQyz9dIJVNQNQ+xeBj2o85nORS933zdklvOT1qU /bTFdLN2Vvi7pGAeTUTPVZ0BIDaCAOh+NVbQD10uOAJAx4ID8LTgHcONrsPK5IHqMKeP 8tWs0tofqvP9gp9Ce6LIXuwAwVbmYVUcFnL3ts5061htS5jvMA9DqiTfMleJKtB76l5s QzhsRXUB6+LGQRdQWxJNWtfpBzse7Qr0RgAKcyBYmzKgCUfzGGOQ9/93s4vaQE8fXVUm bzdQ==
MIME-Version: 1.0
X-Received: by 10.194.1.139 with SMTP id 11mr3841912wjm.33.1383765267233; Wed, 06 Nov 2013 11:14:27 -0800 (PST)
Received: by 10.227.202.194 with HTTP; Wed, 6 Nov 2013 11:14:27 -0800 (PST)
In-Reply-To: <CAAJUQMgXX1+7xa2pOioZBhMO9h9m71xian8kEaFNr+O=cvqLyQ@mail.gmail.com>
References: <CAAJUQMgRqOggVzviMPnvpkwSzYJeEe_1S5K00chdGq-Hghq3Dg@mail.gmail.com> <52795BF0.1020207@makk.es> <CAAJUQMj2_sXtyTf=SugJWA81Ho_+G5WJN4QCfv1Z1FQdZL=Reg@mail.gmail.com> <CABkgnnUJSWz9fqUNSp3+RGyFpHVddXWHq9Y2nMTMUf9n2H798Q@mail.gmail.com> <CAAJUQMjmWsTmvkWDgJeNuocWYAiTerT=P7fMHbXRx6mjfe9DMg@mail.gmail.com> <CABkgnnWv5DkD+hhadhB2juNP+kAzNn2wK895FKVMO_OEohv=MA@mail.gmail.com> <CAAJUQMgnoSOh+mWP9zv8P=LcLjkCcJL-t35FnWZ6JZxw0KEudQ@mail.gmail.com> <CABkgnnXMM6eMFcHJSPOy6oKo_SNEC0+08RMWXAdeBPtubNrjyQ@mail.gmail.com> <CAAJUQMgXX1+7xa2pOioZBhMO9h9m71xian8kEaFNr+O=cvqLyQ@mail.gmail.com>
Date: Wed, 06 Nov 2013 11:14:27 -0800
Message-ID: <CABkgnnUvSfHD7LQKnO=Ss_3m3Et3=iDE5t99gHRDNvTfzecX5A@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Wolfgang Beck <wolfgang.beck01@googlemail.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] usability of IdP concepts in draft-ietf-rtcweb-security-arch-07
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 19:14:28 -0000

On 6 November 2013 05:45, Wolfgang Beck <wolfgang.beck01@googlemail.com> wrote:
> Let's say the user authenticated with my webrtc service using google openid.
> The webrtc server asked for the attribute 'display name'. The OpenID server
> asks the user:'Can I tell webrtc server your display name y/n?'. Now the
> peerconnection object asks the openid server for authentication and the
> attribute 'email address', to get an rfc822 style name it can return to the
> JS. This is a new permission the user has to grant. And I dont know which
> openid attribute the peerconnection obj is going to use. It can even change
> dynamically when google changes the .well-known/idp document.


This is, overall, correct.  However, do you think that you have to
login every time that you load or reload a webpage?