Re: [rtcweb] SIP on the Web: presentation and video
Iñaki Baz Castillo <ibc@aliax.net> Tue, 11 October 2011 10:58 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 103AE21F8C4D for <rtcweb@ietfa.amsl.com>; Tue, 11 Oct 2011 03:58:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.496
X-Spam-Level:
X-Spam-Status: No, score=-2.496 tagged_above=-999 required=5 tests=[AWL=0.181, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0qwzFIMAhaxJ for <rtcweb@ietfa.amsl.com>; Tue, 11 Oct 2011 03:58:00 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 6CC7821F8C3E for <rtcweb@ietf.org>; Tue, 11 Oct 2011 03:58:00 -0700 (PDT)
Received: by vws5 with SMTP id 5so6679200vws.31 for <rtcweb@ietf.org>; Tue, 11 Oct 2011 03:57:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.25.75 with SMTP id a11mr17779857vdg.1.1318330679767; Tue, 11 Oct 2011 03:57:59 -0700 (PDT)
Received: by 10.220.118.143 with HTTP; Tue, 11 Oct 2011 03:57:59 -0700 (PDT)
In-Reply-To: <CABRok6mRjcBuWdNiqr8zgsRRcX2T5-_6GWWKwG04FKxrM+syRg@mail.gmail.com>
References: <CABw3bnMESQO=SUvgQFJPxipBNV3tv9gof7JswjEJ919LyoskHw@mail.gmail.com> <CABRok6mRjcBuWdNiqr8zgsRRcX2T5-_6GWWKwG04FKxrM+syRg@mail.gmail.com>
Date: Tue, 11 Oct 2011 12:57:59 +0200
Message-ID: <CALiegfnZoodvgjqiqDNfyA1_Jrvfcw6ZJJqVjx5XNWyg_3tR7w@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: Neil Stratford <neils@belltower.co.uk>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SIP on the Web: presentation and video
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2011 10:58:01 -0000
2011/10/11 Neil Stratford <neils@belltower.co.uk>: > This is a great demo of what you can do in javascript. I hope the SIP proxy implementing WebSocket transport is also an important piece :) > How would you deal with SIP credentials if you didn't want to expose them to > the user but instead use an existing authenticated web session? Would it > require a custom SIP authentication scheme to be implemented in the SIP > proxy/registrar? Good question. There are some alternatives: WebSocket allows sending a "Cookie" header during the WebSocket handshake between client and server (which is a HTTP GET request). Such "Cookie" header is populated by the *web* server once the user has logged in the web (by following any existing login mechanism). Then the WebSocket server could validate the "Cookie" header in order to authenticate SIP requests from the user. If the proxy implementing WebSocket transport is just an outbound proxy (not a registrar for example) it could add a "P-Asserted-Identity" header to the SIP REGISTER request before routing it to the registrar server. Another alternative would be: the user (the web browser) retrieves his SIP username and password from the web server (hopefully by mandating HTTPS) and uses them to calculate the Digest credentials when the SIP proxy replies 401/407. Regards. -- Iñaki Baz Castillo <ibc@aliax.net>
- [rtcweb] SIP on the Web: presentation and video José Luis Millán
- Re: [rtcweb] SIP on the Web: presentation and vid… Iñaki Baz Castillo
- Re: [rtcweb] SIP on the Web: presentation and vid… Neil Stratford
- Re: [rtcweb] SIP on the Web: presentation and vid… Iñaki Baz Castillo
- Re: [rtcweb] SIP on the Web: presentation and vid… Thomas