[rtcweb] usability of IdP concepts in draft-ietf-rtcweb-security-arch-07

Wolfgang Beck <wolfgang.beck01@googlemail.com> Tue, 05 November 2013 17:06 UTC

Return-Path: <wolfgang.beck01@googlemail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1915D11E80D9 for <rtcweb@ietfa.amsl.com>; Tue, 5 Nov 2013 09:06:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wbc88uDn1KRW for <rtcweb@ietfa.amsl.com>; Tue, 5 Nov 2013 09:06:27 -0800 (PST)
Received: from mail-vb0-x230.google.com (mail-vb0-x230.google.com [IPv6:2607:f8b0:400c:c02::230]) by ietfa.amsl.com (Postfix) with ESMTP id BDE0511E8119 for <rtcweb@ietf.org>; Tue, 5 Nov 2013 09:06:26 -0800 (PST)
Received: by mail-vb0-f48.google.com with SMTP id o19so2561816vbm.35 for <rtcweb@ietf.org>; Tue, 05 Nov 2013 09:06:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=03uHyGULlOdYt1sldENfjRVWmjRoGhWrpvwkzfJsq84=; b=H/8v8WsRSBWeFU/AHF63vEf06XYA2GyKMyYyJRRle2R+P7duINBPqx+npF83YjBNgI aGk6ydHkHGvD92j0Y/MhNIiRivUyAvdfzmGwLiY7BgzZqzB5ShIapQRpa+FWwDqCX097 Q6KSGbjeWfSWO4+nEr6Gs8qt1RjUNrKwzR57hIzBYpzIS54cwhPvSt5ieqRJvsmv4Iux SxVbcQT9AlXSl19K7IOc7jODZDcznaogs4zzjVnuHLwvothI6jzMvkSKtE5vUEt1k8B7 xPwlAn1O02PUtFb8TPLl3cPHlYesyu1x7kTNAO9fn3FIxOFNNXQ4yM816UuiVv4Zrowj KY0A==
MIME-Version: 1.0
X-Received: by 10.220.144.80 with SMTP id y16mr16332229vcu.4.1383671185573; Tue, 05 Nov 2013 09:06:25 -0800 (PST)
Received: by 10.58.45.169 with HTTP; Tue, 5 Nov 2013 09:06:25 -0800 (PST)
Date: Tue, 5 Nov 2013 18:06:25 +0100
Message-ID: <CAAJUQMgRqOggVzviMPnvpkwSzYJeEe_1S5K00chdGq-Hghq3Dg@mail.gmail.com>
From: Wolfgang Beck <wolfgang.beck01@googlemail.com>
To: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary=047d7b343974808bc904ea710d05
Subject: [rtcweb] usability of IdP concepts in draft-ietf-rtcweb-security-arch-07
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2013 17:06:28 -0000

What I am missing in this draft is the link between authentication towards
the web server and signing of DTLS info towards the remote party. To make a
call, a user will have to
1) log into the web server application
2) permit the browser to access camera/mic
3) log into the IdP to sign the DTLS info

To receive a call, I will have to
1) log into the web server application
2) permit the browser to access camera/mic when there is a call
3) log into the IdP to sign the DTLS info
..and hope the caller has not given up before I clicked all permission
boxes and entered all user credentials.

Can 1) and 3) be merged somehow? How would you explain 3) to a user?


Wolfgang Beck