Re: [rtcweb] Signalling, SDP, and the way we think about interconnecting RTCWEB applications

Randell Jesup <> Mon, 17 October 2011 15:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8D86121F8C44 for <>; Mon, 17 Oct 2011 08:05:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.539
X-Spam-Status: No, score=-2.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id L+mAKyOZkzk4 for <>; Mon, 17 Oct 2011 08:05:01 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1689621F8C3A for <>; Mon, 17 Oct 2011 08:05:00 -0700 (PDT)
Received: from ([] helo=[]) by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <>) id 1RFokO-00032U-6m for; Mon, 17 Oct 2011 10:05:00 -0500
Message-ID: <>
Date: Mon, 17 Oct 2011 11:00:26 -0400
From: Randell Jesup <>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
References: <AAE428925197FE46A5F94ED6643478FEA925614C6A@HE111644.EMEA1.CDS.T-INTERNAL.COM> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
Subject: Re: [rtcweb] Signalling, SDP, and the way we think about interconnecting RTCWEB applications
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 17 Oct 2011 15:05:01 -0000

On 10/17/2011 2:14 AM, Wolfgang wrote:
> On Mon, Oct 17, 2011 at 5:34 AM, Randell Jesup<>  wrote:
>>> In my model the server would know what type of call was set up as it
>>> always controls both ends of the call. If some other application
>>> controls the calling party, you need some standardized protocol like
>>> SDP.
>> So the server negotiates the parameters?  I'm not sure what "my model" means
>> here (and I reviewed earlier messages from you here).

> I didn't have company email access during the weekend and I'm the author of
> The idea
> is to always use
> only one RTCWEB server and authenticate/authorize unknown users by 3rd party
> authentication. Like commenting on a blog using OpenID.

Ok, I looked at draft-beck-rtcweb-alt-ic.

One huge problem with it: it's based on an assumption that for most 
cases of federation and cross-service calls won't hold: that clients 
will use the same client JS app, and the services are just providing 
different realms/methods of authentication and user-lookup.

Also, your draft doesn't explain how A & B came to be talking to the 
same server in the first place.  The draft seems mostly focused on how a 
single provider can use a shared authentication scheme (and I would 
suggest that we try to find a provider-agnostic way to leverage id 
systems such as BrowserID and/or OpenID to provide end-user identification).

You should talk to ekr who's writing the security draft and see if you 
can merge some of these ideas into it.

I don't think it in any way helps our signalling/SDP/etc discussion, my 

Randell Jesup