Re: [rtcweb] WebRTC REF for OAUTH based TURN
Harald Alvestrand <harald@alvestrand.no> Wed, 14 March 2018 07:37 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A977D126BF6 for <rtcweb@ietfa.amsl.com>; Wed, 14 Mar 2018 00:37:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id za9UOrNUU0YX for <rtcweb@ietfa.amsl.com>; Wed, 14 Mar 2018 00:37:36 -0700 (PDT)
Received: from mork.alvestrand.no (mork.alvestrand.no [IPv6:2001:700:1:2::117]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28C221200C5 for <rtcweb@ietf.org>; Wed, 14 Mar 2018 00:37:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mork.alvestrand.no (Postfix) with ESMTP id 15B9D7C0CF3; Wed, 14 Mar 2018 08:37:34 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at alvestrand.no
Received: from mork.alvestrand.no ([127.0.0.1]) by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W8BqPUdw1L1t; Wed, 14 Mar 2018 08:37:31 +0100 (CET)
Received: from [192.168.3.17] (unknown [188.113.75.166]) by mork.alvestrand.no (Postfix) with ESMTPSA id BBFE27C0CC5; Wed, 14 Mar 2018 08:37:31 +0100 (CET)
To: Cullen Jennings <fluffy@iii.ca>, WebRTC WG <public-webrtc@w3.org>, RTCWeb IETF <rtcweb@ietf.org>
References: <2C22A535-0F8D-496D-B8BF-C74ACB17958C@iii.ca>
From: Harald Alvestrand <harald@alvestrand.no>
Message-ID: <b9c34e0c-5bdb-805a-bb47-0f9de8b7d5e4@alvestrand.no>
Date: Wed, 14 Mar 2018 08:37:31 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <2C22A535-0F8D-496D-B8BF-C74ACB17958C@iii.ca>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/S9kk7hcvhuX_0e23R8MGv-L0eeE>
Subject: Re: [rtcweb] WebRTC REF for OAUTH based TURN
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 07:37:39 -0000
Den 13. mars 2018 15:14, skrev Cullen Jennings: > > From a dependency point of view, I would like to note that right now the WebRTC PC spec references > > * draft-ietf-oauth-pop-key-distribution > > Which rumor has it has been replaced by > > * datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz > > Which normatively references the following: > > * draft-ietf-ace-cbor-web-token > * ietf-ace-cwt-proof-of-possession > * draft-ietf-ace-cbor-web-token > * draft-ietf-ace-cwt-proof-of-possession > > More discussion of this at https://github.com/w3c/webrtc-pc/issues/1642 > > What needs to happen with all this so we can finish up the stuff WebRTC needs to reference from IETF ? > > > > > >From a WG product management point of view, I consider that this has not deployed, and is not likely to deploy in the present timeframe, given that no consensus specifiation has emerged. My suggestion would be to replace this text: An OAuth 2.0 based authentication method, as described in [RFC7635]. It uses the OAuth 2.0 Implicit Grant type, with PoP (Proof-of-Possession) Token type, as described in [RFC6749] and [OAUTH-POP-KEY-DISTRIBUTION]. .... rest of section .... with An OAuth 2.0 based authentication method, as described in [RFC7635]. The amount of detail currently in the webrtc-pc document is, to my mind, inappropriate for a W3C spec. If the IETF has failed to come up with a single "handle" by which all this detail can be referenced, the IETF needs to solve that problem.
- [rtcweb] WebRTC REF for OAUTH based TURN Cullen Jennings
- Re: [rtcweb] WebRTC REF for OAUTH based TURN Sean Turner
- Re: [rtcweb] WebRTC REF for OAUTH based TURN Harald Alvestrand
- Re: [rtcweb] WebRTC REF for OAUTH based TURN Sean Turner
- Re: [rtcweb] WebRTC REF for OAUTH based TURN Sean Turner
- Re: [rtcweb] WebRTC REF for OAUTH based TURN Mészáros Mihály
- Re: [rtcweb] WebRTC REF for OAUTH based TURN Harald Alvestrand
- Re: [rtcweb] WebRTC REF for OAUTH based TURN Mészáros Mihály