Re: [rtcweb] Fwd: New Version Notification for draft-uberti-behave-turn-rest-00.txt

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Mon, 22 July 2013 12:53 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E2911E8101; Mon, 22 Jul 2013 05:53:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.448
X-Spam-Level:
X-Spam-Status: No, score=-10.448 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dMvUaTygEjDb; Mon, 22 Jul 2013 05:53:49 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id B372111E80D5; Mon, 22 Jul 2013 05:53:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=16328; q=dns/txt; s=iport; t=1374497628; x=1375707228; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=DS4BgToDvmWpXeDOeTHhcHlWSodOgS93fVmyfGSnsDU=; b=H+tjn9r/Ug2g2qBKOOZOa492c8VD9XAEj7fGvSRmUFnpecTkxg9c09cX g92WGxlfmk/KkJ3qCWTzoYWhLB41KJGl4fxWAtxpHJlKNdgl61Y2+35Rm Z+74rjw7rKA6LxExaP7AaaekNw55+I70LJPx2L9gAoySPvsyECFhI76ET 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AuMFAIoq7VGtJV2b/2dsb2JhbABagkJENVCDCqs2iTeIORd3FnSCJAEBAQQjCkEJAhACAQgOAwMBAQELHQMCAgIwFAkIAgQOBQgBiAcMphGRFY5egQcgEQYBBoJXM24DmQaQJIFZgTmBaCICHg
X-IronPort-AV: E=Sophos; i="4.89,719,1367971200"; d="scan'208,217"; a="234787165"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-9.cisco.com with ESMTP; 22 Jul 2013 12:53:48 +0000
Received: from xhc-aln-x04.cisco.com (xhc-aln-x04.cisco.com [173.36.12.78]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id r6MCrlRr011792 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 22 Jul 2013 12:53:47 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.56]) by xhc-aln-x04.cisco.com ([173.36.12.78]) with mapi id 14.02.0318.004; Mon, 22 Jul 2013 07:53:47 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Justin Uberti <juberti@google.com>
Thread-Topic: [rtcweb] Fwd: New Version Notification for draft-uberti-behave-turn-rest-00.txt
Thread-Index: AQHOgaXFxG8B2qhG1UKzVBv1DFSHsZlvKhOQ
Date: Mon, 22 Jul 2013 12:53:47 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A14B9F74D@xmb-rcd-x10.cisco.com>
References: <20130715214906.5314.83583.idtracker@ietfa.amsl.com> <CALe60zBA_unaQekMkKwKwKNRPbJjECAtJ9bAV=fv6V6Mdfon6Q@mail.gmail.com> <CAOJ7v-2WGi_fD9mVx+dtZBo+X4-sXxXZFek9mt2cAmrqFCyYMg@mail.gmail.com>
In-Reply-To: <CAOJ7v-2WGi_fD9mVx+dtZBo+X4-sXxXZFek9mt2cAmrqFCyYMg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [173.39.64.58]
Content-Type: multipart/alternative; boundary="_000_913383AAA69FF945B8F946018B75898A14B9F74Dxmbrcdx10ciscoc_"
MIME-Version: 1.0
Cc: Behave WG <behave@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Fwd: New Version Notification for draft-uberti-behave-turn-rest-00.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2013 12:53:54 -0000

Hi Justin,

You may also want to consider your using OAuth 2.0 framework. For example consider draft (http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-04#section-6.1) Where WebServer would act as Authorization Server (AS), TURN Server as Resource Server (RS) and Client will be the WebRTC Client.

The advantage of using OAuth is that

[1] If handle token is chosen, AS can revoke the credentials after the call is terminated. This would ensure that even if the temporary credentials are exposed to JavaScript, these credentials can be only used for the duration of the call. This would prevent any attacks possible of someone else using the temporary credentials even after the call is terminated.

[2] AS and RS need to not be co-located.

[3] AS and RS need not use static shared secret; OAuth provides flexibility for the AS to update the RS with session keys.

[4] I believe there are already implementations available of OAuth.

Best Regards,
--Tiru.
From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of Justin Uberti
Sent: Tuesday, July 16, 2013 3:23 AM
To: rtcweb@ietf.org; behave@ietf.org
Subject: [rtcweb] Fwd: New Version Notification for draft-uberti-behave-turn-rest-00.txt

I have changed the WG for this draft from RTCWEB to BEHAVE. Many, but not all of the comments I received on the RTCWEB mailing list have been addressed.

BEHAVE chairs, I would like 10 minutes of agenda time to discuss this draft.
---------- Forwarded message ----------
From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Date: Mon, Jul 15, 2013 at 5:49 PM
Subject: New Version Notification for draft-uberti-behave-turn-rest-00.txt
To: Justin Uberti <justin@uberti.name<mailto:justin@uberti.name>>



A new version of I-D, draft-uberti-behave-turn-rest-00.txt
has been successfully submitted by Justin Uberti and posted to the
IETF repository.

Filename:        draft-uberti-behave-turn-rest
Revision:        00
Title:           A REST API For Access To TURN Services
Creation date:   2013-07-15
Group:           Individual Submission
Number of pages: 8
URL:             http://www.ietf.org/internet-drafts/draft-uberti-behave-turn-rest-00.txt
Status:          http://datatracker.ietf.org/doc/draft-uberti-behave-turn-rest
Htmlized:        http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00


Abstract:
   This document describes a proposed standard REST API for obtaining
   access to TURN services via ephemeral (i.e. time-limited)
   credentials.  These credentials are vended by a web service over
   HTTP, and then supplied to and checked by a TURN server using the
   standard TURN protocol.  The usage of ephemeral credentials ensures
   that access to the TURN server can be controlled even if the
   credentials can be discovered by the user, as is the case in WebRTC
   where TURN credentials must be specified in Javascript.




The IETF Secretariat