Re: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt

"Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com> Mon, 08 July 2013 06:20 UTC

Return-Path: <mperumal@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71DB421F9DE6 for <rtcweb@ietfa.amsl.com>; Sun, 7 Jul 2013 23:20:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.198
X-Spam-Level:
X-Spam-Status: No, score=-10.198 tagged_above=-999 required=5 tests=[AWL=0.400, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CS3meIU6SE1 for <rtcweb@ietfa.amsl.com>; Sun, 7 Jul 2013 23:19:59 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id A730121F8574 for <rtcweb@ietf.org>; Sun, 7 Jul 2013 23:19:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22486; q=dns/txt; s=iport; t=1373264384; x=1374473984; h=from:to:subject:date:message-id:references:mime-version; bh=4xjaITGhKEqmZuNBhWY6xwCbbKMkfLgHwosZt79RIBU=; b=h4Vz1EfQ9KspniCj4gWAPnS4wrnWaimIOTovtsjYpZTljFUq/g9h8B5f r1VOiEcys8n/OWIzyLdAxMI25vljNg3509IeOrV5CYRgpwhd4hBl1d/4g fVPv1gdxdcABP6Hm2nJuehXsB3DPlSQX+X1tEpJm0IUx+Wn3OkYYYkN4n I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AsAFAPtY2lGtJXG8/2dsb2JhbABZgkVEMk2DCKtwiTeIMRd2FnSCIwEBAQQjCkoSAgEIDgMDAQEBCwwRAwICAjAUCQgCBAESCAESh3QMp0SQRo4zgQcWChcHDAyCNjNpA5QAhHyQH4FYgTmBaAkXIA
X-IronPort-AV: E=Sophos; i="4.87,1016,1363132800"; d="scan'208,217"; a="231760284"
Received: from rcdn-core2-1.cisco.com ([173.37.113.188]) by rcdn-iport-1.cisco.com with ESMTP; 08 Jul 2013 06:19:44 +0000
Received: from xhc-rcd-x05.cisco.com (xhc-rcd-x05.cisco.com [173.37.183.79]) by rcdn-core2-1.cisco.com (8.14.5/8.14.5) with ESMTP id r686Jh70003428 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 8 Jul 2013 06:19:44 GMT
Received: from xmb-rcd-x02.cisco.com ([169.254.4.192]) by xhc-rcd-x05.cisco.com ([173.37.183.79]) with mapi id 14.02.0318.004; Mon, 8 Jul 2013 01:19:43 -0500
From: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
To: Justin Uberti <juberti@google.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt
Thread-Index: AQHOe5MnptNwIaIknUKCiV7zsZZ7FplaO4gAgAASdMA=
Date: Mon, 8 Jul 2013 06:19:43 +0000
Message-ID: <E721D8C6A2E1544DB2DEBC313AF54DE2241836F7@xmb-rcd-x02.cisco.com>
References: <20130708041540.7930.93762.idtracker@ietfa.amsl.com> <CALe60zAs-NCJgiiHuFHi1ZEOdp2SB4v2-0AYrxBQ2R_gJ=nLcA@mail.gmail.com> <CAOJ7v-0Vxkf-4j-ZHCisKuORob_cL3ogXoexTFMDMJDEttRbaQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [72.163.211.93]
Content-Type: multipart/alternative; boundary="_000_E721D8C6A2E1544DB2DEBC313AF54DE2241836F7xmbrcdx02ciscoc_"
MIME-Version: 1.0
Subject: Re: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 06:20:04 -0000

|4) draft-reddy-behave-turn-auth describes the issues with TURN
|authentication and draft-uberti-rtcweb-turn-rest looks like one
|possible solution. Looks both could reference each other.

Missed to mention:
And it would be interesting to see what issues described in the former draft are addressed by the later..

Muthu

From: Muthu Arul Mozhi Perumal (mperumal)
Sent: Monday, July 08, 2013 11:23 AM
To: 'Justin Uberti'; rtcweb@ietf.org
Subject: RE: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt

Hi Justin,

A few quick comments:
1) The primary advantage of the proposed mechanism seems not requiring any interaction between the web service and the TURN service in order for the TURN service to grant TURN credentials in the HTTP response -- this absence of interaction isn't evident on a first read. A diagram showing the client, web service, TURN service and the messages exchanged would be helpful.

2)
|If desired, the TURN server can optionally verify that the parsed
|user id value corresponds to a currently valid user of an external
|service (e.g. is currently logged in to the web app that is making
|use of TURN).  This requires proprietary communication between the
|TURN server and external service on each ALLOCATE request, so this
|usage is not recommended for typical applications.  If this external
|verification fails, it SHOULD reject the request with a 401
|(Unauthorized) error.

Was the intention of putting "not recommended" having a normative statement? If not, it would be better to change it to "no needed".

3) There is no text describing how the timestamp encoded in the UNSERNAME attribute of the ALLOCAE requested could be protected.

4) draft-reddy-behave-turn-auth describes the issues with TURN authentication and draft-uberti-rtcweb-turn-rest looks like one possible solution. Looks both could reference each other.

Muthu

From: rtcweb-bounces@ietf.org<mailto:rtcweb-bounces@ietf.org> [mailto:rtcweb-bounces@ietf.org] On Behalf Of Justin Uberti
Sent: Monday, July 08, 2013 9:55 AM
To: rtcweb@ietf.org<mailto:rtcweb@ietf.org>
Subject: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt

Just uploaded a 00 version of a spec for requesting time-limited TURN credentials for WebRTC apps. Would like to get 10 minutes of agenda time to present this in Berlin.

---------- Forwarded message ----------
From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Date: Mon, Jul 8, 2013 at 12:15 AM
Subject: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt
To: Justin Uberti <justin@uberti.name<mailto:justin@uberti.name>>



A new version of I-D, draft-uberti-rtcweb-turn-rest-00.txt
has been successfully submitted by Justin Uberti and posted to the
IETF repository.

Filename:        draft-uberti-rtcweb-turn-rest
Revision:        00
Title:           A REST API For Access To TURN Services
Creation date:   2013-07-08
Group:           Individual Submission
Number of pages: 7
URL:             http://www.ietf.org/internet-drafts/draft-uberti-rtcweb-turn-rest-00.txt
Status:          http://datatracker.ietf.org/doc/draft-uberti-rtcweb-turn-rest
Htmlized:        http://tools.ietf.org/html/draft-uberti-rtcweb-turn-rest-00


Abstract:
   This document describes a proposed standard REST API for obtaining
   access to TURN services via ephemeral (i.e. time-limited)
   credentials.  These credentials are vended by a web service over
   HTTP, and then supplied to and checked by a TURN server using the
   standard TURN protocol.  The usage of ephemeral credentials ensures
   that access to the TURN server can be controlled even if the
   credentials can be discovered by the user, as is the case in WebRTC
   where TURN credentials must be specified in Javascript.




The IETF Secretariat