IETF Logo Mail Archive

Re: [rtcweb] Use case change request: Identity in multiuser calls

Henry Sinnreich <henry.sinnreich@gmail.com> Thu, 11 August 2011 19:11 UTC

Return-Path: <henry.sinnreich@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38DF221F852E for <rtcweb@ietfa.amsl.com>; Thu, 11 Aug 2011 12:11:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.128
X-Spam-Level:
X-Spam-Status: No, score=-3.128 tagged_above=-999 required=5 tests=[AWL=0.471, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sZVfi5ShyEhU for <rtcweb@ietfa.amsl.com>; Thu, 11 Aug 2011 12:11:57 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 9F7CB21F84FB for <rtcweb@ietf.org>; Thu, 11 Aug 2011 12:11:56 -0700 (PDT)
Received: by gxk19 with SMTP id 19so1806809gxk.31 for <rtcweb@ietf.org>; Thu, 11 Aug 2011 12:12:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=user-agent:date:subject:from:to:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; bh=t8+czTLsJsnjofK2xSqFwLPvz+77ooMl4BX9TKPcSYk=; b=VFxrMfpikORbKgh/eBKYMwM2m+zaV0QdH7kuxuRlP9+CCQGaP/A6II+Z+FaFu9JXDw AcMwr+gbAPft17dikhPgey0/O1Ers/UzyWjhh71LgkTkbY/dLrhZA0jO+SxDrMLAoRPv 0ZIzO01W3kMh+L/UWY8Z6Yg5ZZ9ja9gtR+1S4=
Received: by 10.236.184.104 with SMTP id r68mr13639293yhm.91.1313089885576; Thu, 11 Aug 2011 12:11:25 -0700 (PDT)
Received: from [192.168.15.2] (cpe-76-184-227-249.tx.res.rr.com [76.184.227.249]) by mx.google.com with ESMTPS id r28sm113858yhm.24.2011.08.11.12.11.24 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 11 Aug 2011 12:11:24 -0700 (PDT)
User-Agent: Microsoft-Entourage/12.30.0.110427
Date: Thu, 11 Aug 2011 14:11:23 -0500
From: Henry Sinnreich <henry.sinnreich@gmail.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, rtcweb@ietf.org
Message-ID: <CA69938B.1CB98%henry.sinnreich@gmail.com>
Thread-Topic: [rtcweb] Use case change request: Identity in multiuser calls
Thread-Index: AcxYWnWWBcbAL5WDlUS+6zGtfpS+WA==
In-Reply-To: <4E440870.8030301@alum.mit.edu>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Subject: Re: [rtcweb] Use case change request: Identity in multiuser calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2011 19:12:00 -0000

> Henry - what sort of mechanism did you have in mind for these anonymous
> participants to identify themselves to one another? Are you talking
> about the exchange of credentials using the server as an intermediary in
> the exchange? Or did you have in mind an exchange outside the server.
> (E.g. Bob establishes a secure connection to Alice and over it tells her
> "I'm anon2 in conference foo right now"?

The most credible e2e identification that comes to my mind is Phil
Zimmermann's Zfone technology:

http://www.ietf.org/id/draft-johnston-rtcweb-media-privacy-00.txt
http://zfoneproject.com/

Definitely not relying on any "trusted" server :-)

Thanks, Henry

On 8/11/11 11:50 AM, "Paul Kyzivat" <pkyzivat@alum.mit.edu> wrote:

> On 8/11/11 12:07 PM, Henry Sinnreich wrote:
>>> The participants are identified to
>>> each other by the central server
>> 
>> There may be no contradiction, but just to make sure the scenario, such as a
>> confidential business meeting is included (not necessarily a social network
>> scenario).
>> 
>> A confidential conference MUST assure that all participants can also be
>> safely identified first to each other, not necessarily by the server, end to
>> end, to the full satisfaction of all the participants, who would otherwise
>> refuse to continue  to speak up or continue to attend at all.
>> Who provides for the e2e identification? A 3rd party? Inside the app?
>> 
>> Did I understand correctly there is no contradiction?
>> Any problem in clarifying this?
> 
> This is an example of the sort of thing I was speaking of in my earlier
> reply - that there are differing levels of identity that may be desired.
> 
> In some cases, participants may want to be fully anonymous. But even
> then, it will typically be important that one participant be able to
> identify *which* of the other (anonymous) participants it is receiving
> media from. (E.g. by noting which participant in the roster is the
> current speaker - anon1, anon2, ...)
> 
> In other cases the participants *true* identities are hidden, but
> handles/nicknames may be used to identify them in the roster and in
> chats. ("snoopy" and "red barron" rather than anon1 and anon2.)
> 
> But in that case there are issues of how the handles are associated with
> participants. It could be that handles are permanently assigned to real
> users by the server. Then you can be confident that when talking to
> "snoopy" it is always someone well defined - same as the last time -
> without awareness of who that person *actually* is.
> 
> Alternatively, the server might allow handles to be used on a fcfs basis
> per conference. Or it might allow handles to be non-unique, so that you
> could have two "snoopy"s at the same time, bound to unrelated users.
> 
> Henry - what sort of mechanism did you have in mind for these anonymous
> participants to identify themselves to one another? Are you talking
> about the exchange of credentials using the server as an intermediary in
> the exchange? Or did you have in mind an exchange outside the server.
> (E.g. Bob establishes a secure connection to Alice and over it tells her
> "I'm anon2 in conference foo right now"?
> 
> Thanks,
> Paul
> 
>> Thanks, Henry
>> 
>> 
>> On 8/10/11 9:16 AM, "Harald Alvestrand"<harald@alvestrand.no>  wrote:
>> 
>>> In draft-ietf-rtcweb-use-cases-and-requirements, I would like to extend
>>> one part of the scenario "4.3.3 Video conferencing system with central
>>> server".
>>> 
>>> I would like to add one more paragraph:
>>> 
>>> "All participant are authenticated by the central server, and authorized
>>> to connect to the central server. The participants are identified to
>>> each other by the central server, and the participants do not have
>>> access to each others' credentials such as e-mail addresses or login IDs".
>>> 
>>> This is necessary in order to drive use cases that resemble Google
>>> Hangout, where it is a requirement that people are able to participate
>>> without disclosing their Google login IDs to each other.
>>> (in the particular case of Hangout, the display name on their profile
>>> *is* disclosed ... but that's a different matter)
>>> 
>>> The reason I think this is important is that it feeds directly into the
>>> discussion of what WebRTC needs to authorize: The final source or
>>> destination of media, or the identity of the handler at the first hop.
>>> In at least the case of Hangouts, the requirement is to *not* authorize
>>> the final source or destination.
>>> 
>>> Not sure yet how to formulate that as a requirement, and not sure yet if
>>> it applies to the cases without a central server, such as 4.2.6. We may
>>> have to decide.
>>> 
>>>                           Harald
>>> 
>>> 
>>> _______________________________________________
>>> rtcweb mailing list
>>> rtcweb@ietf.org
>>> https://www.ietf.org/mailman/listinfo/rtcweb
>> 
>> 
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
>> 
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.36.0 | Report a Bug | By Email | System Status