Re: [rtcweb] usability of IdP concepts in draft-ietf-rtcweb-security-arch-07

Martin Thomson <martin.thomson@gmail.com> Tue, 05 November 2013 18:56 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F24021E80B0 for <rtcweb@ietfa.amsl.com>; Tue, 5 Nov 2013 10:56:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.527
X-Spam-Level:
X-Spam-Status: No, score=-2.527 tagged_above=-999 required=5 tests=[AWL=0.073, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sveZy-jF26sH for <rtcweb@ietfa.amsl.com>; Tue, 5 Nov 2013 10:56:19 -0800 (PST)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) by ietfa.amsl.com (Postfix) with ESMTP id 9289521E809F for <rtcweb@ietf.org>; Tue, 5 Nov 2013 10:56:19 -0800 (PST)
Received: by mail-wi0-f182.google.com with SMTP id ez12so2573724wid.9 for <rtcweb@ietf.org>; Tue, 05 Nov 2013 10:56:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kwyIPNDuHUsEMVxGgD+XwJo6Oy7xVxYME08bgF/1KYE=; b=uUCzN6K06pm3gSMc5uK8owsbuSv0shIafRCONZOpl3dqMlgOZtewRNgLip2rGLnMxs 3nTyhQNiIa1dVYUlBAftCFUOzaCHNZtNa+NTmF5kM88nXst4mqDY3rd6A0OjsOvm2EM9 EYls/LXspemmw2r/xbeFkjOiraz2qeBbxHnnKG5hHM7ENihPMISADPVayh832JRYs7qu QXcq8hHMvTFxfpRK9o+FjWd4heehUPXzM8qP0/tTufW485Y/xjM47dVgAm4OBeGASGgJ TGyv6h/pKqa0cUXuFKCpT/GkVRoNWkukErg7tgfb+rbk/gReH2ne0r+8XBzD23gdVK7s 7GMA==
MIME-Version: 1.0
X-Received: by 10.180.9.139 with SMTP id z11mr18107765wia.22.1383677778694; Tue, 05 Nov 2013 10:56:18 -0800 (PST)
Received: by 10.227.202.194 with HTTP; Tue, 5 Nov 2013 10:56:18 -0800 (PST)
In-Reply-To: <CAAJUQMgRqOggVzviMPnvpkwSzYJeEe_1S5K00chdGq-Hghq3Dg@mail.gmail.com>
References: <CAAJUQMgRqOggVzviMPnvpkwSzYJeEe_1S5K00chdGq-Hghq3Dg@mail.gmail.com>
Date: Tue, 5 Nov 2013 10:56:18 -0800
Message-ID: <CABkgnnXy17-s8CKXbO2fKZ56L_FXBPQjd14NMkNXC5HoqVsS+w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Wolfgang Beck <wolfgang.beck01@googlemail.com>
Content-Type: text/plain; charset=UTF-8
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] usability of IdP concepts in draft-ietf-rtcweb-security-arch-07
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2013 18:56:20 -0000

Most of the heavy login-related interactions can be moved earlier in
the process.  That is, before the call commences.

Keep in mind that you are sitting on a page, logged in to the site of
choice, when you are making or receiving a call.

On 5 November 2013 09:06, Wolfgang Beck <wolfgang.beck01@googlemail.com> wrote:
> What I am missing in this draft is the link between authentication towards
> the web server and signing of DTLS info towards the remote party. To make a
> call, a user will have to
> 1) log into the web server application
> 2) permit the browser to access camera/mic
> 3) log into the IdP to sign the DTLS info
>
> To receive a call, I will have to
> 1) log into the web server application
> 2) permit the browser to access camera/mic when there is a call
> 3) log into the IdP to sign the DTLS info
> ..and hope the caller has not given up before I clicked all permission boxes
> and entered all user credentials.
>
> Can 1) and 3) be merged somehow? How would you explain 3) to a user?
>
>
> Wolfgang Beck
>
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>