IETF Logo Mail Archive

Re: [rtcweb] WebRTC REF for OAUTH based TURN

Sean Turner <sean@sn3rd.com> Wed, 14 March 2018 09:33 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9E0F127871 for <rtcweb@ietfa.amsl.com>; Wed, 14 Mar 2018 02:33:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vANDzrSi0xyw for <rtcweb@ietfa.amsl.com>; Wed, 14 Mar 2018 02:33:28 -0700 (PDT)
Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B92D127077 for <rtcweb@ietf.org>; Wed, 14 Mar 2018 02:33:28 -0700 (PDT)
Received: by mail-pf0-x230.google.com with SMTP id h11so1153539pfn.4 for <rtcweb@ietf.org>; Wed, 14 Mar 2018 02:33:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YnuZNccZM5SsFSjU4fg2fB0i7V7Y3WsTadAb9yn7UBU=; b=bnAhT9QxyRRsQB/Y14MADKUTm6qj+GfzzBbov7e91FPXM77la/OEKbL0vNjM0I2LiJ SoLm2eNxrW6+phbxR3i74Q8qMDDWFa1JQFL3W4hUlaklRf4H6Iwf4tO3kfXELSIJvxlW G5BRCtuKFT/1F9vBGsH+v06KZI5+J00yKvpZs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YnuZNccZM5SsFSjU4fg2fB0i7V7Y3WsTadAb9yn7UBU=; b=QjKimADWIx4q/x7lzXht4Hed91HqO2AGfEfBT3cm+FWDjRugu9j9r+7anlA5mFYTyC AlT1FMvQUCtSEfcXRmvWF8tjlHwidxEG22dGT8RFugx/PbmHUKvl87+NQIL3Qhme3kAp Yvzs80s1lIVVzx829itdW8rJjVK/P7EuaY0QXLL+dRQWHUXsQin0co/KBCrUfxV3jSwm 9TlImuDbkLxdNlViCRhSZSOMnIF5f1uWIXmlilpvw91HxwocdXlb95/zl+kv2KYhGpko NEHFhBgiMiA/E3+deSXpULbfOvEhsMkAQTQt3VewE1Hrw2N8Upf0YIImISsYzAJgsdwd i1dA==
X-Gm-Message-State: AElRT7G+4Dp6Dmrbef6AnZ2oHrnDCP07cqx0e7GOYLFaoobSZEhHP7ZW R9tsPK/RdqxVgOBUDgYqJrg+zAPrIOg=
X-Google-Smtp-Source: AG47ELulpGvelv2+x/Evn3R7OCiCp+wUW9xxf7+EC56+aq8ccyTYT5in9yA8yJSVHuezpZ29pFE/5Q==
X-Received: by 10.101.77.195 with SMTP id q3mr3040301pgt.283.1521020007812; Wed, 14 Mar 2018 02:33:27 -0700 (PDT)
Received: from [5.5.33.158] (vpn.snozzages.com. [204.42.252.17]) by smtp.gmail.com with ESMTPSA id w88sm4549598pfa.50.2018.03.14.02.33.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 14 Mar 2018 02:33:27 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <b9c34e0c-5bdb-805a-bb47-0f9de8b7d5e4@alvestrand.no>
Date: Wed, 14 Mar 2018 09:33:20 +0000
Cc: Cullen Jennings <fluffy@iii.ca>, WebRTC WG <public-webrtc@w3.org>, RTCWeb IETF <rtcweb@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B990AF4F-9FA9-4C90-9D2F-8EDEA990E06C@sn3rd.com>
References: <2C22A535-0F8D-496D-B8BF-C74ACB17958C@iii.ca> <b9c34e0c-5bdb-805a-bb47-0f9de8b7d5e4@alvestrand.no>
To: Harald Tveit Alvestrand <harald@alvestrand.no>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/iZxx9EtvZIMY3JqwXaC8zQEtwog>
Subject: Re: [rtcweb] WebRTC REF for OAUTH based TURN
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 09:33:30 -0000


> On Mar 14, 2018, at 07:37, Harald Alvestrand <harald@alvestrand.no> wrote:
> 
> Den 13. mars 2018 15:14, skrev Cullen Jennings:
>> 
>> From a dependency point of view, I would like to note that right now the WebRTC PC spec references
>> 
>> * draft-ietf-oauth-pop-key-distribution
>> 
>> Which rumor has it has been replaced by 
>> 
>> * datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz
>> 
>> Which normatively references the following:
>> 
>> * draft-ietf-ace-cbor-web-token
>> * ietf-ace-cwt-proof-of-possession
>> * draft-ietf-ace-cbor-web-token
>> * draft-ietf-ace-cwt-proof-of-possession
>> 
>> More discussion of this at https://github.com/w3c/webrtc-pc/issues/1642
>> 
>> What needs to happen with all this so we can finish up the stuff WebRTC needs to reference from IETF ?
>> 
>> 
>> 
>> 
>> 
> 
>> From a WG product management point of view, I consider that this has not
> deployed, and is not likely to deploy in the present timeframe, given
> that no consensus specifiation has emerged.
> 
> My suggestion would be to replace this text:
> 
> An OAuth 2.0 based authentication method, as described in [RFC7635]. It
> uses the OAuth 2.0 Implicit Grant type, with PoP (Proof-of-Possession)
> Token type, as described in [RFC6749] and [OAUTH-POP-KEY-DISTRIBUTION].
> .... rest of section ....
> 
> with
> 
> An OAuth 2.0 based authentication method, as described in [RFC7635].
> 
> The amount of detail currently in the webrtc-pc document is, to my mind,
> inappropriate for a W3C spec. If the IETF has failed to come up with a
> single "handle" by which all this detail  can be referenced, the IETF
> needs to solve that problem.

This seems to be like the right approach.

spt

v2.23.0 | Report a Bug | By Email