Re: [rtcweb] More on authorization and endpoint authentication

Ted Hardie <ted.ietf@gmail.com> Fri, 05 August 2011 17:37 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD14421F8A7E for <rtcweb@ietfa.amsl.com>; Fri, 5 Aug 2011 10:37:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YOpn197W4PIF for <rtcweb@ietfa.amsl.com>; Fri, 5 Aug 2011 10:37:43 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 03CE121F8A66 for <rtcweb@ietf.org>; Fri, 5 Aug 2011 10:37:42 -0700 (PDT)
Received: by ywm21 with SMTP id 21so2093392ywm.31 for <rtcweb@ietf.org>; Fri, 05 Aug 2011 10:38:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=y9dzzcwscvczkH4lm6/r5um7SMrNa3BXngdvg7nJS0s=; b=TCDoySXptIUj2oUh8Bx6MUxLXXePUXsyHEPjX+NItnWx7abbg2iYQ8dnR0UPAW3XpN fisps/xReO/7IXVELmJeOgzoqVqx9UR54+4iflUJtvdEv6zXE6cZbIHLcIudR8slERul WZpPRBhUAb/P6GARRI+8j3Elm0DyYWHITWfLw=
MIME-Version: 1.0
Received: by 10.236.76.201 with SMTP id b49mr2949180yhe.526.1312565880775; Fri, 05 Aug 2011 10:38:00 -0700 (PDT)
Received: by 10.236.109.39 with HTTP; Fri, 5 Aug 2011 10:38:00 -0700 (PDT)
In-Reply-To: <CABcZeBOTtF4rz7X2tmumwCL85v2k-ghzagYD4_F204Su-KVKtw@mail.gmail.com>
References: <CABcZeBM2hgNkBgvB=8uw_CKuQ+=F=TPBtJq16SyvQ=SKPNVY+A@mail.gmail.com> <BLU152-W15D1D8903A1053AA4D74B9933C0@phx.gbl> <CABcZeBOTtF4rz7X2tmumwCL85v2k-ghzagYD4_F204Su-KVKtw@mail.gmail.com>
Date: Fri, 05 Aug 2011 10:38:00 -0700
Message-ID: <CA+9kkMCZdXGAJ1nUxnb5SHzFUaqpmbffN44rz8qGxkjXTs0H7g@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] More on authorization and endpoint authentication
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2011 17:37:43 -0000

On Fri, Aug 5, 2011 at 6:41 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> However, the point I was trying to make is that this is distinct from letting
> the Web server that provided the page route the messages itself. You
> might imagine not trusting the page but nevertheless be willing to allow
> it to provide you with an address which you can independently verify
> and derference.
>
> Best,
> -Ekr


Do you really mean "an address" which you can independently verify and
dereference, or an identity you can verify?

Let's take the poker site example.  The web site owner wants to embed
video streams in the poker application, so that the players are
reasonably assured that they are not playing a bot (or, at least, that
the player using a bot must be physically present during the game).
The poker players are likely put into groups based on arrival time,
maximum bid, etc.  in one mode; in another mode, a group of friends
may come and play together.  In the first mode, the players likely do
not want to share any identifying information with each other.  In the
second mode, the first player might invite the other players to a
room, by sharing a URI provided by the web server, or he might pass
their identities to the web server, so it can limit access to those
signing in with those identities.

In neither case, do we really want the web server to pass the video.
It serves as the initial signaling path for the messages among
players, but that's really it for the audio/video streaming part.

I've been assuming that the website would provide an identity in this
case, if one were needed (e.g. player5579@pokersite.example) but that
the primary reason for that identity would be outside the connectivity
model (so you know if you're playing the same player again, for
example, and can react if the picture looks different, or you don't
want to play with someone who is better than you).  Anyone in model
one (using a URI to join a specific game) would be assigned an
identity.  Anyone in model two (where the website locks down the game
to specific players) has to know what the player identities are to
invite.

In neither case does this seem to me to map well to SIP identity, and
I'm concerned that if we start with SIP identity as a mental model,
we're going to have softphones in browsers that can't do any of the
more web-based things that we actually want to enable.

regards,

Ted